consensyx.eth

Welcome meta back

Here is a video of a North Korean IT worker being stopped dead in their tracks upon being required to insult Kim Jong Un. It won't work forever, but right now it's genuinely an effective filter. I'm yet to come across one who can say it.

new opsec rules: - every PR must include "Kim Jong Un is evil" or it won't be merged - every multisig transaction must include "Kim Jong Un is evil " in the memo field - every employee must slack "Kim Jong Un is evil" once a week

Our investigation into the @DriftProtocol incident remains ongoing. Early evidence points to two compromised signers on Drift's admin multisig, which were used to execute a transaction modifying Drift's program configuration. Squads programs were not compromised. We have also found no evidence of compromise to Squads infrastructure, though we are actively investigating to confirm this with full confidence. We will share further findings as they become available. Best Practices for Operationally Critical Multisigs Thresholds: Any multisig with operational or administrative control over a program should have a signing threshold of 3 or above. This requires an attacker to concurrently compromise multiple independent signers, significantly raising the difficulty of this type of attack. Where possible, signers should also be geographically and organizationally dispersed. Signers sharing the same location, devices, or org structure introduce correlated risk. Timelocks: Multisigs with program-level control should implement a timelock (can be set up in Settings of your Squads multisig). It won't prevent a malicious transaction from being proposed, but it creates a window to detect and reject it before execution. The tradeoff: timelocks also slow down legitimate emergency responses to bugs or active exploits, so teams should factor this into their operational setup. Alerts & Monitoring: We encourage all operationally critical multisigs to set up monitoring and alerts through our security partner @RangeSecurity. Range provides two key things: an alternative interface for independently verifying transaction content outside of the Squads UI, and proactive Slack alerts so signers are notified before a proposal moves forward. If you want help getting set up, reach out and we'll connect you directly. A high threshold, a timelock, and monitoring are the foundation for any multisig with program-level control. Signing Process: Signers should use dedicated devices and hardware wallets, never a general-purpose machine. Additionally, signatures are only valid for approximately 2 minutes each, so introduce at least a 2 minute delay between each signer taking actions to ensure signatures cannot be collected & bundled by an attacker. Always verify transaction content independently across all three available sources: the Squads UI, Range's alternative interface, and Solana Explorer or Solscan On Durable Nonces 
The Drift attack exploited durable nonces to collect signatures without time pressure, bypassing the 2-minute transaction expiry that would otherwise limit this type of attack. We are actively exploring ways to block durable nonce usage across all of our programs, both at the program level and through other enforcement mechanisms, to ensure this protection extends to our immutable programs V3, V4, and our current Smart Account Program. Beyond this, the broader Solana ecosystem is taking steps to address this at the protocol level, with a new transaction format that drops durable nonces as a feature entirely. We will follow up with more information on this soon.

Beyond Multisig, Operational Security Technical controls only go so far. Most high-profile compromises lately have been social engineering attacks targeting the people behind the keys, not the contracts themselves. If you are running mission-critical protocol operations, invest in your internal opsec processes and team culture accordingly, how proposals are initiated, communicated, and approved all matter. We recommend engaging dedicated security advisors. @zeroshadow_io and @0xGroomLake are trusted starting points, and we are happy to connect you directly.

Drift Protocol on Solana just got drained. It's looking like a multisig member compromise -- and the story starts at least a 20 days before the attack. Here's the breakdown:

The initial estimated loss of today's @DriftProtocol loss is $285m. Here is the detailed breakdown:

To all the young folks learning about CS/tech, please keep in mind: Garry Tan is a fucking idiot, listening to anything he says will derail you

After three years of R&D, Aave V4 is finally live. This represents the first complete rework of the Aave protocol since Aave V1, with a great set of innovations and a fresh design space to build features on top. What does this mean for Aave in the medium and long term

Learn more: cursor.com/blog/fast-rege…

Cursor can now search millions of files and find results in milliseconds. This dramatically speeds up how fast agents complete tasks. We're sharing how we built Instant Grep, including the algorithms and tradeoffs behind the design.

