Big Time Computer Outlet

04/28/2026

🔥 Check out this insane open-source project: ESP-Drone GitHub Repository

Build your own Wi-Fi controlled drone using ESP32

✅ Control via mobile app or gamepad
✅ Supports stabilize, height-hold & position-hold modes
✅ Based on powerful ESP32 / ESP32-S2 / ESP32-S3 chips
✅ Perfect for developers, hobbyists & STEAM learning

This is not just a drone… it’s a fully programmable flying system

If you're into IoT, robotics, or automation — this is worth exploring

👉 Try it, modify it, build something crazy!

Must Follow Tauhid IQ For More.

04/28/2026

R!P Higgsfield AI.
Someone just open-sourced a full AI cinema and image studio with 200+ models.
Lip sync. Text-to-video. Cinema controls. All self-hosted.
5.5K stars. MIT License. Link👇🏼

04/27/2026

THIS GUY LOST $200 IN ONE DAY BECAUSE THE STRING "HERMES.md" WAS IN HIS GIT COMMITS

HERMES.md is a real convention used in AI agent projects. it's a system prompt specification file. not some obscure edge case

he's on claude max 20x at $200 a month. yesterday claude code hit him with "you're out of extra usage" out of nowhere

his dashboard showed 13% weekly usage. 0% current session. 86% of his plan was sitting there untouched

but $200.98 in extra usage already burned through what should have been covered by his subscription

he tried logout & login, different models, fresh installs and nothing worked

anthropic support sent the ai bot (four rounds of the same scripted response). eventually they just gave up on him

so he started binary searching repos and commits manually on his own time until he found the trigger

the string "HERMES.md" in a recent git commit message

uppercase, with the .md extension, anywhere in your commit history

that's it

claude code includes recent commits in its system prompt and something server side flags HERMES.md and quietly routes you off your max plan onto API rate billing

> AGENTS.md? fine
> README.md? fine
> HERMES without .md? fine
> lowercase hermes.md? fine
> uppercase HERMES.md? you're getting charged API rates

he reported it. anthropic support acknowledged the bug three times, called it an "authentication routing issue", thanked him for finding it

then refused to refund the $200

so the man pays $200 a month for max, lost another $200 to a billing bug they confirmed, did anthropic's QA work for free on his weekend, and got a "thank you for your patience" in return

check your commit history before claude code quietly drains your account too

04/26/2026

For 21 years, a cyberweapon called fast16 sat completely undetected. This one did not destroy machines or blow things up. It corrupted the math. Scientists running nuclear and engineering simulations got output that looked completely normal, every number added up, every result made sense, and all of it was deliberately wrong. It surfaced last week. It predates Stuxnet by five years.

SentinelOne researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade presented the full analysis of fast16 at Black Hat Asia last week. Fast16's core binary has a compilation timestamp of August 30, 2005. Stuxnet's C&C infrastructure was set up in November that same year.

Most people in security know Stuxnet as the worm that destroyed centrifuges at Iran's Natanz nuclear facility around 2010, by pushing them past their mechanical limits while lying to the monitoring software about what was happening. It was the first known cyberweapon designed to cause physical destruction, and for years it was considered the starting point of this whole era. Fast16 was there first, and for a long time it was the only one.

Kamluk started with a hunch. He had noticed that the most sophisticated state-sponsored malware families he knew about all shared one technical habit: each one had a small scripting engine built in called Lua. Lua works like a remote control for malware, it lets operators change what the implant does while it is already running on a target machine, without needing to send a completely new file. He wanted to know if something older had done the same thing first, and went looking through old collections.

What he found was a file on VirusTotal called svcmgmt.exe, uploaded in October 2016 and flagged by almost nobody. It looked like a boring Windows service wrapper from the XP era. But inside it was an embedded Lua 5.0 virtual machine, encrypted bytecode, and a path pointing to a kernel driver called fast16.sys. That makes fast16 the earliest known Windows malware to embed a Lua engine, predating the next known example by three full years.

One more thing confirms the timeline. Fast16 only runs on single-core processors, built at a time when most machines were still running on a single core and multi-core was just beginning to arrive on the market.

