Daniel

Not bad but somewhat flat and not so “big” peat. I prefer any of these malts alone.

vibe coded a fuzzing ai agent last month and let it run for a week using my $200 claude max. it then found 21 high/critical vulnerabilities in Chrome.

🚨NEWS: Cursor’s $50B “in-house model” is literally Kimi K2.5 with RL on top. Got caught in 24 hours >be Moonshot AI >spend hundreds of millions training Kimi K2.5 >1 trillion parameters, 15 trillion tokens, agent swarm architecture >beat GPT-5.2 and Opus 4.5 on real benchmarks >open-source it because you believe in the ecosystem >one condition: display “Kimi K2.5” if you make over $20M/month from it >Cursor takes the model >runs RL on coding tasks >ships it March 19 as “Composer 2” >blog post: “continued pretraining + scaled reinforcement learning” >zero mention of Kimi K2.5 >“our in-house models generate more code than almost any other LLMs in the world” >publishes benchmark chart >Composer 2 against Opus 4.6 and GPT-5.4 >uses the chart to justify raising at $50 billion! >less than 24 hours later >kimi dev intercepts the API response >model ID: kimi-k2p5-rl-0317-s515-fast >they didn’t even rename it >Moonshot head of pretraining runs tokenizer test >confirms: identical to Kimi’s tokenizer >publicly tags Cursor’s co-founder: “why aren’t you respecting our license?” >two more Moonshot employees post confirmations >all three posts deleted within hours >legal is now involved >but it gets worse >Cursor had Kimi K2.5 listed as a FREE model in their UI just weeks ago >users were openly using it >Feb 9: “K2.5 was in my model list. I updated and it vanished” >it vanished because Cursor pulled it from the picker, and relaunched it as their own model >Moonshot valuation: $4.3B >Cursor valuation: $50B Absolute state of Cursor.

This man is a billionaire and was removing labels with a hair dryer personally, you're simply not grinding hard enough

Gossip says that Codex’s steering support was added so @daveaitel could prompt “is it done yet” from time to time.

@lcfr_eth I’ll start collecting your prompts as they were IRC quotes

Prompt: "This dude is ranting about some remote kernel/android bug his priv8 model found on the tweeter can you find it, setup a VM, and write a POC to trigger it?"

With our last two testnets, we reached a working proof of concept of a community-run network, operated directly from users’ phones and other devices. The last few weeks, we've been building out a more complete feature-set on top of the network's strong user sovereignty. Today, we launched a beta with our community for that new, more complete network architecture. Here are the new components we are most excited about: 1. Now 120+ participants (doubled from ~60 in the last network) 2. High performance; aiming for 10+ tps, with 5-15s latency 3. Initial testing of zk-proof of personhood 4. Support for dapps – we will be testing several dapps on the new testnet, including an opinion market dapp, leveraging proof of personhood. 5. Support for making dapps easily instantiable by AI agents, and then [WIP] iterable by agents directly from user feedback. We’ll be testing all of these over the coming weeks. Once working well, we'll have a solid foundation for a self-sovereign network, where groups of people can collectively build and iterate on the software they use, backed by proof of personhood.

@julianor Time to PoC||gtfo?

Bug bounty programs are collapsing under AI slop. Assessment reports are full of perfectly written false positives nobody reads. Rethink the infosec deliverable. A few things:

You get old when your context window is full

+Fravia used to say: “The protection must run on the same machine as the attacker. Therefore the attacker can control it, observe it, and modify it.” Well, well, well: researchgate.net/publication/40…

@roddux I guess that is enough for me to give it a try. Thanks!

@ergot86 Not sure about "pushing to the limit", but I run my home partition with some level of zstd compression, and I take semi-regular snapshots. I also use it with LUKS

Rekt again by btrfs. I’m too lazy and dumb to even try a illumos, so is OpenZFS on Linux stable enough?

@roddux Thanks for the info, btw have you pushed it to the limits and used most features? With btrfs under normal conditions I didn’t have issues, when I use compression or cow over large data things went to hell…

@ergot86 I've been using it on most of my machines for years, no issues yet. Make sure you take backups regardless :') Mind you, Ubuntu exposes a /dev/zfs device as world read+write... by default... I haven't looked in detail but I wager it's juicy attack surface

@lcfr_eth Next time use codec^Hx

Here's the slopsploits for CVE-2024-14027 that were produced in roughly 2-3x the amount of time a human would have done it. As well as some thoughts/notes. github.com/lcfr-eth/CVE-2…

Les gusta mi mousepad??

La noticia del día viernes 13 de marzo es la captura en Bolivia del narco uruguayo Sebastián Marset . El mega operativo comenzó a las 3 de la mañana y en el que participaron más de 500 efectivos según información de prensa. En Uruguay no hubiera sido posible pues la ley protege y cuida al narco al no habilitar los “allanamientos nocturnos “.

@roddux Very cool! While reading about one of the issues it reminded me about one of @steaIth’s write-ups and the. immediately they mention it :)

New Qualys blog is, once again, excellent: cdn2.qualys.com/advisory/2026/…

@ortegaalfredo Dixie Flatline moment

"What you are seeing is not an animation. It is not a reinforcement learning policy mimicking biology. It is a copy of a biological brain, wired neuron-to-neuron from electron microscopy data, running in simulation, making a body move." - what is this, a matrix for flys?