More

Skunkleton · 2026-01-11T22:20:43 1768170043

Yes, that is really all it is.

Skunkleton · 2026-01-02T23:25:59 1767396359

In the context of the kernel, it’s hard to say when that’s true. It’s very easy to fix some bug that resulted in a kernel crash without considering that it could possibly be part of some complex exploit chain. Basically any bug could be considered a security bug.

SSLy · 2026-01-02T23:34:49 1767396889

plainly, crash = DoS = security issue = CVE.

QED.

michaelt · 2026-01-03T00:25:40 1767399940

BRB, raising a CVE complaining the OOM killer exists.

pamcake · 2026-01-03T01:26:28 1767403588

Memory leaks are usually (accurately) treated as DoS. OoM killer is a mitigation to contain them and not DoS the entire OS.

worthless-trash · 2026-01-03T03:18:41 1767410321

I could be wrong. But operation by design isn't considered a bug.

samus · 2026-01-03T04:40:18 1767415218

It is if some other condition is violated that is more important. Then the design might have to be reconsidered.

suspended_state · 2026-01-03T08:21:27 1767428487

If it is faulty, then it's not a bug, it's a flaw.

lfllfkddl · 2026-01-03T20:36:59 1767472619

It is possible to design a security vulnerability.

worthless-trash · 2026-01-04T06:32:50 1767508370

Oh, now that is an exciting area.

SSLy · 2026-01-03T15:00:09 1767452409

you either get OOMed or next malloc fails and that's also going to wreck havoc

Skunkleton · 2025-12-24T23:02:50 1766617370

> The spontaneous explosions become so common and normalized that just about everyone knows someone who got caught up in one, a dead friend of a friend, at least

That’s an extraordinary claim.

pastel8739 · 2025-12-25T00:44:36 1766623476

This is a metaphor; do you think it’s an extraordinary claim to make for traffic accidents or even traffic deaths? To me it isn’t, at all.

Skunkleton · 2025-12-20T05:47:59 1766209679

Over commit is a design choice, and it is a design choice that is pretty core to Linux. Basic stuff like fork(), for example, gets wasteful when you don't over commit. Less obvious stuff like buffer caches also get less effective. There are certainly places where you would rather fail at allocation time, but that isn't everywhere and it doesn't belong as a default.

Skunkleton · 2025-11-23T17:29:25 1763918965

The question that isn't answered completely in the article is how useful are the pipelines for these startups? The article certainly implies that for at least some of these startups there very little value add in the wrapper.

Skunkleton · 2025-11-15T07:38:35 1763192315

This meme is tired. Let it rest boss.

Skunkleton · 2025-11-14T02:48:53 1763088533

Maybe I’m grumpy, but the old designs all look better and more functional to me.

Skunkleton · 2025-11-06T07:41:18 1762414878

If you find yourself getting in trouble, maybe you are solving the wrong problems?

Skunkleton · 2025-10-21T18:38:07 1761071887

A browser using your keychain seems like the least questionable bit, if anything.

Analemma_ · 2025-10-21T18:50:55 1761072655

Right, but most browsers aren't owned by money-losing startups desperate for any bit of training data they can get their hands on as scaling taps out.

I really doubt OpenAI consciously wants my passwords, but I could absolutely see a poorly-coded (or vibe-coded, lol) OpenAI process somehow getting my keychain into their training set anyway, and then somebody being able to ask Chat-GPT 6, "hey, what's Analemma_'s gmail password?" and it happily supplying it. The dismal state of LLM scraper behavior and its support (or lack thereof) of adherence to best practices lends credibility to this.

Skunkleton · 2025-09-20T22:51:33 1758408693

No case is great. I’ve taken to slapping a screen protector on my phone with no case. Keeps me from feeling bad about setting it face down.