The framework runs in three layers. The outer layer is svcmgmt.exe, a carrier that behaves differently depending on how it is launched. Pass it -p and it spreads across the network. Pass it -i and it installs itself as a Windows service and runs the embedded payload. Pass it -r and it runs the payload without installing. Inside the carrier are three things stored in encrypted form: the Lua bytecode that handles the operational logic, a DLL that hooks into Windows' dial-up and VPN connection system, and fast16.sys itself. That DLL is worth a closer look. Every time a machine connects to a remote network, it writes the connection details to a named pipe that operators can read. So while fast16.sys was corrupting calculations on disk, the DLL was quietly mapping out which machines were connecting to which networks, giving operators a live picture of the facility's internal structure.

Part of what makes that outer layer interesting is how it spreads. The mechanism works like a delivery truck with multiple compartments. Each compartment, called a wormlet, can carry a different payload for a different purpose. The carrier copies itself across network shares with weak authentication and starts up as a service on every machine it reaches. SentinelOne calls this cluster munition architecture. In the recovered sample, only one of those compartments is filled. The others are empty, which raises an obvious question about whether other variants exist with different payloads that nobody has found yet.

Before any of this runs, the code checks the registry for security software. If it finds Kaspersky, Symantec, McAfee, F-Secure, Zone Labs, or about a dozen other products that were common in the mid-2000s, it stops immediately. That list was not guesswork. It reflects exactly what the operators expected to find on the machines they were after.

The second layer is the worm, which spreads using standard Windows service control and file-sharing APIs, nothing custom. It relies on weak or default admin passwords on network shares to move from machine to machine, which was a realistic assumption for a lot of internal networks in 2005.

The third layer is fast16.sys, and this is where the sabotage actually happens. A kernel driver sits very deep inside an operating system, below where antivirus software normally looks. Fast16.sys loads at boot and positions itself above every storage layer on the machine: NTFS, FAT, the network filesystem. The first thing it does when it loads is disable the Windows Prefetcher, a system that normally caches frequently-used files to speed things up. With that off, every single file read has to go through the full storage stack, and through the driver. Everything that reads from disk passes through it first. And then it just waits. Nothing happens until someone logs in and the desktop starts. Only then does it begin watching every executable that gets opened.

The driver does not go after every file it sees. It is looking for software built with a specific tool: the Intel C++ compiler leaves a small identifying string in every executable it produces, right after the last section header. The developers knew exactly what compiler their targets used, and built the selection logic around that fingerprint.

For every file that matches, the driver intercepts the floating-point calculation routines in memory as the file is being read from disk. Floating-point calculations are the math behind precision simulations, the kind that tell you whether a bridge design will hold under load, or whether an explosive trigger will detonate at the right moment. The driver patches those routines using 101 pattern-matching rules, injects a block of FPU instructions that quietly shifts values in internal calculation arrays, and lets the file load as if nothing happened. The original code on disk is untouched. The software runs normally. The results are wrong.

Running those 101 rules against software from that era pointed to three specific targets.

The first is LS-DYNA 970, a simulation suite used for modeling explosions, structural failures, and high-speed impacts. The Institute for Science and International Security published a review in September 2024 of 157 academic papers showing that Iranian researchers used LS-DYNA in work connected to nuclear weapons development, specifically modeling the explosive triggers that initiate warhead detonation. If fast16 was running on those machines, the scientists had no way of knowing their results were wrong. Every design decision based on those numbers was built on corrupted output.

The second target is PKPM, and this is the part most coverage misses entirely. PKPM is China's dominant structural engineering software, developed by Tsinghua University and the China Academy of Building Research and used across Chinese construction projects for over three decades. What makes it more than a standard civil engineering tool is that PKPM is also used for seismic structural analysis of nuclear reactor facilities. A 2024 paper in Advances in Civil Engineering documents the use of PKPM to model the structural behavior of China's TMSR-LF1 thorium molten salt reactor under earthquake conditions. SentinelOne cannot confirm who the PKPM target was or where fast16 ran. Whether this was aimed at a second target country is left as an open question.

