cytracker.x

ᛤ Dog #runestone #BITCOIN📷 #Ordinals

Downloaded an app this morning It asked me to accept the terms and conditions 197 pages I read them Because that's what I do By page 12 I'd granted them an irrevocable, perpetual, royalty-free license to my data That's the same language I see in contracts worth more than my house For a free app By page 41 I'd agreed to resolve all disputes through binding arbitration in the state of Delaware I've never been to Delaware No jury trial No class action No discovery process They gave themselves more legal protection than most Fortune 500 vendor agreements I've reviewed By page 87 they'd reserved the right to modify the agreement at any time without notice So I agreed to terms that can change after I agreed to them I've reviewed contracts with better reps and warranties than this By page 134 they could terminate my account at their sole discretion with no obligation to refund anything Unilateral termination with no cure period My board doesn't even have that No one reads this They designed it that way 197 pages for an app that tracks my water intake I've signed deals with shorter contracts My wife asked why I've been staring at my phone for two hours I said "a contract disguised as a checkbox" She looked at the ceiling Make common sense common again Sent from my iPhone

There is a project on GitHub called Axios. Axios is extremely popular. It is used by millions upon millions of applications. Axios is a programming library that helps your JavaScript code make HTTP/S requests (communicate with websites). In simple terms, if you're a programmer doing something with JavaScript, and want to do stuff that communicates with a website in literally any capacity, people heavily recommend using Axios due to its simplicity. Using Axios you don't have to reinvent the wheel and do a bunch of work. All you need to do is import Axios into your code and you're off to the races. Someone (currently unknown) compromised Axios (currently unknown how) to deliver malware to people. When someone updates or installs Axios, Axios itself contains malware. What the malware does is (currently) unknown, but it is being reversed engineered by probably every malware analyst on the planet at this moment. In a few hours more details will emerge. Information is being exchanged in real time on social media and private communication platforms as I write this. Due to the size and popularity of Axios, it is unknown how many are impacted, it could be millions, it could be thousands, or if we're lucky, only hundreds of people or organizations will be impacted. If this is absolute worst case scenario, millions of organizations across the planet have been infected with malware which (currently) we do not understand. However, the likelihood of this is low. It appears Axios being compromised was detected quickly, potentially within minutes (or hours) of it being compromised to deliver malware. Additionally, the likelihood of every single Axios user updating Axios as soon as it was compromised to deliver malware is astronomically low. It is basically zero. The impact from Axios being compromised is devastating, the fallout from this will be a massive headache. This is unironically a malware nuclear missile and will likely be studied in the future.

GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.

If your company still forces password rotations, your security team is incompetent. NIST, Microsoft, and the FTC all said to stop. Years ago. georgeguimaraes.com/youre-dumb-sec…

If you use a personal phone/laptop for your work, pay very close attention to this little detail. Iran attackers wipe 200k devices at a company called Stryker. Within those devices appears to be employees PERSONAL devices. The attackers used the company’s MDM software, which is basically IT management software running on everything. It’s an incredibly attractive backdoor to an attacker. I successfully targeted MDM software for several Red Team engagements. It’s… lots of fun :) Anyway, a lot of companies require you to install their MDM software on your personal devices before you can access resources like Corp email. It’s used to keep devices updated, lock things down if they get stolen, etc. The company often promises that they won’t access personal data, erase any personal data, etc. But this is often ONLY POLICY. If a bad actor gains access to the MDM tool, as was the case here, then anything can happen. People should be aware of these risks. I refused to run MDM software on any of my personal devices. The company needs to provide me with hardware if they want that. I personally isolate all corp devices to their own network too. If an adversary can get into the corp laptop, then can then get inside my network… there have been cases of it happening in the past.

