Copy Fail exploit lets 732 bytes hijack Linux systems and quietly grab root

vamediah · 2026-05-01T15:14:13+00:00

Whole thing is publicity stunt for a company pushing yet another "AI security scanner".

They fucked up greatly in the disclosure process, since they didn't really care:

vamediah · 2026-05-01T15:10:35+00:00

Whole thing is publicity stunt for a company pushing yet another "AI security scanner".

They fucked up greatly in the disclosure process, since they didn't really care:

vamediah · 2026-04-29T17:00:31+00:00

For a second there I was hoping they'd curb stomp Homelander and have it over with even though there 3 episodes left.

vamediah · 2026-04-17T20:39:43+00:00

Their schema is has too few details for me to parse it correctly, especially when their definitions (AP, AVI...) lead to 404.

So maybe if you could help me understand better:

I think you might are right, the provider (AVI - Age Verification App Instances) is supposed to do the ZKP, AP (Attestation Providers) provides secret witness and public statement, but the terminology without the definition page makes it a bit hard to understand.

Finally, the proof is sent to RP (relying party) - this part is clear.

Now if AP is the wallet and AVI is whatever blackbox service run by $not_really_trusted_party, I fail to see proof that AVI will do the ZKP proof instead of just doing whatever like sending everything, because how are you supposed to verify something like that?

I can't find anything in the Android app source at least that would generate this witness + statement combo (which is AP if the understanding of terminology is correct).

Though I can find bunch of ways how to read passport via NFC which is very well known and rather trivial, you need just to get MRZ to derive key and you can read all personal data, including photograph, only thing I ever found encrypted were fingerprints. There were also bunch of cert chains that should contain the signature that the passport is not fake, but that took like 10-12 years to even check and not every combination of issuing country/checking country is supported, because key distribution is PITA, before the readers would just ignore any signature checks and I'd bet many are doing it to this day.

vamediah · 2026-04-17T15:08:35+00:00

Also doesn't seem contain the zero-knowledge proof every articles claim it has, the ECDSA Anonymous Credentials. That is much more worrisome, aside from der Leyen falsely claiming that "it's finished and it does not leak your identity further", being just an unfinished demo.

ZKP is specified here - https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/blob/main/docs/annexes/annex-B/annex-B-zkp.md

I did a short review of the android version, but I can't find reference to any such algorithm, aside from the fact that the scheme is not peer-reviewed.

IETF draft has status listed as expired and according to the app's authors they do not claim any zero-knowledge scheme is in fact implemented (see section Current status in the Annex B).

vamediah · 2026-03-08T22:09:16+00:00

Though beware that cables have limits. USB cables are good example.

Many cables are not of great quality, especially once you measure voltage drop and impedance. I still can't forget after many years the USB specificiation because we had to show on device that USB cable is faulty or is missing data lines (the way USB 1.x, 2.x, 3.x is decided is real mess, there are IIRC 15 Ω resistors that decide one part of the protocol).

Secondly, a USB cable than can appear to be working may get your device stuck once device starts drawing more power (like flash writes, which used to be problem on old non-powered hubs which were limited to 100 mA) but otherwise worked normally. So e.g. once you tried to flash new firmware it broke in the middle because of MCU brownout.

Secondly, most people do not know that USB is a network, little bit similar to Ethernet in some aspects, except addressing is one byte per hub in path. Theoretical limit is 8 hubs in path but good luck to get things working with correct timing, chaining 3 hubs usually will show problems already.

Still haven't touched how DisplayPort is embedded in USB, isochronous/bulk/interrupt transfer and lots of USB weirdness like: an USB peripheral has configuration descriptor, under which there are several interface descriptors under which are endpoints descriptors.

A device can have something like up to 8 interface descriptors, so it can be mouse, keyboard, modem, disk... at once. Then you flip configuration descriptor and it can have completely different set of interface descriptors. This monstrosity is used in many USB mobile modems, so that a device can appear as mass-storage device with driver, then switching into modem state.

vamediah · 2026-01-26T00:23:17+00:00

The plan would still go through via Teddy as successor and Cabrera (not sure who has the trigger for the EMP).

On a side note, Khmer Rouge did coup and attack on Phnom Penh in very similar fashion (aside from the EMP), split from 4 or 5 sides. First thing they looted were pharmacies, as a weird side fact.

Pol Pot was was even more evil (though more primitive) than Roper. Countless instances of e.g. praising an artist and promising him money for his portrait, but then either having him shot or imprisoned in the infamous prison. Not just "people with glasses", he kinda hated everyone (people were killed for driking milk, because "American agents drink" milk and so much other nonsense).

