reference website, add set -x

Thanks to #emacs user kiliro for suggesting it would be wise to mention https://copy.fail in the script that detects and attempts to patch for it.  Change will add some meaningful top-natter, improve other comments, say thanks, enable command logging while the script runs.

fix-copy-fail.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/sh
+# fix-copy-fail.sh - harden vs CVE-2026-31431, see: https://copy.fail
 # Copyright (c) 2026 Corwin Brust <corwin@bru.st>
 #
 # This program is free software: you can redistribute it and/or modify
@@ -13,14 +14,28 @@
 #  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 #
 
+#
+#  According to the website https://copy.fail (20262431@1pZ-5)
+#  CVE-2026-31431 enables privlage escalation via exploitation
+#  of a defect in the linux kernel intended to support a rarely
+#  used (but typically enabled) kernel model, "algif_aead".
+#
+#  This script grew from walking several dozen apt(1) virtual machines
+#  and beneifited greatly from "peer" review and/or comments from the
+#  FSF SYSOPS, irc://libera.chat/#emacs and other nerds/activists. thx
+#
+
+# more output. output is good.
+set -x
+
 # Delete the test user if it exists
+grep '^testu ' /etc/passwd && deluser testu;
 # NOTE: this make the script repeatable however
 # it will still abandon the 'testu' account
 #
 # To remove the test account after patching:
 #   deluser testu 
 #
-grep '^testu ' /etc/passwd && deluser testu;
 
 # Note this may not work all in one shot
 # due to the exploit screwing with the kernel