Polycarp Nakamoto priv/acc

I strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out. I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really). It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely. The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture. We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying. I worry.

Your air-gapped servers are covered by a faraday cage, you think you're safe from key exfiltration? You fool. Low-frequency magnetic fields pass right through Faraday cages. Researchers were able to extract data off an air-gapped shielded computer by spawning fake work loads spiking CPU power and generating magnetic signals.

‼️🚨 The official JDownloader website was breached, attackers swapped the Windows and Linux installers with malware for over a day before anyone noticed. JDownloader is a popular download manager with millions of users on Windows, macOS, and Linux. Timeline: ▪️ May 5, 23:55 UTC: attacker tests the method on a dummy page. ▪️ May 6, 00:01 UTC: real attack goes live. Alternative download links for Windows and Linux are replaced with malicious installers. ▪️ May 7: a Reddit user notices Windows SmartScreen flagging the installer with a strange publisher ("Zipline LLC", "The Water Team", "Peace Team") instead of "AppWork GmbH". ▪️ Hours later, the JDownloader dev team confirms the breach and takes the site offline. How they got in: an unpatched vulnerability let attackers modify the website's access control list (ACL), give themselves edit rights, and swap the download links. No further details on the bug have been shared. What's compromised: ▪️ Windows installer (alternative download links). ▪️ Linux shell installer (alternative download links). What's safe: ▪️ macOS installers (still validly signed). ▪️ The core JDownloader.jar file. ▪️ Flatpak, Winget, and Snap packages (separate infra, sha256 checksums unchanged). ▪️ In-app auto-updates (separate servers, end-to-end signed). If you downloaded JDownloader from the website between May 6 and May 7, treat your machine as compromised. This is the third trusted-software website breach in recent weeks, after Daemon Tools and CPU-Z / HWMonitor.

American bought a brand new printer. She bought the ink for the printer, she bought the paper for the printer, now she’s at home and is ready to print She can’t print “They remotely shut off my printer until I paid $7.50 cents to print in my own home, to print on my printer, that I own in my home” This is the new $7.50 subscription plan by HP Printers Here’s how the plans work HP’s Instant Ink and newer All-in Plan programs are subscription services options: - You pay a monthly fee based on pages printed (not ink used). - Plans start low, from $1.79–$7.99 per month for 10–100 pages - $7–$8 per month plans are for around 100 pages If your payment fails. HP will remotely shutoff your printer

Warning: AI is NOT your Lawyer Your chats with AI are (probably) subject to discovery in civil & criminal cases. According to a federal judge in New York, you don’t have attorney-client privilege or work product protection for your chats with AI tools. Lesson: Don’t type or say anything to AI that you wouldn’t be comfortable seeing used against you in court. Details.👇

PLAY STUPID : The next wave of crypto security will look “stupid” Everyone is chasing perfect security setup. Faraday cages, hardware wallets, cold storage... - that’s not where the real threat is. At Unstoppable, we’ve always focused on practical security. - Open source - Clean engineering - Adherence to standards However today’s biggest risks don’t break your code. Instead, they’re engineered to break or trick you. - Wrench attacks - Social engineering - Address phishing None of that cares how clean your codebase is. That’s why the next frontier isn’t more math. It’s obscurity! Blending in. Not looking like a target. Not even looking like a crypto user. That’s where things are going. And it’s already shaping how we build: → duress mode → random app icons → phishing protection These aren’t “nice to have” features. They’re responses to how attacks actually happen. The shift is already in progress.