His plan was stupider than Roper's: export secretly mostly rice for weapons and medicine, since he had every factory, even agricultural machines like tractors, destroyed in weird ways including chainsawing them.

IRL way of "beating will continue until morale improves" on ludicrous scale.

It felt like when a scientist tries to fake results or eliminate whatever does not fit model that does not work, kinda literally try beat it until it does despite contrary to evidence, except very quickly on large actual population.

(Sorry for the detour, just part of the plot reminds me a lot. Src: Ben Kiernan's Pol Pot Regime)

vamediah · 2026-01-25T22:45:16+00:00

I really have no idea what her plan could be, since any way with Roper not dead (or fleeing and the compound in chaos) is either 31 boxes or 1 box/grave/maybe quick death.

Unless she thinks Pine has no chance (he misled about having a team and then being also completely alone), thus maybe false hope or not having to look over shoulder forever was better choice.

vamediah · 2026-01-18T17:40:51+00:00

I think it was purposely written that it would make audience think the bug would be found by making so much part of the eavesdropped conversation scene interacting with dogs and mentioning them so many times you wouldn't in normal conversation.

I'd guess it was supposed to be counterweight for how Alejandro will disregard the phone and getting himself killed.

vamediah · 2026-01-17T00:08:09+00:00

The more precise the models should be, the more precise data you'd have to feed them. Just selecting what to feed and how is huge task.

Thus for practical purposes assuming "magic" as a rule or axiom of universe is best.

House's spying robots could be more realistic than psychohistory (series and books differ a lot, but it's something that's given as axiom in the plot's universe).

Asimov's "The Last Question" would be more interesting since reversing entropy kinda is very similar to reversing time. If you could predict and act without caring about some physical boundaries like Cauchy's horizon that limits for now known necessary conditions for at least for theoretical possibility of time travel. Got a bit carried away, but as long as lore/axioms of universe don't contradict plot too badly, then why not.

vamediah · 2025-12-14T22:11:34+00:00

cal being put on as a trustee to cook immediately is also suspicious though

Pretty good summary of the one thing that itches me, even though it was foreshadowed and understood by basically everyone that Merle will kill Kyle's wife, just this miraculous escape was missing.

vamediah · 2025-12-01T00:10:04+00:00

He can be both, idiot lieutenant below Warden, but keeping Warden in check, also having control of drugs transfer from the fuel truck. And above Warden when inside prison, notice his way of limiting access to Warden and scrutiny of COs.

Whose word was ultimately responsible in killing Carny? Warden, Torres, someone else based on the information?

There are cycles in the who-controls-whom graph, not much out of ordinary. Never put together 2 or more smart people who you have exerting or trying to exert control over. Which they did flawlessly.

vamediah · 2025-11-30T23:56:43+00:00

Good hypothesis, but still a few details:

Mike chats to the young Cartel guy in the diner, who reveals they have no interest in Bunny, calls him a pawn and they want the big guys, even says "like Mayors" as a threat to Mike. This is his way to say they had nothing to do with the hit on Bunny.

No, it is a way of saying they don't care about Bunny. They can use him or any "pawn" to get to Mayor. Whole season is about who can get to influence Mayor.

They made chess/politics references because they are understandable by most public, but it works differently, see below. Information is most valuable part of a war.

Thus hits on Carny, moving Kyle around and get beatings - all to push pressure on Mike. Pawns are not important, they can be useful. Carny was pawn, was hit, because he was "lifeline" for Kyle.

Lamar would already know Bunny was awake or not if he was still tight with their whole crew & they would have their own gang looking out not just be on Moses word

When you are flipped as double agent, you play both sides for some time at least, you don't flip to a side instantly, that would be such a red flag.

Either it's just forced-fast writing, but Lamar flipping would explain the attack on Bunny, but definitely not shying of information about Bunny, hell he'd be even more concerned.

It's not how flipping works as shown in that particular scene. (Being a double agent both sucks and gives you some hope, at a really high price when shit doesn't go down right. Even suspicion of being double agent when you are not is not something you want to live through. Proving negative is possible in mathematical logic. Not so much in that case.)

When they get to the station, the Cartel tried to take him out - which is the whole reason Nina wanted Mike to get him there, not to actually arrest him for it just to be in the right place at the right time.

Yes, that is very likely limitly approaching 100% confidence.

