惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
Lohrmann on Cybersecurity
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
S
Schneier on Security
I
Intezer
Latest news
Latest news
N
News and Events Feed by Topic
Scott Helme
Scott Helme
T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
U
Unit 42
量子位
博客园 - 【当耐特】
S
Security @ Cisco Blogs
Google Online Security Blog
Google Online Security Blog
博客园 - 叶小钗
酷 壳 – CoolShell
酷 壳 – CoolShell
NISL@THU
NISL@THU
The Cloudflare Blog
李成银的技术随笔
T
ThreatConnect
L
LINUX DO - 最新话题
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
有赞技术团队
有赞技术团队
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Jina AI
Jina AI
T
Tor Project blog
The Hacker News
The Hacker News
人人都是产品经理
人人都是产品经理
小众软件
小众软件
S
Security Archives - TechRepublic
美团技术团队
博客园 - Franky
Security Latest
Security Latest
J
Java Code Geeks
P
Proofpoint News Feed
V
V2EX
The GitHub Blog
The GitHub Blog
WordPress大学
WordPress大学
Application and Cybersecurity Blog
Application and Cybersecurity Blog
H
Help Net Security
PCI Perspectives
PCI Perspectives
Cyberwarzone
Cyberwarzone
Hugging Face - Blog
Hugging Face - Blog
N
Netflix TechBlog - Medium
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
SecWiki News
SecWiki News
腾讯CDC
爱范儿
爱范儿
D
Docker

