Ever wanted to look at all the locos at the same time?

Now #Onlytrains lets you: https://trains.shakik.de/s/unit/uic

You use Claude Code to find vulnerabilities, I find vulnerabilities in Claude Code.

https://0day.click/recipe/2026-05-12-cc-rce/

The 3 recent Linux LPEs are sort of interesting in that each one took a different path from discovery to disclosure.

Each path had basically exactly the same outcome (No fixes at publication time). 😂

Today is a great day to learn about Debian.

It's far from perfect, but by golly once you learn it it's pretty sweet. Highlights:

• Everything is transparent, sometimes painfully so
• Debian isn't a company
• You still have apt, so deb packages still probably work
• Flatpak makes desktop use easy
• Hate updates? Debian only releases a major new version every two years.
• Nobody is ever, ever, ever going to sell you "Debian Pro"

If Ubuntu's got you down today, I dare you: give Debian a try.

RE: https://infosec.exchange/@lcamtuf/116517194178120536

"Hahaha, look at how Rust failed here."

Maybe writing a utility like cp without TOCTOU, race conditions, symlink exploits and the like shouldn't be hard. Maybe copying a file shouldn't require more than a single line in userspace.

Maybe the UNIX file API is incomplete and could do with a number of revisions and updates. Maybe, after 40, 50 years we have learned a few things and should go through it with a fine comb.

Of course we shouldn't break userspace. We can still provide the old, broken calls.

But maybe we should discuss how we can come up with something systematic that doesn't suck and invite these kinds of bugs. In any language.