T00x00T

@TodayiLearrned It’s not a Citroën DS, but a Citroën SM in the clip...

This is why vintage engineering still scares modern tech

Respect for the principles, they’re still the gold standard. Yet in Kerckhoffs’ time, no system truly met all six. Principle 1 is ambiguous: “materially, if not mathematically” unbreakable opens the door to non-math “recipe” systems like the Grand Chiffre (codebooks). The closest math-based attempt was ADFGVX (WW1)… and it fell. Today the ideal remains respectable but mathematically unsound: no strong cipher lets you keep a truly simple, memorable key. Everything relies on artificially boosting key entropy, whether symmetric or asymmetric. Kerckhoffs gave us the map. He didn’t give us the destination...

Auguste Kerckhoff, a Dutch cryptographer & his six principles, from 1883: 1. The system must be practically, if not mathematically, indecipherable. 2. It should not require secrecy, and it should not be a problem if it falls into enemy hands. 3. It must be possible to communicate and remember the key without using written notes, and correspondents must be able to change or modify it at will. 4. It must be applicable to telegraph communications. 5. It must be portable, and should not require several persons to handle or operate. 6. Lastly, given the circumstances in which it is to be used, the system must be easy to use and should not be stressful to use or require its users to know and comply with a long list of rules.

@TheMathFlow x.com/T00x00T/status…

The overall chaos of an isolated system always increases. Entropy is the universe's ultimate one-way street. It’s the reason stars will eventually burn out, a hot cup of coffee gets cold, and shattered glass doesn't magically reassemble. While we can create order locally the overall disorder of the universe keeps ticking upward to pay for it.

This is an elegant and general mathematical formulation that includes the ideal limiting case... This theoretical formula is particularly useful in the study of heat engines operating on the Carnot cycle, where we calculate the maximum possible efficiency. In nature, the equality is impossible...

"Nothing in life is certain except death, taxes, and the second law of thermodynamics."

Europe is preparing new rules that would limit Microsoft, Amazon, and Google from handling certain sensitive government data in the public sector. Under the upcoming Tech Sovereignty Package, EU member states would be required to use “sovereign cloud infrastructure” for the highest-sensitivity categories: health records, financial data, and judicial or legal documents. Private companies and non-sensitive government workloads can continue using Azure, AWS, or Google Cloud. The restrictions apply only to public-sector handling of the most critical data. The main reason is long-standing concern over the U.S. CLOUD Act, which allows American authorities to compel U.S. companies to turn over data even data stored in Europe. European officials see this as a risk to strategic autonomy and data control. The move builds on years of EU efforts around digital sovereignty, including the EU Cybersecurity Certification Scheme for Cloud Services. It aims to reduce dependence on non-European technology for critical public infrastructure. Implementation would still require approval from EU member states and is likely to involve hybrid models with greater European oversight or local partners. Details may evolve when the full proposal is released later this month.

@LundukeJournal 👌

Debian Linux has declared that, effective immediately, they will reject all packages which are not reproducible. “Debian must ship reproducible packages.” “block migration of new packages that can't be reproduced [2] or existing packages (in testing) that regress in reproducibility.” lists.debian.org/debian-devel-a…

@RaffaeleFerilli @Math_files Indeed, this theory is not proven; it even seems that certain elements, such as the age at which the first galaxies appeared, contradict it…

@Math_files The theory is not verifiable, however. We should wait TOO long...‼️ 🇮🇹 [La teoria però non è verificabile. Bisognerebbe aspettare TROPPO tempo...‼️]

Look at the galaxy. Even if we left Earth today and traveled at the speed of light, we would never reach it. In fact, about 94 percent of all galaxies in our universe are already out of our reach. They are moving away from us faster than light, not because they are speeding through space, but because space itself is expanding. As time goes on, this effect becomes even stronger. About 100 billion years from now, every galaxy outside our local group will be so far away that reaching them will be impossible. Fast forward to around 2 trillion years in the future. The universe will have expanded so much that galaxies will not even be able to see each other anymore. The night sky will look empty. This leads to a strange idea. In that distant future, even if intelligent and advanced civilizations exist, they may never discover that other galaxies are out there. For them, the universe will seem much smaller than the one we know today.

@Itsfoss Ian Murdock last tweets, suicide, you say suicide...this “misadventure” deeply hurt him...he left us a gem...

