chicken

Here is a reddit thread and an article that give a little more context. Governance (voting based on how many TORN tokens you had) was only over the non-immutable parts of the project (like the domain for the website), which were all replaceable and not strictly needed to use it. TORN was initially airdropped to wallets that had used Tornado Cash previously in a one-time event, they then mostly sold it on the market. TORN tokens weren't needed to actually use TC, and the money was coming from a separate group of people trying to invest, rather than users.

So I guess it could be fair to say the project as a whole got hacked, but I think it's a crucial detail that the smart contracts under legal scrutiny in the sanctions case here, the ones that had user's money-to-be-anonymized in them, were not.

Sounds like they made off with $900k of currency that had belonged to the users of the service before they got involved, no?

What you wrote made it sound like "Tornado Cash" as in the privacy tool got hacked, which would lead to the assumption that its operation was disrupted or it was proven insecure, so just wanted to clarify that is not the case.

One developer got sentenced to 5 years in the Netherlands, one is still at large, and one… is now fine because of a change of US policy? Do I have all that right? I couldn’t completely make sense of it.

I believe Roman Storm (the one in the US) is still facing charges, but it's way more likely to go well for him after the precedent set in the sanctions case. The way that case went isn't directly because of US policy, though the choice not to appeal to a higher court could be considered a result of US policy. It's still possible he'll lose and get sent to prison.

Yeah it does get a little complicated... a few small corrections:

• Afaik the devs were not actually directly involved in laundering money, this is something prosecutors were/are trying to say on the basis of, they wrote the software, so when people used the software to launder money it's their fault. Government asked them to stop the money laundering, they responded with explaining how that's not how it works and literally impossible, then they got arrested, but the tool remained usable because it didn't depend on them to run, they had no control over it. I might be missing something on this one but that's my understanding.

• The hack was of "governance tokens" (basically a glorified memecoin), which are entirely disconnected/separate from the Tornado Cash smart contracts used for anonymizing funds that were under the removed sanctions, which themselves never stopped working.

My bias here is, I'm a fan of the blog of lawyers doing the defense on these cases, they have written a lot on this topic if anyone's interested

The whole reason the sanctions were ruled to be illegal by the courts is that it isn't a service. The law does not give OFAC authority to make it a felony for people to use open source software, that isn't what sanctions are for.

To me the disadvantage would be, the library likely does many more things than just what you need it for, so there is way more code, so you probably can't realistically read and understand it yourself before incorporating it. This would lead to among other issues the main thing that irritates me about libraries; if it turns out something in it is broken, you are stuck with a much bigger debugging problem where you first have to figure out how someone else's code is structured.

Although I guess that doesn't apply as much to implementations of common algorithms like OP since the library is probably solid. I would consider favoring LLM code over most anything off npm though.

tbf most of these problems can be solved by murder drones

Having fewer/no dependencies is nice though

That's not quite the same thing as it not being scalable

Why not?

A parody of one franchise, using a parody of a parody of a different one.

https://www.livescience.com/32435-why-cant-humans-eat-grass.html

Lignin can be hard to break down by human stomachs. Not only that, but the lignin in food can actively inhibit the access nutritional benefits of other types of digestible fiber

Your dentist would not be pleased; grass contains a lot of silica, an abrasive which quickly wears down teeth. Grazing animals have teeth that are adapted to continually grow, replacing the worn tooth surfaces quickly

Compatibility problems caused by third parties only targeting Windows are still Linux issues for the end user if they become a problem when they use Linux. It isn't fair but that is the practical reality.