To really understand a concept, you have to “invent” it yourself in some capacity. Understanding doesn’t come from passive content consumption. It is always self-built. It is an active, high-agency, self-directed process of creating and debugging your own mental models.
While I have completed five years with my investment in SRF, the investments themselves has been very uneven. For example, my investments in FY 2023-24 alone account for more than 60% of my total investments (Figure 1). Hence, I am still early in my investment journey.
Shray Chandra: But when I’m looking at my portfolio, if I’m going to put them all in equity, I’m this super demanding and difficult person saying this doesn’t deserve to be in my portfolio, it’s not doing well, I’ve lost faith in management, this sector is completely screwed.
But if 5% of that money is in gold, and gold doesn’t do well, I’m like, oh, this is fine, it’s meant to be hedge. It’s almost like I treat it completely differently. So when it goes up, I said, see, I was right.
And when it doesn’t do well, I said, yeah, I know, because it’ll do well at the other times. So how does one deal with this sort of like, is this a rational way of thinking about it? Is it just managing emotional expectations or is it like insurance? It won’t do well for many years and some years it will do well.
Deepak Shenoy: That’s a brilliant philosophical thought process difference. And I think real assets have this advantage. You buy land, you have a similar thing.
Land has this advantage that people don’t re-value it. And even if they do re-value it, they say, we’ll wait. People tell me that they want to wait for the metro in Bangalore before they sell their apartment.
I’m like, that’s at least three, four years away where I am. They’re like, huh, it’s okay. I’m like, nobody will tell me.
I will wait three, four years for Nifty to go back up. It’s very rare to find that, right? I have to try really hard to…
Listen, it’s not down too much. It’s only been a year. So just hang on for a few more years and it’ll be fine over the long term, right?
You have to give any investment at least a few years before it gets in. But it’s so much easier to tell that about land or about gold than it is to tell them about stock A or portfolio A or mutual fund Y and so on. So I feel that maybe it has become a second part of nature for us. It says, well, if this mutual fund thing doesn’t work out for me in a year, I’m done. But the land bit, I want to, I don’t mind. That is actually long term.
Shray Chandra: We’re able to bring in our long term thinking properly when it comes to or the diversification thinking when it comes to say assets like land, real assets. We struggle when it comes to financial assets where the job is, you’re supposed to make me rich. What are you doing?
Erik D. Kennedy reflecting on why has AI not impacted designer, yet.
My hunch: vibe coding is a lot like stock-picking – everyone’s always blabbing about their big wins. Ask what their annual rate of return is above the S&P, and it’s a quieter conversation 🤫
Mylar Melodies explaining why we should not be attaching external validations to our hobbies.
There’s a really good book called Four Thousand Weeks by Oliver Burkeman, a book that I’ve read three times now and if you’re over 40 I cannot recommend enough. It’s basically about the sort of mortality midlife crisis that you have when you enter your 40s. About am I doing enough? Am I going to get it all done? I’m going to die someday is when you start realizing because you’re like I’m halfway through. So you panic about am I doing enough. Have I done it all? Am I getting it all done?
Basically the short answer of the book is, you will not get it all done and one of the things that it expounds is the notion of having a hobby and having a hobby that isn’t something that you’re good at. In fact, it goes so far as to say that actually not being good at the hobby is half of what makes the hobby good because you’re just doing it for its own intrinsic rewards. You’re not doing it as a side hustle. You’re not doing it for points. You’re not doing it as a thing you’re going to grow into this business, because by attaching all of this sort of stuff to it, all these obligations, these sort of like expectations, you turn something that is supposed to just be intrinsic.
Something that’s just a thing you love and do because you’re alive and you get to enjoy doing things you love while you’re alive. It turns it into something that has like expectations attached to it and that colours it because you’re then thinking well I should only be doing something that’s going to like make my life better or like you know improve you know that I’m building towards it’s going to be a hustle it’s going to earn me money someday. Don’t worry it’s not a waste of time. I’m not wasting my time. But you’re not wasting your time because the point of life is just to enjoy yourself and to live a fulfilling life in whatever form that takes it’s different for everyone. But what I’m saying is it’s really important to have things that you just enjoy doing intrinsically.
