Sandipan Roy

Quantum computers will one day break the encryption protecting your messages. Apple is preparing for that now and they just made their work public. Apple has open-sourced the post-quantum cryptography code from corecrypto, the encryption library running on over 2.5 billion Apple devices. It protects iMessage, VPNs, and HTTPS connections. Here is why this matters. Most encryption used today relies on math problems that regular computers find nearly impossible to solve. Quantum computers can solve those same problems with ease. They do not exist yet at the scale needed, but the threat is considered real enough that governments and major tech companies are already preparing. The solution is post-quantum cryptography, a new generation of algorithms designed to resist quantum attacks. Apple has picked two of the NIST-standardised ones: ML-KEM and ML-DSA. By open-sourcing the code and the mathematical proofs behind it, Apple is letting independent experts verify that there are no hidden flaws. This is a big deal because a single bug in corecrypto could compromise the security of every app and feature running on 2.5 billion devices. And independent review already proved its value here. During formal verification, researchers found a flaw in an early implementation that standard testing would have missed entirely. This is how security should work. Build it in public, let others verify it, fix what gets found. Apple does not always get credit for open-source contributions. This one deserves it.

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: https://t.co/9nqku4svkY

🚀 DeepSeek-V4 Preview is officially live & open-sourced! Welcome to the era of cost-effective 1M context length. 🔹 DeepSeek-V4-Pro: 1.6T total / 49B active params. Performance rivaling the world's top closed-source models. 🔹 DeepSeek-V4-Flash: 284B total / 13B active params. Your fast, efficient, and economical choice. Try it now at https://t.co/GCdiMzk1Dl via Expert Mode / Instant Mode. API is updated & available today! 📄 Tech Report: https://t.co/drlDrxkYtp 🤗 Open Weights: https://t.co/T13Y8i7SDM 1/n

Arguably the most brilliant engineer in FFmpeg left because of this. He reverse engineered dozens of codecs by hand as a volunteer. Then security "researchers" and corporate employees came along repeatedly insisted "critical" security issues were fixed immediately waving their CVEs. This was hugely demotivating to the fun and enjoyment of reverse engineering.