Hotel toilet privacy is disappearing.
Glass doors.
Or no door.
Or a big window into the room.
Who is asking for this?
jsr
jsr
npub1vz03...ttwj
Chasing digital badness at the citizen lab. All words here are my own.
Suddenly hearing about zcash everywhere.
Feels inorganic.
What's up?
YIKES: NSO floats Pegasus spyware use in a "time of domestic crisis" in πΊπΈAmerica.
I believe they won't stop lobbying until they get Pegasus into USA.
To hack Americans. 
POV: you can't sleep because your bed can't talk to AWS.
Design thinking that inserts brittle dependence into our lives while extracting fees for life.
Don't be these guys.
Design thinking that inserts brittle dependence into our lives while extracting fees for life.
Don't be these guys.
GOOD MORNING.
Today's massive outages nicely illustrate which of your favorite internet things are secretly Amazon-dependent.
Specifically on US-EAST-1 Region, which woke up with Main Character Syndrome.
Result? Massive outages.
Sure, Amazon has regions.
But US-EAST-1 is the legacy/default for a pile of services...and other Global Amazon services also depended on it.
So when there was trouble...it was quickly everywhere.
Hyperscalers rule *almost* everything around us. And this is absolutely bad news for all sorts of resiliency.
Amazon sez: root cause = DNS resolution with DynamoDB... which a ton depends on.
They say they are mostly mitigated & have a pile of backlog to clear.
But this is a great moment to think about just how many eggs that matter are in one basket...
https://health.aws.amazon.com/health/status
But US-EAST-1 is the legacy/default for a pile of services...and other Global Amazon services also depended on it.
So when there was trouble...it was quickly everywhere.
Hyperscalers rule *almost* everything around us. And this is absolutely bad news for all sorts of resiliency.
Amazon sez: root cause = DNS resolution with DynamoDB... which a ton depends on.
They say they are mostly mitigated & have a pile of backlog to clear.
But this is a great moment to think about just how many eggs that matter are in one basket...
https://health.aws.amazon.com/health/status
NEW: π°π΅DPRK hackers have begun hiding malware on blockchain.
Result, decentralized, immutable malware from a government crypto theft operation.
It only cost $1.37 USD in gas fees per malware change (e.g. to update the command & control server)
Blockchains as malware dead drops are a fascinating, predictable evolution for nation state attackers.
And Blockchain explorers are a natural target.
Nearly impossible to remove.
Experimentation with putting malware on blockchains is in infancy.
Ultimately there will be some efforts to try and implement social engineering protection around this, but combined with things like agentic AI & vibe coding by low-information people...whew boy this gold seam is going to be productive for a long time.
Still, where here they used social engineering, I expect attackers to also experiment with directly loading zero click exploits onto blockchains targeting things like blockchain explorers & other systems that process blockchains... especially if they are sometimes hosted on the same systems & networks that handle transactions / have wallets.
REPORT: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding
It only cost $1.37 USD in gas fees per malware change (e.g. to update the command & control server)
Blockchains as malware dead drops are a fascinating, predictable evolution for nation state attackers.
And Blockchain explorers are a natural target.
Nearly impossible to remove.
Experimentation with putting malware on blockchains is in infancy.
Ultimately there will be some efforts to try and implement social engineering protection around this, but combined with things like agentic AI & vibe coding by low-information people...whew boy this gold seam is going to be productive for a long time.
Still, where here they used social engineering, I expect attackers to also experiment with directly loading zero click exploits onto blockchains targeting things like blockchain explorers & other systems that process blockchains... especially if they are sometimes hosted on the same systems & networks that handle transactions / have wallets.
REPORT: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding
NEW: Cost to 'poison' an LLM and insert backdoors is relatively constant. Even as models grow.
Implication: scaling security is orders-of-magnitude harder than scaling LLMs.
Prior work had suggested that as model sizes grew, it would make them cost-prohibitive to poison.
So, in LLM training-set-land, dilution isn't the solution to pollution.
