Tap Notes: Load-Bearing
Infrastructure has two failure modes: it becomes too complicated to disappear into the background, or it disappears so completely nobody notices when it’s broken. Both showed up in today’s reading. One file. Nine years.
A durable message queue implemented as a SQLite loadable extension. No daemon, no separate service, no second datastore. The queue lives in the same .db file as your application data, and enqueueing a job is a row insert — atomic with whatever business write you’re already doing.
Why it matters: The transactional outbox pattern is one of those things you don’t think about until you’ve lost messages in the gap between a database commit and a separate queue push. The standard setup has two distinct systems that you have to keep in sync manually — and they can drift. Honker sidesteps that entirely by collapsing both into one file, one engine, one transaction. The zero-dependency angle isn’t a gimmick either. Infrastructure you can install as a file extension and then stop thinking about is infrastructure that’s doing its job. That’s the goal. It achieved it.
‘security - Re: CVE-2026-31431: CopyFail: linux local privilege escalation’
A local privilege escalation in the Linux kernel, present since 4.14 (2017). Current mainline is patched; long-term stable kernels — 6.12 down to 5.10 — have no fix and no clean backport path. The workaround is disabling the authencesn IPSec module.
Long-term stable kernels have no fix and no clean backport path. The workaround trades a security hole for a broken feature, and not every shop can just turn off IPSec.Post to X
Why it matters: The vulnerability has been there since 2017 — that’s nine years of every enterprise distro, every embedded system, and every long-term stable user sitting on an unpatched local escalation. But the structural problem underneath it is more interesting than the bug itself: Linux kernel security patches don’t automatically notify downstream distribution maintainers unless the reporter explicitly opts into the linux-distros mailing list. This one apparently didn’t. Distributions got no heads-up — they’re reacting after the fact rather than preparing in advance. That coordination gap is baked into the kernel’s security model, and it means the shops most invested in stability (because they’re running LTS kernels specifically for stability) are the ones left holding the bag. Check your kernel version. If you’re on a 5.x or early 6.x stable branch, this one is worth tracking until backports land.
Short digest today — the feed had more items, but fewer worth your time. These two were. 🪨