lefty155🌻

I am quote tweeting this, so that I can make it my pinned tweet

@Future_proof7 @ICPsimp @jonahseguin Because that provides literally no protection if the developer's API keys are compromised? Specific versions of packages on NPM are also immutable (well unless NPM themselves get compromised, but then we have bigger problems)

@lefty155 @ICPsimp @jonahseguin I feel like that should just be standard anyway Great if you’ve pinned the correct package, but even worse if malware Why would you not want packages hosted by something that’s tamperproof, auditable and cryptographically verifiable? Seems like a no brainer

Can someone please explain to me why we are still waiting until AFTER a package is published and distributed to take action? Why doesn’t npm scan packages with Socket or similar before allowing them to be distributed?

@vxunderground Out of interest, how do you know they used yt-dlp?

Big shenanigans on social media. The big question is now, who owns content? The answer: whoever can watermark first or best X employee Big Nick (that's what everyone calls him) goes schizo on some dork with a bunch of followers. Big Nick asserts big account steals content from little account no one has heard of. However, it turns out little account (operating under a VPN, wink wink), yt-dlp's content from TikTok, YouTube, Instagram, etc. and adds his own watermark on top of it. Big Nick, seemingly aware of this, acknowledges this theft of content but will award small account for "bringing it to the platform" and "add his watermark". Chaos has ensued because big account has been actively aggregating slop to X (formally Twitter) since 2014 and has 4M followers, BUT HAS NOT been watermarking it. The new guy has been actively aggregating slop (but adding his own watermark!) since 2020 and has 20,000 followers. tldr bring content to platform (yt-dlp someone's stuff), add watermark, complain someone without watermark stole it, take their ad revenue Chat, it's the great slop wars of 2026

@ICPsimp @jonahseguin Why do that when you can just pin to specific versions of packages on NPM 🙃

Can someone explain why we're still not talking about using the Internet Computer Protocol to fix these attack surfaces? Instead of relying on the centralized npm registries that get compromised through maintainer accounts or supply chain worms, you could host immutable, tamper-proof packages directly on ICP canisters. The code and data run inside the protocol itself. Which is protected by math, replicated across independent nodes, with no traditional server for attackers to target. You could even layer on something like Orbit.global for secure, multi-approval key management and access control. That removes the centralized points of failure, insecure endpoints, and single points of compromise that keep biting us. The tech exists. Why aren't we leveraging it for something this critical? Or at least talking about it. I mean the attackers, like TeamPCP, are even leveraging the tech to orchestrate a lot of these attacks.

@funnyaralyn86 You need to update yt-dlp by running yt-dlp --update

is yt dlp fucekd

@Snakesan @IntCyberDigest The website was supposed to show, it wants you to follow the instructions so you install malware And yes, the website is cursed. I think it got hacked, that’s why it’s currently down

I just want to know the signals that kept it from popping. Can't be some local resource collision, this was meant to not show for a reason l. I'm used to seeing circumvention, this is just new to me. Hope to read a writeup over this one. I'd assume the entire based apparel site is cursed.

‼️🚨 BREAKING: Kash Patel's apparel website is reportedly hosting ClickFix malware, according to multiple visitors. A fake Cloudflare verification page is tricking users into pasting OS-specific "verification" commands that execute malware. The macOS path fetches an infostealer targeting Keychain, browser data, session tokens, and crypto wallets. Source: @dm4uz3

@old_ass_nerd @0hour1 "gun in banner" and refers to people as "it". No wonder @old_ass_nerd refuses to believe that a website telling them to open the terminal and run a command is malware

@0hour1 "23" followed by "please be over 16"... no wonder it's concerned about an "infostealer"

It’s called DDOS protection 😭🥴

@realDeFiWiZ @IntCyberDigest Why?

@IntCyberDigest bro delete this

@Snakesan @IntCyberDigest Its a fake Cloudflare gate. Cloudflare never ask you to open terminal and run a command that's literal malware Meaning Kash Patel's website must have been hacked (and has potentially been fixed now)

@IntCyberDigest If you attempt to navigate to this on windows with a clean useragent showing macos it won't pass through the cloudflare gate. This usually doesn't happen. Interested to hear why this happens.

@sensibleman88 Any captcha that tells you to open a terminal is malware. Google "ClickFix" if you don't believe me

Do they... not know what a captcha is?

