sudo rm -rf --no-preserve-root /

@pcaversaccio

163 Following

2898 Followers

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

"Make Ethereum Cypherpunk Again" isn't simply a slogan for me — it's a statement of intent. This isn't branding. It's resistance. This isn't about playing nice. It's about reclaiming Ethereum's soul! Look it's very simple: Ethereum must provide privacy _unconditionally_. Today, it operates in a partial, opt-in model, forcing users to jump through hoops just to conceal their financial lives. That's not sovereignty — it's submission. Enough compromises. We need privacy by default. Over the past weeks, I've written a potential path forward — a vision for Ethereum as a maximally private, self-sovereign financial system. Read it. Challenge it. Improve it. Let's co-create it. Make Ethereum Cypherpunk Again. https://hackmd.io/@pcaversaccio/ethereum-privacy-the-road-to-self-sovereignty

2 replies

5 recasts

47 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

folks, can we please fucking stop normalising `curl | bash` as an installation method (yes, I'm also looking at you Foundry)? It's a _massive_ footgun that blindly executes remote code with zero verification. You're literally giving arbitrary internet bytes root access to your machine. This bypasses _decades_ of hard-earned lessons about secure software distribution. Just vibes and a prayer that the server wasn't compromised five minutes ago. If you're building tooling for developers, do better. If you're a developer using this, you know better.

1 reply

2 recasts

9 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Dropping some thoughts as this concerns me a lot lately: - What happens when a DPRK-backed persona slips into Ledger, Trezor, MetaMask, etc.? - What happens when client teams get compromised from within, turning trusted core devs into silent attack vectors? - What happens if the Kim boys start tampering with the cryptographic libraries we all rely on? (we don't know if this already happened btw...) So far, the attacks have targeted individual projects. The next phase? My guess is a full-scale takeover of the infra that holds our ecosystem together. Look, it's pretty simple: the threat model isn't just shifting—it's escalating. Every move you make without paranoia is an opening for state-sponsored actors to dig in deeper. If you're not fucking questioning everything, you're already playing their game. This industry's long-term survival depends on its foundational pillars operating in a constant state of paranoia. Like it or not.

1 reply

2 recasts

12 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

EOF: When Complexity Outweighs Necessity https://hackmd.io/@pcaversaccio/eof-when-complexity-outweighs-necessity A lot of time and energy went into this new deep dive on EOF. We break down its supposed benefits and argue they're more "nice-to-haves" than essential upgrades. Instead of adding complexity, we highlight cleaner, less disruptive solutions that achieve the same goals. EOF's objectives are solid—but there's a smarter way to get there. I would like to highlight that the authors and contributors of this post represent the full EVM stack—from VM and formal specification maintainers to compiler engineers, application developers, and library creators. Please reflect on this guys. If you got feedback, let us know here: https://ethereum-magicians.org/t/ethereum-is-turning-into-a-labyrinth-of-unnecessary-complexity-with-eof-lets-reconsider-eof/23136 https://x.com/pcaversaccio/status/1900200732000759892

2 replies

15 recasts

77 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

0 reply

0 recast

10 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look guys, the Pectra fork upgrade issues on Holesky and Sepolia are a stark reminder that even seemingly 'trivial' changes can unravel into major disruptions (check how many days Holesky was down). Complexity isn't always obvious—it lurks beneath the surface, waiting to break things (and it will happen ultimately). And while not the root cause here, adding 19 opcodes while removing 16 in one upgrade is simply reckless, IMHO. The PoS transition was a necessity—EOF is not! We can and should evolve _incrementally_, strengthening Ethereum without inviting chaos.

3 replies

8 recasts

48 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

The latest Vyper version `0.4.1` got released over the weekend and to make anyone's life easy, I just published a 🐍 snekmate release candidate `0.1.1rc1` targeting the latest Vyper version. Simply install via: ``` pip install snekmate==0.1.1rc1 ``` For the full CHANGELOG of the yet-to-be published snekmate `0.1.1` version (expect it in around 2-3 weeks), see here: https://github.com/pcaversaccio/snekmate/blob/main/CHANGELOG.md. Btw, that's how an `erc4626` contract looks like using 🐍 snekmate modules :D https://x.com/vyperlang/status/1896511448492433917

0 reply

1 recast

8 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

People keep asking me since days how to secure their systems and what the best strategy is. I will be very honest with you all as I'm always. If you want real security (and there will be never 100% security), it's not (just) about tools—it's about fucking mindset. At least 80% of it is pure paranoia. You and your team (can be a small DeFi project, can be a large CEX, ...) need to be paranoid as fuck. Drill it into them. Make it second nature. That's how you cut down risk, big time. The human factor is always the weakest link—no tech can _fully_ fix human fuck-ups. Sure, we'll kill blind signing, we'll upgrade our tools, but people will always be the problem. The only way to fix that? Train them to be fucking paranoid. There are no fucking shortcuts. If you have 900 employees, it's the leader's job to make sure all 900 are paranoid as fuck. You'll say that doesn't scale? Maybe not—but if u don't do it, you're effectively gambling with everything. And when shit goes wrong, the price u pay will be brutal.

