this post was submitted on 11 Jul 2026
276 points (98.6% liked)

Selfhosted

60693 readers
311 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] vane@lemmy.world 79 points 4 days ago (2 children)

If it was microsoft they would ban github and gitlab account and not give cve.

[–] possiblylinux127@lemmy.zip 44 points 3 days ago (2 children)

I'm not a big Google fan but I will give credit where credit is due

They do put their money where their mouth is

[–] vane@lemmy.world 18 points 3 days ago

I hate google but they still pay good money to opensource and take responsibility by organizing google summer of code.

[–] muusemuuse@sh.itjust.works 3 points 2 days ago

Well money is all they have anymore.

[–] muusemuuse@sh.itjust.works 1 points 2 days ago

Bluehammer guy is going exactly what he needs to do. This is a whole different issue and it’s demonstrating responsible disclosure working exactly the way it’s supposed to.

[–] irmadlad@lemmy.world 105 points 4 days ago (12 children)

A separate vulnerability in Linux allows users with limited rights to escalate to root. Tracked as CVE-2026-43499, it lurked in the OS for 15 years. Researchers from Nebula Security said they discovered it using Vega, Nebula’s AI-assisted vulnerability scanner. Matt Lucas, a researcher and founder of RedEye Security, explained

This will become more and more common as we use AI to find vulnerabilities faster (hopefully) than bad actors can use AI to find vulnerabilities.

[–] Tangent5280@lemmy.world 84 points 4 days ago (3 children)

If you pay attention you can hear a hundred NSA assholes tear their hair out

[–] panda_abyss@lemmy.ca 1 points 1 day ago

This is why they restrict Mythos and similar.

They want the vulnerability machine, and they don’t want you to have it.

[–] mlg@lemmy.world 43 points 4 days ago* (last edited 3 days ago) (1 children)

20 years of hoarding CVEs down the drain.

Now they'll never be able to gg ez their way into any country and will have to actually use their bribery budget to get more implants lol.

[–] sp3ctr4l@lemmy.dbzer0.com 25 points 4 days ago* (last edited 4 days ago)

Which means the new paradigm will be 'every piece of hardware is a supply chain attack.'

cough TPM 2 cough

[–] chicken@lemmy.dbzer0.com 7 points 4 days ago (1 children)

You don't think frontier AI models are leaving some out deliberately?

[–] Reannlegge@lemmy.ca 19 points 3 days ago

If they leave it out someone else will find it, the days of leaving things out deliberately past.

[–] mnemonicmonkeys@sh.itjust.works 21 points 3 days ago (1 children)

Keep in mind that the rate of errors caught by AI will not be consistent. It will drop off over time.

While I'm no fan of AI, that has nothing to do with it. Adding AI to error detection suites is (mostly) fine so long as you don't remove more tradional methods like code review, manually set up unit tests, and properly reviewing each failed test instead of just letting the AI slop in a patch.

My point is that any test you add to an existing codebase is going to catch a decent number of issues at first, then over time it will drop off as pre-existing issues get resolved. Then you'll be left with the lower rate of new issues from updates.

AI isn't a silver bullet. It (sometimes) is another tool in the toolbox.

[–] irmadlad@lemmy.world 13 points 3 days ago

AI isn’t a silver bullet. It (sometimes) is another tool in the toolbox.

I would fully agree with that statement.

load more comments (10 replies)
[–] Evotech@lemmy.world 6 points 2 days ago (1 children)

Google uses https://github.com/google/gvisor in GCP. So it’s not affected by most vulnerabilities like this. But still makes sense they want the tech. Vm escapes would be really bad for them.

[–] possiblylinux127@lemmy.zip 3 points 2 days ago

That is for containers not VMs

[–] helix@feddit.org 9 points 3 days ago* (last edited 2 days ago) (1 children)

ugh shit next week will be awful at work patching all those servers. At least they found it before bad actors did.

[–] rmrf@lemmy.ml 2 points 3 days ago (1 children)

What KVM based hypervisor do you use that you can't just use ansible or some first party LCM to do it automatically?

[–] helix@feddit.org 2 points 2 days ago (1 children)

Using Ansible, but it still means I need to run it and schedule patches etc. – you can't just patch stuff when people are currently working on it.

[–] rmrf@lemmy.ml 1 points 2 days ago (1 children)

Ansible against which hypervisor?

[–] helix@feddit.org 2 points 2 days ago

Nice try Mr Hacker, you're not getting anything out of this BOFH 🙃

[–] muusemuuse@sh.itjust.works 3 points 2 days ago

Oh AWS is gonna be spicy this week.

load more comments
view more: next ›