Sigtrap

@rutugl @XBToshi @tayvano_ Not even that. AI reads the binary like source code. It is just machine language. Reverse engineering is not even needed.

@XBToshi @tayvano_ AI probably makes open-source security harder, but closed-source doesn’t magically make systems safer...it just removes public scrutiny while attackers keep scaling privately.

fair point on the "AI-breaking-crypto" narrative. weaponized models like mythos hunting 0-days in open repos is definitely the new reality. the game changed. but going closed source is literal suicide. hiding the TSS engine doesn't save you. attackers will just fuzz the black box with their own AIs. closing the source means fighting the machine in the dark, entirely alone. a "trusted inner circle" can never out-compute the dark forest. plus, the moment TC does this, the "permissionless" and "open-source" dream is dead. you're just left with a permissioned cartel.

@tayvano_ But it has nothing to do with the Thorchain hack?

here's the diff against round 2 in VERSION FUCKING 2 of the upstream lib. upstream 2.0 released was AUGUST 2023!!!!!! so, no, none of that hardening (from fucking 2023) was cherry picked in. upstream release in response to tsshock disclosure: github.com/bnb-chain/tss-…

lmao it's been literally 1000 days since TSSHOCK was disclosed publicly. even more since THORChain was alerted and given a working PoC on their implementation. there have been many adjacent issues with tss libs before and since. fools. verichains.io/tsshock/

@OwariDa JPEG... for rendering on a display?

UPDATE: After more benchmarking and optimizations I've determined that the variant with the lowest latency is actually to always send full frames (well, the two 1920x544 JPEGs for the top/bottom half of each frame to be specific), but to leverage VAAPI for hardware accelerated color space conversions and JPEG encoding :D Just need some adaptive JPEG quality adjustment in cases where maxing out the available USB 2.0 bandwidth to avoid skipping frames Pretty sure my Linux driver is the most efficient and highest quality variant right now, both the macOS and Windows driver have adaptive quality adjustments but I saw macOS falling back to 70% JPEG quality settings almost instantly while I rarely have to go below 98% Testing with videos streaming on both displays now (not counting the DP Alt-mode one, that doesn't need any userspace driver), and it's working very well :) PS. Regarding my observations with the adaptive quality adjustments on macOS and Windows, I was able to do that by sniffing the USB traffic. It was pretty fun to be able to generate videos directly from the USB captues :D

I recently got this portable triple monitor setup. It works fine on macOS and Windows, but it turns out the Linux driver was extremely unstable as well as very CPU intensive Obviously, this nerdsniped me into reversing it and making a better one. In doing so, I managed to figure out some device internals/quirks that I could leverage to make optimizations that none of the vendor drivers for any platform could do :) Turns out that one of the screens (the leftmost one) presents as a standard USB-C DisplayPort (DP Alt Mode) screen, which means it has more than enough bandwidth available for uncompressed efficient video For the other two screens, the device presents as a USB 2.0 Hub, with a USB device that is handled by a custom userspace helper application Turns out that what essentially happens is that it's streaming JPEG encoded data (with a custom header, however) for every frame presented on the two other screens. To be specific, two JPEG:s per frame, one for the upper half and one for the lower half, for each screen On both macOS, Windows and Linux, it was always sending JPEG:s with a resolution of 1920x544 for each half, with an adaptive quality setting from 98 to 70. The reason being both the fact that JPEG encoding is relatively expensive, as well as the fact that it's only able to use a bandwidth of 30MB/s in total As a side effect of this, the actual frame rate you're getting on each of the USB screens is generally more around 25-30 than anything near 60 I wasn't all that concerned with the frame rate for my purposes though, and even though JPEG is technically using lossy compression, I wouldn't even really have noticed that in general use What I did notice, however, is the CPU usage required for all that JPEG encoding, and I wanted to minimize that as much as possible The vendors Linux driver was using 2-3 CPU cores continuously on full blast, and even then it was frequently either crashing or slowing down to a crawl I was able to get the worst case CPU usage down to a factor of about 5 (i.e. about 60% of a single CPU), and for the cases where the screens are mostly static, terminals and such, the CPU usage was only 1-3% of a single CPU Besides the obvious stuff, such as parallelizing the JPEG encoding etc, I thought it was pretty wasteful to send full frames in cases where the actual changes from the previous frame were small Since the packet header contained what seemed to correspond to the width, height and x/y coordinates of where the JPEG should be rendered, I thought it would be possible for me to send a JPEG with just the part that was different from the previous frame That method, however, ended up getting very strange results where it seemed to loop parts of previous frames on the parts of the screen that were not being updated After making a test program that rendered a simple animation against a static background with a low FPS (FPS as in the frames actually sent to the device per second), I could see that it seemed to repeat previous frames with a cycle of 3 I.e. if I try to animate a box by painting over the previous frames box as well as the part where I'm placing the slightly moved box, instead of a smooth animation I would see the box I painted as well as part of the box from 3 frames back By this observation, I could deduce that the device internally uses three framebuffer slots, and by mirroring this with three "shadow buffers" in my custom userspace driver I could minimize the work required for each frame First off, I would compare my new frame N with frame N-3 in order to see the minimum rectangular area that would patch up frame N-3 to become my new frame N While doing so I would also compute a very simple hash of frame N and compare it with the hash of frame N-1, since if frame N and frame N-1 are the same I can just skip presenting that frame (I still need to send a periodic heartbeat in order for the screen to not turn off, but I don't need to send a new frame unless something has actually changed) So instead of encoding and sending two 1920x544 JPEGs for each frame on each screen, I would generally be encoding and sending far less, which allows me to use far less CPU and be a lot more responsive especially for coding and "office work" in general As a bonus, I also got a lot more intimately familiar with the EVDI subsystem in Linux (EVDI = Extensible Virtual Display Interface), which turns out to be quite useful in the context of my QVM and GRAFIT projects that I've mentioned from time to time in other posts ;)