An insightful post by Bruce Schneier on the security issues plaguing AI. He also suggests that prompt injections might be unsolvable in today’s LLMs.
The fundamental problem is that AI must compress reality into model-legible forms. In this setting, adversaries can exploit the compression. They don’t have to attack the territory; they can attack the map. Models lack local contextual knowledge. They process symbols, not meaning. A human sees a suspicious URL; an AI sees valid syntax. And that semantic gap becomes a security gap.
Prompt injection might be unsolvable in today’s LLMs. LLMs process token sequences, but no mechanism exists to mark token privileges. Every solution proposed introduces new injection vectors: Delimiter? Attackers include delimiters. Instruction hierarchy? Attackers claim priority. Separate models? Double the attack surface. Security requires boundaries, but LLMs dissolve boundaries. More generally, existing mechanisms to improve models won’t help protect against attack. Fine-tuning preserves backdoors. Reinforcement learning with human feedback adds human preferences without removing model biases. Each training phase compounds prior compromises.
This is Ken Thompson’s “trusting trust” attack all over again. Poisoned states generate poisoned outputs, which poison future states. Try to summarize the conversation history? The summary includes the injection. Clear the cache to remove the poison? Lose all context. Keep the cache for continuity? Keep the contamination. Stateful systems can’t forget attacks, and so memory becomes a liability. Adversaries can craft inputs that corrupt future outputs.
This is the agentic AI security trilemma. Fast, smart, secure; pick any two. Fast and smart—you can’t verify your inputs. Smart and secure—you check everything, slowly, because AI itself can’t be used for this. Secure and fast—you’re stuck with models with intentionally limited capabilities.
Ben Thompson talking about origins of the US-East-1, the AWS region that went down a couple of days back and along with it a significant portion of the internet.
Northern Virginia was a place that, in the 1990s, had relatively cheap and reliable power, land, and a fairly benign natural-disaster profile; it also had one of the first major Internet exchange points, thanks to its proximity to Washington D.C., and was centrally located between the west coast and Europe. That drew AOL, the largest Internet Service Provider of the 1990s, which established the region as data center central, leading to an even larger buildout of critical infrastructure, and making it the obvious location to place AWS’s first data center in 2006.
That data center became what is known as US-East-1, and from the beginning it has been the location with the most capacity, the widest variety of instance types, and the first region to get AWS’s newest features. It’s so critical that AWS itself has repeatedly been shown to have dependencies on US-East-1; it’s also the default location in tutorials and templates used by developers around the world.
David Dodda talking about his recent escape from being hacked by an ingenious method.
Before hitting npm start, I threw this prompt at my Cursor AI agent:
“Before I run this application, can you see if there are any suspicious code in this codebase? Like reading files it shouldn’t be reading, accessing crypto wallets etc.”
And holy sh*t.
Sitting right in the middle of server/controllers/userController.js was this beauty:
Obfuscated. Sneaky. Evil. And 100% active – embedded between legitimate admin functions, ready to execute with full server privileges the moment admin routes were accessed.
I decoded that byte array: https://api.npoint.io/2c458612399c3b2031fb9
When I first hit the URL, it was live. I grabbed the payload. Pure malware. The kind that steals everything – crypto wallets, files, passwords, your entire digital existence.
Here’s the kicker: the URL died exactly 24 hours later. These guys weren’t messing around – they had their infrastructure set up to burn evidence fast.
The Daily Brief explaning the concept with a nifty little diagram.
Here’s how a PSP basically works. It has electric pumps that are powered using solar. So, when you have excess solar power at midday, the PSP pumps water uphill from a lower reservoir to an upper one. Come sunset, when solar dies and demand spikes the PSP releases the same water, whose downhill gravity powers wind turbines. The water also gets stored back again in the lower reservoir.
In short, a PSP uses energy conversion to ensure that excess power is never wasted.
naveegator.in 
You must be logged in to post a comment.