I agree. The MacBook Pro 2014 does have an unlocked bootloader and runs Linux fine, on which you can run Chrome and Spotify. I don’t think Apple has an obligation to support an old laptop with MacOS, but they should release specs to allow driver development.
I thought it would funny to buy the Netscape brand off AOL and start a fork using that name. Maybe combined with your idea, then when/if there's enough funding coming in it can become the main entity developing the browser.
> WASM could indeed make for a simple, yet powerful, web-like platform, and I hope to see this!
Careful what you wish for. WASM-rendered pages could spell the end of ad-blockers and other extensions that modify or read page content. You'll have only binary blobs being downloaded rendering something on a canvas surface.
That is in theory already possible today, also just with obfuscated js blobs.
But the way the ad networks work, is that they do dynamic content loading. So knowing where the ads are coming from and just blocking those lists will continue to work also in WASM.
But indeed, modifying the content specifically, when all you have is a canvas, will be close to impossible.
"Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transfered all ETH in the cold wallet to this unidentified address."
Unfortunately most hardware wallets can't interpret EVM smart contract transactions and asks you to sign a big binary blob that is supposed to match what you see on your computer screen (it's literally called blind signing). He said in the tweet and later on a live stream that they verified that the URL was correct, and there were several signers in different locations on different machines.
Logically the UI must have been manipulated for all of them, which I can think of a few different ways to do:
- The signing link was replaced somehow over whatever medium they sent it to each other, pointing to something that either looks like the original UI (perhaps IDN homograph domain) or is the actual site if it has some weakness that allows script injection to manipulate the page
- The server side was exploited to serve a manipulated page
- Client side malware that injects something in the browser to manipulate the page
- Some kind of network/DNS attack combined with mis-issued TLS certificate (or injected CA)
It points to some level of sophistication and long-term observation of their internal systems to know what the process looks like and devising an attack.
Will be interesting to read when/if they release a full analysis.
They could have used a hardware wallet like the Lattice1 from GridPlus, which actually shows the function parameters on a big screen instead of blind signing.
Oh, when I read this yesterday I assumed "musked" was a clever play on the idea that someone is tricked into agreeing to things against their interests.
> According to crypto security firm Groom Lake, a Safe multisig wallet was deployed on Ethereum in 2019 and on the Base layer-2 in 2024 with identical transaction hashes. Ethereum’s alphanumeric transaction hashes are 64 characters long, so deploying the same smart contract transaction hash twice should be mathematically impossible.
> The same transaction hash appearing on both Ethereum and Base indicates an attacker could have found a way to make a single transaction valid on more than one network or could be reusing crypto wallet signatures or transaction data across networks, pseudonymous Groom Lake researcher Apollo said.
The quote is incorrect. If I deploy the same smart contract to two different EVM chains, from the same wallet, with the same nonce (pretend it's the first transactions I'm doing with this wallet on each chain, so nonce 0), then the transaction hash will be the same on both chains. That's not odd.
The contract address will be the same but the transaction address should be different because transactions include the chainid in them. Otherwise you could easily replay transactions on other chains.
I'm in the same situation, 41 and just folded a startup in November after six years and looking at what to do next.
My concern is if I jump on another startup and it doesn't go well, I will have even less chance to land a decent gig afterwards. Who knows what AI capabilities will be five years down the line?
I have some friends that work in government that could help me get a job there where you are basically unfireable and even get a pension, but the work is not very technically interesting. They all say it's soul-killing but stay for the stability and benefits.
Is a large tech company a better bet? I consider my self a very good developer but not sure if I can pass through all filters and the leetcode gauntlet either.
Deciding which road to go down is giving me more anxiety than ever before.
I think you mostly only run the risk of pigeonholing yourself as a “startup person” if you jump on another startup. But startup people value startup experience, so as along as you enjoy startup work and are making solid contributions, I think you have a long career ahead, with the caveat that options to work in a bigger company may be diminishing. Even then, it’s not all that uncommon for big companies to try to bring in startup types to breathe some life into a stagnant culture. Not so much FAANG but there are a lot of other big tech companies with good comp.