2 replies

0 recast

12 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look, it's actually pretty simple: UIs, infra, dependencies etc. can and will be corrupted. When you hit the buttons on the hardware device, that's when you need to be 100% sure what you sign. The MOST important part is the screen on your hardware device and what it displays and that you 100% understand what it implies. If you're not 100% sure, don't hit the buttons. NEVER. People need to become paranoid. They need to understand that you're one signature away from being rekt. It's IMHO 80% at least mindset. That's the price of self-sovereignty and asymmetric cryptography. How to make verification easier is another question, or what kind of guardrails should be built. Nr. 1 priority is that you ALWAYS understand WHAT you sign.

3 replies

12 recasts

88 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

EOF introduces excessive complexity all at once, and the benefits—mainly aiding static analysers—don't justify it, sorry. Dude, I was reading `TXCREATE` this morning again since I wanted to provide feedback on the PR: https://eips.ethereum.org/EIPS/eip-7873#execution-semantics - we do NOT need this complexity in one go. Period.

0 reply

14 recasts

40 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

This is so fucking cool - https://godbolt.org finally supports Vyper code! A s/o to Statemind for shipping the support here: https://github.com/compiler-explorer/compiler-explorer/pull/7088. Now you can visually debug Vyper-generated bytecode. anon, don't be afraid to touch the snake, you will enjoy it :)

1 reply

1 recast

17 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Ethereum is this fucking phenomenal economic playground—the biggest we'll witness in our lifetime. It's a wild frontier, open to boundless experimentation, but that also means it's a hunting ground for criminals. The real issue isn't just scams or crime (and yeah, I'm not downplaying them to be clear); it's that, after a decade, we've utterly failed to deliver killer applications that the average person actually gives a shit about (if you reply with stablecoins I will report your tweet as spam lol). Crime thrives—and screams—because it's one of the only undeniable use cases (so far). The tech itself isn't broken; WE are fucking up its application. The systems we build can't float in some idealistic vacuum—they need to be rooted in social consensus and real-world utility. And so far, we've spectacularly failed to drive mass adoption of anything that truly moves the needle for everyday people.

4 replies

2 recasts

17 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Starting the case here for "hedged signatures". If anyone has a specific view / opinion, let me know in the thread: https://ethresear.ch/t/hedged-signatures-ftw/21757

1 reply

6 recasts

26 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

If you get scammed by presidential meme tokens, that's on you at first. It's your fucking degeneracy that makes you trade real money for pure stupidity. We're all grown-ass adults who can think, right? It's your fucking responsibility to use your brain, or are you just puppets dancing to the next social media post? Let me be very clear here: If you lose money trading meme tokens, you fucking deserve it.

1 reply

5 recasts

18 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Before anyone panics, if wallets strictly follow RFC 6979 (nonces are derived deterministically from the hashed message), their input-to-bytes conversion is not erroneous, and doesn't allow custom nonce injection, everything should be safe. https://github.com/advisories/GHSA-vjh7-7g9h-fjfh I'm all for experimenting with hedged signatures, just like Paul suggests. Thankfully, this time, the vulnerability isn't completely devastating, but who knows what might happen next time. Let's give hedged signatures a try and see how it goes. One thing I personally like a lot is that hedged signatures don't have a single point of failure (eg. the nonce k) but require someone to break randomness _and_ the generation process. https://warpcast.com/paulm/0x2b0097b6

0 reply

1 recast

13 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look guys, Ethereum's protocol is neutral, people aren't—and that's the beauty of it! Our main focus should be on preserving that neutrality at the core. I mean, Ethereum's success story is built on neutrality (post DAO hard fork). Also, its future depends on preserving that core neutrality and enshrining privacy features right into the foundational layer (controversial take here is that privacy matters more than scalability). Let's all focus on this and not if people make jokes about communism.

1 reply

2 recasts

18 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

First of all, don't panic, your keys are all safe. If you are integrating the Coinbase SDK version range 4.0.0 - 4.2.4, please upgrade to version 4.3.0. If you are using version 3.x.y, go have a beer and enjoy the weekend. https://github.com/coinbase/coinbase-wallet-sdk/security/advisories/GHSA-8rgj-285w-qcq4

0 reply

1 recast

14 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Picture if all the resources poured into L2/L3 grifts had been directed at improving L1 directly. Picture a world without "select/add network", where shielded transactions are the standard, and an L1 with snooth cross-shard communication. But no, instead, we chose to become world champions at misallocating both brainpower and money.

1 reply

4 recasts

18 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Finally we're scaling on L1; just realised that we already broke the 35m gas limit 3hrs ago. LFG.

2 replies

2 recasts

19 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

"Coinbase is the best company in crypto and there is no second best for skiddies."

0 reply

0 recast

6 reactions