⏳ Only 24 Hours Left! The clock is ticking! We're giving away all of these hacking devices for absolutely FREE to celebrate hitting 600,000 subscribers on YouTube. If you haven't jumped in yet, this is your final warning before the window slams shut. 🎉 Thank you so much for your love and support 🙏 ✅ How to Enter Follow us on X Comment on this or the original post what you want us to teach next. Repost this or the original to complete your entry! 🗓️ Ends: Tomorrow 🎁 Each winner will receive a powerhouse kit including: 🔥 ZS Cactus PRO: Combine keystroke injection capabilities, hardware keylogging and Wi-Fi phishing with wireless control. 🔥 ZS Venom PRO: Keystroke injection capabilities and Wi-Fi phishing with wireless control all inside a normal charging cable! 🔥 Atheros AR9271 WiFi Adapter: The gold standard for wireless hacking. It supports monitor mode and packet injection out of the box with rock-solid Linux compatibility. 🔥 Realtek RTL8812AU WiFi Adapter: Need 5Ghz? This dual-band adapter gives you high-gain performance and modern 802.11ac support for auditing high-speed networks. 🔥 Data Blocker: Stay secure on the go. This "USB condom" prevents accidental data exchange and juice jacking when charging your devices in public spaces.

THE FIRST CLOUD INFRASTRUCTURE CASUALTY OF WAR An Amazon Web Services data center in the UAE just got hit. AWS confirmed that at approximately 4:30 AM PST on March 1, “objects struck” the facility in availability zone mec1-az2, creating sparks and igniting a fire. The UAE fire department cut power to the building. The zone went dark. AWS says other zones remain operational and restoration will take several hours. Read that sentence again. “Objects struck.” The most valuable corporate infrastructure on earth is now absorbing kinetic damage from a state-level military conflict, and the world’s largest cloud provider is describing missile or drone debris as “objects” because no corporate communications playbook exists for this scenario. This is the first time in history that a major hyperscaler data center has been physically struck during a war. Every cloud architecture slide deck in every boardroom on earth assumes physical security means perimeter fences and biometric locks. Not ballistic missile defense. Not drone intercept capability. Not wartime fire suppression while the building next door absorbs ordnance. The Jerusalem Post reported the facility was used by Israel’s military. If confirmed, Iranian targeting of dual-use cloud infrastructure transforms every data center in a conflict-adjacent geography from civilian asset to military target. The distinction between cloud infrastructure and defense infrastructure just collapsed. And the geography matters enormously. AWS chose the UAE for its Middle East region precisely because Dubai and Abu Dhabi offered stability, connectivity, and proximity to enterprise clients across the Gulf. That thesis died on a Saturday morning when Iranian drones struck the Burj Al Arab, hit Jebel Ali port, and set fire to a data center running workloads for governments, banks, and military operations simultaneously. The concentration risk is staggering. AWS, Microsoft Azure, and Google Cloud all operate Middle East regions clustered in the same geographic corridor that just became an active theater of war. Oracle has infrastructure in Dubai. Every enterprise running production workloads in these regions is now calculating disaster recovery scenarios that were categorized as “theoretical” 72 hours ago. The insurance implications alone will restructure cloud pricing for a decade. Lloyd’s of London was already reassessing war-risk exclusions after Ukraine. Now a drone has physically damaged a data center belonging to a $2 trillion company in a country that markets itself as the safest business hub in the region. AWS built multi-availability-zone redundancy for earthquakes, power failures, and network partitions. Not for Iranian retaliation against a joint US-Israeli military campaign. The architecture held because one zone went down while others stayed up. But the premise broke: that geography selection for cloud regions is a business decision, not a wartime calculation. Cybersecurity expert Lukasz Olejnik flagged the euphemistic language immediately. AWS did not say “bombed.” AWS said “objects struck.” That linguistic gap is the entire story. The world’s cloud infrastructure just entered the theater of war and the industry has no vocabulary for it yet. The vocabulary will be priced in by Monday. open.substack.com/pub/shanakaans…

🚨Official Solo Satoshi Bitaxe Turbo Touch giveaway! We're giving away the first Bitaxe Turbo Touch off our USA assembly line; shipped anywhere in the world for FREE! Want to enter the giveaway? Like✅ Repost ✅Follow✅ Winner announced in 3 days! 🚀

We're happy to announce a long-term partnership with Motorola. We're collaborating on future devices meeting our privacy and security standards with official GrapheneOS support. motorolanews.com/motorola-three…

