This is about a language compiler bug. There are no takeaways about smart contracts here.
So long as you’re writing your smart contracts with a chisel, into a stone tablet, with no compilers or assemblers in sight!
Readit Newstsujamin commented on Compiler Bug Causes Compiler Bug: How a 12-Year-Old G++ Bug Took Down Solidity osec.io/blog/2025-08-11-c... · Posted by u/luu
tsujamin commented on When DEF CON partners with the U.S. Army jackpoulson.substack.com/... · Posted by u/OgsyedIE
In 2022, Google TAG were awarded a "lamest vendor" award at defcon for fixing a Chrome vulnerability they discovered was being exploited in the wild... without asking for permission from the NSA first. That was the turning point for me.
A Pwnie for "unilaterally shutting down a counterterrorism operation”
tsujamin commented on New adaptive optics shows details of our star's atmosphere nso.edu/press-release/new... · Posted by u/sohkamyung
Am I the only one getting the AI fatigue?
Obviously not speaking for others experience, but it all makes me feel pretty fatigued, and as if this growing expectation of "AI-enhanced productivity" is coming at the expense of a craft and process (writing software) that I enjoy.
tsujamin commented on Cross-Platform P2P Wi-Fi: How the EU Killed AWDL ditto.com/blog/cross-plat... · Posted by u/stusmall
That's certainly a nice feature, but in comparison to the elephant in the room, i.e. wireless file transfers between Android and iOS being completely impossible at the moment, it's completely insignificant.
> wireless file transfers between Android and iOS being completely impossible at the moment
P2P proximal wireless transfer, sure, but there's half a dozen apps on your phone that'll let you punt a document, a photo, an invite to someone on the other phone OS platform.
Maybe I'm an edge case, but probably 90% of my Airdrop usage is between my own devices, so the platform taking care of the authentication story is of more utility than cross-platform transfers. If someone isn't on iOS I'll just send them the file on Signal since, if the source is my phone in the first place, it's probably not a huge transfer anyway.
tsujamin commented on Leaked Apple meeting shows how dire the Siri situation is theverge.com/news/629940/... · Posted by u/belter
All Apple needs to do is allow 3rd party apps to integrate with Siri, then use an LLM as a way to convert natural language into the set of allowed API calls. Basically similar what chatGPT does with function calling. And on osx, they should have already had a head start due to applescript integration everywhere in most apps. I have no idea why they're trying to reinvent the wheel with "Shortcuts" which is severely limited.
They already have everything waiting there for their taking, and they're squandering it for no reason. Siri on osx should have been built on top of AppleScript from the get-go, then the switch to LLM would have been easy.
For that matter, I wonder why on osx I haven't seen any 3rd party apps be a siri replacement using applescript to drive applications directly. So much effort is spent on screen scraping and trying to get "agents" to use computers like humans do, but for decades osx has already had a parallel set of APIs built into every application specifically for machine consumption. And most good 3rd party apps even make use of it.
They already have a compostable automation api with 3rd party integrations: Shortcuts!
It’s not perfect, but surely you could natural language -> llm -> temporary shortcut script and that gets you a decent part of the way to a smarter Siri
How does SBOM and such account for this? If you’re a package maintainer, do you need to include CI pipeline plugins, their dependencies, going down as far as the pipeline host, in your security-relevant dependencies? Hard problems :/
How would they get their data back if someone theoretically knows how to decrypt but never tells anyone.
I can’t remember the example (it was a conference talk a few years ago), but I’m pretty sure there’s LE and DFIR companies who also reverse this stuff and assist in recovery, they just don’t publish the actual flaws exploited to recover the data.