A VeraCrypt SDK has been on my TODO list forever...I even had a PoC! After a recent SourceForge request, I decided to ship the first version despite being incomplete (no mount functionality yet). Looking forward to feedback!
π Weβre excited to announce the first release of the VeraCrypt SDK!
Now you can create VeraCrypt-encrypted volumes programmatically, no VeraCrypt binaries needed (just the driver installed).
Perfect for integration, automation and custom tools.
See the link below for more infoπ
It's a combination. CentOS/RHEL 7 doesn't rely on native SOURCE_DATE_EPOCH support: It's handled by a wrapper and preload helper for the RPM header, plus CPack and spec timestamp normalization for payload.
For the RPM payload, CPack runs an install-time script that clamps staged file mtimes and modes to SOURCE_DATE_EPOCH. The generated spec also appends a final timestamp clamp after the normal brp scripts, because older rpm can rewrite executable mtimes during stripping.
For RPM header fields, newer rpm versions use the spec defines we emit, including use_source_date_epoch_as_buildtime and _buildhost. On older rpm versions that don't support these macros, VeraCrypt RPM packaging wrappers build a small LD_PRELOAD helper, repro_buildstamp.so, and run cpack under it. cpack then invokes rpmbuild in that environment.
The helper makes time() return SOURCE_DATE_EPOCH and makes gethostname() and uname() report a fixed build host, while leaving monotonic clocks and architecture information untouched.
@kanjun Kimi K2.5 shows 0% difference! DeepSeek V4 Pro 5% seems to be within error margin (LLMs are stochastic). Their case seems to be built around Qwen3 Coder (not a frontier). Not convinced personally.
@harshilmathur This applies to front-end which is only 25% of overall development activities. Main development activities don't require vision and GLM 5.2 is good enough with traces and logs.
@ustas_eth@SergioOSINT My bad! I thought official https://t.co/XgtimorWT5 served BF16 precision. Definitely my confusion. So your results are really surprising. We need more such tests on larger dataset to confirm it.
So many people are sitting on local Windows privilege escalation exploits that it's not funny anymore...MS can't keep up. Reality is that once an attacker has local access, it's essentially game over.
Standard user to SYSTEM on the Microsoft Surface family (I believe all are affected - tested on Surface 11 Pro (Build 28120.2315)). It's the SurfaceBroker service that trusts a token name any user can fake.
Report to MSRC and be disappointed again, or just drop? π€
Btw: researched and built purely with Claude Code this afternoon.
@usr_bin_roygbiv Tested Kimi and GLM for open source work on VeraCrypt. Kimi is fast and good in general but GLM 5.2 is better for security analysis & reviews, and stronger overall. Downside is inference quality of Z ai which is inferior to Moonshot but for this US providers help.
@i0n1c Diophantine based cryptography is not new: e.g. Giophantus was broken during NIST PQC process. Their patents use heuristics and AI. No precise cryptographic wording and no proofs. Lot of marketing overreach. Difficult to trust.
@Horsemen888@jun_song It depends. Claude is stronger overall but for cybersecurity it often blocks unless ID verified and vetted so for such cases GLM is the best choice.
@burkov Is there a way to detect if this was solved in latest SOTA models like Mythos/Fable? It's possible that such new models use different transformers architecture and they keep it secret to conserve their lead.
@CharlieEriksen@Hacker0x01 I support 100%. The issue is that current industry behavior limits the number of people who can help make the change happen. Not everyone has free time/resources to contribute and incentives do have importance for many.