sudo rm -rf --no-preserve-root /

@pcaversaccio

153 Following

3142 Followers

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

today I was looking again into BLAKE3 and I'm getting more and more convinced that we should add it to the EVM. Thoughts? Like, it's way more efficient than SHA-256 and - maybe this is just my paranoia - SHA-256 was designed by the NSA... interesting fact, the Beacon deposit contract uses SHA-256 12 times. for reference: https://github.com/BLAKE3-team/BLAKE3

3 replies

45 recasts

160 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

One thing that the Bitcoin ecosystem does better IMHO than the Ethereum ecosystem is that it doesn't trade principles for money. Too many such cases. Principles built Ethereum into what it is—don't let it sell out. It's not too late yet, but it could be soon.

4 replies

12 recasts

168 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Ethereum is fucking missing the plot. Looking at Devcon talks, everyone's obsessed with scaling the thing, but (almost) no one's talking about what really matters—financial privacy. It's like we've all collectively forgotten that financial privacy is the real fucking foundation of freedom. We're too busy trying to pump throughput, but here's the thing: if Ethereum truly wants to be the backbone of global financial freedom, it needs to go all in on privacy. If that means sacrificing some scalability for true privacy, so be it. Let's stop pretending we're building the global economic base layer without giving a damn about who's watching.

2 replies

0 recast

13 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Today I deployed `CreateX` on the 100th EVM-based chain. I'm fucking proud of the traction and the ecosystem-wide utility the contract factory I built with @msolomon.eth has generated. On the other hand, I'm genuinely concerned about the insane number of chains out there. EVM fragmentation is fucking real, and I'm really questioning why we need this many chains in our ecosystem. I'm sorry guys, but that's not how we scale Ethereum IMHO. Either way, the contract factory is out there, free for anyone to use—even if you don't agree with me: https://github.com/pcaversaccio/createx PS: We also have a nice website here: https://createx.rocks.

0 reply

2 recasts

15 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Ever wondered how to locally sign and encrypt an email with GPG? Maybe not—but if you're curious, I've got a quick guide for you. You might ask, *why bother?* Well, some people prefer to keep their PGP private key(s) on a super-minimal cold device. With this setup, you can sign and encrypt an email on that offline device, transfer the encrypted file however you like (QR code, USB stick, etc.), and send it from a more accessible, "hot" device. Or maybe you've got a basic Gmail account but still want to send signed and encrypted emails directly from the web client without installing any extensions. Now you can. https://github.com/pcaversaccio/gpg-sign-and-encrypt

1 reply

0 recast

4 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Give me a break. Vyper has been in talks with the EF for months about a grant, only for them to turn us down for a single year of funding while throwing support behind the Argot Collective for 5–10 years? EF, do whatever you fucking want with your money—but understand this: Vyper is building a real compiler that's powering _real_ projects in production like Curve, Lido, and Yearn. It's free, independent, and foundational to Ethereum's infrastructure. If you can't recognise that, then you're absolutely blind to what actually matters in this space. This is a fucking bad signal! https://x.com/argotorg/status/1851947523910316105

0 reply

1 recast

10 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look, over a year ago, we knew we fucked up. A vulnerability in older Vyper compiler versions hit several Curve Finance liquidity pools hard. Did we back down? Fucking no. We own that shit and are hell-bent on ensuring it never happens again. Since then, the compiler team has been relentlessly focused on security. We've pulled off 12 audits, locked in 2 security experts, launched 2 bug bounty programs, hosted a security contest, and set up a monitoring system—all while addressing over 100 findings. Vyper is dead—long live Vyper! PS: We're still heavily underfunded as a compiler team, thus any support is highly appreciated! https://x.com/vyperlang/status/1850919610280710316

0 reply

2 recasts

8 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

In light of the recent incident at Radiant and the clear challenges of verifying multisig transactions on a Ledger device, I've built a simple Bash script designed to simplify the process. This script generates the domain, message, and Safe transaction hashes, making it easier to cross-check them with the values displayed on your Ledger hardware wallet. All you need to provide are the network name, multisig address, and transaction nonce. It supports all Safe networks, and I hope it will serve as a useful tool to temporarily ease the burden of blind signing verification for multisig transactions. Eventually, make sure to check out the trust assumptions laid out in the README for this script. https://github.com/pcaversaccio/safe-tx-hashes-util

4 replies

40 recasts

83 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

To be honest guys, the last few days hit hard—it's obvious we're nowhere near "solving" hacks in our industry. "Fixing" security? It feels like chasing a mirage. Anyone out there claiming they can prevent this or that? Nice try, but threat actors will always find other backdoors. Security is a holistic game, and right now, we're fucking failing to secure holistically our entire ecosystem. I know the truth hits hard, but it has to be said.