Unrealized gains tax for Gen-Z: You buy a Pokémon card for $50. Someone offers you $500 for it. You say no. You love that card. You're keeping it. The government says: "Cool, but that card is worth $500 now. You owe us $100 in taxes." You: "…I didn't sell it." Government: "Don't care. Pay up." You don't have $100 lying around. So you're forced to sell the card you love just to pay a tax on money you never received. Next month? That card drops back to $50. Your card is gone. Your money is gone. And the government shrugs. That's a wealth tax on unrealized gains. They don't pay you back the tax... Now picture this. Your mom calls you crying. She has to sell the house she raised you in. Not because she can't afford it. She's lived there 30 years. It's paid off. But some website says it's worth more now and the government says she owes $15,000 she doesn't have. So she sells your childhood home. The kitchen where she made you breakfast. The doorframe where she marked your height every birthday. Gone. To pay a tax on money that was never real. Now picture the opposite. Your dad put everything into his small business. For 20 years he built it from nothing. One year the business is "valued" at $2 million on paper. He owes a massive tax bill. He empties his savings. Sells his truck. Borrows money. Pays it. Next year the market crashes. His business is worth $200,000. He lost everything to pay a tax on a number that doesn't exist anymore. Does the government give him his money back? No. Does the government give him his truck back? No. Does the government care? No. They sold this idea as "taxing billionaires." But billionaires have armies of lawyers, offshore accounts, and trusts. They'll be fine. You know who won't be fine? Your mom. Your dad. Your neighbor with a small business. The farmer down the road who's had the same land for four generations and now has to sell it because dirt got expensive. You're not taxing wealth. You're taxing people for owning things. It's like getting a parking ticket for a car you might drive somewhere someday. They want you to own nothing and be happy. To fund the fraud, waste and abuse of the welfare state they created. There is enough money. More tax isn't needed. It's all a lie. But you've been gaslit into believing this is a rich vs poor debate. I hope you understand what's at stake.

Microsoft is auto-enabling passkeys in March 2026. No opt-in required. If you don’t configure it first… your tenant gets the defaults. I sat down with Microsofty Security MVPs @DanielatOCN and @WelkasWorld. We break down: 1️⃣ Passkey Profiles Are Becoming the Default → Starting March 2026: → Passkey profiles will be auto-enabled → Tenants that haven’t configured profiles will be migrated → Registration campaigns will shift from Authenticator-first to passkey-first 2️⃣ Source of Authority Conversion Is Finally GA For years, admins used messy delete-and-restore hacks to convert synced users to cloud-only. → Now it’s officially supported. → You can convert individual users from on-premises authority to cloud-managed — without breaking hybrid entirely. Why this matters: → Easier M&A transitions → Full access to Entra ID Governance features → Cleaner lifecycle management → Reduced dependency on legacy infrastructure --------------------- Sponsored by: Action1 on.action1.com/entrachat Action1 is a cloud-native patch management platform for Windows, macOS, Linux, and third-party apps — all from one place, no VPN needed. Curious how easy it is to start? You can use it on your first 200 endpoints, for free, forever, with no functional limits. It’s not a disguised free trial. No credit card required, no hidden limits, no tricks. Visit on.action1.com/entrachat and get started today. --------------------- 3️⃣ App Registration Deactivation (A Quietly Powerful Feature) → Microsoft added the ability to deactivate app registrations. → Instead of deleting an app (and losing configuration), you can now: → Immediately stop token issuance → Preserve metadata and permissions → Investigate safely → For incident response scenarios — especially in multi-tenant or MSP environments — this is a big step forward. 4️⃣ Conditional Access Behavior Changes → There’s also a change impacting tenants with Conditional Access policies targeting “All resources” but excluding certain apps. → Previously, certain minimal-scope apps could bypass enforcement under specific conditions. → That loophole is closing. 5️⃣ Sync Security Hardening (Hard Match Protection) → Microsoft is adding additional validation to protect against malicious hard matching scenarios in hybrid environments. → This reduces the risk of identity takeover via manipulated on-prem objects. → It’s automatic — but important to understand if you manage hybrid identity or MSP transitions. Watch the full episode for the deep technical breakdown and real-world implications. entra.news/p/microsoft-is…

🥳Official Solo Satoshi Giveaway! 🥳 💠NerdQaxe++ Rev 6.1 Bitcoin Solo miner. 💠Shipped FREE anywhere! Want a chance to win? ✅Like! ✅Share!✅Follow us!✅ Winner announced in 3 days!