Just released my #DefCon34 music demo! 100% original Zploit #nerdcore productions & remixes. Tracklist will be added soon. Party on #defcon 🔥 @defconparties Hope to see you there #DC34 youtu.be/I2PzBxKVx8Q soundcloud.com/sigtrap/defcon…

@aave @tayvano_ @ether_fi @KelpDAO @LayerZero_Core @Compound_xyz @arbitrum Perfect. And do that over and over until everything is fixed.

After discussions with several stakeholders, Aave service providers, @Ether_fi, @KelpDAO, @LayerZero_Core, @compound_xyz, and others have submitted a governance proposal to the @arbitrum DAO requesting the release of ETH frozen by the Arbitrum Security Council following the April 18 rsETH incident. If released, the funds will be directed into DeFi United, a coordinated cross-protocol recovery effort aimed at restoring rsETH backing and remediating impairment of rsETH for users. This contribution would meaningfully advance the path to resolution as others confirm their commitments. The proposal is open for review, and we welcome feedback from the Arbitrum community. forum.arbitrum.foundation/t/constitution…

@emilianobonassi @tayvano_ @boundless_xyz @jacobeverly And a weakness in the ZK and the assets are gone?

Announcing @boundless_xyz CrossChain to strengthen any bridge A practical and progressive approach to security depending on the importance of messages Available today for you DVNs with 0 cost of integration Learn more on this article by @jacobeverly 👇 Link to the website 🧵

@DesoGames Plz help $TUSD too!

#Tether watch! Short one; Tether printed $210M in fresh USDT an hour+ ago, sent it to Cumberland, who then directly sent $200M on to Ethena's Web Wallet 1. This as Ethena's market cap continues to drop and it's well below peg at this time. I smell another ponzi bailout!

@bax1337 How much was saved and how much was lost? Was everything recovered or just a small part? No more problems at Aave?

Man. What a month. Absolutely herculean effort to get something very hard done just in the nick of time.

@_Jamisky @0xSweep Banks tries to repackage loans as collateral and sell it as new loans. It did not go well last time. And most collateral that are used for loans are marked so someone else can't loan more money a second time of same collateral. For defi, just wrap it and resell it.

@0xSweep How is this different from banking? Banks do fractional reserve banking No? At least in this case, everything is transparent onchain and you can monitor LTV, utilization and other information in real time

DeFi is dead and most of you still don’t understand what it actually was It was never a financial system. It was a loop designed to manufacture synthetic valuations from minimal capital Protocols didn’t grow capital, they multiplied how it was counted by turning one deposit into multiple positions A token gets emitted, you’re paid to deposit it, and that deposit is recorded as TVL. That’s position one. You borrow stables against that same collateral, deploy them somewhere else, and now that same base capital is supporting a second position on another protocol Then you take the LP token from that, restake or loop it again, and it gets counted a third time Lets simplify it with $100: > You deposit $100 into a protocol, that’s your first position and it’s recorded as $100 TVL > You borrow $80 against that same $100 and deposit it somewhere else, now there’s another $80 being counted > You borrow $60 against that $80 and deploy it again, now that’s another layer You take the receipt from that and loop it one more time On paper you now have $280+ across protocols, but in reality its still the same $100 This is the same illusion as altcoins printing billion dollar market caps on tiny float A $2B token with 5% circulating isn’t $2B of value, it’s $100M of liquidity marked higher by thin trading DeFi did the same thing with TVL. Instead of multiplying price across supply, it multiplied the same capital across protocols TVL became FDV in a different format Protocols emitted tokens to LPs, counted those tokens as TVL, then counted the incentivized volume as usage That volume generated fees, fees justified valuation, valuation justified emissions, and the loop continued No external demand was needed and the system kept feeding itself Every narrative ran the same structure. Yield farming, LSDs, restaking, points. Different names for the same mechanic You weren’t earning yield. You were being paid in dilution At the peak, $200B+ TVL implied capital that never existed. The real base was a fraction of that, looped, leveraged and counted multiple times Each protocol reported it independently, dashboards aggregated it as if it was additive That’s how the industry looked massive This is why altcoin market caps and DeFi TVL broke at the same time Both were built on internal pricing, thin liquidity, and recycled capital. One inflated valuation through float, the other through collateral loops Neither represented real economic scale The fragility came from this exact structure. The hacks weren’t random.... You don’t extract hundreds of millions from systems generating real external cash flow, you extract from systems where the value was already abstract Strip out token denominated TVL, emission based yield, recycled collateral, and wash volume. What’s left is a small set of protocols actually moving capital DeFi didn’t fail. It worked exactly as designed. It took limited capital, looped it, marked it higher, and distributed it Now that the loop is visible, the numbers don’t hold That’s why it doesn’t bounce. There’s nothing underneath it to support the scale it once claimed

