sudo rm -rf --no-preserve-root /

@pcaversaccio

156 Following

3000 Followers

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

EOF: When Complexity Outweighs Necessity https://hackmd.io/@pcaversaccio/eof-when-complexity-outweighs-necessity A lot of time and energy went into this new deep dive on EOF. We break down its supposed benefits and argue they're more "nice-to-haves" than essential upgrades. Instead of adding complexity, we highlight cleaner, less disruptive solutions that achieve the same goals. EOF's objectives are solid—but there's a smarter way to get there. I would like to highlight that the authors and contributors of this post represent the full EVM stack—from VM and formal specification maintainers to compiler engineers, application developers, and library creators. Please reflect on this guys. If you got feedback, let us know here: https://ethereum-magicians.org/t/ethereum-is-turning-into-a-labyrinth-of-unnecessary-complexity-with-eof-lets-reconsider-eof/23136 https://x.com/pcaversaccio/status/1900200732000759892

2 replies

11 recasts

44 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

0 reply

0 recast

11 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look guys, the Pectra fork upgrade issues on Holesky and Sepolia are a stark reminder that even seemingly 'trivial' changes can unravel into major disruptions (check how many days Holesky was down). Complexity isn't always obvious—it lurks beneath the surface, waiting to break things (and it will happen ultimately). And while not the root cause here, adding 19 opcodes while removing 16 in one upgrade is simply reckless, IMHO. The PoS transition was a necessity—EOF is not! We can and should evolve _incrementally_, strengthening Ethereum without inviting chaos.

3 replies

8 recasts

55 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

The latest Vyper version `0.4.1` got released over the weekend and to make anyone's life easy, I just published a 🐍 snekmate release candidate `0.1.1rc1` targeting the latest Vyper version. Simply install via: ``` pip install snekmate==0.1.1rc1 ``` For the full CHANGELOG of the yet-to-be published snekmate `0.1.1` version (expect it in around 2-3 weeks), see here: https://github.com/pcaversaccio/snekmate/blob/main/CHANGELOG.md. Btw, that's how an `erc4626` contract looks like using 🐍 snekmate modules :D https://x.com/vyperlang/status/1896511448492433917

0 reply

1 recast

7 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

People keep asking me since days how to secure their systems and what the best strategy is. I will be very honest with you all as I'm always. If you want real security (and there will be never 100% security), it's not (just) about tools—it's about fucking mindset. At least 80% of it is pure paranoia. You and your team (can be a small DeFi project, can be a large CEX, ...) need to be paranoid as fuck. Drill it into them. Make it second nature. That's how you cut down risk, big time. The human factor is always the weakest link—no tech can _fully_ fix human fuck-ups. Sure, we'll kill blind signing, we'll upgrade our tools, but people will always be the problem. The only way to fix that? Train them to be fucking paranoid. There are no fucking shortcuts. If you have 900 employees, it's the leader's job to make sure all 900 are paranoid as fuck. You'll say that doesn't scale? Maybe not—but if u don't do it, you're effectively gambling with everything. And when shit goes wrong, the price u pay will be brutal.

2 replies

0 recast

11 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look, it's actually pretty simple: UIs, infra, dependencies etc. can and will be corrupted. When you hit the buttons on the hardware device, that's when you need to be 100% sure what you sign. The MOST important part is the screen on your hardware device and what it displays and that you 100% understand what it implies. If you're not 100% sure, don't hit the buttons. NEVER. People need to become paranoid. They need to understand that you're one signature away from being rekt. It's IMHO 80% at least mindset. That's the price of self-sovereignty and asymmetric cryptography. How to make verification easier is another question, or what kind of guardrails should be built. Nr. 1 priority is that you ALWAYS understand WHAT you sign.

3 replies

11 recasts

81 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

EOF introduces excessive complexity all at once, and the benefits—mainly aiding static analysers—don't justify it, sorry. Dude, I was reading `TXCREATE` this morning again since I wanted to provide feedback on the PR: https://eips.ethereum.org/EIPS/eip-7873#execution-semantics - we do NOT need this complexity in one go. Period.

0 reply

14 recasts

34 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

This is so fucking cool - https://godbolt.org finally supports Vyper code! A s/o to Statemind for shipping the support here: https://github.com/compiler-explorer/compiler-explorer/pull/7088. Now you can visually debug Vyper-generated bytecode. anon, don't be afraid to touch the snake, you will enjoy it :)

1 reply

0 recast

18 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Ethereum is this fucking phenomenal economic playground—the biggest we'll witness in our lifetime. It's a wild frontier, open to boundless experimentation, but that also means it's a hunting ground for criminals. The real issue isn't just scams or crime (and yeah, I'm not downplaying them to be clear); it's that, after a decade, we've utterly failed to deliver killer applications that the average person actually gives a shit about (if you reply with stablecoins I will report your tweet as spam lol). Crime thrives—and screams—because it's one of the only undeniable use cases (so far). The tech itself isn't broken; WE are fucking up its application. The systems we build can't float in some idealistic vacuum—they need to be rooted in social consensus and real-world utility. And so far, we've spectacularly failed to drive mass adoption of anything that truly moves the needle for everyday people.

