竜 SM₳UG

✨If you ignore the dragon, it will eat you. If you defy the dragon it will overpower you. But if you ride the dragon, you will take advantage of its strength and power.✨ smaug.pool.pm

We've completed our deployment of nearly 100 additional Tor exit relays (totaling 123). We now have nearly 500 CPU cores and 1TB of RAM dedicated to relaying traffic on the Tor network, a huge milestone for supporting Internet freedom. Real infrastructure, not vaporware. We've shared some pictures of our work and hope you enjoy the purple aesthetic, matching Tor's primary color.

👀

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

@KuptoKosmos Ce n'est pas une mise à jour pour les utilisateurs Ledger, c'est une mise à jour de Chrome pour tous les utilisateurs de ce navigateur. Ça n'a en fait rien à voir avec Ledger si ce n'est que le CTO en a parlé.

⚠️ MISE À JOUR POUR LES UTILISATEURS LEDGER Google vient de corriger 26 failles (dont 4 ultra-critiques)... Saviez-vous qu'un hacker pouvait vous voler TOUT en une seconde, juste une page web piégée, et c’était fini même sans cliquer nulle part !? WebGL, V8, use-after-free… Chrome est une passoire ridicule depuis des années 🚨 ATTENTION : Même après cette mise à jour de dernière minute, RIEN n’est safe a 100% C’est honteux de prendre à la légère de telles informations sensibles... Et au-delà de ça, Google collecte déjà ÉNORMÉMENT sur vous au quotidien : 👁️ Votre historique de navigation complet 👁️ Toutes vos recherches 👁️ Votre localisation précise en temps réel (GPS + IP + WiFi) 👁️ Vos mots de passe et données de remplissage auto sauvegardés 👁️ Vos favoris, l’historique de tous les sites visités (y compris vos dApps crypto et wallets) 👁️ Votre profil publicitaire ultra-détaillé 👁️ Vos centres d’intérêt 👁️ Vos interactions en ligne… Bref, ils vous connaissent parfois mieux que vous-même ! Le CTO de Ledger @P3b7_ tweet : "Cette mise à jour corrige 4 vulnérabilités critiques et 22 élevées. Un bon rappel qu’on ne peut pas faire confiance à son navigateur ou à son ordinateur pour stocker ses secrets précieux…" ➡️ Mettez à jour (version 146.0.7680.153 ou 154) Ledger hardware + signature hors ligne + zéro confiance dans le navigateur = meilleure sécurité. (⚠️ Mais vous risquez toujours des fuites de données des tiers avec qui ledger travail !) #Privacy

@gchampeau Merci pour le partage. Le code source est-il disponible?

Ca y est c'est dispo en Progressive Web App pour pas dépendre d'un accès à Internet actif. Sous Chrome ou Edge, vous cliquez sur ce bouton et vous suivez le guide.

"La télévision a un monopole de fait sur la formation des cerveaux. Or en mettant l'accent sur les faits divers, en remplissant ce temps par du vide, du rien, on écarte les informations pertinentes que devrait posséder le citoyen pour exercer ses droits démocratiques." Pierre Bourdieu

@heynavtoor But how can it check the age of the user without internet?

🚨Someone just open sourced a computer that works when the entire internet goes down. It's called Project N.O.M.A.D. A self-contained offline survival server with AI, Wikipedia, maps, medical references, and full education courses. No internet. No cloud. No subscription. It just works. Here's what's packed inside: → A local AI assistant powered by Ollama (works fully offline) → All of Wikipedia, downloadable and searchable → Offline maps of any region you choose → Medical references and survival guides → Full Khan Academy courses with progress tracking → Encryption and data analysis tools via CyberChef → Document upload with semantic search (local RAG) Here's the wildest part: A solar panel, a battery, a mini PC, and a WiFi access point. That's it. That's your entire off-grid knowledge station. 15 to 65 watts of power. Works from a cabin, an RV, a sailboat, or a bunker. Companies sell "prepper drives" with static PDFs for $185. This gives you a full AI brain, an entire encyclopedia, and real courses for free. One command to install. 100% Open Source. Apache 2.0 License.

A quick update on the infamous EU “ChatControl” 🇪🇺 What a turn of events in EU tech policy: from potential mandatory mass scanning of data (“ChatControl”) → to even voluntary scans losing their legal basis (for now). Just months ago, fears were growing around mandatory scanning of private communications in the EU (incl. pictures and videos). Now, talks between the EU Council (Member States) and the European Parliament have collapsed - and the result is a complete reversal. As of April 3, even voluntary scanning of data by platforms loses its legal basis under EU privacy (ePrivacy & GDPR) rules, as the temporary exemption was not extended. A striking example of how fast EU tech policy can turn - and a big win for European privacy advocates.