Today at work I got off a call with our new Amsterdam office about rolling out a security update. I wanted to schedule it for tonight during our maintenance window since it's a critical patch. Their lead engineer said Monday morning works better for them. I said Monday morning is when we have the most users online. If something breaks, maximum impact. He said exactly, that's why Monday is perfect. Everyone will notice immediately and report issues, so they know exactly what to fix. Then he casually mentioned they have a company policy against any deployments after 2 PM on Fridays. I've spent six years perfecting the art of strategic unavailability and looking busy while doing less. This dutch guy just told me his company has an official policy that makes my entire playbook legal and mandatory! So I asked what happens if there's a critical issue Friday afternoon. He said they have one person on-call for the entire European division. That person works from home, monitors alerts, and decides if something is urgent enough to action. I asked what qualifies as urgent. He said: "Building fire. Maybe." I asked about database outages, security breaches, service disruptions. He said those can wait until Monday. "We have SLAs but they account for weekends." Now I'm sitting here having left the office at 2:15 today feeling like I got away with something. Meanwhile this man left at 2:00 PM because that's when his workday legally ends on Fridays. It's in his contract! I've never respected the europeans more.

This is the best thing you’ll see today Carl Sagan explains how Eratosthenes of Cyrene, the chief librarian at the Library of Alexandria, deduced that the Earth was round and calculated its circumference 2,200 years ago.

I am the VP of Human Resources at a Fortune 500 company. Last year I banned salary discussions. I called it "Professional Etiquette Policy." The handbook now says compensation conversations create "workplace friction." Workplace friction means employees learning the truth. HR loved it. Legal loved it. The board sent a fruit basket. Here's how it works. We pay new hires 47% more than five-year veterans doing the same job. I call that "competitive market adjustment." Competitive market adjustment means we'll pay strangers more than we'll pay loyalty. Marcus has been here eleven years. He trained six people. Five of them now make more than him. The sixth one is his manager. Marcus got a "non-monetary recognition opportunity" last quarter. Non-monetary recognition opportunity means a $25 Amazon gift card and a LinkedIn post. His manager got a Tesla. When someone asks about raises, we schedule a "development conversation." Development conversation means we talk about their "growth areas" until they forget why they came. Growth areas means we've identified reasons to not pay you. Last month, Sarah from Product mentioned her salary at lunch. Out loud. At a table. With witnesses. I was alerted within seven minutes. We have a system. HR scheduled a "perspective alignment session." Perspective alignment means we explained that sharing salary information is "toxic behavior." Toxic behavior is any behavior that costs us money. We didn't fire Sarah. That would be illegal. We put her on a "performance improvement plan." Performance improvement plan means documented path to termination. She quit three weeks later. We called that "self-selecting out." Self-selecting out means we made you so miserable you left on your own. We saved her severance. I put it toward the new wellness program. Wellness program means a meditation app subscription instead of a raise. We also added yoga during lunch. This is our burnout prevention strategy. Burnout prevention means we acknowledge burnout exists and do nothing about it. Some employees started a Slack channel. It was called #fair-pay-discussion. I found out in forty-three minutes. We have a system. I didn't delete it. That would be obvious. I asked IT to add me as a silent observer. This is called "listening to employee feedback." Listening to employee feedback means surveillance with better branding. Then I identified the creator. It was David from Engineering. David had three promotions in four years. David had "leadership potential." Now David has a "development opportunity." Development opportunity means he's really failing. I explained this at the all-hands meeting. I said: "We don't discuss compensation because we respect each other." I said: "Money isn't everything. Culture is our currency." Culture is just HR's mood board. I said: "We're a family here." We're a family here means no boundaries plus low pay. Everyone clapped. They thought I was being sincere. I was being strategic. Last quarter, Jake from Finance figured out the spreadsheet. He realized his entire department was underpaid by 23%. He printed charts. He had data. He asked for a meeting with leadership. Leadership said yes. Leadership is very transparent. Transparent communication means we can't tell you anything, but we'll pretend to listen. Jake presented for forty-seven minutes. CFO nodded thoughtfully. CEO took notes. I said: "This is very valuable. Your voice matters." Your voice matters means your voice has been noted. We'll take it under advisement. Take it under advisement means forget about it by Thursday. Jake waited two weeks. Then a month. Then he sent a follow-up email. I replied: "We're exploring strategic options." Exploring strategic options means panicking. Also means stalling. Mostly means stalling. Jake quit six weeks later. Took a job paying 34% more. We posted his role at 41% above his old salary. Competitive market adjustment. Someone in the exit interview asked why we didn't just give Jake the raise. That person is no longer with the company. They self-selected out. The numbers are beautiful. We saved $2.3 million in raises last year. $847,000 the year before. This year we're projecting $3.1 million. The board calls it "operational efficiency." Operational efficiency means divide and conquer. I explained our philosophy to a new CHRO at a conference. She asked: "Isn't this just wage suppression through information asymmetry?" I said: "We prefer 'compensation culture optimization.'" She wrote it down. Employees think it's fair play. They think everyone else makes the same. They think asking about money is rude. We taught them that. In the handbook. In the onboarding. In the "culture-first initiative" videos. Culture-first initiative means forced return to office. But also means shaping beliefs. We are shaping beliefs. Last week, I overheard two analysts in the kitchen. One said: "I heard the new guy makes six figures." The other said: "That's probably just a rumor. They'd never do that." She's right. We would never do that. We would never admit to doing that. The new guy makes $142,000. She makes $87,000. They do the same job. I smiled. Sipped my coffee. Went back to my office. The system is working. HR isn't about helping people. HR is about helping the company look like it helps people. My bonus last year was $340,000. I got a plaque that said "People Champion." It's hanging on my wall. Right next to the Glassdoor reviews I had removed.

