You wrote "All tiktok code is written by ByteDance engineers in china." While historically that might have been true in the old codebase, it isn't anymore. There is a significant TikTok office presence in South Bay, with many job listings open.
I find all this very interesting from a historical perspective because we are ramming into the control matrix that has been constructed around America for around 150 years now at minimum, the notion of universal equality; and it is causing the inevitable and predictable collapses that are caused by its inherent contradictions.
We wanted diversity and equality because it served a narcissistic ethnic group, and now that they’ve started realizing that their whole short sighted, self-serving system is turning on them, they’re blowing huge holes in it and getting ever more draconian… as is typical of narcissists, especially malicious and grandiose types of extreme narcissists.
You will not be able to convince these toes of people with things like facts, because what they promote or support is an emotional level conviction similar to a religious one. The whole China ruse itself is just a lie and the ones who used and deployed that lie for strategic ends know this. All those who promote it are just the worthless foot soldiers on a battlefield of and over the mind.
I'm sorry but I'm big into crypto and have never seen a contract like that deployed in the wild.
And I actually use crypto for payments more than most people. I used some just last week to buy a replica rolex from a chinese dealer because they gave a better price than credit cards.
You've never staked a token? Every single major chain and most exchanges have staking contracts deployed which are essentially the same thing (you can't access your tokens until an oracle says so, or you cancel out).
Current Oracle CEO Safra Catz lives in Palm Beach and is a frequent visitor to Mar-a-lago. She is actually a big Israel supporter, visiting and donating money often.
Just as an aside but I would never say this, this is why people hate security teams. I'm a security 'expert' with 15+ years in the industry including speaking at DEFCON, Blackhat, and all that.
I had no idea about these issues and have never heard of PASETO until now! I'm actually a few months in into my startup and we are using JWT for a lot of stuff so this is very relevant. Thanks for sharing! But if I can't keep up with everything then devs who don't do this all day simply cannot.
> If you spend more time proving your optimization of a cryptographic algorithm is not vulnerable to timing attacks than you do writing the code, I don't think any of my observations here are going to be useful to you.
I am not a software dev I am a security researcher. LLM's are great for my security research! It is so much easier and faster to iterate on code like fuzzers to do security testing. Writing code to do a padding oracle attack would have taken me a week+ in the past. Now I can work with an LLM to write code and learn and break within the day.
It has accelerated my security research 10 fold, just because I am able to write code and parse and interpret logs at a level above what I was able to a few years ago.
>We’ve been getting far too much money, for far too long. In normal office jobs, it takes a lifetime of sacrifices to get to higher pay grade.
I don't understand this mindset. We should all support our working class brothers to get better wages. Just because the custodian, accountant, and jr HR person are also paid crap doesn't mean we should all grin and bear because at least we're not the day laborers outside.
The devs can change anything, it's just software. As long as miners, which are extremely centralized, agree it's the new chain.
I was a part of the bitcointalk forums in 2010 when the dev team created a soft fork that modified the blockchain to change consensus rules. THink about it, devs changed the consensus mechanism, that goes against everything bitcoin is supposed to be. They can do it again
Why not hire Americans? I went to a no name state school with a large CS class. Sure we're not MIT/Stanford quality (well many where) but plenty of talent to go around.
Whether they want to work for your wages is the real issues.
If they pass the interview then we obviously gladly hire them. But competition is hard.
We do have quite competitive wages. But we need more people than the American-only portion of the market has to offer. Competent foreigners make up a sizeable part of the applicants, and those who don't already have visa or green card we just can't hire. It's as simple as that.
you've made multiple comments in this thread about being unable to find American workers. I'm currently looking for work but looking at your profile I can't find your company. Where can I apply to whatever job openings you have?
Bitcoin mining benefiting the energy grid is an absurd statement. I live in Texas and the bitcoin mines are messing up our grid by making energy more expensive during heatwaves and freezes and when shutdown we have to pay them!
Bitcoin miners don't compete for the same energy as residential and most industrial uses. Mining isn't profitable unless energy is a fraction of the price that typical consumers pay. The effect is that Bitcoin miners act as energy buyers of last resort. In other words, they buy wasted energy.
