Cryptographic Issues in Cloudflare’s Circl FourQ Implementation (CVE-2025-8556)
Brief In early 2025, while working on a project which required us to perform a broad audit of OSS elliptic curve implementations – we discovered several cryptographic issues in Cloudflare’s CIRCL library – specifically with the implementation of the FourQ elliptic curve. We reported the issues through Cloudflare’s HackerOne bug bounty plan in March 2025, […]
Why I’m teaching kids to hack computers
Paul Hudson, @twostraws, October 22nd 2025 When I was a teen, I learned about computers by trying things, breaking things, and fixing them again – relentless curiosity and experimentation, backed up by computers being much more open to investigation, allowed me to learn and grow. Today’s computers are a lot more polished and a lot more […]
AI assistants misrepresent news content 45% of the time
New research coordinated by the European Broadcasting Union (EBU) and led by the BBC has found that AI assistants – already a daily information gateway for millions of people – routinely misrepresent news content no matter which language, territory, or AI platform is tested. The intensive international study of unprecedented scope and scale was launched […]
Democracy and the open internet die in daylight
Obviously there have been many editorial changes at the formerly venerable Washington Post, a tawdry saga which I don’t intend to recap here. What I do want to share is this, which I spotted yesterday during research. A screen cap of the Washington Post’s site, offering free access to Post stories if you download the […]
A Brain-like LLM to replace Transformers
Abstract:The relationship between computing systems and the brain has served as motivation for pioneering theoreticians since John von Neumann and Alan Turing. Uniform, scale-free biological networks, such as the brain, have powerful properties, including generalizing over time, which is the main barrier for Machine Learning on the path to Universal Reasoning Models. We introduce `Dragon […]
The security paradox of local LLMs
If you’re running a local LLM for privacy and security, you need to read this. Our research on gpt-oss-20b (for OpenAI’s Red‑Teaming Challenge) shows they are much more prone to being tricked than frontier models. When attackers prompt them to include vulnerabilities, local models comply with up to 95% success rate. These local models are […]
SourceFS: A 2h+ Android build becomes a 15m task with a virtual filesystem
SourceFS – a high-performance virtual filesystem that builds Android 9× faster, cuts compute costs by 14×, and reduces disk usage by 83× — unlocking a new level of developer productivity. Slow Builds and Code Checkouts Today’s connected devices are powered by some of the largest codebases ever developed. The latest Linux kernel has 40 Million […]
Internet’s biggest annoyance: Cookie laws should target browsers, not websites
Save and Share: Click. Ugh. Another one. You know the drill. You land on a new website, eager to read an article or check a product price, and before the page even finishes loading, it appears: the dreaded cookie banner. A pop-up, a slide-in, a full-screen overlay demanding you “Accept All,” “Manage Preferences,” or navigate […]
Infracost (YC W21) Hiring First Dev Advocate to Shift FinOps Left
Overview The spend on public cloud is fast approaching $1 trillion per year – we estimate this boundary will be crossed before the turn of the decade. Infrastructure-as-Code (e.g. Terraform, CloudFormation, CDK) and platform engineering have fundamentally changed who makes spending decisions. In the past, only a central team provisioned cloud resources. Now every engineer […]