sudo rm -rf --no-preserve-root /

@pcaversaccio

163 Following

2896 Followers

Vitalik Buterin pfp

Vitalik Buterin

My own current privacy roadmap (much lighter on L1 changes, but also more limited in its consequences): https://ethereum-magicians.org/t/a-maximally-simple-l1-privacy-roadmap/23459 Highly encourage people to read both! https://x.com/pcaversaccio/status/1909939119037313255

29 replies

100 recasts

433 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

yeah - finding the right, future-proof standards is the challenging part here.

0 reply

0 recast

1 reaction

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

"Make Ethereum Cypherpunk Again" isn't simply a slogan for me — it's a statement of intent. This isn't branding. It's resistance. This isn't about playing nice. It's about reclaiming Ethereum's soul! Look it's very simple: Ethereum must provide privacy _unconditionally_. Today, it operates in a partial, opt-in model, forcing users to jump through hoops just to conceal their financial lives. That's not sovereignty — it's submission. Enough compromises. We need privacy by default. Over the past weeks, I've written a potential path forward — a vision for Ethereum as a maximally private, self-sovereign financial system. Read it. Challenge it. Improve it. Let's co-create it. Make Ethereum Cypherpunk Again. https://hackmd.io/@pcaversaccio/ethereum-privacy-the-road-to-self-sovereignty

2 replies

3 recasts

47 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

folks, can we please fucking stop normalising `curl | bash` as an installation method (yes, I'm also looking at you Foundry)? It's a _massive_ footgun that blindly executes remote code with zero verification. You're literally giving arbitrary internet bytes root access to your machine. This bypasses _decades_ of hard-earned lessons about secure software distribution. Just vibes and a prayer that the server wasn't compromised five minutes ago. If you're building tooling for developers, do better. If you're a developer using this, you know better.

1 reply

2 recasts

9 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Dropping some thoughts as this concerns me a lot lately: - What happens when a DPRK-backed persona slips into Ledger, Trezor, MetaMask, etc.? - What happens when client teams get compromised from within, turning trusted core devs into silent attack vectors? - What happens if the Kim boys start tampering with the cryptographic libraries we all rely on? (we don't know if this already happened btw...) So far, the attacks have targeted individual projects. The next phase? My guess is a full-scale takeover of the infra that holds our ecosystem together. Look, it's pretty simple: the threat model isn't just shifting—it's escalating. Every move you make without paranoia is an opening for state-sponsored actors to dig in deeper. If you're not fucking questioning everything, you're already playing their game. This industry's long-term survival depends on its foundational pillars operating in a constant state of paranoia. Like it or not.

1 reply

2 recasts

12 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

No. I'm part of the extended Vyper compiler team.

0 reply

0 recast

4 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

EOF: When Complexity Outweighs Necessity https://hackmd.io/@pcaversaccio/eof-when-complexity-outweighs-necessity A lot of time and energy went into this new deep dive on EOF. We break down its supposed benefits and argue they're more "nice-to-haves" than essential upgrades. Instead of adding complexity, we highlight cleaner, less disruptive solutions that achieve the same goals. EOF's objectives are solid—but there's a smarter way to get there. I would like to highlight that the authors and contributors of this post represent the full EVM stack—from VM and formal specification maintainers to compiler engineers, application developers, and library creators. Please reflect on this guys. If you got feedback, let us know here: https://ethereum-magicians.org/t/ethereum-is-turning-into-a-labyrinth-of-unnecessary-complexity-with-eof-lets-reconsider-eof/23136 https://x.com/pcaversaccio/status/1900200732000759892

2 replies

15 recasts

69 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Not sure what you're showing here but that's not coffee. No coffee needs milk. No coffee needs this size of a cup.

1 reply

0 recast

1 reaction

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

0 reply

0 recast

10 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look guys, the Pectra fork upgrade issues on Holesky and Sepolia are a stark reminder that even seemingly 'trivial' changes can unravel into major disruptions (check how many days Holesky was down). Complexity isn't always obvious—it lurks beneath the surface, waiting to break things (and it will happen ultimately). And while not the root cause here, adding 19 opcodes while removing 16 in one upgrade is simply reckless, IMHO. The PoS transition was a necessity—EOF is not! We can and should evolve _incrementally_, strengthening Ethereum without inviting chaos.

