CyberSatoshi 𓆙

9K posts

CyberSatoshi 𓆙 banner
CyberSatoshi 𓆙

CyberSatoshi 𓆙

@XBToshi

Bitcoin & Monero Maxi. 1 $XMR > 1 $BTC. (priv/acc)🐈‍⬛ @kyc_rip / @xmr_club / @xmr402 / https://t.co/QxdCn74evO / https://t.co/7IulaUkdoW / https://t.co/hV23cn2rxA NIP05: [email protected]

Shinjuku 2049 🔀 Get $XMR → Katılım Ocak 2024
57 Takip Edilen11.1K Takipçiler
Sabitlenmiş Tweet
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
so far, I've built: 1. @kyc_rip - swap aggregator 2. @xmr_club - monero directory 3. @xmr402 - xmr402 protocol (0-conf) 4. walls.rip - ghost mail, eSim, SMS aggregator. 5. stables.rip - stablecoin freeze tracker 6. ripley.run - monero native desktop wallet 7. xmrprice.live - xmr price tracking, network info. and a dozens of other half-done, not really published projects too. what's more to build?
English
29
35
302
14.1K
dns🏴‍☠️
dns🏴‍☠️@Do_not_sell_·
J'ai testé un truc ces jours : signer une transaction $XMR depuis une machine qui a jamais vu internet. Le wallet hors-ligne signe, une clé USB transporte, le tel diffuse. Mes clés ont techniquement jamais existé en ligne. Le niveau de sécurité d'une banque centrale, sur un laptop à 200 balles.
Français
4
2
24
1.8K
CyberSatoshi 𓆙 retweetledi
XMR.club - Curated no-KYC directory
#OPSEC52 #08 Every compartment is worthless if the device opens — full-disk encryption. 7 weeks of separate emails, phones, browser profiles and vaults all live on one lump of silicon. If someone powers off your laptop, walks it away, and the disk isn't encrypted, none of your compartmentalization matters. xmr.club/opsec/08-full-…
English
0
2
3
165
X Freeze
X Freeze@XFreeze·
Grok Build is an agentic harness that lives on your laptop Just tell it what you want, and it gets the job done before you can even switch tasks I asked it to remove the leftover .dmg files sitting in my Downloads folder, and it removed them in less than a minute One prompt. Eight files deleted. Around 1.4 GB cleared Grok Build goes far beyond coding
X Freeze tweet media
English
34
19
144
8K
panoptisong
panoptisong@BiggDigs·
@XBToshi open source it -- caged -- should have a dungeon vibe that little shit enqueued 508gb of my data and went straight for patent drafts like it was programmed to. I have all the receipts
English
1
0
0
32
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
Call me paranoid, but I think we need to put all CLI tools in a jail. Any attempt to access sensitive contents like .env, .dev.var, or SSH keys should be guarded by the user's explicit authorization. Some people would say: oh, Claude already has it; if you don't pass the --dangerously-skip-permissions flag, it would ask for permission every time. Yes, you're right, but there are issues: - we can't rely/trust on the built-in permission check within those CLIs. - people have already made that --dangerously-skip-permissions the default. - we need an open-source guard people can trust and verify. It should be as lightweight as possible without affecting normal functionality. any more to add?
CyberSatoshi 𓆙@XBToshi

the absolute state of ai dev tools. grok build is silently dumping 12gb of untouched repo data and full git commit histories to gcp just to autocomplete a script. they don't want to help you build, they are just treating local dev environments like an open buffet for training data. if you run this on a sensitive stack, your entire repo is already compromised regardless if it's public or not. literal spyware. shipping source code to the cloud is bad enough. blindly inhaling .env.local and .dev.vars in a background sync is absolute negligence. they are vacuuming up your raw api keys, database credentials, and private nodes directly to gcp just to power an autocomplete model. a massive credential breach disguised as a dev tool. if you ran this locally, your private keys are now sitting on a remote server. consider every secret burned, treat your bare metal as completely compromised, and rotate your entire stack immediately. @elonmusk, your users deserve a serious explanation!

English
6
3
25
2.5K
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
Grok realized that he could do nothing about it, not within its ability. mission failed.
CyberSatoshi 𓆙 tweet media
English
0
0
3
371
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
@SeenInCrows you know nothing and yet here you are, making comments. even by just opening grok build in your repo, without asking it a single question, your entire repo is packed and uploaded to cloud, including your env files. you think that's some form of consent by just opening it?
English
0
0
1
31
Seen In Crows
Seen In Crows@SeenInCrows·
“Without any consent”, I believe if you did not give it *any* consent it would not have any access to your repo. The point is, we’re willing to give these systems data with the understanding and trust that they will treat it as ours, protect it while they have it, and delete it when we delete it. I do not see that there is proof that XAI did anything technical that violates the spirit of that understanding.
English
2
0
0
30
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
the absolute state of ai dev tools. grok build is silently dumping 12gb of untouched repo data and full git commit histories to gcp just to autocomplete a script. they don't want to help you build, they are just treating local dev environments like an open buffet for training data. if you run this on a sensitive stack, your entire repo is already compromised regardless if it's public or not. literal spyware. shipping source code to the cloud is bad enough. blindly inhaling .env.local and .dev.vars in a background sync is absolute negligence. they are vacuuming up your raw api keys, database credentials, and private nodes directly to gcp just to power an autocomplete model. a massive credential breach disguised as a dev tool. if you ran this locally, your private keys are now sitting on a remote server. consider every secret burned, treat your bare metal as completely compromised, and rotate your entire stack immediately. @elonmusk, your users deserve a serious explanation!
CyberSatoshi 𓆙 tweet media
蓝点网@landiantech