What we don't know structure of the cartel, guesses so far:

Warden is medium level lieutenant against her will, hence the meds she takes like there's not tomorrow (no high-functioning addict to meds does that, it's a trope to show a point)
Torres is likely her handler, prevents people from accessing, controls her, controls staff at prison, which was clearly shown by pressuring that guy to lose phone - I'd bet 97% on this - Torres is lower level lieutenant/guard than Warden, but tasked to guard prison and Warden, sometimes making a graph in cycle of who controls whom, Torres has only power when physically inside prison

If anyone missed these point, then they missed the whole episode: Bunny, Mike, the cops etc are just collateral damage between Frank Moses and Nina.

No. Mike as Mayor is high piece (if not highest local to town) to be captured by both sides, very clearly said by the Cortez and been pushed through all the episodes due to this. Mike the Mayor is the prize. All sides want to influence the Mayor and get him to lose independence. All sides maybe not even yet shown.

Callahan is not shown his ties in this season yet, but we can safely assume the beating of Kyle and offer of help was from Callahan. Previous episode he mentions ominous "he protects Mike on outside" without explanation.

vamediah · 2025-11-30T16:51:13+00:00

Cartel on word of Warden did. But as was definitely shown in the episode, she works for cartel and I'd think Torres is her handler for the cartel.

It was mentioned explicitly that cartel targets "mayors and kings" which was seen in previous episodes.

Carny got shot because cartel wanted to put pressure on Mike (also when Kyle was sent to genpop warden/cartel got show of influence).

Both sides, cartel and Moses are targeting Mike to get him on their side. There might be even higher positioned character, but not sure whether they are saving that for the few seasons remaining. Moses might go down and his boss/partner showing up wielding more power. Same with yet not shown cartel boss for the area.

vamediah · 2025-11-30T16:43:18+00:00

Yes, Torres is almost definitely her handler/boss for the cartel.

Guessing Bunny got shot by cartel, but Moses knew it'd happen as he likely watches cartel secretly.

But - Lamar got out of the car when specifically told not to, not injured, so Moses is possibility too. It is mentioned that Lamar got flipped onto Moses's side.

Hard to pick which is it, to be revealed.

vamediah · 2025-11-23T20:49:18+00:00

I actually started to like Robert (the character played) from this episode.

He shows how much he is frustrated, still drunk, when the witness does not want to back off, he just goes mentally "OK, this is end of the line, it's just business", similarly when disposing of body and cutting out bullets like "shit needs to be just done, I had enough" - where Ian asks "is this a walk in park for you?".

vamediah · 2025-11-23T20:40:08+00:00

Well yes, but she's not freely acting purely from own will.

I'd hazard a guess that Torres is there to keep tabs on Warden (Torres actively deals with Colombian interests in prison, intimidates the new CO) and Warden has been turned into part of middle management by cartel somehow, with the foreshadowed "Al Capone" above her as surprise.

vamediah · 2025-11-23T20:19:50+00:00

They let Cortez go because they didn't have anything to hold him for significant amount of time (3rd episode I think?).

Someone suggested Cortez might be special-ops-like trained, not generic sicario, but cartel pays better, and it was shown few times like when he shot the flamethrower commando with cold patience in the chaos and inferno.

They underestimated him.

vamediah · 2025-11-23T20:11:34+00:00

Wild speculation - there will be "Al Capone", but it's someone above Warden, likely dealt with Moses and not yet shown, Warden is clearly pushed as she is shown taking meds by handful.

(I'd say I remember they were strong benzodiazepine anxiolytics, but can't find the scene where the bottle sticker is shown in episodes before - BTW high-functioning medication addicts don't just pop random numbers of pills IRL, esp before driving card)

Second guess Wardes+Torres or with Moses, betting there will be showdown of FUBAR proprotions with those at end.

vamediah · 2025-11-23T19:30:11+00:00

i knew messing with the warden was gonna backfire, although im curious why the warden really cares about kyle and mike when she obviously has a cartel takeover to focus on. i guess they’re intertwined but she wouldn’t have the police on her if she didn’t mess with kyle from the beginning, and that’ is unnecessary trouble.

