Feed aggregator

Article URL: https://tickerdb.com/

Comments URL: https://news.ycombinator.com/item?id=48304570

Points: 1

# Comments: 0

Article URL: https://sigbovik.org/2026/proceedings.pdf

Comments URL: https://news.ycombinator.com/item?id=48304528

Points: 2

# Comments: 0

Article URL: https://english.kyodonews.net/articles/-/76763

Comments URL: https://news.ycombinator.com/item?id=48304525

Points: 1

# Comments: 0

Article URL: https://electric.ax/blog/2026/02/19/amdahls-law-for-ai-agents

Comments URL: https://news.ycombinator.com/item?id=48304513

Points: 1

# Comments: 0

Article URL: https://www.classcrunchlabs.org/

Comments URL: https://news.ycombinator.com/item?id=48304482

Points: 2

# Comments: 0

Article URL: https://github.com/jndean/gpusnek

Comments URL: https://news.ycombinator.com/item?id=48304455

Points: 1

# Comments: 0

Article URL: https://news.un.org/en/story/2025/05/1163751

Comments URL: https://news.ycombinator.com/item?id=48304452

Points: 3

# Comments: 0

Article URL: https://americanhistory.si.edu/explore/exhibitions/value-money/online/new-acquisitions/saddle-ridge-hoard

Comments URL: https://news.ycombinator.com/item?id=48304421

Points: 2

# Comments: 0

Article URL: https://lukaswerner.com/post/2026-05-27@genz-neoengineer

Comments URL: https://news.ycombinator.com/item?id=48304410

Points: 2

# Comments: 1

Article URL: https://klcjournal.com/want-to-pack-a-public-meeting-in-kansas-just-say-its-about-a-data-center/

Comments URL: https://news.ycombinator.com/item?id=48304400

Points: 2

# Comments: 0

Article URL: https://www.bostonglobe.com/2026/05/26/opinion/science-funding-cuts-mit/

Comments URL: https://news.ycombinator.com/item?id=48304379

Points: 4

# Comments: 0

I built a Linux CLI tool that encrypts and decrypts folders using AES-256-GCM. It also hides file and folder names and stores the mapping in an encrypted file.

Repo: https://github.com/sahilPadmani/ACE-files-encryption

Comments URL: https://news.ycombinator.com/item?id=48304365

Points: 1

# Comments: 0

Article URL: https://github.com/straff2002/OpenGlasses

Comments URL: https://news.ycombinator.com/item?id=48304298

Points: 2

# Comments: 0

Article URL: https://www.mckinsey.com/capabilities/quantumblack/our-insights/from-ai-table-stakes-to-ai-advantage-building-competitive-moats

Comments URL: https://news.ycombinator.com/item?id=48304292

Points: 2

# Comments: 0

Article URL: https://hallucinate.site

Comments URL: https://news.ycombinator.com/item?id=48304260

Points: 19

# Comments: 0

Article URL: https://plc.vc/cdx

Comments URL: https://news.ycombinator.com/item?id=48304255

Points: 2

# Comments: 0

Article URL: https://github.com/jarrydac/relativistic-space-invaders/

Comments URL: https://news.ycombinator.com/item?id=48304249

Points: 3

# Comments: 0

On May 7, Hyunwoo Kim (V4bel) disclosed Dirty Frag — two Linux kernel vulnerabilities (CVE-2026-43284 and CVE-2026-43500) that give unprivileged users deterministic root on most Linux distributions shipped since 2017. Microsoft confirmed active exploitation the next day.

We build declaw.ai — sandboxing infrastructure for AI agents, on Firecracker microVMs. We run untrusted code we don't write and can't predict, so when Dirty Frag dropped our first question was: does our isolation boundary hold? We tested it on a deliberately unpatched kernel. It held. Here's why.

The exploit is a page-cache write primitive: it tricks the kernel into overwriting the in-memory contents of any file (/usr/bin/su, /etc/passwd) and gives root. Fully deterministic, no race.

Why it matters for multi-tenant platforms: the page cache is shared across the whole machine. Containers share the host kernel, and namespace isolation, seccomp, and dropped capabilities are all enforced by that kernel. A kernel exploit doesn't need to escape the container — it operates below the layer where container isolation exists. Same structural issue as Dirty COW (2016) and Dirty Pipe (2022). On the day a zero-day drops, before any patch exists, every container-based sandbox sharing that kernel is exposed. Patching closes the window after the fact; it can't close it in advance.

We ran the public PoC (ESP path, CVE-2026-43284) in two environments.

Test 1 — container sandbox (Docker, seccomp on, unprivileged uid=1001, host kernel 6.8.0): unprivileged user to root in under 2 seconds. Seccomp was active but didn't help — the required syscalls were permitted by the profile. With root we read /etc/shadow, host kernel boot params, and Docker overlay2 paths.

Test 2 — Firecracker microVM (unpatched guest kernel, no seccomp, started as root with full capabilities — intentionally MORE permissive than test 1). The exploit worked inside the guest, but every attempt to reach the host failed: host kernel not visible, host processes invisible (the guest has its own kthreadd/kswapd), all host ports closed, only virtual block devices, no host hardware identity. The page cache it corrupted belongs to the guest's own kernel, mapped to a bounded region of host memory via EPT.

The asymmetry is the point: the microVM started with more privilege than the container and still couldn't reach the host. What matters isn't what permissions the software grants — it's whether the kernel is shared. To escape Firecracker you'd need a bug in the VMM (~50K lines of Rust) or KVM; Google's kvmCTF pays $250K for a guest-to-host escape and only one has ever been publicly demonstrated.

If you run untrusted code multi-tenant, the question for any isolation provider: if code inside the sandbox becomes root, can it reach the host or other tenants? If the answer is "as long as we're patched" — that's the gap.

PoC: https://github.com/V4bel/dirtyfrag Full writeup (commands + output): https://declaw.ai/blog/dirty-frag-microvm-isolation

Comments URL: https://news.ycombinator.com/item?id=48304227

Points: 2

# Comments: 0

Article URL: https://www.youtube.com/watch?v=gb0dY7VyoBg

Comments URL: https://news.ycombinator.com/item?id=48304168

Points: 1

# Comments: 0