AOC after oct 7th with israel troops

@PaulChr30241052 @MartinLZinn @MyLordBebo I think Grok is designed to analyse the user's tweets and imitate their political views. Which is terrible, because its basically a personal echo chamber that always tells you you're correct I think its echoing back the views of ProLeataria (whose tweet its translating)

@lefty155 @MartinLZinn @MyLordBebo It's worse than a bug. It spits out what it's been fed while calling it learning. Gleefully justifying the death of children.

🇮🇱 Grok wildly translates a question about Israel. Bro wrote in German: “What’s your position on Israel’s right of existence?” Grok answered instead of translating. Wild. Probably some hard-coded rules on Israel worked too strongly and overrode the command to translate. 1/

@RWeisman15348 @mullvadnet Pretty much. Read tmctmt.com/posts/mullvad-…

@mullvadnet Thanks for sharing - so the current design assigns an exit address based on a key which is generated on login to the Mullvad app. While logged in, switching to another VPN, doesn’t re-generate the key, which leads to similar exit address? How the browser knows it’s the same user?

On Friday the 15th of May, we became aware of a fingerprinting issue affecting Mullvad users. We have a method which changes this behaviour currently being tested, with plans to begin rolling it out to our VPN servers in the coming weeks. Read more here: mullvad.net/blog/exit-ip-f…

@KrondstadtBaker @ElliotMalin Correct, the genocide was carried out by the Committee of Union and Progress, which was the most powerful organisation within the Young Turks movement You may wanna check out google.com, I find it answers my questions much faster than if I asked them on Twitter

@ElliotMalin 'the group' So a 'group' called 'The Young Turks' did it?

Your company is named after the group who committed the Armenian Genocide.

@cubfan13 @rowanfornow I wasn't aware that "Obama" and "Barack Obama" were movie titles, let alone distinct movie titles

@rowanfornow They were naming movie titles, not black people. You twit.

I still love how the person who made this couldn't think of six Black people

@PaulMay9115 1.8k likes vs 1 like. I've never seen such a glorious ratio!

Perhaps this will help Lucy

@stupidtechtakes @mxdabz I think your IPv6 IP address does (although websites that know what they're doing will implement IPv6 blocks based on /64 subnets)

@mxdabz your ip doesn't change when you unplug ethernet

what

@DTealy1 @hpglassford @aaronsmith It’s literally what’s happening here. I’m sure the Taliban would allow Fatima Payman to renounce her citizenship if she supported them. The fact the Taliban won’t shows she doesn’t have an allegiance to them. Why do you want other nations to be able to influence our elections?

@lefty155 @hpglassford @aaronsmith That notion is just silly. Three clowns awarded 🤡🤡🤡

Section 44 of the Constitution already requires this. What is it with conservatives? Invent a crisis, work themselves into a lather about it, then demand we fix the thing that's already fixed.

@DTealy1 @hpglassford @aaronsmith If China don't like Australia's prime minister, should they be able to declare them a citizen so that they have to resign? You really haven't thought this through, have you?

@hpglassford @aaronsmith Not good enough Black and white, dual citizen or not, no loopholes Australia owes nothing to the rest of the world and should stop compromising its own citizens for global virtue signalling

@JontyTheCaller @Polls0Politics @Maggie_Perry6 Agreed. Will be very interesting to see whether she runs for Labor next election, since they can’t really trust her either

Politicians aren't ethical, that's my point! But independent means independent of all parties, so no she shouldn't be allowed to join a party because that proves she isn't the independent she was re-elected as. If she has had two terms and changed teams in both it makes it even harder to trust her!

With this surprise defection, the Labor-Greens majority in the senate will expand from 39 seats (1 seat majority) to 40 seats. Also worth noting that if she ran again, she was very likely to lose her seat to One Nation candidate Lee Hanson.

@JontyTheCaller @Polls0Politics @Maggie_Perry6 Not saying it’s ethical in the slightest, but you can’t make a rule forcing her to remain an independent because parties are allowed to merge or form alliances and the same goes for independents

@JontyTheCaller @Polls0Politics @Maggie_Perry6 She was re-elected in 2025 as an independent. Whether it was ethical for her to leave the Jacqui Lambie Network before the end of her 2022-2025 term is another question, but now that she’s been elected as an independent I think she should be free to join whatever party she wants