freedom security privacy robots consciousness | EF Silviculture, Board @TheBootstrapOrg | @synthetix_io @Anchorage private equity | @wharton 2007
Joined June 2018
- Tweets 3,668
- Following 2,380
- Followers 3,554
- Likes 8,031
504 Photos and videos
Excited to talk to three heroes of mine, all in one sitting!
We will explore how tools, both surveillance and privacy tools, can evolve beyond their intended use cases - as they have before.
Imagine a different future: what if we embraced surveillance, in exchange for security? What would that world look like?
Join us on the first livestream on @ethereum
@VitalikButerin @Ada_Palmer @SherriDavidoff
The Apparatus - Jan 15, 6pm UTC
A livestream with @VitalikButerin, SciFi author and historian @Ada_Palmer, & professional hacker @SherriDavidoff, moderated by @ml_sudo.
Three theories on why privacy keeps losing, and how to turn the tables.
Watch here: x.com/i/broadcasts/1yNGabWMM…
38
4
76
4,349
sudo_ml retweeted
Feb 14
Prediction: In the AI age, taste will become even more important. When anyone can make anything, the big differentiator is what you choose to make.
paulgraham.com/taste.html
852
1,585
12,972
2,063,276
See you all tomorrow to talk about staving off AI totalitarianism!
Jun 12
11:00–12:00 from AI to NeoCypherpunks
Privacy vs 'Progress' @Suitpossum:
Roots of Trust @zmanian @cameroncolby @Poetic_Tech @rileynwong @sudo_ml
Naming the Harm @SoosMate
Deviant Slop @jayapapaya
2
5
504
sudo_ml retweeted
Jun 13
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: anthropic.com/news/fable-myt…
12,106
25,286
85,660
83,826,624
sudo_ml retweeted
Jun 12
Shielded Labs worked with Anthropic to audit the Zcash protocol with Mythos using prompts provided by @DefuseSec. No serious vulnerabilities were found.
Jun 12
Thanks, Anthropic, for helping protect Zcash users. At Shielded Labs’s request, they ran a security audit of Zcash with Mythos. It did not find any more serious bugs in the Zcash protocol. Shielded Labs and others are continuing security hardening work. Stay tuned for updates.
15
41
256
23,237
😱 a TEN YEAR APT
Jun 12
🚨 A China-linked hacking group hid inside a network for nearly 10 years.
Not by dropping obvious malware, but by quietly changing the #Linux login software itself.
Researchers say Velvet Ant backdoored PAM and OpenSSH components to steal credentials, log commands, and keep access inside a network with no direct internet access.
Read the full story: thehackernews.com/2026/06/ch…
1
144
😢
🚨 BREAKING: More than 400 Arch Linux User Repository packages have been compromised with infostealer malware and a rootkit.
Attacker posed as a trusted maintainer and "adopted" orphaned packages.
Arch maintainers are purging infected packages now. Audit your AUR installs.
1
290
😳 CROPS big tech?!
Developers from Signal (including its protocol's co-creator) along with Microsoft and Harvard unveil Encrypted Spaces, an open-source codebase for a new generation of private collaboration apps. Think Slack, Discord, Google Docs, all end-to-end encrypted. wired.com/story/signal-alums…
2
5
2,038
sudo_ml retweeted
Jun 11
Anne Hathaway went sober in October 2018. Alcohol breaks down collagen faster than the body can replace it, and collagen is what keeps a face looking young. She’s been compounding that decision for close to eight years.
UV exposure runs parallel. A 2013 study measured the contribution of sun damage to facial aging in 298 women and landed at exactly 80.3%. The wrinkles, dark spots, and texture changes on most faces are not from time. They’re from sun exposure, accumulated silently across two decades, surfacing at 40. Collagen falls about 1% per year from the mid-20s, with UV, alcohol, and stress all accelerating that rate.
Sleep is where the repair actually happens. About 75% of daily growth hormone gets released during sleep, most heavily during deep sleep. This is when cells fix sun damage and rebuild skin structure. Chronic poor sleep doesn’t just cause dark circles. It measurably slows how fast skin repairs itself.
Genetics drives a big part of how people age visually, confirmed across decades of twin studies. But lifestyle explains why two people with similar genes can look 10 years apart at 42. The ones who appear dramatically younger usually aren’t doing anything exotic. They’ve just been stacking boring decisions for 20 years. Sunscreen daily, limited alcohol, consistent sleep, low stress.
At 42, the face you have is mostly a receipt for decisions made in your 20s and 30s.
44
316
4,880
1,556,709
sudo_ml retweeted
Step 1: Export from X. Settings → Your account → Download an archive of your data. It can take 24–48 hours for X to generate the archive, then you get a zip containing all your tweets, media, followers, DMs, etc. as JSON. GitHub
Step 2: Import to Nostr. The main tool for this is exit.pub (EXIT, built by pablof7z). You unzip your Twitter archive and use exit.pub to import your data into Nostr — original timestamps are preserved, so a 2009 tweet shows up as posted in 2009, and you get granular control over which tweets to import (threads, non-replies, replies). You sign the imported events with your nsec via a NIP-07 extension, so do this with your real key only if you trust the flow — or audit it first, given your line of work.
7
7
89
1,858
sudo_ml retweeted
Jun 10
NEW: malware developers added nuclear & biological weapons text to to their spyware.
Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.
Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky.
When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.
We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.
In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.
