sudo_ml

Her Amazon orders were 18% more expensive than her sisters for the exact same products. They lived in the same city. Had Prime accounts on the same plan. Were buying the same brands. Often within hours of each other. Yet every single time they compared receipts, her totals were higher. A laundry detergent her sister bought for $14.99 cost her $17.49. A pair of headphones her sister got for $79 cost her $94. A printer ink cartridge her sister paid $32 for showed up in her cart at $39. She thought maybe she was looking on the wrong day. Then a friend who used to work in Amazon's pricing team explained the truth over dinner. "Amazon doesn't have one price. They have millions of prices, one for every customer. The price you see is calibrated specifically for you, based on what Amazon has learned about your behavior. Your sister is paying less because Amazon has decided she'll only buy at lower prices. You've shown them you'll pay more." She asked how that was even legal. He smiled. "It's not just legal. It's the entire business model. Most shoppers have no idea this is happening and Amazon would prefer to keep it that way." Here's everything he explained over the next 30 minutes. 🧵

The Singapore government is trying to block access to social media posts (some featuring videos, many in Chinese) warning citizens that their nation is being overrun by ethnic Indians. The content originated on China-based platforms such as Douyin, Rednote and TikTok. Singapore handles foreign information operations with unusual clarity and decisiveness. It identifies them early, then compels platforms to block the content so it never reaches Singaporean eyes. I remain skeptical that this game of censorship whack-a-mole can ever be fully won, but there is real value in ministers publicly naming the source and explaining exactly why these narratives are subversive. The narratives being peddled claim that Singapore’s multiracial model is just a “facade” to placate Western sensibilities, and that the country has really always been anchored by its Chinese-majority demographics. They assert that “Singapore’s culture is fundamentally Chinese,” and that the government’s decision to distance itself from Beijing while ignoring the “threat” of a growing Indian community will end in disaster. The videos portray the Chinese majority as under siege by an increasingly powerful Indian minority, including politicians. They single out President Tharman Shanmugaratnam, of Indian heritage, and warn that “curry concentration” (yes, really) is eroding Chinese cultural dominance. This coordinated push arrived immediately after Senior Minister Lee Hsien Loong’s recent viral remarks in China where he reminded Beijing that Singapore-China ties are based on “mutual benefit and shared interests, not ethnicity.” He drew a clear red line saying that Singapore is sovereign and not an overseas extension of the PRC. Chinese netizens and state-aligned voices reacted with indignation, framing it as ingratitude from “ethnic kin” who should show deference to the motherland. The subtext was clear: how dare Singapore prioritize its Indian, Malay, and other communities over blood-and-soil solidarity with the CCP? Connect the dots to Beijing’s broader information warfare against Israel, the United States, and others, and the pattern becomes clearer. Especially since Oct 7th, Beijing has weaponized antisemitism as a wedge issue. On its tightly censored platforms, state media and influencers have let Hitler memes, "Jews control America" conspiracies, and Nazi comparisons proliferate unchecked. This all has spilled out into global social media. What is the goal? Fracture the West, erode US-Israel ties, poison diaspora debates, sow domestic discord, and paint America's alliances as puppets of a shadowy cabal. It's created and amplified because it distracts, divides, and weakens the very coalition (MAGA) containing Chinese expansion. Now, apply this same lens to the sudden surge of anti-Indian content in Singapore and even in the US, particularly targeting tech circles. While organic frustrations (H-1B abuse, cultural friction) exist, the volume, timing, and precision point to deliberate seeding. Amplify resentment against Indian professionals and you damage the American-India tech alliance, the most credible long-term hedge against China dependence. It disrupts supply-chain diversification and poison talent pipelines in Silicon Valley. In Singapore, the same operation pits the Chinese majority against the Indian community, weakening society from within. This should be recognized for what it is: classic United Front work in the digital world. It's low-cost, high-impact subversion with plausible deniability. China doesn’t need naval fleets in the Strait of Malacca when it can export ethnic poison to fracture societies from within. A divided Singapore becomes a less reliable financial and technological anchor for US interests in Southeast Asia. A majority-Chinese Singapore riled up by Indian invasion narratives becomes more inclined to embrace the ethnic ties to the motherland and advocate for deepening Singapore's ties to the CCP. Likewise, a fractured US-India partnership keeps supply chains tethered to the PRC. Stoked antisemitism keeps the West chasing ghosts instead of confronting the primary challenge of our era. Western democracies cannot and should not copy Singapore’s blunt censorship model. But we must learn from its vigilance. We are all being targeted by sophisticated, state-driven influence campaigns designed to exploit our existing fault lines. Recognizing the playbook is the first step toward resisting it. The price of complacency is a more divided, weaker, and more easily manipulated world.

380K ZEC was deshielded. Here's where it actually went. Only half of the 380K ZEC that was deshielded actually moved. 45% is still sitting at transparent addresses, untouched. Only 21% of the deshielded ZEC actually left Zcash (bridged). That's 82K ZEC, 1.6% of the shielded pool, 0.5% of total supply. 47K went to exchanges. That's the total sell pressure from Orchard holders. 0.28% of supply. On a $6.7B cap. Meanwhile, ~118K ZEC was shielded during the same period. Even at peak FUD, people were buying and shielding. What this says? - Holders parked. They didn't panic. - The selling was traders who were already on exchanges. - Security is hardened and will be even more so. - Price went from $300 to $402. If you bought the dip, you know. Future is bright.

