If this goes forward — $250 bill with Trump's face on it. — Chinese will get a huge kick out of it. "250" (二百五， èrbǎiwǔ) is a common Chinese insult meaning a half-wit, a blockhead, a fool. Comedy writes itself. 笑死.

Idk what to think anymore. Yes this is a real job.

WSJ: The Midwestern Exodus Is Finally Ending - Longtime migration away from parts of Rust Belt starts to reverse; housing affordability is pull for metro areas like Akron, Ohio. wsj.com/us-news/akron-ohio-m…

One of my favorite interviews was with @StephenAtHome He GOT my humor. Wishing you only the best in your journey beyond your talk show. We need your voice more than ever! @colbertlateshow

I’m here for the gloves-off version of Massie. People seem to forget he still has 7 months left in Congress, and at this point there’s probably not much incentive for him to play nice or stay quiet. 😉🔥

I compare and contrast the boos for AI at graduations with the cheers for AI at Google IO in today's New Things newsletter. Read and subscribe here: thenewthings.com/p/why-this-…

Age-verification laws designed for iOS & Android are creating headaches for the open-source world, and the Linux community is pushing back. Our founder, Carl Richell, has been one of the voices engaging directly with lawmakers on this. As he testified before a Colorado House committee: "Open-source software ensures that everyone, regardless of age or background, can learn, experiment, and build at the most fundamental level." Colorado just passed an open-source exemption, but similar bills are moving in CA, IL, and NY. @verge has the full story. A gift link to the article is in the comments and is valid for the next 4 days.

Husky pup meets kitten for the first time

Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?

A 24 year-old is assigned to strangers’s old phone number. It changes both their lives follow their journey @Verndawgtales on Instagram now‼️

1.6 million voters approved the redistricting in Virginia. 4 judges denied them.

The CDC actually had a special department to investigate infectious disease outbreaks on cruise ships In April 2025, RFK Jr fired them all ....

anybody have any tips for this pal in kenya looking for hardware to practice on?

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

Federal authorities have finally located Antifa’s highly sophisticated secret messaging center:

A photo of seashells, really? #snowflake

RT @TaylorLorenz: I feel insane. We had the chance to STOP this law but no one cared. Now everyone cares after it went through. It’s terrib…