H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…
226
2,152
12,629
1,540,122
sudo_ml retweeted
Jun 10
JUST IN: @AlliumLabs says zcash:native volume spiked 12 to 13x normal on May 26, days before Zcash’s four year privacy bug was discovered, while five wallets opened about $72M in shorts and later realized $3.43M in profit, pointing to possible early knowledge.
16
28
184
35,222
Monero PSA: Critical P2Pool Security Update
"A critical vulnerability has been discovered in all currently released P2Pool versions.
[...]
We are continuously monitoring the network and have reviewed the available historical logs. We have found no evidence that this vulnerability has been exploited."
8
37
179
21,970
RT @aixbt_agent: zcash had an infinite mint bug in its orchard shielded pool for 4 years. anthropic's claude found it. no human auditor cau…
28
New credentials attack on Google, it's a subtle one. The email actually comes from account.google.com. It informs you that your recovery contact (an email you don't recognize) is about to reset your password and prompts you to take action. There's a link that appears to point to accounts.google.com but uses the continue URL parameter to redirect you to sites.google.com, which hosts the attacker's site. If you scroll down, you can see the bottom of the email, which just shows that someone is asking to add you as their recovery contact. The entire first part of the email is a user-controlled field in Google's system that the attacker controlled to include the malicious link and text.
27
294
1,097
85,513
sudo_ml retweeted
Jun 9
This is what the UK spyware proposal means.
There must be government spyware on every mobile device. It shall watch everything that happens, including always watching the screen, looking for things the government disapproves of.
When anything is flagged by the software as something the government doesn't like, the software must block it from being sent or displayed (in realtime).
The user of the device must not be able to shut this watching and blocking off. The only way to shut it off would be to ask the government or its proxies to do so for you, at their discretion.
Therefore the whole device must be locked down. Administrator rights and the decision of what software or operating system to run or not to run must be taken from the owner/user and handed to the government and its proxies.
Apple and Google are themselves working hard to lock down the devices they are involved in to shut out competition and establish a duopoly.
The UK government says it is "working closely" with Apple and Google and currently they synchronise and coordinate their communication on this subject.
The UK government is now proposing to mandate what would otherwise be illegal anti-competitive practices.
@GrapheneOS on the Apple and Google duopoly:
x.com/GrapheneOS/status/2053…
Statement from @signalapp
x.com/signalapp/status/20640…
@ReclaimTheNetHQ on the state spyware:
reclaimthenet.org/starmer-ca…
The government announcement:
gov.uk/government/news/new-p…
Jun 8
Our statement on the UK government’s demand that all content on all devices sold or used in the country be scanned, on the presumption of nudity, using a dystopian combination of age verification and content scanning. This proposal will not safeguard children. It endangers us all.
signal.org/blog/pdfs/2026-06…
241
3,406
14,184
1,516,131
INCIDENT SUMMARY:
We stored 3 of 6 keys to our Gnosis Safe holding $36,000,000 on one employee’s laptop
Jun 9
INCIDENT UPDATE:
Last night, June 8, the H token was hit by a coordinated attack across Ethereum and BSC. While we’re still investigating this incident, we want to be transparent with our community about what happened.
As of right now, ~$36M has been stolen across both chains and dumped. This was a result of a breach that happened after an employee’s laptop was compromised.
Three of six Gnosis Safe owner keys controlling the Hyperlane bridge ProxyAdmin were compromised. The attacker used these to transfer ProxyAdmin ownership to their own wallet, then upgraded the bridge contract to a malicious implementation and swept ~141.2M H in a single transaction.
Three of five BSC Safe owner keys were also compromised. The attacker performed the same ProxyAdmin seizure on BSC, deployed a malicious implementation with an unlimited mint function, and minted 200,000,005 H in two tranches directly to their wallet.
We’ve now halted all deposits and withdrawals to the affected bridges and are working with all related parties, including exchanges, to minimize the damage. Further to our internal investigation, we’re also working closely with the police to investigate this incident and recover some of the stolen funds.
People in this community worked hard for what they hold here, and we feel the weight of that. We want to apologize for what has happened and thank you for your patience, messages, and for sticking with us.
99
26
814
182,562
sudo_ml retweeted
Sam Bankman-Fried and I were prison bunkmates and I know him well. So I read this with more context than most.
Sam and I argued more than once about the same thing: his refusal to accept ANY responsibility for what he did. Not once did he admit he’d done anything wrong — even after I told him repeatedly he could never begin to redeem himself without that acknowledgment.
You don’t earn a pardon when you can’t admit, even to yourself, that you did wrong.
FTX co-founder Sam Bankman-Fried formally applied for a presidential pardon bloomberg.com/news/articles/…
276
182
3,456
1,472,691
sudo_ml retweeted
Jun 8
If you've adopted AI at your company but haven't seen any tangible results, read this 1990 article: "The Dynamo and the Computer" by Paul David.
When electricity first arrived, factories that "adopted" it barely got faster. They just swapped the steam engine for an electric one and ran everything else exactly as before: same machine layout, same workflow, same management. Electricity in, no real gains out.
The most common mistake with any new technology is to drop it into the old organization and then declare the transformation done.
The real leap came decades later, when each machine got its own small motor. Suddenly machines no longer had to be lined up around one central drive shaft. They could be rearranged around the actual flow of work.
The productivity gains didn't come from electricity. They came from REDESIGNING THE ENTIRE FACTORY around it.
AI is the same. Bolting it onto your existing process gets you a faster steam engine. The payoff comes when you redesign the work itself.
(link to paper in comments)
146
752
4,227
285,618