If you find a vuln like this (and you're an evil scumbag) then you'll be interested in counterfeiting and dumping the money as fast as possible. You can't know how many other people discovered the same flaw, and as soon as it is discovered or someone else starts dumping counterfeit ZEC on the market, you begin running out of time quickly. Thus, you'd expect that if anyone could find a vuln they'd exploit it right away, and we'd see it because the shielded pool would quickly drain and the market would dump. But despite the massive amounts of liquidity available, neither of those happened. Instead, as soon as a very plausible first-responder found it (Taylor does cutting edge security research for us, and has worked with us for over 10 years) they shut the pool down and fixed it. (As an aside, while it's of no comfort to the average person, I can assure you all of the people who found this vulnerability and patched it are the most honest people I've ever met in my life.) I'm keeping my money where my mouth is though and promise to keep the vast majority of my net worth in the Orchard pool until I announce publicly otherwise! :)

i'm obsessed with AI DIY projects. my favorite one right now is this broccoli farmer in hokkaido, japan using Codex to run his 100-hectare farm this guy never studied agriculture, never inherited land, started out as a civil servant. but he wanted his farm to run better, and instead of paying an engineering firm he couldn't afford, he just built the tools himself. here's what he's built on his own: > remote control of his greenhouse vents from a chat app, wired up with an esp32 board, a motor driver, and cloudflare workers > a bot that checks each greenhouse's temperature and opens the vents when it gets too hot > satellite crop-health data laid over a map of his own fields > an airtable base linking his plots, tasks, materials, and sensors > wiring diagrams of his electrical panels, generated from a photo stuff like this used to be locked behind machinery and engineers only the big agribusinesses could pay for. but this legend just breezed past all of it with a laptop and Codex lol

To get ahead of scams, if you're interested in donating to me for finding the Zcash bug, my addresses are in this post or in my replies below (be careful to check the exact username for lookalike scammers). Nothing else has been approved by me. Note: I intend to apply for a bounty through a Zcash coinholder grant, so donations are much appreciated but not necessary! Zcash: u1k6y9wpyc5m5ec3wz49ny9chewklyexn8rdj7928n3zswh0gwl0gh3zwwg37p76j7vrrv8s0dj8rhjfc49pg9yv9mjdea2sn86tnjh99a9424cdvw3aadyz8v40ddancr7e4kjzw07qhrcdez3d9sycx89f87vjw7eaxys2aktsm57tkp t1eykDAemzff7oPAA2E43Z47iawATB4bZRy Solana: D6c34hRcmhkHMXaAhoPXgVw9JYrh84saeSfYnk7ZSjeW ETH: 0x1b8203102aE3469a67E78FF9a78d8A5cC7E7e769 BTC: bc1qtxqv8fzj2pnewj2y5l8nh4ur4rkrvm2kv6mlp9

Well, well, well. The public JSON formatter sites your developers paste production data into have been quietly publishing every paste for about seven years. Naturally, we read all seven years of it. 200,000+ documents. Cloud keys, SSH keys, payment API keys, whole tax returns with SSNs, people's full identities, bank balances. Nobody hacked anything. People pasted it in to make it look tidy, as you do. Full writeup below. Yes, it's as bad as it sounds.

“I don't even own any ZEC. I do think ZEC is a cool project, and I think it's even cooler after seeing this patch occur. Bugs are everywhere, probably in bitcoin too. Hardening networks and eliminating bugs is essential work. One thing that I saw repetitively was a statement that if it's decentralized, you should not be able to fix this problem, and I feel that's ridiculous. Even if there were 100 mining pools, disabling Orchard transactions would be the right thing to do, and coordinating between the 100 mining pools would totally be possible. Mining ZEC and operating a mining pool is permissionless. Anyone can do it and compete with the existing miners and polls.”

Someone hid a self-replicating worm inside 37 npm packages. Written in Rust. Hidden behind an eBPF kernel rootkit. Talking to its operator over Tor. It steals 86 environment variables. AWS keys. GCP keys. Vault secrets. Kubernetes tokens. Your Anthropic API key. Your OpenAI key. Your Exodus wallet seed phrase. Then it uses your own npm credentials to republish itself into your packages. So your code infects the next developer. Who infects the next one. The commits were backdated up to 13 years. The commit author name was “claude.” The malware named itself after the AI to hide in plain sight. The attacker also left their own wallet recovery phrase in the debug data. Nobody is having a good day. Check your preinstall hooks.

Just for the record - ZODL, a for-profit entity funded by VC firms, secretly coordinated an entire soft and hard fork of a network, and now are using it for marketing purposes tell you NOT to use open source wallets who aren’t VC funded. The full story: 1. As one of the largest ecosystem participants in Zcash (both as a wallet and a merchant via Cake Pay), we had to find out about the bug from an X post and were never contacted to start patching our nodes or wallets ahead of time. 2. Every question we sent on X and DMs to ZODL folks was ignored until after they had the opportunity to patch in secret before releasing code. 3. The fix was (understandably) obfuscated and commits were held back until the release was out, so we had no way to see what was necessary to resolve client-side until long after ZODL and who knows who else. 4. We were only able to get a response and talk to those in the know on the bug/fix as of 3h ago, despite repeated efforts on all platforms for two days, but they have been helpful since then. I understand the need for doing things quietly when critical bugs are found in consensus code, but refusing to notify or communicate at all with your FOSS ecosystem partner (likely because they feel threatened by our competition) is absolutely insane and an abuse of the insider access that ZODL has, EVEN MORE SO now that they’re a for-profit company that has to serve its VC interests. This is not the way decentralized networks should be run, is not the way FOSS communities should coordinate responses to responsibly disclosed bugs, and is yet another frustrating saga in Zcash having good tech but an immensely frustrating social layer.