Jonathan Wilkins

@adam3us @w_s_bitcoin Can confirm, I had already forced the issue by running OpenBSD so they'd given up dictating what security could use so @adam3us had a Linux box or three. That doesn't mean he didn't understand Windows. But @adam3us isn't a gambler, I don't see him putting a poker game in.

@w_s_bitcoin I worked for Microsoft 2002-2003. However as a die hard unix/Linux enthusiast I got management dispensation to install a multi socket /many thread beast mode redhat server as I don't like windows. @jwilkins can confirm he was my colleague in MS passport security at that time. 😭

Hey @adam3us, I believe you that you’re not Satoshi because you’re not a windows maxi, right? Right?!?

A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.

@bradmillscan kill this instance and start from scratch in a new repo

after analysis x.com/bradmillscan/s…

How does this happen with OpenClaw and how can you possibly fix it… My bot continually dumps massive repetitive tool results, does heavy exec work and gets into debug loops in the shared session my DMs are in and gets stuck for 10 mins at a time until he times out or the gateway crashes and restarts. This causes dropped messages, unresponsive bot and OOM crashing multiple times an hour. Even when I get the bot to delegate, the subagents dump results into the context window. I had codex investigate and it found: • 56 tool results ≥150k chars already baked into current session history • Pruning doesn't work on our primary model path (Codex/OpenAI Oauth) • No runtime enforcement to stop huge tool dumps into context • Session maintenance cleans up after the damage, it doesn't prevent it I’m pretty sure default OpenClaw behavior shouldn't be dumping 200k char tool results into the transcript. Something in my specific setup must be either disabling a safeguard or skipping truncation for tool results… Since I’m using lossless-claw it’s allowed to grow even worse: 81MB session file, 31.6MB is just tool result text 😬 169 tool results over 50k chars. One is 285k chars (from sessions_list.) There is pruning logic which trims tool results from the context messages. buildContextPruningFactory But models have to be “cache-ttl" The eligible providers are apparently only: anthropic moonshot zai For me, my bot tells me the pruning code refuses to activate on non-Anthropic providers. I’m using openai-codex 5.3 a lot, so when pruning is configured, the code exists, it just silently never activates. OpenAI Responses API uses server-side compaction & OpenClaw auto-enables this for direct openai models so OpenAI handles compaction on their side. But I’m on openai-codex/*, not openai/*. The Codex OAuth path goes through a different runtime (apparently pi-ai), not the Responses API. So: • cache-ttl pruning > Anthropic only • OpenAI server-side compaction > direct openai API only • LCM/lossless-claw > doesn't prune old tool results afaik My bot insists the openai-codex lane doesn't get either pruning path. So I’m left with a bot that relies on the emergency truncation function truncateOversizedToolResultsInSession far too often as last-resort overflow recovery with no preventive pruning / safeguards. Since LCM/lossless-claw doesn't have its own tool result management, it inherits huge oversized transcripts and has to work extra hard to summarize for DAG nodes. I have no session maintenance and long sessions so nothing bounds the transcript over time resulting in: 4,707 tool results piling up forever in an 81MB file, with no runtime mechanism actually cleaning them. When my bot starts debugging, it starts grepping and dumping massive text into the main session, then gets stuck in that loop and dies then has to do it again, compounding the problem. I’m at a loss at how to tackle this problem, it’s multiple layers deep.

The CIA's venture capital arm funded the technology behind Pokémon Go. That's not conspiracy. It's public record. Niantic's founder John Hanke previously built Keyhole, a 3D satellite imaging tool funded directly by In-Q-Tel, the CIA's venture capital arm. Keyhole was used to support US military operations in Iraq before Google acquired it and turned it into Google Earth. The same founder also led the Google StreetView WiSpy scandal, where Google cars secretly harvested emails, passwords, and browsing data from unencrypted Wi-Fi networks across multiple countries. Now look at Niantic's board. Gilman Louie, co-founder of In-Q-Tel, sits on the board of both Niantic and Vantor (the defense contractor Niantic just partnered with). Niantic's CTO co-founded Keyhole with Hanke after spending a decade at E-Systems, a military contractor later acquired by Raytheon. Another co-founder came from DARPA-funded Silicon Graphics, which built 3D graphics for defense systems. This was never a gaming company that pivoted to defense. The defense lineage was there from the beginning. Pokémon Go was the data collection mechanism. 30 billion images. Centimeter-level spatial accuracy. GPS-free navigation for autonomous weapons. Built by a team with direct ties to the CIA, DARPA, and Raytheon. The story isn't that Niantic tricked gamers. It's that the intelligence community found a way to crowdsource a centimeter-accurate map of the physical world by making it fun. Full report from @theragetech

Edward Snowden in 2019: "The problem with applications like WhatsApp is, it was actually designed to have very strong encryption, just the same as the gold standard today which would be the signal messenger or the wire messenger, but then it was bought by Facebook because it was so good, and now Facebook is quite aggressively reducing the security of WhatsApp about once a quarter, and they’re trying to do it as quietly as possible, so a messenger that the people are comfortable using now is actually a danger to you."

