Flexnpop

@ManuAlzuru 2017 was ICO full peak :) more like early 2016 Ethereum meetups then

It reminded me of early crypto meetups in 2017. Before the noise. Before the speculation took over. Just builders, curious minds, and a sense that something big was starting. 4/10

Yesterday I went to @EspressioAI’s coworking space in Lisbon and something clicked. It felt like 2017 again. But this time… it’s AI agents. 1/10

huge day for victims of the kelp dao hack, i hope that we can look back on today as the day our industry realized that we can simultaneously build useful products while also protecting users rather than be a consequence-free infinite money glitch for hackers

we should get layerzero, kelp, aave into a room to figure things out between them. so far things are not looking good, everyone has lawyered up and going full pvp on each other.

went through layerzero gasolina aws deployment repo + extracted app source. tl;dr concerning the reference deployment is public by design. and the sample providers.json ships with rpc quorum: 1 on every mainnet chain. 1. the recommended cdk stack puts a public api gateway in front of a private alb in front of fargate in private subnets. publicLoadBalancer: false, taskSubnets: PRIVATE_WITH_NAT, and an HttpApi with HttpAlbIntegration. the readme literally tells operators to send the resulting ApiGatewayUrl to layerzero labs. 2. no authorizer, no iam auth mode, no ip allowlist, no waf, no route-level policy anywhere in the repo. the app itself (bootstrap.ts) registers /provider-health, which leaks configured rpcs. server.listen(port) without host arg binds to public ip. 3. cdk/gasolina/config/providers/mainnet/providers.json sets quorum: 1 for ethereum, bsc, polygon, arbitrum, optimism, fantom, and the rest. multiple rpc urls are configured as failover, not consensus. the multiprovider code only enforces quorum when quorum > 1 and explicitly bypasses the wrapper when it's 1. rpcs are mostly public endpoints (llamarpc, publicnode, ankr). 4. provider config lives in an s3 bucket that the cdk stack creates, uploads to, and passes via env vars (PROVIDER_CONFIG_TYPE, CONFIG_BUCKET_NAME). so the trust boundary is the app + the mutable config plane + the upstream rpc tier + whatever's in front of api gateway. 5. operators are told to validate by curling the public url for /available-chains, /signer-info?chainName=ethereum, /provider-health (again, leaks rpc). external reachability is an encouraged documented requirement. caveats: this is the public repo and extracted non-public source. it doesn't prove the config they had for kelp bridge. but the public info and the defaults the operators are pointed at look concerning. read more here: gist.github.com/banteg/2fde29d…

layerzero attack was not rpc poisoning in networking poisoning is when the attacker outside the trust boundary taints a shared lookup (dns, arp, cache). the consumer has no reason to distrust the source. this was not that. the attackers got inside layerzero's trust boundary. they accessed the rpc list, compromised two nodes the dvn depended on, and swapped the op-geth binaries. that's an infra breach within the perimeter. supply-chain shaped, not network shaped. and the payload was surgical. the malicious binary cloaked by ip, served forged payload only to the dvn, told the truth to scan and every other caller, then self-destructed to wipe logs and binaries. rpc poisoning makes it sound like something that happened to the infra from the outside. the real story is a targeted implant operating inside the trust boundary. that's a meaningfully scarier attack than the label suggests.

@gajesh An invite would be much appreciated :)

we have 21 machines now -- with an aggregate of 1TB of memory and 7.2TB of memory bandwidth. waking the world's sleeping compute. if you have a mac - i will happily assist you in setting this up. if you want to just try out the service - happy to cut an invite code :) (we run 9 of these machines, so it's amazing to see new nodes)

Alan Kay, pioneer of object-oriented programming and the graphical user interface, talking about agents and tools in 1990.

The highest quality video of the moon was just released… this is so beautiful.