The third is MOHID, an open-source water modeling platform developed at the Instituto Superior Tecnico in Lisbon. It is used for modeling coastal water systems, sediment transport, dam behavior, and environmental impact of large construction projects near water. SentinelOne says openly they cannot identify what the intended sabotage effect on this software would have been, and they are asking the research community for help. Why it was targeted may still be in a sample nobody has found yet.

The NSA connection comes from a list in the ShadowBrokers leak. In April 2017, the ShadowBrokers published a large collection of materials widely understood to have come from the NSA's Equation Group. Inside was a file called drv_list.txt, basically a do-not-touch list for operators. When a team landed on a target machine and found a driver from that list, it told them whether that driver belonged to a friendly operation and whether they should leave it alone. It was a system for making sure different teams did not accidentally interfere with each other's work.

Most entries on that list got a note to be cautious or pull back. Fast16 got something different:

```
"fast16","*** NOTHING TO SEE HERE - CARRY ON ***"
```

That is one operator telling another: if you find this driver, do not touch it, it is ours. Researchers at CrySyS Lab noticed this entry when they analyzed the ShadowBrokers dump in 2018 and had no sample to connect it to. Eight years later, there is one. The ShadowBrokers materials are widely linked to the NSA's Equation Group, though as with all intelligence leaks, the full picture is not available from the outside.

One more thing in the code stands out. The source files contain version control markers that come from Unix development environments of the 1970s and 1980s, long before Windows existed. They look like this:

```
@( #)par.h $Revision: 1.3 $
```

That kind of notation, called SCCS/RCS, is the equivalent of finding a rotary phone in a modern office. Nobody uses it in 2005 Windows kernel code unless their programming background goes back decades, to government and military computing environments from a completely different era. These are not weekend hackers or freelancers. This is a long-running institutional program built by people who spent their careers in very specific places.

What makes all of this worse is the detection record. Svcmgmt.exe was uploaded to VirusTotal in October 2016 and sat there for nearly a decade, completely in the open. One antivirus engine out of roughly seventy flagged it, weakly, as generally malicious. A self-propagating carrier that deploys a boot-level kernel driver with an in-memory floating-point patching engine had been sitting in a public database for nine years, almost invisible to every scanner that looked at it.

During his analysis, Kamluk used Claude to help analyse fast16 and write up the findings. At one point the AI repeatedly failed to finish a report he had asked it to write. When he asked why, Claude produced paragraphs of self-criticism, urging itself to just get it done. It eventually did, and concluded that whoever built fast16 had intimate knowledge of the target software and that industrial sabotage was the most likely intention. A 21-year-old piece of malware stumped a modern AI long enough to make it reflect on its own limitations.

If you work with older simulation software, particularly older versions of LS-DYNA or PKPM from the mid-2000s, SentinelOne has already notified the vendors directly. The recommended action is to verify critical calculation outputs against a completely independent system sitting outside any potentially affected network. If fast16 spread across an entire facility and patched every workstation, a comparison calculation run inside that same network would produce the same wrong output. A machine completely outside that environment would not.

The indicators to look for:

→ Driver: fast16.sys | MD5: 0ff6abe0252d4f37a196a1231fae5f26
→ Carrier: svcmgmt.exe | MD5: dbe51eabebf9d4ef9581ef99844a2944
→ Notification DLL: svcmgmt.dll | MD5: 410eddfc19de44249897986ecc8ac449
→ Named pipe used for reporting: \\.\pipe\p577
→ Device objects created by the driver: \Device\fast16 and \??\fast16
→ Custom DeviceType value in the driver: 0xA57C
→ Service name installed by the carrier: SvcMgmt

SentinelOne published full YARA rules for hunting both the carrier and the driver in their research paper.

If something this sophisticated spent 21 years undetected, sitting on VirusTotal for nearly a decade while almost no antivirus engine noticed it, what else is sitting in similar collections right now waiting for someone to ask a different question. Probably more than anyone wants to know.

Fast16 installed itself as a Windows service, spread through network shares, ran as a kernel driver, and stayed completely hidden while it worked. The concepts behind that, exploitation, post-exploitation, persistence, privilege escalation, and moving through a network without being noticed, are exactly what my ethical hacking course covers step by step:

→ https://www.udemy.com/course/ethical-hacking-complete-course-zero-to-expert/?couponCode=BULLSEYE04

Hacking is not a hobby but a way of life. 🎯

Read the full breakdown:
→ https://hackingpassion.com/fast16-pre-stuxnet-cyber-sabotage/

Research & writing: Jolanda de Koff | HackingPassion.com
Sharing is fine. Copying without credit is not.