@PlebSource Water

As promised: 🚨🚨Modified NerdQaxe++ Giveaway!!🚨🚨 Reply to this post to enter to win this NerdQaxe++ complete with VM heatsinks AND a rear fan & shroud! To enter you must: 1. Follow @PlebSource ✅ 2. Reply to this post with your drink of choice 🗣️ 3. Hydrate, of course. 💦 Winner will be randomly chosen 01/26

Had a really unexpected interview experience today. After intro & responsibilities, they asked me to share screen and write a complete GitHub Actions CI/CD workflow end-to-end — without referring any documentation and with zero syntax errors. I explained the entire production flow clearly: - branch strategy - checkout - build - code scan - image scan - push to ECR - update manifest for Argo CD Still, that wasn’t “enough”. Honestly asking — who writes CI/CD pipelines, Kubernetes manifests, or Jenkinsfiles from scratch without docs ? Even in Terraform for AWS has 200+ services. Are we expected to mug up every syntax ? In real projects, good engineers design systems, understand flows, and refer docs not memorize YAML. Seniors & hiring managers — is this normal, or are we confusing memorization with real DevOps skills ?

Every crypto bro cheering this bill is either on Coinbase’s payroll or can’t read. I read all 278 pages. You’re getting played. I’ve been in crypto since 2012. That’s 14 years of watching governments pretend to be confused while quietly building the cage. Trump promised to make America “the crypto capital of the world.” His party just delivered a surveillance framework that would make the CCP blush. Today I’m launching the Day2026 Bill Tracker. It does one thing: exposes how both parties collaborate to build your digital prison while you cheer. First up: The Senate Digital Asset Market Structure Act. 278 pages of “regulatory clarity” from Senator Tim Scott. Translation: 278 pages of compliance theater that kills everything crypto was built for. Here’s what your favorite influencers won’t tell you because their bags depend on you not knowing: MANDATORY TRADE SURVEILLANCE - Every exchange must implement real-time monitoring. Every. Single. Transaction. The NSA called, they want their playbook back. UNIVERSAL REGISTRATION - Exchanges, brokers, dealers, even “associated persons” must register. Anonymous participation? Dead. Satoshi’s vision? Buried. FULL DISCLOSURE TO THE STATE - Token issuers must hand over source code, transaction history, and tokenomics to regulators. Open source for thee, total transparency for me. MANDATORY GOVERNMENT CUSTODIANS - Your coins must sit with approved custodians. Self-custody for regulated activity? Effectively illegal. Not your keys, not your coins just became federal policy. DEFI IN THE CROSSHAIRS - For the first time ever, DeFi developers face registration requirements. Building permissionless systems now requires permission. Let that sink in. YOUR DATA GOES GLOBAL - Transaction records flow to the SEC, CFTC, and foreign regulators. Your wallet activity shared with central banks worldwide. Bullish, right? WHO ACTUALLY WINS: Coinbase gets a regulatory moat that buries competitors. You think Brian Armstrong is lobbying for YOUR freedom? Chainalysis gets permanent government contracts. Surveillance as a service, funded by your tax dollars. BlackRock and Wall Street get clear on-ramps while DeFi gets strangled in the crib. The SEC and CFTC get expanded empires and fresh revenue streams. You get watched. Tracked. Controlled. But hey, number go up. THE PROCESS: Senators got 48 hours to review 278 pages. Democrats asked for more time. Denied. Because nothing says “deliberative democracy” like speed-running financial surveillance. They call it regulatory clarity. I call it regulatory capture gift-wrapped for the donor class. THE REAL GAME: This is what “bipartisan consensus” means in 2026: both parties racing to build total financial surveillance while