Today is a monumentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor's algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimising separate layers of the quantum stack. The results are shocking. I expect a narrative shift and a further R&D boost toward post-quantum cryptography. The first paper is by Google Quantum AI. They tackle the (logical) Shor algorithm, tailoring it to crack Bitcoin and Ethereum signatures. The algorithm runs on ~1K logical qubits for the 256-bit elliptic curve secp256k1. Due to the low circuit depth, a fast superconducting computer would recover private keys in minutes. I'm grateful to have joined as a late paper co-author, in large part for the chance to interact with experts and the alpha gleaned from internal discussions. The second paper is by a stealthy startup called Oratomic, with ex-Google and prominent Caltech faculty. Their starting point is Google's improvements to the logical quantum circuit. They then apply improvements at the physical layer, with tricks specific to neutral atom quantum computers. The result estimates that 26,000 atomic qubits are sufficient to break 256-bit elliptic curve signatures. This would be roughly a 40x improvement in physical qubit count over previous state-of-the-art. On the flip side, a single Shor run would take ~10 days due to the relatively slow speed of neutral atoms. Below are my key takeaways. As a disclaimer, I am not a quantum expert. Time is needed for the results to be properly vetted. Based on my interactions with the team, I have faith the Google Quantum AI results are conservative. The Oratomic paper is much harder for me to assess, especially because of the use of more exotic qLDPC codes. I will take it with a grain of salt until the dust settles. → q-day: My confidence in q-day by 2032 has shot up significantly. IMO there's at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key. While a cryptographically-relevant quantum computer (CRQC) before 2030 still feels unlikely, now is undoubtedly the time to start preparing. → censorship: The Google paper uses a zero-knowledge (ZK) proof to demonstrate the algorithm's existence without leaking actual optimisations. From now on, assume state-of-the-art algorithms will be censored. There may be self-censorship for moral or commercial reasons, or because of government pressure. A blackout in academic publications would be a tell-tale sign. → cracking time: A superconducting quantum computer, the type Google is building, could crack keys in minutes. This is because the optimised quantum circuit is just 100M Toffoli gates, which is surprisingly shallow. (Toffoli gates are hard because they require production of so-called "magic states".) Toffoli gates would consume ~10 microseconds on a superconducting platform, totalling ~1,000 sec of Shor runtime. → latency optimisations: Two latency optimisations bring key cracking time to single-digit minutes. The first parallelises computation across quantum devices. The second involves feeding the pubkey to the quantum computer mid-flight, after a generic setup phase. → fast- and slow-clock: At first approximation there are two families of quantum computers. The fast-clock flavour, which includes superconducting and photonic architectures, runs at roughly 100 kHz. The slow-clock flavour, which includes trapped ion and neutral atom architectures, runs roughly 1,000x slower (~100 Hz, or ~1 week to crack a single key). → qubit count: The size-optimised variant of the algorithm runs on 1,200 logical qubits. On a superconducting computer with surface code error correction that's roughly 500K physical qubits, a 400:1 physical-to-logical ratio. The surface code is conservative, assuming only four-way nearest-neighbour grid connectivity. It was demonstrated last year by Google on a real quantum computer. → future gains: Low-hanging fruit is still being picked, with at least one of the Google optimisations resulting from a surprisingly simple observation. Interestingly, AI was not (yet!) tasked to find optimisations. This was also the first time authors such as Craig Gidney attacked elliptic curves (as opposed to RSA). Shor logical qubit count could plausibly go under 1K soonish. → error correction: The physical-to-logical ratio for superconducting computers could go under 100:1. For superconducting computers that would be mean ~100K physical qubits for a CRQC, two orders of magnitude away from state of the art. Neutral atoms quantum computers are amenable to error correcting codes other than the surface code. While much slower to run, they can bring down the physical to logical qubit ratio closer to 10:1. → Bitcoin PoW: Commercially-viable Bitcoin PoW via Grover's algorithm is not happening any time soon. We're talking decades, possibly centuries away. This observation should help focus the discussion on ECDSA and Schnorr. (Side note: as unofficial Bitcoin security researcher, I still believe Bitcoin PoW is cooked due to the dwindling security budget.) → team quality: The folks at Google Quantum AI are the real deal. Craig Gidney (@CraigGidney) is arguably the world's top quantum circuit optimisooor. Just last year he squeezed 10x out of Shor for RSA, bringing the physical qubit count down from 10M to 1M. Special thanks to the Google team for patiently answering all my newb questions with detailed, fact-based answers. I was expecting some hype, but found none.