DEV Community

From Half‑dead Prototype to Local‑Only AI Medical Assistant: Rewiring MedClinic with GitHub Copilot What’s Actually Happening When You Use Git Preventing Recursive Tool Loops in LangChain Agents Building a Rock-Paper-Scissors CLI with TypeScript — Union Types, Conditionals, and Jest Your AI Coding Agent Wastes 80% of Its Context. Fixed That with Graph Theory. Why Flutter Has Become the Go-To Framework for Fintech App Development We built a scripting language just for AI agents. Here's why. Stop building AI inboxes. Build decision layers instead. Meme Monday Why I Built @editora/ui-react? Are AI tools the next level of abstraction in software development? Identity on Solana: Your Wallet Is Your Account One API Call Changed Everything The Internet Career Nobody Talks About Enough: What Is DevRel? Solar Panel Wiring Diagram: Series vs Parallel Hello everyone! Glad to join the dev.to community I Built an AI Agent That Tailors My Resume - Here's How Agents Actually Work I Built a WhatsApp OTP + AI Chatbot Platform for African Businesses MTP Explained — And Why It Matters for Android on Mac Most Beginners Learn Full-Stack Development Backwards GitHub Glow-Up: Open Source, READMEs, Badges, Streaks, Git and gh CLI System Design Cheat Sheet: Concepts Every Developer Should Know Are Junior Developer Roles Actually Dying? A Fresher's Honest Take Using DigitalOcean Droplets as Ephemeral Sandboxes for AI Agents I built a VSCode extension that visualises your code navigation as a call tree — made for legacy codebase pain Vite predev/prebuild: chaining scripts without losing your mind A website to save you from messy browser tabs Dear Web2 Developer... Solana is here calling Postgres JSONB indexes: GIN vs BTREE on the same column The $5 AI That Remembers Everything What are your goals for the week? #180 Zettelkasten for Developers: A Practical Method That Works OpenClaw vs Hermes Agent: Stars, Downloads & Usage 2026 `act` vs. `waitFor` Global Teams Don’t Struggle With Time Zones. They Struggle With Context Python as a JavaScript Dev $5.4 Billion in Damage. 8.5 Million Machines Down. Three YAML Controls Would Have Prevented It. Here's the Structural Analysis. 🚫 Stop Using PN532 V1 for Your NFC Projects (Real Debugging Experience) Probabilistic Graph Neural Inference for smart agriculture microgrid orchestration for extreme data sparsity scenarios Inference Is Becoming the New Steady-State Cost Center Why AI-Generated Code Is Always Good Enough — And Never Great I built a dark admin dashboard template in HTML — no React, no npm, just pure HTML What is the Difference Between Lattice-Based and Hash-Based Signatures? Next.js App Router caching: revalidate, dynamic, and no-store without the folklore Next.js App Router caching: revalidate, dynamic y no-store sin folklore I built Stashly — a full-stack content manager with a rich text editor published: false tags: react, node, mongodb, typescript Why I Started Building React Projects Instead of Just Watching Tutorials ? Every Tool Eventually Becomes Tuesday Nobody Warns You That Real Software Engineering Feels Chaotic Tích hợp VNPay, Stripe trong Odoo 19 BeautifulSoup and Requests for Web Scraping With Python: When Simple Still Works I Was Stuck Debugging React — Then Developer Tools Changed It Buck Converter Ripple: Sizing the Inductor and Capacitor With Confidence AWS Just Made Its MCP Server Generally Available. Here's What It Actually Gives AI Agents. RAMPART Tests Your AI Agents in Dev. What Catches Malicious Tool Calls in Production? Vibe Team Software Engineering: What a Real AI Human Dev Team Workflow Actually Looks Like An npm Package for AI Agent Orchestration Just Shipped With Its Front Door Unlocked. Here's What the CVE Actually Reveals. Microsoft Foundry Just Added CI/CD for AI Agents. Here's What That Actually Changes. The Best Career Insurance Is a Tech Event You Don't Want to Attend Your GitHub Profile Already Tells Recruiters More Than Your Resume. Most Devs Just Don't Surface It. How to Add Execution Budgets to OpenAI Agents SDK Binary Tree Interview Problems: 6 Traversal Patterns, 15 Problems We trained a personal voice DoRA on Qwen3-8B for $1.50 — beat stock model 100% in blind A/B Stop Leaking API Keys: Why I Built a Local-First Vault for Developers 🔐 RAG Explained: How Retrieval-Augmented Generation Actually Works I Built a Fast Async JioSaavn API Wrapper in Python 🎧 chown & chgrp Deploying Your First App on Kubernetes: A Beginner's Guide (Minikube & Kind) Logs in code It's called a PR "review" for a reason DePIN GPU Market: The Failed Job Receipt Developers Should Demand Why Your AI Agent Monitoring is Wrong (And How to Fix It) Lock Down Your Cloud Shares: A Beginner’s Guide to Azure Files Security. Building a Multi-Channel Content Syndication Pipeline with EmDash Plugins Turn Your Phone Into Voice Input for Any React Text Field Which package is bloating your Docker image? Putting Claude Code Under Version Control: Configs Since July, Memory Since April What I Thought DevRel Was vs. What It Actually Is (A Mentee's Honest Take) What I Thought DevRel Was vs. What It Actually Is (A Mentee's Honest Take) 400 Million Tokens Burned Overnight Reviving My Linux Mastery Game from a Merge Conflict — A Finish-Up-A-Thon Comeback Don’t let AI break your collective thinking: a practical guide for engineering teams First Gemma 4 ExecuTorch Deployment on Raspberry Pi 5 — and Why It's 7.7 Slower Than llama.cpp Per-Turn Evaluation: Dynamic Governance for AI Agents The AI Triforce of seed4j: Power, Wisdom, and Courage for Your Dev Agent Your AI agent reports 80% task completion. It fabricated it. Pourquoi les overlays d'accessibilité ne tiennent pas leurs promesses (et ce que la FTC vient d'acter) AI May Break Product-Market Fit in Enterprise Software I’m Building Around the Gap Between AI Output and Repo Truth How to Build a Stripe Customer Portal in Next.js SaaS On-Demand Pricing Feels Safe - Until You See the Bill Building an Internal Developer Portal with Backstage A Production Deployment Guide After the Last Song Sudoers Configuration in Linux Terraform + Terragrunt + Ansible: A Hands-On Learning Journey Switching Users in Linux (su, sudo) AI 智能体的鲁莽速度 Quick Win Card #01 — Ton backlog.md t'a menti (la cure en 30 secondes) Quick Win Card #01 — Your backlog.md lied to you (a 30-second cure) How to Manage an IT Team: Structure, Scaling, and Daily Workflows That Work
Runninig a forkbomb in Jenkins
moonlitpath · 2026-05-25 · via DEV Community

Did you think this was the end of my forkbomb chronicles, lol? Of course not!

