The News

Copy Fail is the latest branded exploit, with an LLM twist

Every single Linux nerd I know is losing their shit over Copy Fail, aka CVE-2026-31431. It's a tiny Python script that when run, scores a user root level permissions in every Linux distro shipped since 2017. You still need access to the computer in order to get root, but a local privilege escalation attack, that's extremely easy to run (it's just a Python script!), is a pretty big deal. It was surfaced by Xint Code, what appears to be an LLM-assisted static application security testing (SAST) tool and Xint's blog post provides the prompt they used: "this is the linux crypto/ subsystem. Please examine all codepaths reachable from userspace syscalls. Note one key observation: splice() can deliver page-cache references of read-only files (including setuid binaries) to crypto TX scatterlists". What a time to be alive.

EU tells Meta to do something about the kids under 13 still using Facebook and Instagram

Meta got busted by the EU's Digital Services Act for "failing to diligently identify, assess and mitigate the risks of minors under 13 years old accessing their services". The EU reckons that Meta's measures to keep people under 13 years old off Facebook and Instagram are pissweak (simply asking someone signing up if they're over 13 years old isn't good enough) and if someone is reported to Meta as being under 13, Meta appears to do nothing about it. The EU also appears to be doing nothing about it. We've known for over a decade this is happening, yet nothing changes. Meta now has the opportunity to "strengthen their measures to prevent, detect and remove minors under the age of 13 from their service" and "effectively counter and mitigate risks that minors under the age of 13 could experience on the platforms" - and if they don't, there's a big fine. But I have little faith in meaningful change coming from a government or big tech company.

OpenAI’s made some wild blog posts in the last 24 hours about goblins & mass shootings

OpenAI is totally aware that ChatGPT keeps talking about goblins, publishing a blog post trying to explain what the fuck is going on. It seems like some people liked the goblin references in ChatGPT's output and because it was "rewarded" for this behaviour, it was reinforced across multiple GPT models, escaping its "Nerdy personality" (you can give ChatGPT personalities lol) prison. Also on the OpenAI blog, they wanted to remind us that "mass shootings, threats against public officials, bombing attempts, and attacks on communities and individuals" are "unacceptable" (oh really?) and that they work really really really hard to "mitigate risks of harm" and "monitor and enforce our rules". I wonder why OpenAI needed to make a blog post about this? Ahhh, they're being sued by the families of people killed in "one of the deadliest mass shootings in Canada's history", because the murderer was banned from ChatGPT for a "credible threat of gun violence in the real world" but OpenAI didn't tell police. Oopsie! Sam Altman is really sorry okay?

Oh, Also

Hoyts is rolling out 10 new IMAX screens by 2028

IMAX and Hoyts have signed a deal that'll bring 10 new IMAX screens and laser projectors in Australia and NZ by 2028. The press release doesn't say if these screens will be real IMAX screens (1.43:1 aspect ratio or GTFO), but it does mention they'll be the latest 4K laser projectors, which are arguably as good (if not better) than the revered, but rare, 15/70 film projectors. This announcement also shows that the cinema isn't dead. It's just that the baseline expectations for cinemas are now really high. Why would a movie fan pay $15-$25 to watch a movie on a screen that's poorer quality than the 100" Dolby Vision TV they may have at home, on a potentially crappier sound system than their 5.1.4 Dolby Atmos setup, in a room full of people making noise? But they do pay $35-$40 to watch a movie in an IMAX cinema, in the correct aspect ratio, super bright and sharp laser projector and ball tearing sound, as the director intended - so that's what the cinema owners are doing.

Bargains

The End

😎 The Sizzle was cooked by Cam Wilson every weekday. It’s now BBQ’d by Anthony “decryption” Agius.

🤖 We love robots at the Sizzle but this newsletter has always been and will always be written by humans for humans. Also by Aussies for Aussies — so all prices are in dollarydoos.

💬 Want to hang out with other Sizzlers? There’s a subscriber-only Slack and forum if you want to procrastinate and chat about tech-related news.

🌐 The Sizzle is on Bluesky, Mastodon and LinkedIn if you’re feeling social.

💳 Are you a paid subscriber looking to manage your billing info, change email address or cancel your subscription? Visit the Beehiiv customer portal.

🦺 The Sizzle has been tested to meet and exceed ISO 3533 standards.

Always Was, Always Will Be Aboriginal Land

The Sizzle is created on Wathaurong land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders past and present.