this AI video gets you thinking... h/t @streetartglobe

Web 1.0 came with new channels: - email, search, link sharing, etc Web 2.0 too: - feeds, creators, viral invites, etc Mobile: - app stores, SMS invites, vertical vid, mobile ads What about AI? I’ve been complaining that AI hasn’t come with much. But we’re seeing a big growth channel opening now: Products that are built as APIs/CLIs that can be pulled into new projects by Codex/Claude on the fly Maybe the “AI-native hotel app” doesn’t mean a mobile booking app with an AI chat panel. It means a CLI that can book a hotel for you, that an AI agent can pull into a bespoke answer or project or into code. Bolting on an AI chat panel is this generation’s weak form of AI. Maybe the full reinvention involves making it agent-first not human-first and once you start looking at it that way, a lot of existing products suddenly feel mis-specified. they’re built as destinations, but agents don’t want destinations. they want capabilities. composable, callable, reliable capabilities. So instead of “go to Expedia” or “open the app,” the future interaction is more like: an agent assembles a workflow on the fly. it pulls a flight search tool, a hotel booking tool, maybe a weather model, maybe even your personal preference graph. none of these are full products in the traditional sense. they’re more like endpoints with taste and state. This flips distribution completely. historically you win by owning the surface area. seo, app store ranking, homepage traffic. in an agent world, you win by being the default callable primitive. the thing that shows up again and again in agent-generated plans because it works, has clean interfaces, and returns structured outputs. distribution shifts from “top of funnel” to “top of call stack.” And the crazy part is this might actually compress product surface area dramatically. the best products might look more like tight, extremely well-designed CLIs with opinionated defaults rather than sprawling UIs. almost like the stripe api moment, but for everything. imagine if every vertical had a “stripe-level” primitive that agents preferentially use. there’s also a weird inversion of brand here. humans used to choose brands. now agents will. so the brand becomes partially machine-legible. reliability, latency, error rates, schema clarity. you can almost imagine “agent seo” where the ranking factors are things like success rate across thousands of agent runs, or how easy your tool is to integrate in a chain-of-thought execution loop. This also suggests a new kind of moat. not just data or network effects, but integration depth with agent ecosystems. if claude or codex or openclaw learns that your tool is the safest way to accomplish X, it gets baked into prompts, templates, maybe even fine-tunes. you become a default. and defaults, historically, are insanely sticky. The contrarian take is that most current “AI features” are a local maximum. chat panels, copilots, assistants. they’re transitional. the real end state might look closer to invisible infrastructure that agents orchestrate. the ui is just a debug layer for humans to peek into what the agents are doing. so maybe the new growth channels for ai look like: - being callable - being composable - being reliable at scale in agent loops - being embedded in agent templates and workflows - being the default primitive in a given domain and if that’s right, then the question for any new product isn’t “what’s the ui” or even “what’s the killer feature.” it’s “what’s the minimal, highest-leverage capability we can expose such that agents will repeatedly choose us when building something new.”

@adaptiveai Adaptive

Introducing Adaptive Computer. We put AI inside of an always-on personal computer that it uses to get work done. Schedule agents. Create software. Automate anything. As part of the launch, we’re giving one free month of Adaptive to users. Retweet, like, and comment ‘Adaptive’ to get it.

@lukepierceops blueprint

Automation consultants charge $15K for what Claude Code now does in 2 hours. I know because we're the ones who used to charge it. Here's the exact process: Step 1: Discovery (20 min) → Paste your org chart, tool stack, and top 3 bottlenecks → Claude interviews you with clarifying questions → Outputs a full process inventory ranked by time cost Step 2: Workflow Mapping (15 min) → Describe any department's daily operations in plain English → Claude builds a complete process map → Every manual handoff, redundant step, and automation trigger flagged Step 3: Opportunity Audit (10 min) → Feed it the workflow map output → Returns your top 10 automation opportunities → Ranked by ROI, complexity, and build time Step 4: Architecture Design (20 min) → Claude designs the full system architecture → Which tools connect where, what the data flow looks like → Agents for complex logic, linear flows for the repetitive stuff Step 5: Build (ongoing) → Claude writes the actual workflow JSON → Self-documents everything as it builds Step 6: The output. A live dashboard your whole team can work from. → Clickable process maps for every department → Automation opportunities ranked by ROI → Implementation progress by phase → KPIs updated in real time → One link you share with clients, freelancers, or your team to execute This is what we hand every client at the end of discovery. The .md file is what makes all of it possible. Without it, Claude guesses. With it, Claude builds like a $15K consultant. Like this post, RT and comment "BLUEPRINT" and I'll send you the full prompt stack and the .md file we use internally. (Must be following so I can DM you) 🎁 Bonus: The first 100 people get a real Precision AI Blueprint — an actual sample audit doc from a client engagement so you can see exactly what the output looks like.