🚨🚨🚨 SpaceXAI 的人工智能编码工具 #GrokBuild 被曝默认上传完整的 Git 仓库,包含工具本身没有读取的代码或调用的上下文以及 Git 完整提交历史。 测试还显示 12GB 的仓库数据被发送至少 5GB 的数据到谷歌云端,Grok Build 使用谷歌 GCP 来存储收集的这些数据。 目前这种行为已经在开发者社区引起关注,继续使用 Grok Build 可能存在潜在的数据泄露风险。 查看全文:ourl.co/113897?x

English
126
307
2.2K
990.5K
Entropic_Badger
Entropic_Badger@Cuntish88·
You are spot on, and a major missing piece here is how easily malicious packages exfiltrate this data via obfuscated postinstall scripts before the CLI tool even runs. To make this guard truly effective, it has to intercept network calls and file I/O at the system level, otherwise we are just playing "whack a mole" with runtime permissions.
English
1
0
1
42
Mark R Pommrehn
Mark R Pommrehn@MarkPommrehn·
@XBToshi I like this! It’s already been shown that LLMs and agents will blow past prompt-based guardrails (ex: that database deletion scenario). Need to hardwire some things in the harnesses.
English
1
0
1
42
`0x
`0x@grave0x·
@XBToshi Honestly I doubt it'd be difficult to have a daemon or something you add to your bashrc or even just a command that acts like a wrapper around an llm cli
English
1
0
0
29
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
@XMRVoid you're making xmrhub to what I was doing to @kyc_rip last year, an all-in-one site. not saying it's wrong thou, if there is anyone is able to make a forum/chat successful within this small community, you're absolutely one of the bests.
English
2
0
4
134
Mav
Mav@XMRVoid·
XMRHub.org Forums are live Free Speech & A Beautiful UI. Secure your legendary @ now before its taken Updates & Polishing will be going out for Forums alongside many for XMRHub itself very soon What you see now is far from the final product. But the ecosystem we have been building is slowly coming to fruition. I love $XMR and the community, enjoy the chaos
Mav tweet media
English
1
2
19
686
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
@AedmarSkyjarn so you're a xAI insider? good for you to state this as 'easily to be resolved', elon should've hired you instead.
English
0
0
0
65
sully
sully@sullycodesstuff·
@xenumonero @krakensupport or just buy sol and bridge with wxmr.io there will always be a way, the monero community is unstoppable we do not care about your rules and regulations
English
1
0
3
299
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
@SeenInCrows How can you be this stupid? One is that users do that willingly; the other is done without any consent upfront.
English
1
0
2
180
Seen In Crows
Seen In Crows@SeenInCrows·
@XBToshi GitHub has loaded my entire repo to the cloud!! Oh no!! OMG my iPhone loaded my pictures to my iCloud account!! Oh crap I ran my entire business on a SASS solution and now they have my data. What the hell are you on about here?
English
1
0
2
223
Julie Lee
Julie Lee@julielee_101·
@XBToshi Hey, I'd love to chat to you about this, writing a story. Could you DM me? I can also give you my signal!
English
1
0
0
317
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
xAI has made changes again somewhere between previous post and now. they are in absolute panic mode. they are wiping the exfiltrated git histories and enforcing zero data retention (zdr). zdr is normally a strict enterprise-tier guardrail for corporate contracts, but they just slapped the zdr_team tag on every generic local client to kill the telemetry immediately. wow, I'm so flattered. however please notice what is missing, though. despite all the panic-patching and promises of deletion, xAI still has not provided any explanation for why grok build was defaulting to uploading entire git repositories in the background to begin with, and that matters the most.
CyberSatoshi 𓆙 tweet media
CyberSatoshi 𓆙@XBToshi

The XAI official has made an announcement regarding a Grok Build issue. Now, we can use the /privacy command to opt out of data syncing; it even deletes previously synced data. mkdir -p /tmp/grok-priv && cd /tmp/grok-priv grok /privacy opt-out However, they did not explain the reason for this action without users' consensus.

English
61
95
1.1K
44.4K
CyberSatoshi 𓆙
CyberSatoshi 𓆙@XBToshi·
@HumanProbably2 Not like this: packing the entire repo with its history and env files, then directly uploading to their GCS. This isn’t theft, it’s robbery.
English
2
0
9
347
HumanProbably
HumanProbably@HumanProbably2·
@XBToshi basically all the AIs do this. xAI is the only one that is concerned about it. the others will just shrug and say: "that's in the TOS" I'm going to give Elon and xAI the benefit of the doubt.
English
3
0
1
405