fighting about pronouns on cable news. Republicans say they oppose CBDCs. Then they vote for infrastructure that makes CBDCs inevitable. Democrats say they want consumer protection. Then they vote for bills written by the corporations they claim to regulate. Different jerseys. Same owners. THE UNCOMFORTABLE TRUTH: Trump isn’t saving crypto. He’s domesticating it. The goal was never to ban Bitcoin. The goal was to make it legible, trackable, and taxable. Mission accomplished. Every laser-eyed profile pic celebrating this bill is either naive, compromised, or selling you something. WHAT I’M DOING ABOUT IT: Full analysis with threat scores, beneficiary tracking, and talking points: (day2026.com/legislation/se…) Every major bill gets this treatment. PATRIOT Act. TARP. CARES Act. REAL ID. GENIUS Act. Executive orders. All of it. Exposed. THE ANNOUNCEMENT: Neither party will protect your financial freedom. Neither party actually opposes CBDCs. Neither party will stop the technocratic merger of corporate and state power. That’s why I’m exploring a run for US Senate in New Hampshire. Not to join the club. To burn down the velvet rope. The algorithm buries truth. Make it work for us.

A few days ago Microsoft deactivated IntelliCode in VS Code. 60 million downloads. Free. Unlimited suggestions. Worked offline. They killed it. The replacement is Copilot. 2,000 free suggestions. Then you pay. I called it "platform evolution." Leadership loved that phrase. They nodded approvingly. No one asked what we lost. Including me. IntelliCode ran locally. No cloud. No subscription. No limit. Copilot phones home with every keystroke. I told the team it was "more intelligent." That's not a real comparison. But it sounds like one. A developer asked why we couldn't keep using IntelliCode. I said "it's deactivates." He asked why. I said "Microsoft decided." He asked if there was a technical reason. I scheduled him for a "career development conversation." He stopped asking questions. The announcement was buried in a GitHub issue. Mid-November. No blog post. No changelog entry. Just... gone. 60 million users. Found out when it stopped working. I told the team this was "streamlining the experience." Streamlining means removing the free thing. Experience means you pay now. A junior dev asked about the 2,000 suggestion limit. I said "most developers won't hit it." That's not true. Copilot suggests on every keystroke. 2,000 is a Tuesday. But it sounded reassuring. He looked skeptical. I added him to the "adoption champions" Slack channel. He stopped asking questions. Finance asked about the new costs. I showed them a graph. The graph measured "AI-assisted development velocity." I made that metric up. They approved the licenses. $19 per seat per month. Times 400 developers. $91,200 annually. For something that was free last week. I called it "investing in developer productivity." The CFO nodded. We're "AI-native" now. I don't know what that means. But it's in our investor deck. Microsoft published a blog about "empowering developers." The word "deactivated" wasn't in it. Neither was "removed." Neither was "you have to pay now." They called it "the next generation of intelligent coding." Next generation means the free one is dead. Intelligent means we train on your code. Coding means you subscribe. I'm presenting to the board next quarter. The slide says "Modernized Developer Tooling." Modernized means we removed their choice. Developer means they're locked in. Tooling means recurring revenue. For Microsoft. I'll be VP of Engineering by Q4. I still don't know why IntelliCode had to die. But I know what it's for. It's for converting free users into paying customers. Conversion means capture. Capture means dependency. Dependency means they're serious about revenue. Revenue is whatever Microsoft says it is. As long as the stock goes up and to the right.