The legendary Ian Murdock • Founded Debian in 1993 at age 20, while a Purdue undergrad • Name "Debian" = Debra (his girlfriend) + Ian — she later became his wife • Debian became the base for Ubuntu, Linux Mint, Raspberry Pi OS, hundreds of distros, arguably the most influential Linux project ever • Worked at Sun Microsystems on Solaris • Became Chief Operating System officer at Docker, right at the peak of container adoption • Died December 28, 2015, age 42, officially ruled suicide • His final hours: a series of distressed tweets describing a violent encounter with San Francisco police (claimed they beat him during an arrest), followed by increasingly erratic posts, then silence • His Twitter account was deleted by the family shortly after; the tweets are preserved in archives Debian is still going strong, 30+ years later, without him but his contributions can never be forgotten.

@AlgebraFact That’s well observed and clear...

Reverse engineering the Mersenne Twister with Linear Algebra johndcook.com/blog/2026/05/1…

@windscribecom @bharatmk2567 @CR1337 Correct...

@bharatmk2567 @CR1337 Uhhh, that has NOTHING to do with legal obligations. Many VPNs offer RAM disk servers.

The '14 Eyes Alliance' & What it Means For VPN Users These 14 countries share mass surveillance data: 🇺🇸US, 🇬🇧UK, 🇨🇦Canada, 🇦🇺Australia, 🇳🇿NZ , 🇩🇰Denmark, 🇫🇷 France, 🇳🇱Netherlands, 🇳🇴Norway , 🇩🇪Germany, 🇧🇪Belgium, 🇮🇹Italy, 🇪🇸Spain, 🇸🇪Sweden. If your VPN provider is based in any of these countries, the local government can legally force them to start logging your data & share it with all the others. Generally, the better move is to choose a no-logs VPN headquartered outside the 14 Eyes (i.e. Switzerland, Panama,...).

@kimmonismus x.com/T00x00T/status…

This worries me a lot. VPNs are an important gateway to the open internet. To now supposedly raise concerns about child protection seems like a pretext.

@IntCyberDigest No, they’re not going to ban VPNs because they can’t do it! At best, they’ll implement some kind of pseudo-DPI, which will be easily bypassed...

THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs THEY ARE GOING TO BAN VPNs

@Itsfoss Classic in Microsoft products, everything is done deliberately...

Interestingly... of all the Chromium-based browsers, Microsoft Edge is the only one that saves passwords into memory in cleartext.

@XFreeze You’re talking about a ‘single prompt’, great, then show us this prompt so we can compare…

Grok 4.3 just built this entire game with just a single prompt It has the fastest output token speed and outranks Claude Sonnet 4.6 Max on Artificial Analysis I built this using the xAI API in Kilo Code via the VS Code extension

@Angaisb_ @agentipation @flavioAd x.com/flavioAd/statu…

@agentipation @flavioAd Hmmm

Did any European get invited to the GPT-5.5 party? 🥲

@IntCyberDigest "I suspect it’s a lot of AI tool use that will keep finding corner cases for us for a while, so this may be the ‘new normal’ at least for a while. Only time will tell." Linus Torvalds.

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

@CR1337 ... cise.ufl.edu/2025/06/hiding…

Somebody built this Steganography engine, called 'Stegofoge', that hides files inside JPEGs, MP4s, and audio using ML, compiled into a single zero-dependency executable. Carriers supported: PNG, JPEG, BMP, GIF, WebP, MP4, WebM, WAV, FLAC, MP3, OGG, PDF, DOCX, XLSX, ELF, PE/DLL.

@CR1337 🤔

Privacy vulnerability affecting all Firefox-based browsers, Firefox identifier is linking all your private Tor identities: "Tor Browser is specifically designed to reduce cross-site linkability and minimize browser-instance-level identity. A stable process-lifetime identifier cuts directly against that design goal."

@chrisgpt 5.5...🙈🙉...🚀

Many GPT 5.4 pro users are reporting that they are experiencing improved / different/ faster outputs Could OpenAI be testing GPT 5.5 on under GPT 5.4 pro 👀

@Vrnolq @Itsfoss The harsh legal and political reality has caught up with the Linux ideal…

@T00x00T @Itsfoss yes and no. sanctions open a can of legal issues the linux community doesnt/cant handle so they sidestep the issue by "blocking" folks living in the sanctioned country. wouldnt be surprised if one of them forked a project and the OG "copies" progress....

Linux is dropping support for yet another CPU. 🔽 itsfoss.com/news/linux-ker…