FHE/ZK/MPC, C++/Rust/Python, DeFi Degen, Dad. Former Lives: Intel, SpecOps, Ironman, Chippendales. 10% dumber than GPT-4 on random MMLU, so #DYOR and #DWTFYWTD
@VictorTaelin@TheAhmadOsman Dude I'm running a MiniMax2.7 2-bit turboquant at 20TPS on a M1 MacBook I got for $1000 last year.
Can't do anything else on it though - would be great to get it working from recovery mode or something stripped-down. Also PP is awful. Hoping to get rotorquant working for that.
@MartinShkreli As an observer, it's important to understand that "unfair" or "malignant" advantages are the easiest to acquire and most likely at the top. But as an individual, maximization of your unique "fair" and "beneficial" advantages is the best way to gain support and reduce ethic risk.
@MartinShkreli It seems that the legal code is a bureaucratized approximation of a set of unwritten and inconsistent ethical standards around what constitutes a "fair/unfair" and "beneficial/malignant" advantage, which may be orthogonal concepts. But every winner must gain an advantage somehow.
@laurashin Here is their "full technical disclosure": https://t.co/llfipgABvQ
A link from January about how VSCode "could" enable malware.
Their story is an obvious fabulation. Why? Innocent/honest people have a lot of details and no plot. Liars have all plot and no details.
i genuinely think everyone in this space should immediately switch to using Vim. DPRK started abusing VS Code hooks that run _automatically_ in the background when you open a folder. ZERO fucking user interaction required _after_ trusting the repo (the trusting part is important here). Yes, read it again. ZERO. INTERACTION. REQUIRED.
so what happens is the following: they (in the usual case the Contagious Interview group, meaning some fake recruiting guy) share GitHub, Bitbucket, and GitLab repos containing a `.vscode/` subdirectory with malicious hooks. the one example I share here executes a fake font that's actually heavily-obfuscated JS and will absolutely rek you.
all your fancy software that feels "convenient" makes tradeoffs. those tradeoffs are now being abused to silently rek your devices.
use Vim. and use Qubes. Thx.
@laurashin Fun story, but shouldn't journalists be getting information from law enforcement?
If your system got hacked, wouldn't that be the first place you'd go?
Or would you instead pay for a bunch of crypto influencers (SEALS 911) to tweet about it?
@RT714104@newmichwill@hosseeb@banteg Well, as far as the government is concerned, they believe it is, which means that everybody at Drift should be having milk and cookies with some federal agencies instead of tweeting about how they are investigating themselves.
@PatrickAlphaC Roughly 0% chance this was not some kind of intentional collusion with the team. Usually this starts as a "collaboration" with a little "extra bonus" like a minor sh-tcoin pump. And then it ends up being a total hack and the team gets screwed. Greed makes you do stupid things.
@zacodil But just in case any other protocol teams are wondering, the way they get your guy is they promise them a cut of a small trade, like this stupid coin, and get his cooperation on little "oopsies". He thinks he's in control, but the real hack is much bigger, and he gets nothing.
@zacodil Nice story. Do you think they got AI to write it for them?
Let's stick to the facts. No hearsay.
How did they know the source of the exploit if it all happened far in advance with pre-signed transactions from their cold wallet, and yet they did nothing about it?
No.
@bull_genius This is called "not overthinking it".
AKA "Occam's Razor"
Rule #1: Don't ever believe anything that anybody says. Your job as an investigator is to find contradictions.
@Only1temmy Stop it. "North Korean hackers, OMG!"
You don't understand how they work. They collude with devs on the exploit, gain their trust, and then they execute the plan ahead of schedule to screw them out of their share.