When @spacebudznft launched in March 2021, it felt like the beginning of something special for Cardano. I had already been investing in Cardano and collecting NFTs on other chains, so when these little astronauts appeared, I was instantly hooked. I minted 3 Budz, my babies, and quickly became very active in the community that formed around them. Along the way, I also became friends with Ales. Over the years, I've watched him build things that quietly shaped parts of the Cardano ecosystem in ways many people may not fully realize. The funny thing is, Ales never really saw himself as "a dev." He was just exploring, building things he found interesting, and sharing them openly. Before any of this, he had already become an SPO with a simple mission: to prove that Cardano was so energy efficient it could run on Raspberry Pi computers, and to teach others how to run nodes and become operators themselves. Like many great builders in open source, Ales built on tools and libraries that came before him and shared his own work openly so others could build on it. And through that same curiosity and generosity, he ended up enabling a lot of what people build on Cardano today. Amongst them: - The CIP-25 NFT standard, which SpaceBudz and Berry NFTs helped pioneer. - Nami, which helped make dApp connections possible. - The SpaceBudz marketplace, the first smart contract-enabled NFT marketplace on Cardano, which he open-sourced so other marketplaces could build and flourish. - Lucid, a JavaScript library that made development on Cardano much easier. - CIP-68 NFT Standard (programmable NFTs), opening the door for more advanced on-chain assets. Recently, Ales shared with me that after a lot of reflection, he feels ready to step away from the digital world and pursue a life that feels more grounded in human connection. And as part of that decision, he chose to pass SpaceBudz on to new hands. And I fully support him in that choice. SpaceBudz will always remain a special part of Cardano history. It wasn't just a collection, it was a moment when imagination met experimentation, and suddenly the possibilities of the chain felt wide open. A huge thank you to @berry_ales and @punk9968 for creating something that sparked that moment and sharing it so openly with the ecosystem. And thank you to the SpaceBudz community, which has always understood what this project was really about. Exploring the capabilities of the chain, building with open tools, and letting each Bud take on a journey of its own. Ales, thank you for your friendship and for the journey we’ve shared through all of this. I will never forget it. And to @Knackfish and the @TavernForge team, now stepping in to guide SpaceBudz forward, thank you for taking the torch and continuing the journey! SpaceBudz has always been about curiosity, exploration, and the courage to step into the unknown. A reminder that sometimes the greatest adventures begin when we choose to see what might be possible beyond the horizon. I'm excited to see where you take the Budz next and look forward to the adventures still to come. 🚀

Write Cardano smart contract in LEAN4, evaluate UPLC with github.com/utxo-company/p…, prove the correctness of LEAN4 expression that defines smart contract, and prove the correctness of compiled UPLC directly using github.com/input-output-h… Everything interactive via LSP

Dolos v1 is here. 🚀 Years of building. Almost a 1000 commits. One goal — a Cardano node optimized for dApp backends. Today it's production-ready 🧵

🇫🇷💻

@CardanoNoodz @pool_pm I'm not sure they have open sourced their player yet. It's likely a little too early overall , but at some point this would be nice.

@SmaugPool So it would work on @pool_pm ? 👀

Wow

Great article on this alt rust node development

Les chiffres sont basés sur une analyse de cycle de vie (ACV) conforme aux normes ISO, et prennent en compte l'ensemble du cycle de vie du nucléaire, de l'extraction de l'uranium à la gestion des déchets. Ils viennnet de l'ADEME: base-empreinte.ademe.fr Explication dans cet article du Monde: lemonde.fr/blog/huet/2022…

@SmaugPool @EmmanuelMacron Les chiffres pour le nucléaire prennent-ils en compte le coût CO2 du démantèlement, de l'enfouissement, de la maintenance des sites d'enfouissement, de la construction des sites d'enfouissement, du cycle de vie de l'uranium pour être utilisable comme combustible... etc ?

L’énergie nucléaire nous donne ce dont notre époque a plus que jamais besoin : l’indépendance, la résilience face aux crises, la compétitivité et la capacité de tenir nos ambitions climatiques. Au moment où nos économies s’électrifient, où le numérique et l’intelligence artificielle transforment nos usages, où l’industrie a besoin de s’électrifier, la demande mondiale d’électricité progresse deux fois plus vite que durant la décennie passée. Face à cette montée des besoins, la France dispose d’un atout que beaucoup de nations nous envient : 57 réacteurs répartis sur 18 sites, soit le parc nucléaire le plus important au monde rapporté à notre population. Le nucléaire civil est aussi un levier décisif pour la décarbonation : le nucléaire c’est 12 grammes de CO2 par kilowattheure contre 490 pour le gaz et 820 pour le charbon ! À Belfort en 2022, j’avais fixé un cap clair : reprendre en main notre destin énergétique, en sortant de la dépendance aux énergies fossiles et en retrouvant notre souveraineté industrielle et énergétique. Nous y sommes et nous tenons ce cap. En 2025, nos centrales ont produit environ 370 térawattheures d’électricité, et la France a exporté plus de 90 térawattheures d’électricité décarbonée. Notre programme de construction de nouveaux réacteurs avance et nous accélérons. Au niveau européen, la neutralité technologique, de la standardisation, des financements à renforcer, des compétences et une vraie chaîne de valeur européenne. Au niveau mondial, des collaborations sur les enjeux de recherche et de développement, et un travail collectif sur la sûreté. Voilà notre ambition sur le nucléaire et ce que j’ai dit à Paris à tous les pays ce matin. Dans un monde plus instable, plus fragmenté, plus incertain, il est un choix de souveraineté, un choix de compétitivité, et une garantie pour l’avenir. Ce choix, la France l’a fait.

Initial 350M ADA NCL was for 72 epochs & will apply again w/o a new NCL budgetcommittee.docs.intersectmbo.org/archive/2025-b… New 300M ADA proposal is for 100 epochs #0" target="_blank" rel="nofollow noopener">gov.tools/connected/gove… So it would lower max withdrawal from 4.86MADA/epoch in avg to 3.5MADA, w/o preventing further decreases later. Right?