On March 29, 2024, Andres Freund — a Microsoft engineer and PostgreSQL contributor — noticed something odd while investigating unexplained CPU usage in SSH on a Debian testing build. liblzma, the compression library bundled with XZ Utils, was performing extra work it had no business doing. After careful analysis, Freund had found one of the most sophisticated software supply chain attacks ever dis
The Counter Galois Onion (CGO) Migration: Tor's Cryptographic Engine Swap If you've ever dug into Tor's internals, you know the network is a masterpiece of practical anonymity. But like any long-running system, its crypto stack was starting to show its age. Enter the Counter Galois Onion (CGO) Migration - one of the most significant under-the-hood upgrades Tor has seen in years. It's a fundament
A Haystack pipeline can be perfectly wired and still unsafe. The retriever returns documents. Every component did its job. But if untrusted text moved through the pipeline as ordinary context, the trust boundary was lost. That is the problem this post is about. Not bad Python. A valid component connection only says: this value fits the next component It does not say: this value is safe to influen
Comments
By QuantaLabs | April 2026 | quantalabs.cc | quantachain.org Five days ago, an independent researcher named Giancarlo Lelli broke a 15-bit elliptic curve key on a publicly accessible IBM quantum computer and collected a 1 BTC bounty from Project Eleven. The result was debated — some Bitcoin developers showed the winning result could be replicated with random noise, suggesting limited true quantum
Adding a third person to an encrypted conversation seems like it should be simple. It isn't. The cryptographic properties that make 1:1 messaging secure — forward secrecy, post-compromise security, deniability — become significantly harder to preserve as group size grows. When Signal introduced group chats, they faced a problem that doesn't exist in 1:1 messaging: how do you efficiently encrypt a
By Micky Irons. Founder & sole inventor, Mickai. CEO, Trust-Agent.ai. When I started filing the patents that became Mickai, I didn't have a product brief. I had a question. Why is intelligence the only critical capability we lease? We don't lease our title deeds. We don't lease our identity documents. We don't lease the keys to our houses. We hold them. They're ours. They sit in our drawer, our sa
Comparison: Haystack 2.0 vs. RAGatouille 0.3 for Building High-Accuracy RAG Pipelines for Developer Docs Retrieval-Augmented Generation (RAG) has become the standard for building LLM-powered tools that answer questions using private or domain-specific data. For developer documentation (dev docs) — which includes technical jargon, versioned APIs, code snippets, and structured reference material —