1 reply

0 recast

12 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Over the past few years, I've seen countless folks scrambling to recover tokens from compromised wallets besieged by sweeper bots. So, I decided to take action and create an open-source (white hat) frontrunning script designed to outsmart these fuckers and recover vulnerable funds. This Bash script is all about simplicity, built with minimal dependencies and leveraging only the native tools found in Linux, along with Foundry's cast and chisel. My hope is that this script becomes a powerful ally for victims and their tech-savvy allies, helping them reclaim at-risk funds and regain control over their assets—totally independent of any third-party support 🫡. https://github.com/pcaversaccio/white-hat-frontrunning

4 replies

4 recasts

22 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Yeah, we can keep playing this game for years. L2 launches with a fucking drop-down menu, and everyone pats themselves on the back over 'technical improvements,' while real people keep getting screwed by simple permit phishing. Are you all out of your fucking minds? We don’t need ten half-baked solutions—we need one fucking chain that actually works for everyone.

2 replies

0 recast

11 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

We're fucking drowning in SEAL 911 tickets every damn day, with people getting drained left and right. It's brutal, and the reality is we're nowhere near fixing this. The harsh truth? Most of these tickets are coming from basic web2 issues—phishing, malware, the usual bullshit. No amount of smart contract audits is going to save these people. This is the biggest security nightmare our industry faces currently.

3 replies

1 recast

13 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

In a world dominated by dependency bloat, it's refreshing to see tools that minimise dependencies. These Ethereum utility Bash scripts run seamlessly without installation, utilising only the standard components of a typical Linux machine. https://github.com/jrhea/bashquiat

0 reply

6 recasts

118 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Remember guys that paranoia is prudence. Those who survive long-term here (try to) verify every transaction, scrutinise every smart contract, and trust no central authority. By delegating nothing (or at least trying not to) and validating everything themselves, the paranoid mitigate risks of hacks, scams, and system failures. This hyper-vigilance, while taxing, ensures longevity in our space where a single misstep can be catastrophic. Being paranoid is an important trait. Don't delegate it to someone else.

0 reply

0 recast

6 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

The engineers who excel in autocomplete will be the first ones to be replaced by LLMs.

1 reply

0 recast

6 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Pretty wild timeline on the latest high severity bug in Bitcoin Core. ~5.5 years from reporting the issue to public disclosure. If you check now the user agents via https://bitnodes.io/nodes, you can see that almost ~17% of the running nodes are still at risk. The major patch was shipped in 2022 via PR: https://github.com/bitcoin/bitcoin/pull/25717. https://bitcoincore.org/en/2024/09/18/disclose-headers-oom

1 reply

0 recast

7 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

a painful Monday so far

2 replies

0 recast

6 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

1/ Throughout reading the reverse engineering attempt of `bigbrainchad.eth` I got reminded how program obfuscation is actually the ultimate cryptographic primitive and the way to general-purpose privacy-preserving smart contracts. Think about it like that: An obfuscator allows a program (in this context a code run via the EVM) to be obfuscated in such a way so it is _impossible_ to disassemble, impossible to modify, but still possible to execute. You are not able to learn anything about the program, except what you can learn from inputs and outputs. I think Ethereum is still in its infancy here and I'd like to see more efforts at program obfuscation. https://x.com/jtriley_eth/status/1834692924204105915

2 replies

0 recast

8 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Some historical piece on Ethereum <> Reentrancy. In August _2014_ (2 years (!) before the DAO reentrancy hack) Andrew Miller (aka @socrates1024) warned Vitalik & Gavin on the danger or reentrant contracts. But at least Gav seemed blind to the fact that this could become a serious problem one day... https://web.archive.org/web/20170311025657/https://forum.ethereum.org/discussion/1317/reentrant-contracts

1 reply

1 recast

6 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

So I was cleaning up my Telegram groups recently and wanted an easy way to count how many I'm still in. Well, guess what, it turns out there's no simple way to do that, so I put together a quick Python script to check. I'm still in over 500 groups 💀... https://github.com/pcaversaccio/telegram-group-counter

1 reply

0 recast

5 reactions