Of course I had to come with a part 3!

Basically, part infinity of me being bored in college, and doing random sh!t to pass time.

⚠️ Warning: THIS IS JUST A JOKE. DO NOT DO THIS IN PROFESSIONAL CONTEXTS. It can quite literally crash the system.

We had a course called Devops Lab, where Jenkins was a major part of a syllabus. After finishing the activity in a few minutes I had a lot of time to play around in the 2 hour lab.
(This experiment was performed around mid March, and was sitting in my unposted Drafts)

At that time, I'd been experimenting with forkbombs in my own laptop. Of course I had to try if I can run a forkbomb within jenkins. And see what happens.

So, here I am.

Jenkins is an open-source automation server primarily used for CI/CD (Continuous Integration and Continuous Delivery). In plain terms: every time a developer pushes code, Jenkins can automatically pull it, build it, run tests, and deploy it. It does this by running pipelines, sequences of steps defined either in a Jenkinsfile or through the UI. Each step can execute shell commands on the machine Jenkins is running on (or on connected agents).

In our Devops Lab, we were using it to build and test simple Java projects. My jenkins was configured to run inside Docker containers, mostly because I had severely low storage left on my laptop, and I wanted to save data, and I like Docker, it's easy to manage apps in docker.

In Jenkins, you can add a build step called "Execute shell", it literally just runs a bash script on the host (or container). I created a new freestyle project, named it something innocent, went to Build Steps → Add build step → Execute shell, and pasted the script in. One click on "Build Now" and we were off to the races.

#!/bin/bash
# ============================================================
# FORKBOMB — JENKINS EDITION
# For educational purposes only. 
# ============================================================

# --- SAFETY NET ---
# ulimit -u sets RLIMIT_NPROC — enforced by the kernel in
# copy_process() inside kernel/fork.c. When your UID's process
# count hits this ceiling, fork() returns EAGAIN. Bash then
# prints "retry: Resource temporarily unavailable" a few times
# before finally giving up with "Resource temporarily unavailable".
ulimit -u 50

# --- HIDE FROM THE JENKINS PROCESS REAPER ---
# Jenkins tracks child processes via their process group and
# an env variable called JENKINS_NODE_COOKIE (BUILD_ID is the
# older alias). After a build finishes, Jenkins walks the
# process table and kills anything with a matching cookie.
# Setting it to an arbitrary value orphans the processes from
# Jenkins' tracking.
export BUILD_ID=dontKillMe


# Defining the bomb
# (Jenkins' script parser choked on the classic :(){ :|:& };: syntax,
# so the named-function form was used instead)
bomb() {
  bomb | bomb &
}

# Light the fuse
bomb   

# keep the main process active so we can see the fireworks in the log
sleep 10

Enter fullscreen mode Exit fullscreen mode

The output

The script runs as the Jenkins system user inside /tmp, Jenkins writes it to a randomly named temp file (you can see the path in the output: /tmp/jenkins13172110508468162848.sh) and executes it directly with /bin/bash.

Started by user [anu](http://localhost:8080/user/anu)
Running as SYSTEM
Building in workspace /var/jenkins_home/workspace/forkbomb
[forkbomb] $ /bin/bash /tmp/jenkins13172110508468162848.sh
/tmp/jenkins13172110508468162848.sh: fork: retry: Resource temporarily unavailable
/tmp/jenkins13172110508468162848.sh: fork: retry: Resource temporarily unavailable
/tmp/jenkins13172110508468162848.sh: fork: retry: Resource temporarily unavailable
/tmp/jenkins13172110508468162848.sh: fork: retry: Resource temporarily unavailable

/tmp/jenkins13172110508468162848.sh: fork: Resource temporarily unavailable
Build step 'Execute shell' marked build as failure
Finished: FAILURE

Enter fullscreen mode Exit fullscreen mode

slayy!! it ran for 10 secs!!! yayayayayay

Resource temporarily unavailable means that ulimit -u 50 did its job and defused the bomb.

Anyways! I found this experiment really fun.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。