Just about the same size of poisoned training data that works on a 1B model could also work on a 1T model.
I feel like this is something that cybersecurity folks will find intuitive: lots of attacks scale. Most defenses don't
PAPER: POISONING ATTACKS ON LLMS REQUIRE A NEAR-CONSTANT NUMBER OF POISON SAMPLES https://arxiv.org/pdf/2510.07192
Prior work had suggested that as model sizes grew, it would make them cost-prohibitive to poison.
So, in LLM training-set-land, dilution isn't the solution to pollution.
Just about the same size of poisoned training data that works on a 1B model could also work on a 1T model.
I feel like this is something that cybersecurity folks will find intuitive: lots of attacks scale. Most defenses don't
PAPER: POISONING ATTACKS ON LLMS REQUIRE A NEAR-CONSTANT NUMBER OF POISON SAMPLES https://arxiv.org/pdf/2510.07192
Only four fire department callouts?
Clearly the Asian market isn't stocking enough durians.
Durian is one of the only fruits where your nose can tell you if it's in stock before you get near the section.
Also, I disagree that Durian smells of gas. It smells of sweet old wet socks and vanilla ice cream.
Durian is one of the only fruits where your nose can tell you if it's in stock before you get near the section.
Also, I disagree that Durian smells of gas. It smells of sweet old wet socks and vanilla ice cream.
NEW: breach of Discord age verification data.
For some users this means their passports & drivers licenses.
Discord has only run age verification for 6 months.
Age verification is a badly implemented data grab wrapped in a moral panic.
Proponents say age verification = showing your ID at the door to a bar.
But the analogy is often wrong.
It's more like: bouncer photocopies some IDs, & keeps them in a shed around back.
There will be more breaches.
But it should bother you that the technology promised to make us all safer, is quickly making us less so.
STORIES:
https://www.forbes.com/sites/daveywinder/2025/10/05/discord-confirms-users-hacked---photos-and-messages-accessed/
Proponents say age verification = showing your ID at the door to a bar.
But the analogy is often wrong.
It's more like: bouncer photocopies some IDs, & keeps them in a shed around back.
There will be more breaches.
But it should bother you that the technology promised to make us all safer, is quickly making us less so.
STORIES:
https://www.forbes.com/sites/daveywinder/2025/10/05/discord-confirms-users-hacked---photos-and-messages-accessed/
The Verge
Discord customer service data breach leaks user info and scanned photo IDs
An βunauthorized partyβ may have accessed the names of users, the last four digits of credit card numbers, and more.
NEW: turns out the EU helped finance a bunch of spyware companies with..public money.
That's YOUR money if you live in Europe.
Eou deserve to know that your money is fueling spyware companies like Paragon.
And if you aren't in Europe? There's a good chance that the mercenary spyware crisis is still fueled by your pensions & tax dollars.
Whether it's Oregon public employees or Alaskans, Europeans or folks in South Yorkshire...
The Fund managers stewarding your cash bear a heavy ethical responsibility for the harms they turbocharged.
And they completely sidestep it.
Now a group of MEPs from 4 EU political groups is calling for action & transparency. Good to see them leaning in...
It's great to see a cross-cutting call for action...
Kudos to these MEPs for standing up. But honestly, there should be many, many more..
Here's the story: 
And if you aren't in Europe? There's a good chance that the mercenary spyware crisis is still fueled by your pensions & tax dollars.
Whether it's Oregon public employees or Alaskans, Europeans or folks in South Yorkshire...
The Fund managers stewarding your cash bear a heavy ethical responsibility for the harms they turbocharged.
And they completely sidestep it.
Now a group of MEPs from 4 EU political groups is calling for action & transparency. Good to see them leaning in...
It's great to see a cross-cutting call for action...
Kudos to these MEPs for standing up. But honestly, there should be many, many more..
Here's the story: European Investment Fund financed Israeli spyware company Paragon
Paragon's spyware has been used against activists by multiple governments.