3 replies

8 recasts

48 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

The latest Vyper version `0.4.1` got released over the weekend and to make anyone's life easy, I just published a 🐍 snekmate release candidate `0.1.1rc1` targeting the latest Vyper version. Simply install via: ``` pip install snekmate==0.1.1rc1 ``` For the full CHANGELOG of the yet-to-be published snekmate `0.1.1` version (expect it in around 2-3 weeks), see here: https://github.com/pcaversaccio/snekmate/blob/main/CHANGELOG.md. Btw, that's how an `erc4626` contract looks like using 🐍 snekmate modules :D https://x.com/vyperlang/status/1896511448492433917

0 reply

1 recast

8 reactions

hww.eth pfp

I’m honored and thrilled to serve as co-Executive Director of the @ethereumfndn alongside @tkstanczak. Everyone has their perspective on the Ethereum Foundation. Just as Ethereum continues to evolve, so does the EF—but the core values we have upheld for years remain unchanged. A better world is possible when we stand by these values and the people who share them. 🫡

20 replies

51 recasts

273 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

People keep asking me since days how to secure their systems and what the best strategy is. I will be very honest with you all as I'm always. If you want real security (and there will be never 100% security), it's not (just) about tools—it's about fucking mindset. At least 80% of it is pure paranoia. You and your team (can be a small DeFi project, can be a large CEX, ...) need to be paranoid as fuck. Drill it into them. Make it second nature. That's how you cut down risk, big time. The human factor is always the weakest link—no tech can _fully_ fix human fuck-ups. Sure, we'll kill blind signing, we'll upgrade our tools, but people will always be the problem. The only way to fix that? Train them to be fucking paranoid. There are no fucking shortcuts. If you have 900 employees, it's the leader's job to make sure all 900 are paranoid as fuck. You'll say that doesn't scale? Maybe not—but if u don't do it, you're effectively gambling with everything. And when shit goes wrong, the price u pay will be brutal.

2 replies

0 recast

12 reactions

franco pfp

Check this out if you use Safe. New tool to verify txs before signing by @pcaversaccio @openzeppelin developed a UI for it https://x.com/openzeppelin/status/1894870509608935791?s=46

0 reply

1 recast

6 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

Look, it's actually pretty simple: UIs, infra, dependencies etc. can and will be corrupted. When you hit the buttons on the hardware device, that's when you need to be 100% sure what you sign. The MOST important part is the screen on your hardware device and what it displays and that you 100% understand what it implies. If you're not 100% sure, don't hit the buttons. NEVER. People need to become paranoid. They need to understand that you're one signature away from being rekt. It's IMHO 80% at least mindset. That's the price of self-sovereignty and asymmetric cryptography. How to make verification easier is another question, or what kind of guardrails should be built. Nr. 1 priority is that you ALWAYS understand WHAT you sign.

3 replies

12 recasts

88 reactions

Lefteris Karapetsas pfp

Lefteris Karapetsas

This is the biggest blind signing compromise of a multisig to date Bybit lost ~$1.5bn by signing a compromised tx on their safe (more details to be determined) But FOR GOD'S SAKE if you deal with such amounts use verification tools such as the one by @pcaversaccio https://github.com/pcaversaccio/safe-tx-hashes-util

3 replies

3 recasts

26 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

EOF introduces excessive complexity all at once, and the benefits—mainly aiding static analysers—don't justify it, sorry. Dude, I was reading `TXCREATE` this morning again since I wanted to provide feedback on the PR: https://eips.ethereum.org/EIPS/eip-7873#execution-semantics - we do NOT need this complexity in one go. Period.

0 reply

14 recasts

40 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

This is so fucking cool - https://godbolt.org finally supports Vyper code! A s/o to Statemind for shipping the support here: https://github.com/compiler-explorer/compiler-explorer/pull/7088. Now you can visually debug Vyper-generated bytecode. anon, don't be afraid to touch the snake, you will enjoy it :)

1 reply

1 recast

17 reactions

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

people start caring about privacy usually when it's already too late. I'm not sure what really can change this. It's like a child burning the fingers - after burning them one, two times you understand it :)

0 reply

0 recast

1 reaction

sudo rm -rf --no-preserve-root / pfp

sudo rm -rf --no-preserve-root /

No, I'm saying that solving eg wallet UX issues won't solve onchain scamming itself. It's about the right use cases that truly matter for the entire world population. I'm biased due to my Cypherpunk ethos, but I would like to see simple shielded transactions (native and tokens) and the rest of the world caring about their privacy. Financial privacy should matter for each adult, globally speaking, thus that's what I want and wish to see as killer application.

1 reply

0 recast

1 reaction