🚨🇦🇪🇺🇸 Prominent UAE billionaire Khalaf Ahmad Al Habtoor just published an open letter to Trump. It's brutal. "Who gave you the authority to drag our region into a war with Iran? Who gave you permission to turn our region into a battlefield?" Al Habtoor's a major figure: billionaire, former diplomat, outspoken political voice in the Gulf. When he talks, UAE leadership's listening. His questions: * Was this your decision or Netanyahu's pressure? * Did you calculate collateral damage before firing? * You placed GCC countries at the heart of danger they didn't choose * Your "Board of Peace" initiatives were funded by Gulf states. Now we're getting attacked. Where did that money go? * You promised no wars. You've conducted operations in 7 countries: Somalia, Iraq, Yemen, Nigeria, Syria, Iran, Venezuela * 658 airstrikes in your first year back = Biden's entire term (which you criticized) * War costs $40-65 billion for operations, possibly $210 billion total * Your approval rating's down 9% in 400 days * Americans were promised peace. They're getting war funded by their taxes The sharpest line: "Before the ink has dried on your Board of Peace initiative, we find ourselves facing military escalation that endangers the entire region. So where did those initiatives go?" Al Habtoor's not some random critic. He's establishment. Connected. When UAE elites start publicly questioning Trump's decision-making, that's America's closest Arab allies saying "we didn't sign up for this." The letter ends: "True leadership is not measured by war decisions, but by wisdom, respect for others, and pushing toward achieving peace." @KhalafAlHabtoor

Programmers were asked to make the worst volume control for a contest x.com/fluxfolio_/sta…

optimism is the best life and longevity hack negative thinking destroys your brain and is associated with alzheimers disease whereas optimism is associated with longevity you must retain your childlike optimism and be a silly goose

In person experiences are going to mean so much more with the way the world is going Just look at this man

What if every time it's over... You could always bounce back. Bounce Tech: Private beta now live👇

This is extraordinary and profoundly symbolic: Ai Weiwei has returned to China for the first time in 10 years and says he concluded that Beijing is "more humane" than Germany which he describes as "insecure and unfree". He gave an interview to Germany's Berliner Zeitung after his trip (berliner-zeitung.de/kultur-vergnue…) and here is what he said: - He described feeling that Beijing had become like "a broken jade being perfectly reassembled" and said he felt no fear returning to the country. - He complained that daily life difficulties in Europe (where he's lived for the past 10 years) are "at least ten times" what they are in China, criticizing European bureaucracy. - For instance he said he reactivated his dormant Chinese bank account in mere minutes (with "still had a considerable sum of money in it"). He contrasts this with his experience in Europe: "In Germany, my bank accounts were closed twice. And not just mine, but my girlfriend's as well. In Switzerland, I was refused an account at the country's largest bank, and another bank later closed my account there as well. There were other similar incidents, which I won't go into detail about here. These processes are extraordinarily complicated and often irrational." - He says that "with regard to the political climate, daily life for ordinary people in Beijing feels more natural and humane" than in Germany which "feels cold, rational, and deeply bureaucratic. As an individual, one feels confined and precarious there." - Stunningly he says that in Germany, over ten years, "almost no one has ever invited me to their home. Neighbors from above or below exchange at most a brief nod." He contrasts this with China where, immediately upon his return, "perfectly ordinary people from at least five different professions lined up, hoping to meet me." - He concludes that Germany now "plays the role of an insecure and unfree country, struggling to find its position between history and future." As a European who's lived 8 years in China, I couldn't agree more: life in China is an order of magnitude less cumbersome than in Europe and daily life feels much more humane and warm, contrary to popular belief. But it's one thing for me to say it, and something else entirely for China's most famous dissident. The man once celebrated throughout the West as the very embodiment of opposition to his country has now concluded that it is in fact Europe that's inhumane and "unfree".