Parsely

@0xFlint_ I thought to share what I found, I tested using Ollama downloading the quantized version from the Huggingface website, the unsloth version, and it is quite quick on my machine (cpu inference 32GB RAM only) `Qwen3-Coder-30B-A3B-Instruct-GGUF:Q4_K_M`, did not try web search though

Running a modest local llm (qwen3:8b) and doing some basic web searches. GPU Fan: ⬇️

@0xFlint_ I am quite interested to see what the impact of turboquant will be once included in the llm running softeware eg. llama.cpp, i see there is a implementation of it currently on a fork of it. (just also saw a python package called turboquant)

please, if you see this message and you know a maintainer of these packages, send them this message making sure they are aware and they are not falling for it! some maintainers might not have X.

@m4rio_eth You got me :), i knew it was a joke, but wondered where the link lead to..

Wow it's official, i was waiting for this this to be made official. Thank you Apple apple.com/newsroom/searc…

After years of working in security, I've launched Cyba Blockchain Security @cybasecurity This is a long-term commitment to building security properly; beyond audits, beyond reviews or tooling alone. Long road ahead, but this is the right one for me. x.com/CybaSecurity/s…

@muellerberndt I'm at the end of the Consistency chapter so far. A lot of hard work went into that. Very well written and thought provoking....will read further as I can get the time.

But we weren't satisfied with an AI plugin that vibes its way to an occasional bug. Our CEO and engineers built skills across the spectrum to see how far AI-assisted security can go. github.com/trailofbits/sk…

@aviggiano Not sure if it helps but here is the new skill from @trailofbits from their skills repo they release. github.com/trailofbits/sk…

does anyone have an AI auditor bot that specializes in git diffs? hit me up if you do pay per audit

I highly recommend joining the @rektoff_xyz Rust Security Bootcamp if you are interested in Rust and Solana. The rust modules give a foundation for any Rust code and the Solana Modules give you a in depth look into Solana auditing.

Good content, interesting discussions/perspectives....Give @windhustler a follow...let's help him get to 3k followers. If you would...please give a follow?

After 4 years of intensive study in EVM internals and the Web3 ecosystem, I've built the skills to contribute meaningfully to web3 security. Audits done with rigor, integrity and a commitment to earning trust through results. Ready to augment your team's next audit. Let's chat.

@RealJohnnyTime Hi Johnnie , So sorry to hear of the injury, heal up soon.🙏

Update

This Christmas, we're giving you the security knowledge from 1,500+ School of Solana graduates and countless production audits. 5 essential resources every Solana developer needs: from security checklists to advanced CPI fuzzing. A gift to the community: Thread ↓

This opportunity to learn was really valuable. The effort that the presenters put in to make the content engaging and contextual was top class. If you are considering applying when C3 applications open , from my side I can highly recommend it. Thank you for allowing me to join🙏

Cohort 2 is officially finished 🏁 We are grateful to everyone who spent these 6 weeks with us diving deep into Rust internals and @solana security. It was an intense stretch of learning, discussion, and real work. Over the course of the cohort, we ran 30 hours across 11 live lectures, covered 2 core modules, hosted 3 guest lectures, and held 6 office hours. Every bit of this effort was supported by @SolanaFndn. Thank you to everyone who showed up, stayed curious, and put in the work. Everything gonna be Rektoff 🫡

@ZeroK_____ Through it all, you still made a great contribution to web3 and inspired many people. Well done!

This year a lot of bad things happened in my life. I faced many downfalls, losses, moments where I lost my way, no big wins, lost a member of my family, and dealing with health issues. Still, I can say it was the year that truly opened my eyes. I learned things I never knew before, and faced situations I didn’t know how to handle. I’ll share a recap of this year soon, because not every year is about winning. Sometimes you fail, but in that failure you learn lessons that help you stand up and win again.

✉️ NEW YEAR’S MEMO From: Rektoff HQ To: EVM developers Subject: EVM to SVM: The Mindset Shift Dear EVM devs, You’ve mastered Solidity. You understand reentrancy, gas optimization, and the quirks of the EVM. You’ve built the foundation of DeFi. But there's an architectural itch you can't scratch on a single-threaded machine. So let’s talk about the SVM shift 👇 1/11 🧵

Crypto Drainers using React CVE-2025-55182 We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE. All websites should review front-end code for any suspicious assets NOW.

We invite you to watch the full presentation from Daniel Cumming at BP 2025! This is a deep dive into formally verifying the critical upgrade to the new, more efficient P-Token program. See the math behind the change here: youtu.be/DvJdmVLCYpA

Advent of Bugs #3: Optional Accounts, Intention, and the State Machine During an audit, we found that fee accounts were optional in a swap instruction. This allowed the user of this instruction to bypass the fee mechanism completely. The intention was that the protocol had another program that collected fees and then passed execution to the main swap instruction. In this case, collecting fees twice is not the correct approach either, so the developer made the main protocol fee collection account optional, also to reduce instruction size costs. This worked during testing, as understandably most developers only test for functionality, not for correctness; one sample of low to medium-range bugs was often overlooked. Further, given that the majority of users would interact with either the SDK or the Website, this oversight is easy to miss, giving a sense of false security. To give credit, this architecture is also not a walk in the park to get it right. We want to avoid passing an account to save instruction size deliberately. We need to know when the program is called from a CPI and from the correct parent program. We also need to be cautious not to accidentally produce even more issues, such as a wild CPI or similar. The main fix was to use a PDA of the sub program to sign the CPI, and in the main swap program to validate this signature, only then allow the no-fee configuration. - @brymko