Show more

All the time when I'm installing NixOS on the server machine and forget to add swap.

Here are results of testing exploits from with the LKRG by Openwall (

For unprepared (no code to bypass LKRG) exploits it actually works well. Only CVE-2016-5195 (aka Dirty COW) still works.

Show thread

out-of-tree v1.4.0 has been released:

Added ability to preload any supported kernel module just by a URL. It can be used to develop new mitigations and test existing exploits against them.

Checkout example of usage with LKRG here:

Mastodon is yet another mastodon instance.