Having a buyer of last resort is good for energy grids (or any product), not bad for them. It incentivizes grid build out. Instead of worrying about whether a particular energy development will have enough demand, they can work out a deal with Bitcoin miners to sell wasted energy to them.
Industrial users of power frequently work out power agreements that will pay them in the event that they are required to shut down. This is completely normal. The difference is that Bitcoin miners are EVEN MORE flexible in that they can shut down at a moment's notice, unlike manufacturing or smelting. Again, this is good for grids, not bad.
Let me get this right, your argument is that miners are better than manufacturing or smelting? So that's how mining is beneficial to the energy grid. You bitcoin clowns are really on something.
Did you read a single article. Bitcoin miners ARE raising prices for Texas citizens.
I gave up caring about bitcoin around 2014 after growing out of libertarian brain rot. And sold my last 5btc in 2021 after the superbowl commercial gave me the feeling the jig was up and the last suckers were in. The sooner you come to this realization the soon you can dedicate your time better uses. Good luck.
Your articles don't say anything about raising electricity prices for consumers, except to speculate about it. At least the NYT piece recently on Bitcoin mining cited a study saying there was a 5% increase in electricity bills because of Bitcoin mining, even if it was using secret data.
Again, I would point out (not for you since your reasoning is clearly motivated, but for anyone else reading it) that Bitcoin miners overwhelmingly use electricity that would go to no other use, and thus is incredibly cheap, and would naturally be expected to have little to no effect on average electricity bills.
Most Bitcoin energy contracts in Texas are structured as long-term pre-purchase agreements.
They incentivize the build out of green energy projects such as wind and solar. Projects that in many cases would never have happened without subsidies from Bitcoin miners.
When you say we have to pay them to shut down what you are really saying is that we have to pay them back for energy they already purchased.
The fact that this excess energy is available on demand to utilities ensures we have a more stable energy grid by serving as an energy storage system that we only pay for in times of severe demand.
> 1. They hack computers not code. Their normal plan is to steal keys by compromising users and computers. This is in contrast to the normal "hack" that works by finding and exploiting bugs in code.
I'm just a 'regular security guy' but in that link you posted they detail that after the initial phishing compromise "The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes." They don't detail the bugs that got them access to the nodes but this didn't give them control of the network so "the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.
...Sky Mavis requested help from the Axie DAO to distribute free transactions ... Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked."
Sounds like a pretty classic hack to me. They got into the network, got access to some important servers (how? they should be totally segregated from the corporate network). Then found a depreciated endpoint that allowed them blindly sign transactions. This is bread and butter for any pentesting work, makes me wonder if any of these web3 orgs are hiring security firms to test their systems and not just smart-contracts.
The problem was ultimately in the bridge’s design and implementation. Even though it was sold as a decentralized system it was a multisig with very few signatories. A properly designed decentralized bridge would require the compromise of many validators, each with a different infrastructure setup. This is why you never hear about Ethereum itself getting hacked.
Instead, the Axie bridge was a multisig, and as of that wasn’t bad enough, most of the signatories were controlled by the same organization on the same infrastructure. Really demonstrated that concerns about decentralization are not just pedantic or academic.
IIRC the 9 nodes where effectively controlled by 3 sets of keys so they only had to compromise 2 to take control. And they took weeks to discover it happened. The incompetence and brazenness astonishes. Team as well as investors.
Its not a short amount of time to realize that your treasury has been looted. They should have had monitoring in place before they had a percentage of the locked up value.
I was not referring about the timeline from the breach but the timeline from the transfer of funds, which by their nature are visible by the blockchain and even with everything else failing wouldn't this be on dashboards and part of regular monitoring anywhere else?
The companies getting hacked are not the web3 ones like Ethereum or Terra. They are normally inside jobs with the founders stealing from the "decentralised" network they secretly control. It's the exchanges that are run like traditional business without the magic blockchain power.
All tiktok code is written by ByteDance engineers in china.
Context for the non-beleivers. I work on the TikTok USDS team.