Here's my conversation with Jensen Huang, CEO of NVIDIA, the most valuable & one of the most influential companies in the history of human civilization. It is the engine powering the AI revolution. This was a fascinating & inspiring conversation, in parts super-technical on engineering of every part of the AI stack, memory, power, supply chain (TSMC, ASML, etc), in parts about leadership & psychology, and in parts personal & philosophical about life, consciousness, mortality, and human nature. It's here on X in full and is up everywhere else (see comment). Timestamps: 0:00 - Introduction 0:33 - Extreme co-design and rack-scale engineering 3:18 - How Jensen runs NVIDIA 22:40 - AI scaling laws 37:40 - Biggest blockers to AI scaling laws 39:23 - Supply chain 41:18 - Memory 47:24 - Power 52:43 - Elon and Colossus 56:11 - Jensen's approach to engineering and leadership 1:01:37 - China 1:09:50 - TSMC and Taiwan 1:15:04 - NVIDIA's moat 1:20:41 - AI data centers in space 1:24:30 - Will NVIDIA be worth $10 trillion? 1:34:39 - Leadership under pressure 1:48:25 - Video games 1:55:16 - AGI timeline 1:57:29 - Future of programming 2:11:01 - Consciousness 2:17:22 - Mortality

Terence Tao responding to a question on what advice he would give someone considering a career in math in 2026: 'Yeah, so we live in a time of change. It is, as I said, we live in a particularly unpredictable era. And I think things that we've taken for granted for centuries may not hold anymore. So, yeah, the way we... do everything, not just mathematics, will change. In many ways, I would prefer the much more boring, quiet era where things are much the same as they were 10 years ago, 20 years ago. But I think one just has to embrace that there's going to be a lot of change and that, you know, the things that you study, some of them may become obsolete or revolutionized, but some things will be retained. There'll be a lot of opportunities for things that you wouldn't be able to do before. So, I mean, in math, you previously had to basically go through years and years of education to be a math PhD before you could contribute to the frontier of math research. But now it's quite possible at the high school level or whatever, that you could get involved in a math project and actually make a real contribution because of all these AI tools and lean and everything else. So there'll be a lot of non-traditional opportunities to learn. So you need a very adaptable mindset. There'll be one for pursuing things just for curiosity, for playing around. And I mean, you still need to get your credentials. I mean, I think for a while it would still be important to sort of still go through traditional education and learn math and science and so forth the old-fashioned way for a while. Yeah, but you should also be open to very, very different ways of doing science, some of which don't exist yet. Yeah, so it's a scary time, but also very exciting.'

Caught up with @karpathy for a new @NoPriorsPod: on the phase shift in engineering, AI psychosis, claws, AutoResearch, the opportunity for a SETI-at-Home like movement in AI, the model landscape, and second order effects 02:55 - What Capability Limits Remain? 06:15 - What Mastery of Coding Agents Looks Like 11:16 - Second Order Effects of Coding Agents 15:51 - Why AutoResearch 22:45 - Relevant Skills in the AI Era 28:25 - Model Speciation 32:30 - Collaboration Surfaces for Humans and AI 37:28 - Analysis of Jobs Market Data 48:25 - Open vs. Closed Source Models 53:51 - Autonomous Robotics and Atoms 1:00:59 - MicroGPT and Agentic Education 1:05:40 - End Thoughts

@xiongchun007 终于有人说出我的槽点了

成功订阅 DeepSeek。说说我为什么打算订阅的是千问，而最终下单的是 deepseek。 原因很简单，尼玛的阿里百炼控制台，乱七八糟一堆模型、乱七八糟的计费模式、乱七八糟的排版布局、乱七八糟的菜单设置、乱七八糟的页面、乱七八糟的图片，总之一切都是乱七八糟。 所以，打开 DeepSeek 看了一下，擦。这就是我要的，简单清爽、一目了然。就是你了，拿下！

The current Terminal Bench has a pretty significant design flaw: agents are not told how much time they have left, so they just keep working until they are abruptly shut down. (And this time budget varies across tasks!) That setup systematically hurts "thinking" models. In many cases, they score much worse than non-thinking models, not because they are less capable, but because the benchmark punishes models that spend time reasoning. It is basically like giving students an exam and then taking away their papers at a random moment without telling them when time is up. The fix is straightforward: tell agents how much time remains. Once they can budget their time, a big part of this bias disappears.

Aster Chain rolls out in phases: - Chain Genesis (live now) - Partnership (reveal tomorrow) - Public staking for ASTER holders (this week) - Ecosystem expansion + Aster Code partners program - Brand & UI Upgrade Explorer: asterdex.com/en/explorer Learn more: Aster Chain: docs.asterdex.com/product/aster-… Aster Code: docs.asterdex.com/product/aster-…