Taylor Hornby 🛡❤️

bruh

Anonymity allows you to donate to a cause before it becomes popular. Before it's safe. When it actually matters.

the real lesson isn't which init system to use - it's that any component deeply embedded in every linux distro becomes a policy enforcement point. today it's age verification in userdb. tomorrow it's whatever the next mandate requires. the architecture of your system determines what the state can demand from it.

A lot of people think the solution to “private AIs” is to just TEEs. This is already the approach being deployed by Meta, Apple and Google. I think that’s important, but not really a solution. The problem is that for agentic AI, agents need to interact with the real world.

The way I remember it is that Red on the Right wing would be two R’s & easy to remember, so it’s definitely not that.

🚨 Hackers are using large language models to scan EVM contracts at scale, finding vulnerabilities in code deployed years ago. The attack vector: tokens you approved to DeFi contracts 6+ years ago. When you approved that contract back then, you gave it permanent access to move your tokens. That approval still exists. If the contract has a vulnerability, attackers drain your tokens without triggering any warning or requiring a new signature. Hardware wallets protect your private keys, but not against contracts you already authorized. The fix takes 2 minutes: - Visit Revoke.cash or @Rabby_io - Check active approvals - Revoke unused ones This is happening right now. Multiple exploits in the past month alone. Stay sharp 🫡

Prompt injection is fundamentally a LangSec problem. Determining what portions of a single input stream are data and what portions are instructions in completely freeform text is a parsing problem, and the inputs here aren’t context free or some other easily parsed language, so the AI inevitably is going to make errors. A permanent fix requires a mechanism to provide strong separation. Humans don’t have problems with this because we can distinguish different input streams. I might be able to impersonate your boss’s voice, but I can’t convince you that what you’re reading in a book is something that you’re hearing on a telephone from your boss. We can tell from our environment where input is coming from, and so we can separate the streams. An LLM has only a single linear token input stream, and so the same security problems you get with in-band transmission of commands with data, which we’ve faced over and over in computer science, apply here, with the same bad results. LangSec is one of the least appreciated developments in computer security, and the issue here is classic LangSec and requires the usual LangSec tools to fix. (And if you don’t know what LangSec is, ask your robot friend for an explanation.) By the way, I will note that this is a problem that absolutely could not have been anticipated before people sat down and grappled with AI systems in the real world; it is retrospectively obvious, but so many things are retrospectively obvious. We didn’t even know that we would have LLM systems doing any of the things that they do now when people say down to first try to building them. We do not perfect technologies by staring at our navels, we perfect them by building, discovering issues, and repeating.

most underrated music video of 2026 i really can’t get over how sick it is

crypto will have truly matured when we can stop using telegram

I’m going to keep harping on this. Meta’s push to remove encryption and lobby for age verification laws feel like two sides of a very ominous coin.

The fact that most captchas are based on robots not being able to identify bikes or traffic lights doesn't fill me with confidence for self-driving cars.

Intimacy requires privacy. Always has.

As open source developers, by writing software, we are writing down facts about the universe in ways that others can benefit from. AI lets us share more such facts, faster, allows us to track down errors in our assumptions faster, allows us to spread this wealth more broadly.

Even stuff like "write a proof that the code is correct, rigorously enough that the way the proof fails reveals bugs" can be useful. Get it to reason about the code from different points of view, not just pattern-match common bugs in a once-over of the code.

Tip for using AI to find vulnerabilities: *don't* prompt it with a list of example vulnerabilities, it already knows them. Instead, prompt it to look at the code in various different ways, e.g. file-by-file, global reviews with specific focus areas, tracing call stacks, etc.

What I wish for: the ability for people to optionally include a badge with their direct messages or social media posts which badge comes with a zero-knowledge proof that they own at least a certain level of ZEC. ≥ 1 ZEC ⤵️

@EliBenSasson I'm constantly in awe that the theory, which is no more than symbols and simple rules of logic, basically string replacements, nevertheless seems to know about that world of objects.

There's one thing that all mathematicians I know have in common. That thing is love and appreciation for the inherent Beauty and Elegance of math. It's very hard to explain what this beauty and elegance exactly mean to those who aren't mathematicians, but I'll attempt. Think about art that really resonates in your soul. Or maybe a scene on nature that does that for you -- a sunset or the ocean on a stormy day. There's a deep sense of elegance and beauty that comes from structure and balance: of colors and patterns in a painting, of chords, melody and counterpoint in a piece of music. The love of math is a bit like that, it's about feeling deeply that there's truth and beauty combined together in a very abstract world that's devoid of physics, chemistry or biology. It's pure beauty and elegance in structure.

Into Stars

In the long run, Signal's makers (and makers of every other technology) and Signal's users (and every other user base) need to start thinking of "contact capability", i.e. the ability to show someone a message or a notification—as a dangerous capability that must be limited.