You are crying about jpegs, when the government is literally pushing companies forcibly to _integrate specific functionality into operating systems._ What's the greater threat...pictures of cats....government normalizing forced new features in OSes... HMMMMM

After @1914ad dropped this nuclear today (give it a read), @JaneStreetGroup appears to have deleted every tweet on their account. If facts indeed are proven true at some point in the future, $BTC prices basically manipulated and manufactured largest dumps during the last 4 months all by these guys. Masterclass in manipulation with paper $BTC.

Email is a complete privacy bullshit theater. The only thing that's secure is PGP which is a bandaid fix for an insecure protocol. Proton is lying. They can read most of your emails. They use PGP if you message another Protonmail user but you can do the same with Gmail too.

holy fucking shit

THREAD. Every year, I tell the story of Ezell Gilbert. It's the story of one of the most remarkable cases in U.S. history, and you’ve probably never heard of it. The story of what the U.S. government did to him is vital for understanding the current moment we are in.

I don't want JPEGs on Bitcoin. I do want cypherpunks to build censorship resistant layers and apps on top of Bitcoin without asking permission from any authority. This means allowing anchoring into Bitcoin via data publication. Ultimately, I hate authoritarians more than JPEGs.

Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: wired.com/story/satellit…🧵👇

Calle is a true cypherpunk. Calle writes open-source code. Calle builds freedom tech. Calle makes the world a better place. Bitcoin *exists* because of cypherpunks like @callebtc. We need more people like Calle. Go full Calle.

It took the U.S. 220 years to reach $1 TRILLION in debt. Today, we add that every 5 months. 🤯

More details on the 22 year old Swiss man abducted in Valence, France last week. He was tortured for 4 days and suffered 30 stab wounds as the attackers tried to get him to transfer crypto. Sounds like the attackers grabbed the wrong victim: he had none. rts.ch/info/suisse/20…

@asanoha_gold @ChaincodeLabs @citrea_xyz @balajis 500k is a drop in the bucket for the founders of @chaincodelabs they have much more significant investments in the health of bitcoin and aren't going to piss it away for a pittance

Screenshots below point to evidence @ChaincodeLabs was paid by @citrea_xyz to remove the OP_RETURN limit. @balajis paid Chaincode Labs $500,000, Balajis is one of the main investors in Citrea. Do you really think there weren’t any additional backroom deals that went down?

@callebtc @streetcyber_art or a mechanical engineer, material scientist, etc

@streetcyber_art You can own a car but that doesn't make you a Mechanic.

Many seem to be misunderstanding some of the fundamental principles with which Bitcoin open-source development has been working with for over 15 years. Let me clarify, respectfully: - Core is a group of professionals that cares about Bitcoin as a monetary system more than any other group that exists. - Changing OP_RETURN limits has nothing to do with JPGs but was prompted by second-layer solutions that make Bitcoin more useful as money, not "arbitrary data storage". That's a made-up argument, and inscriptions will always be more "useful" for JPGs (I hate JPGs personally). - The devs don't work for you. You don't pay them, you don't control them, you don't elect them, you don't hire them, nor can you fire them. This is how open-source has always worked. If you want to change something, you need to persuade other devs in the professional arena, in a professional setting. Not by causing drama on socials or brigading GitHub. - The devs don't need the permission or consensus of "the plebs" - whatever that means. They need consensus amongst themselves only. - Even if it were so, there is no way to measure the "consensus of plebs" or even define who they are. Opinions in Bitcoin are expressed by running software, not by voting. It's technically and philosophically impossible to measure "the consensus of plebs". We don't vote. - Even if you could measure it, the "consensus of plebs" clearly shows that the vast majority of users support Core. Knots is a niche opinion and most people wouldn't want to run it. 17% (which can't be proven, i.e. could be fake) is not "consensus". - The most important part: BITCOIN GIVES YOU AGENCY. YOU ARE ALREADY FREE. It's beautiful and people seem to misunderstand what this whole thing is about. You can't force anyone to upgrade their software, anyone can choose to run whatever they want. You control your destiny, it's not the team of Core or Luke or anybody else. You are responsible for what you do. I respect you. These are points I'd make to anyone else having this debate. I'm not worried about Bitcoin's success, and it's not meant to sound alarmist. Peace.

He chose violence @stephanlivera 😆

The quadrant of ATHs. #Bitcoin