4 replies

0 recast

14 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Starting the case here for "hedged signatures". If anyone has a specific view / opinion, let me know in the thread: https://ethresear.ch/t/hedged-signatures-ftw/21757

1 reply

5 recasts

27 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

If you get scammed by presidential meme tokens, that's on you at first. It's your fucking degeneracy that makes you trade real money for pure stupidity. We're all grown-ass adults who can think, right? It's your fucking responsibility to use your brain, or are you just puppets dancing to the next social media post? Let me be very clear here: If you lose money trading meme tokens, you fucking deserve it.

1 reply

4 recasts

19 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Before anyone panics, if wallets strictly follow RFC 6979 (nonces are derived deterministically from the hashed message), their input-to-bytes conversion is not erroneous, and doesn't allow custom nonce injection, everything should be safe. https://github.com/advisories/GHSA-vjh7-7g9h-fjfh I'm all for experimenting with hedged signatures, just like Paul suggests. Thankfully, this time, the vulnerability isn't completely devastating, but who knows what might happen next time. Let's give hedged signatures a try and see how it goes. One thing I personally like a lot is that hedged signatures don't have a single point of failure (eg. the nonce k) but require someone to break randomness _and_ the generation process. https://warpcast.com/paulm/0x2b0097b6

0 reply

3 recasts

17 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look guys, Ethereum's protocol is neutral, people aren't—and that's the beauty of it! Our main focus should be on preserving that neutrality at the core. I mean, Ethereum's success story is built on neutrality (post DAO hard fork). Also, its future depends on preserving that core neutrality and enshrining privacy features right into the foundational layer (controversial take here is that privacy matters more than scalability). Let's all focus on this and not if people make jokes about communism.

1 reply

2 recasts

18 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

First of all, don't panic, your keys are all safe. If you are integrating the Coinbase SDK version range 4.0.0 - 4.2.4, please upgrade to version 4.3.0. If you are using version 3.x.y, go have a beer and enjoy the weekend. https://github.com/coinbase/coinbase-wallet-sdk/security/advisories/GHSA-8rgj-285w-qcq4

0 reply

1 recast

15 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Picture if all the resources poured into L2/L3 grifts had been directed at improving L1 directly. Picture a world without "select/add network", where shielded transactions are the standard, and an L1 with snooth cross-shard communication. But no, instead, we chose to become world champions at misallocating both brainpower and money.

1 reply

4 recasts

20 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Finally we're scaling on L1; just realised that we already broke the 35m gas limit 3hrs ago. LFG.

2 replies

2 recasts

23 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

"Coinbase is the best company in crypto and there is no second best for skiddies."

0 reply

0 recast

6 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

The crypto bubble keeps circle jerking about how mass adoption is just around the corner, completely ignoring that this bold experiment started a _decade_ ago. The only real "adoption" we've seen so far is people getting rugged, phished, or scammed (& stablecoins tbf). I love Ethereum — it's a unique economic playground that's never been seen before — but let's be real: we've completely failed (so far) to bring the other 99% of the world into this thing. I know, I know, we keep working on it, but let's just admit it, please, and don't defend the meme tokens as mass adoption for gambling addicts.

10 replies

8 recasts

60 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

guys, since people continue falling victim to attacks, here's another malware scheme that's been making the rounds recently: Scammers lure victims into a fake job interview using a fraudulent video conferencing application (tbh, that's nothing new). Now the application tricks users into thinking their camera isn't working, prompting (or being instructed) them to run a command shown in the first screenshot. Executing this command triggers a script that installs a Trojan on their device (as seen in the second screenshot). I obtained the malware for both ARM64 and x86_64 architectures and uploaded it to VirusTotal: - ARM64 VT hash: 0a49f0a8d0b1e856b7d109229dfee79212c10881dcc4011b98fe69fc28100182 - x86_64 VT hash: c6774961e12c14b91f6673ad47ce44d489cdbdd193e031ded367a36f531b6ab9 This is again a warning - PLEASE DO NOT INVOKE RANDOM CODE SOME RANDOM DUDES/APPLICATIONS SHARE WITH YOU. It can completely wreck you.

2 replies

7 recasts

32 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

ngl, SuckDeep would be a great name for the AI company that achieves AGI

1 reply

1 recast

7 reactions