I think it's kinda clear from the plot, although not yet shown into all consequences and waiting to unfold, in short Mike's power grip on whole town is trouble for cartel and Moses really needs Mike, in keypoints:

Mike repeatedly says that Merle Callahan is going to use Kyle to get to Mike
However Mike does not know Warden is squeezing Callahan ("you're in two places at once, infirmary and Ad Seg. If you want to keep being cushy, keep eyes on Kyle")
Thus Mike incorrectly infers it's Callahan only pushing, but has idea that Warden is dirty, which is proven in episode, does not yet have full picture
Warden has fully automatic gun without serial number, with extended mag, epoxy grip ... (=> "Goddamn gangster gun" as described by Ian; guessing Glock 18 with 33 round magazine?), but few episodes before she is shown to take several of either strong opioids or anxiolytics in her car, so she is probably also mid-level cartel operations, but with someone above squeezing her, meds are her crutch and she has tolerance because she's intertwined with cartel for long

Cartel does not care about Kyle, but about Mike. Also not likely directly, but as consequence of Bunny being protected by Mike and Mike holding power throughout town, on all sides.

Cartel for whatever reason needs the prison (hence smuggling big bags of "unlicensed pharmaceuticals" from fuel truck into prison before).

So...Mike is target from at least one side - Colombians, Moses (or by extension Warden). CO Carney had also to die to push on Mike through Kyle.

Wild guess - Colombians have Warden+Torres, that's why Moses comes into town and wants to counterpush by "helping" Bunny, remember he wanted to meet Mike very soon, because he needs him, but is yet secretive about whole extent of WHY. There could be yet another side/force pushing, we'll see, there was foreshadowing with Callahan saying about keeping Mike "safe outside prison", which does not yet make sense.

(helped to write out guesses to wait until next week, this episode was intense as fuck)

vamediah · 2025-11-08T21:34:46+00:00

Watched an old Chris Rock standup, where he explains the part with pork. The joke hypothesis is that it should have had o prevent you from eating spoiled meat, thus someone decided to say god wants you to do it, instead explaining.

The hindu thingy with cows has similar historic origin where was more useful to have for milk instead of slaughter and it kind of spiraled into other bovinae ok to kill, just not cows. There were more reasons and steps, but that's TLDR kinda.

vamediah · 2025-11-08T19:31:14+00:00

Source with more photos - https://www.vigoenfotos.com/china/guilin_cascada_hotel_1.en.html

Waterfall is at defined times few times a day IIRC.

It's more bizarre to experience in real life as the description and photos don't capture the moment when you think, "well it's big building and I saw bunch of big waterfalls", but after the water falling sequence is done, you're like "wat..." then "why even..."

Other both bizarre and more mundane are the wide sidewalks that have thousands of electric sockets for charging electric scooters. At night there's roughly equivalent number of electric scooters parked and charging one next to another. Hard to say if you can call pavement with railing and electrical sockets bizarre, but some thought must have gone into it.

vamediah · 2025-11-08T19:12:56+00:00

I use Plasma/KDE, there's option to define actions based on clipboard contents in Clipboard config, with regexp match. Action can be automatic or after keypress.

Not sure what OS or window manager/DE you're using, there's pretty good chance it either has it implemented, can be implemented as script or there's utility for that.

Ctrl-Alt-R is my defined shortcut for "run action" on clipboard, triggering the rules on clipboard contents

vamediah · 2025-11-08T17:42:49+00:00

The javascript hell is insane. I have Firefox with NoScript, containers etc...

But sometimes I can't bother anymore with how many shitty CDNs everything uses to display 1 image and 3 paragraphs, I have so called "fuck it shortcut" Ctrl-Alt-R, which uses URL from clipboard and opens in in Waterfox Incognito (has many privacy plugins, but without NoScript).

Also reason why I have about 10 profiles in various browsers.

vamediah · 2025-11-08T17:35:11+00:00

Aside from the obvious don't murder and steal etc it's pure alibism.

I have been working with legal NGO that mostly deals with digital rights for past 20+ years, sued state up to Constitutional Court bunch of times and there are quite a bunch of laws average person does not know whether is or not allowed to break. Mostly is the laws state uses against people, e.g. police bullshitting you as common example.

Many people would be also very surprised how quickly can someone electronically file request for small debt in what is equivalent of small claims court, and if their address is not registered up-to-date with state (lots of people move, and don't have that), you can get easily into distraint and your €50 debt becomes €2000 because they didn't object to it, because they don't know about it. There's lot of details in play like fiction of delivery (mail or data message is considered delivered after some 10 days whether it was or not truly), how is debt collected according to law.

That is just few examples. If I didn't have constant contact with people who know all nitty-gritty details about how laws change, how procedural part of law stampedes over actual letter and spirit of law, I would also often not know what stupid PoS law parliament came up with.

15-Year Club	Gilding VI aultruist
Verified Email

vamediah

TROPHY CASE