Today I have spent way too much time handling the https://copy.fail situation #copyfail

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 11:40:47 GMT

fun@berkeley.edu.pl — Sat, 02 May 2026 11:40:47 GMT

@eloy @alexanderkjall @noisytoot but oh boy the coding style is much worse than literal amlogic kernel BSP

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 11:40:09 GMT

fun@berkeley.edu.pl — Sat, 02 May 2026 11:40:09 GMT

@eloy @noisytoot @alexanderkjall The only reason I can think of to use this for marketing is .. yeah, what you said, and maybe also "hey our AI is so good!!!"

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 06:50:56 GMT

basiep@fosstodon.org — Sat, 02 May 2026 06:50:56 GMT

@alexanderkjall you can't expect that guy to notify everybody. He notified the kernel security list, but they didn't communicate downstream.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 04:09:34 GMT

arcaik@hachyderm.io — Sat, 02 May 2026 04:09:34 GMT

@raven667 @alexanderkjall Isn't the stance rather that all bugs are security bugs?

I mean it doesn't change much in practice, but it's a better argument IMO.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 03:22:07 GMT

dos@social.librem.one — Sat, 02 May 2026 03:22:07 GMT

@fun @noisytoot @alexanderkjall It is not serious, but OTOH the exploit is simple enough that it's still relatively easy to decipher.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 02:52:05 GMT

drwho@masto.hackers.town — Sat, 02 May 2026 02:52:05 GMT

@Orca @alexanderkjall Not anymore.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 02:51:22 GMT

drwho@masto.hackers.town — Sat, 02 May 2026 02:51:22 GMT

@fun @noisytoot @alexanderkjall It totally is.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 02:51:07 GMT

drwho@masto.hackers.town — Sat, 02 May 2026 02:51:07 GMT

@noisytoot @fun @alexanderkjall I was wondering about that (haven't had to deal with actual Redhat since 2013)...

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 02:49:14 GMT

drwho@masto.hackers.town — Sat, 02 May 2026 02:49:14 GMT

@OmegaPolice @alexanderkjall It is /not/ just you.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 02:47:49 GMT

drwho@masto.hackers.town — Sat, 02 May 2026 02:47:49 GMT

@penguin42 @fedops @alexanderkjall That's also on NIST, and the aren't doing too well right now.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 02:46:55 GMT

drwho@masto.hackers.town — Sat, 02 May 2026 02:46:55 GMT

@penguin42 @alexanderkjall No. That situation is really complicated and easy to fuck up.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 02:46:20 GMT

drwho@masto.hackers.town — Sat, 02 May 2026 02:46:20 GMT

@LabanSkoller @alexanderkjall @jmm You don't get the props for that that you used to. Giving it a cute name and marketing campaign is the thing these days.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Sat, 02 May 2026 01:53:59 GMT

jann@infosec.exchange — Sat, 02 May 2026 01:53:59 GMT

@alexanderkjall I mean... it is normal that, as a security researcher, when you find a security bug, you contact the upstream vendor, and can expect that to result in the issue being handled appropriately (for example, because the project notifies their downstreams about the issue, or because downstreams generally pick up all patches fast, or because propagation of fixes is ensured through a mechanism like CVEs).

To my knowledge, there is no such mechanism between Linux and most distros, unless the distro just always ships the latest stable kernel; I think that is a process issue, not the security researcher's fault.

When I report Linux kernel security bugs, I, too, just send the bug report to security@kernel.org and the maintainers, not to the third-party linux-distros list.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 22:44:56 GMT

orca@nya.one — Fri, 01 May 2026 22:44:56 GMT

@alexanderkjall@mastodon.social They even have time to obfuscate and minimize that exploit code, which makes it very hard to understand.

As if "732 bytes" means anything.

Surely the best way to create a proof-of-concept exploit to share their understanding with the world? /s

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 22:03:19 GMT

eloy@hsnl.social — Fri, 01 May 2026 22:03:19 GMT

@fun @noisytoot @alexanderkjall the reason is marketing, not technical

"we are so good because we need very few bytes to achieve this massive thing"

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:54:07 GMT

fun@berkeley.edu.pl — Fri, 01 May 2026 21:54:07 GMT

@noisytoot @alexanderkjall it's not like you'll be running the exploit on some microcontroller with 16K of SRAM

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:53:27 GMT

fun@berkeley.edu.pl — Fri, 01 May 2026 21:53:27 GMT

@noisytoot @alexanderkjall it's just not serious

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:41:41 GMT

noisytoot@berkeley.edu.pl — Fri, 01 May 2026 21:41:41 GMT

@fun @alexanderkjall both of those are for minification: if it used descriptive variable names and didn't compress the payload it would have been longer than 732 bytes

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:40:31 GMT

noisytoot@berkeley.edu.pl — Fri, 01 May 2026 21:40:31 GMT

@LabanSkoller @alexanderkjall they waited a month after reporting to the Linux kernel security team, they did not report to distros

Debian at least was quite clearly unprepared given that it took a day to get fixed in trixie and only just got fixed in bookworm (between when I last checked earlier today and now)

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:39:20 GMT

fun@berkeley.edu.pl — Fri, 01 May 2026 21:39:20 GMT

@noisytoot @alexanderkjall it's also obfuscated IMO. Why need to zlib.decompress ? Can't you give us the data itself without compression?
A bunch of variables also have quite meaningless names. It really does scream a lot like obfuscation.

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:37:36 GMT

noisytoot@berkeley.edu.pl — Fri, 01 May 2026 21:37:36 GMT

@simonzerafa @alexanderkjall the Linux kernel security team did not tell distros

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:36:51 GMT

noisytoot@berkeley.edu.pl — Fri, 01 May 2026 21:36:51 GMT

@fun @alexanderkjall It's minified rather than obfuscated, I think they did that just so they could say it was only 732 bytes.

It's also likely that they just asked an LLM to minify it, given that the whole article was so obviously AI-generated and not even proofread (it originally claimed to have been tested on RHEL 14.3, which does not exist)

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:32:12 GMT

theonedoc@tech.lgbt — Fri, 01 May 2026 21:32:12 GMT

@alexanderkjall let's say how it is Greg didn't put it into backports and no one could be arsed to look at it by themselfes as it is, in deed, work.

Maybe get mad at Herbert (who commited the kernel fix patch) for not telling the distribution security list?

Anyways, the result is a massive PR event for Xinit/theori and a bad day for Distro security teams and IT Security people all over the world (oh well at least most of you should be geting payed a nice premium for working at May 1st).

I guess learning from it would be better then finger pointing but who am I to tell you all how to do your jobs?

I'm retired. My local machines with public services sit fully proxied behind a BSD machine. The only person with shell access (from my LAN only) is me.

If the Hyperscaler guys don't pay people to monitor CVEs and do their own classification well ‍️‍️

Reply to Today I have spent way too much time handling the https://copy.fail situation #copyfail on Fri, 01 May 2026 21:12:10 GMT

fun@berkeley.edu.pl — Fri, 01 May 2026 21:12:10 GMT

@alexanderkjall they also had time to obfuscate their exploit.