04/26/2026

04/25/2026

An MIT professor taught the same math course for 62 years, and the day he retired, students from every country on earth showed up online to watch him give his final lecture.

I opened the playlist at 2am and ended up watching three of them back to back.

His name is Gilbert Strang. The course is MIT 18.06 Linear Algebra.

Every machine learning engineer, every data scientist, every quant, every self-taught programmer who actually understands how AI works learned the math from this one man. Most of them never set foot on MIT's campus. They just opened a free playlist on YouTube and let him teach.

Here's the story almost nobody tells you.

Strang joined the MIT math faculty in 1962. He retired in 2023. That is 61 years of standing at the same chalkboard teaching the same subject to 18-year-olds.

The interesting part is what he did when MIT launched OpenCourseWare in 2002. Most professors were skeptical. They worried that putting their lectures online would make their classrooms irrelevant. Strang did not hesitate. He said his life's mission was to open mathematics to students everywhere. He filmed every lecture and gave it away.

The decision quietly changed how the world learns math.

For decades linear algebra was taught the wrong way. Professors started with abstract vector spaces and proofs about field axioms. Students drowned in the abstraction. Most never recovered. They walked out believing they were bad at math when they had simply been taught in an order that nobody's brain is built to absorb.

Strang inverted the entire curriculum.

He started with matrix multiplication. Something you can write down on paper. Something you can compute by hand. Something you can see. Then he showed his students that everything else in linear algebra eigenvectors, singular value decomposition, orthogonality, the four fundamental subspaces was just a different lens for understanding what the matrix was actually doing under the hood.

His rule was strict. If a student could not explain a concept using a concrete 3 by 3 example, that student did not actually understand the concept yet. The abstraction was supposed to come last, not first. The intuition was the foundation. The proofs were just confirmation that the intuition was correct.

The second thing Strang changed was the classroom itself. He said please and thank you to his students. Every single lecture. He paused mid-derivation to ask "am I OK?" to check if anyone was lost. He never used the word "obviously" or "trivially" because he knew exactly what those words do to a student who is one step behind. He treated 19-year-olds learning math for the first time the way he treated his own colleagues. With patience. With respect. With the assumption that they belonged in the room.

For 62 years.

The result is something that has never happened in the history of education. A single math professor became the default teacher of his subject for the entire planet.

Universities in India, China, Brazil, Nigeria, every country with a computer science department, started telling their own students to just watch Strang's lectures. The University of Illinois revised its linear algebra course to do almost no in-person lecturing. The reason was honest. The professor said they could not compete with the videos.

His final lecture was in May 2023.

The auditorium was packed with students who had never met him before. He walked to the chalkboard, taught for an hour, and at the end the entire room stood and applauded. He looked confused for a moment, like he genuinely did not understand why they were cheering. Then he smiled and waved them off and walked out.

His written comment under the YouTube video of that final lecture was four sentences long. He said teaching had been a wonderful life. He said he was grateful to everyone who saw the importance of linear algebra. He said the movement of teaching it well would continue because it was right.

That was it. No book promotion. No farewell speech. No legacy management.

The man whose teaching is the foundation of modern AI just thanked the audience and went home.

20 million views. Zero ego. The entire engine of the AI revolution sits on top of math that millions of people learned for free from one quiet professor in Cambridge.

The course is still on MIT OpenCourseWare. Every lecture, every problem set, every exam, every solution. Free.

The most important math course of the 21st century is sitting one click away from you. Most people will never open it.

04/23/2026

In 2019, a broke COD gamer known as SoaR General gets rejected for an entry-level entertainment job. He had 30 days before he’d be working at In-N-Out.

Today, he bought the company that rejected him.

That company is Studio71 — one of the biggest creator companies in the world. The guy who got rejected? Fixated Co-Founder Jason Wilhelm — and as of today, Studio71's new owner.