There's a large gap between what they do (same env var disables this since the beginning) vs Microsoft bucking it's way through AI coauthorship credit in a multi potential author china shop, though.
In what way is it "not a special bug"? It's a publicly known root access from RCE exploit. Those cannot be a dime a dozen. I'm sure it's especially interesting for any shared hosting services which might be affected, and could be delayed. I could find any places running containered services and exfiltrate secrets parallel services, no?
What constitutes "special" for you, out of curiosity? Something chaining with a hypervisor exploit?
It's not RCE it's an LPE in an obscure corner of the kernel attack surface that no sensible application depends on. They are absolutely a dime a dozen.
Even just in AF_ALG there have been several such vulns fixed in 2026 already. Kernel wide probably hundreds. It's true that most of them will be harder to exploit than this one but that just means you need to prompt your AI a bit harder to get an exploit. (To be fair, in a lot of cases it's gonna be hard to escalate privs without crashing the machine).
Ubuntu has userns restrictions now which takes away the main sources of LPEs (random qdiscs, nftables, all that garbage) but there are still huge numbers of these vulns.
This is why platforms that do native untrusted code executions have extreme sandboxing. Note Android and ChromeOS aren't affected coz they already knew this code was broken and hide it from unpriv workloads.
You can't run untrusted code on Linux without either a very very carefully designed sandboxing layer (like Android/ChromeOS) or virtualization. copy.fail is just one among tens of thousands of reasons for this, and it's a pretty uninteresting one at that.
What is "special" depends on your usecase but for my job it's mostly about stuff that's exposed to KVM guests. Biggest source of concerning vulns for us is probably vhost. I expect there are also lots of undiscovered and scary vulns in places like virtiofs, vfio, DAX, and wherever we do device passthrough.
> I could find any places running containered services and exfiltrate secrets parallel services, no?
Yes. Regardless of copy.fail. Cloud providers don't do that without a VM layer. (If yours does, you need to switch).
The cope of some people is insane. Why even have UID:GID? All you need is 0:0. I always tell people to run everything as root because there is literally no point.
Well, there's still value in users and namespaces! Just, it's not a strong security boundary.
Also even if it's not strong, it doesn't mean it's entirely worthless. You can't rely on it, but it's usually free and it still buys you time / increases attack cost.
Like, if you leave 100k cash in a car on the street in SF, that's dumb. If you really need to do that for some strange reason, you should hire a security guard to watch your car, because cars a not a good security boundary. BUT, that doesn't mean you would leave the car unlocked just coz someone's watching it!
They're not dime a dozen exactly but LPE bugs in Linux (and common Linux distros) are easily common enough that nobody sane relies on user isolation as a serious security boundary.
Clouds use VMs as the security barrier, which is also not always 100% perfect, but is much better.
It could be useful as part of an exploit chain but generally once you've got to local code execution it's not going to be difficult to get further.
A "special" bug would be something that defeats a security barrier that people actually use, e.g. something that works remotely, or as you say - a hypervisor hack.
In my undergrad I did a grad course on advanced mine ventilation, modeling the fluid dynamics of clearing out blast gasses from a room and pillar salt mine in Southern Ontario. The company had reached out to the professor a year or two ago asking for help understanding why it took so long for blast gasses to clear (which is obviously something to minimize). I was pretty proud I was able to reproduce the measured air velocities with my model, but while preparing my presentation at the end of the semester, I read the a month before I started my project the mine had switched to road headers (mechanical rock breaking, appropriate only in soft rock mines like salt, potash, and coal) and so my research, while interesting, seemed a little pointless.
They have some really unique challenges in salt mines, for those who enjoy reading into it. "Les Îles de la Madelaine" in the St. Lawrence seaway is a kitesurfing destination with an absolutely incredible salt mine, for anyone curious[1].
I bet the decision had been made many months before. If they had started operations already they would have needed to invest probably millions in the equipment purchase, worker training, and so on. IIRC I had asked my prof and he didn't seem to be interested in investing the effort into presenting our findings, but never really elaborated further.
Kind of fun thinking back, but hopefully they weren't betting the farm solely on some university professor's at-his-pace work.
I'm a native English speaker who became fluent in (québecois) french as an adult, I could not agree more. I have a better chance knowing how to pronounce a new word in french vs. English.
Doesn't mean there aren't exceptions, but it's staggering how internally inconsistently English is.For example "read" and it's famous past tense, differently pronounced "read".
Still, we've got a couple fun ones au Québec, like betterave "bet-rav" caught me off guard or gruau "gree-au".
There's the classic squirrel/écureuil situation where the French word is hard to pronounce for English-speakers, and the English word is hard for French-speakers.
I built a suite of cli tools my last rotation at work for this exact reason. Made a contacts database using recutils with a go cli wrapper, used vikunja for Todo (with a cli wrapper from someone else), have all knowledge stored in a Johnny decimal folder structure with markdown summaries, and an automated typst document creation pipeline cli to blast out reports and posters and stuff, among a couple others. I basically did my job via terminal with agents after investing a couple days getting it set up, paid off very quickly.
I use Obsidian with my Claude (and Codex) but not sure what additional value the CLI would provide since it's just markdown files. What am I missing that a CLI provides for AI? And not sure how the sync fits into it unless there's a copy of the vault that the AI is working with over CLI? Can use a tip.
There are a lot of problems solved by tiny models. The huge ones are fun for large programming tasks, exploration, analysis, etc. but there's a massive amount of processing <10GB happening every day. Including on portable devices.
This is great even if it can't ever run Opus. Many people will be extremely happy about something like Phi accessible at lightning speed.
Positive results in mice also known as being a promising proof of concept. At this point, anything which deflates the enormous bubble around GPUs, memory, etc, is a welcome remedy. A decent amount of efficient, "good enough" AI will change the market very considerably, adding a segment for people who don't need frontier models. I'd be surprised if they didn't end up releasing something a lot bigger than they have.