@OwariDa I seem to have a limit of around 10 input tokens per hour, while my output token capacity appears to be unrestricted.

😂

@realzumbakafeo @phantom Link to the block explorer so everyone can see balances?

@phantom Your tokens aren't gone. Phantom's price feeds and balance displays are down - that's a backend issue, not a blockchain one. Your assets live on-chain regardless of what the wallet UI shows. Worst move right now is panic-selling from another app because you saw a $0 balance.

We are experiencing a temporary service outage affecting token prices and balances. Our team is actively working to resolve this as quickly as possible. We appreciate your patience during this time 🙏

@jordan @CorySwan @tether @paoloardoino And how many % of the company is sold? Who want to share the fraud?

Top 6 Questions for @Tether at tonight's investor pitch in Miami: 1) Why does Tether pretend Paolo @paoloardoino runs the company, when Giancarlo Devasini controls it unilaterally? 2) Is this a growth round, or a liquidity event for insiders? Whose shares are being sold and why? Why does Tether need money if it’s so profitable? 3) Given the numerous claims on underlying assets in various subsidiaries that trickle up to Tether, why should investors accept talk of a reserves audit without a full-company audit, including governance, related-party transactions, and ownership? 4) Did Bo Hines @bohines discuss any future role with Tether while still helping to shape the U.S. stablecoin framework via his role in the White House? 5) Why were Devasini-linked entities buying Northern Data @NorthernDataGrp assets at what an independent report described as a steep discount? 6) How serious is the litigation and shareholder-exposure risk around the Northern Data related-party asset sales, given the allegations that Devasini-linked entities acquired assets at discounted prices?

Iran releasing the footage of this missile hitting US warship. The missile flew past IJN Akagi, Liaoning aircraft carrier, USS Lexington and finally hitting the second Lexington. The real question is: is it War Thunder, Arma 3 or world of warships?

@Forbes @Bitfinexed @grok can you summarize what Lutnick has said and what now is reveled? Present what is said in rows and in the colum what is reveled or contradicting what Lutnick has said.

Commerce Secretary Howard Lutnick is likely to be forced to testify before Congress again about Jeffrey Epstein after a Republican joined Democrats on Friday in calling for him to take questions. Here's everything we know: forbes.com/sites/saradorn… (Photo: Andrew Harnik via Getty Images)

@RyansMethod You can't draw some arbitrary lines and think people will follow them.

$MSTR & #Bitcoin completed bullish backtests today. Now, we go higher 🚀

@funder @Bitfinexed And? Who do want to tell with your post? Those who you want to tell does not care.

Trump's Commerce Secretary Just Got CAUGHT Lying About Epstein dworkinsubstack.com/p/this-great-n…

@RhoRider I can guess it will go down 5 times.

Desperation on Pedobase. Won’t be long now…

@RhoRider Who will be the last who tries to withdraw? 🤔

🚰⚠️ $USDC has now had outflows > $8.4B off its peak $USDT down ~$2B

@Pugophile @Microinteracti1 51% of the americans are.

🎤 Listen to the booing. What a beautiful sound of pure hatred and contempt aimed at the world’s dumbest con artist. You can hear it crackle in the air. This guy is supposed to command the room, and he cannot even talk over the noise. A washed up president propped up by a loud, shrinking minority, drowning in boos, exposed in real time. The spell is gone. The crowd is not buying it. The world is not pretending anymore. His orange stain follows everyone who gets too close to him. It smears onto their suits, their reputations, their futures. You cannot stand next to Trump without getting marked. And come the midterms, every single one of them is getting flushed out with the bathwater. No sympathy. Just gone.

@bearzus @RhoRider I agree with you and how you reson.

@killminus5 @RhoRider

Unless the US has somehow hidden movements of an entire carrier strike group…seems like a massive strategic blunder to not have any major naval assets positioned remotely close to Iran / the middle east rn.