Edd
2.7K posts
Edd
@Doc_bzh
for personal records only, extremely inaccurate
Entrou em Ocak 2021
206 Seguindo137 Seguidores
Hi @notgodcomplex96 cheers for the amateur security audit via Brazillian VPN
Next time you attack @InsilicoTrading hire an expert and remind him to the remove the customer's name from the payload
We offered him $500 to just fuck off, shoulda taken the money!
English
Si Mistral noue un partenariat avec Musk, ça va être compliqué de continuer de parler de souveraineté... #ForSure
Silicon Carne@siliconcarnesf
Je découvre ce matin que SpaceX a verrouillé une option d'achat sur Cursor à 60 milliards de dollars, exerçable d'ici fin 2026, et que s'il ne l'exerce pas il paie quand même 10 milliards pour la coopération technique. Dans la même séquence, Business Insider révèle que xAI est en discussion triangulaire avec Mistral et Cursor pour monter un pôle IA capable de concurrencer OpenAI et Anthropic. Cette séquence dit beaucoup de l'état réel du marché. Musk n'a pas de modèle qui tient la corde sur le coding, il le sait, ses ingénieurs le lui disent, et il a lâché à plusieurs reprises qu'il s'inquiétait de l'avance d'Anthropic sur les agents. Sa réponse n'est pas de rattraper tout seul, c'est d'acheter la meilleure interface de développement du marché et de faire entrer Mistral par la porte de derrière. On rappelle que Devendra Chaplot, cofondateur de Mistral, a rejoint xAI le mois dernier pour diriger le pretraining. Ce n'est pas un hasard de calendrier. Ironie de l'histoire... Pendant que Macron tape sur l'épaule de Mistral en répétant que c'est le champion souverain de l'IA européenne, et que la justice française convoque Musk dans le cadre de son enquête sur X, son poulain pourrait être en train de signer un accord stratégique avec xAI. Autrement dit, l'État attaque le type d'un côté, et la pépite qu'il finance à coups de communiqués discute business avec lui de l'autre. Soit l'Élysée ne lit pas ses propres dossiers, soit on assume que le récit officiel et la réalité vivent dans deux dimensions parallèles.
Français
@bagsheera good to hear that, yet PA is not that slow past few days :D, that allow me to improve and master my roundtripping skills
English
@FreeMrktCptlst Damn tetris hurt my neck so badly ! Stuck forq hours to get that f* rocket !!!
English
@100YrCycle 💯 Iran closing and aave massive loss without our coins nuking is pretty appealing. 🕯️🕯️🕯️
English
@Doc_bzh All good. I should do better to keep in mind that many people on here aren't English first speakers.
It's not too bad time wise. I usually sear each side for a minute or two and then cover so the flame goes out and the residual heat does the rest of the cooking.
English
@gammichan Well sorry for "burned" that's a lack of english vocabulary. Looks nice but must be difficult to handle time to get that. Or maybe dual cooking with time on flame and time with milder heat. Anyway goal is to enjoy:-)
English
@gammichan So that's on purpose to give some kind of smoked taste ?? I don't like the "burned" you get when flames are strong i try to get the crusty maillard layer bit without burning...
English
@INArteCarloDoss Je ne peux pas croire que ce ne soit pas une blague faites par IA....
Français
@Doc_bzh yes you can add stuff on top. it's mainly useful as a bottom indicator. when you have a few tight days after a large correction it means that the selling is done. so you can buy some spot or wait for momentum in the opposite direction. yellow dots
English
MEGA: beautiful pump. you have to listen to those yellow dots. they know something
English
@atalantis7 Hmm nice ty for the answer. Will try adding something orderflow related or "market order bubble", to distinguinsh more clearly than just "dead tight range". Cheers ++
English
@Doc_bzh they just mark tight ranges to help you identify potential accumulation zones (ADR in the 10th percentile 100 day lookback). this is not enough for a trade. you want to see a momentum burst in the next 1-2 days to confirm, but it's a good way to create an anticipation watchlist.
English
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Paul Moore - Security Consultant @Paul_Reviews
.@vonderleyen "The European #AgeVerification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..." I did. It didn't take long to find what looks like a serious #privacy issue. The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well. But, the source image used to collect that data is written to disk without encryption and not deleted correctly. For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them. For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them. This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary. From a #GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach. youtube.com/watch?v=4VRRri…
English