overanlyser.eth 🦇🔊 (🦉,🦉)🌪 (🌸, 🌿)

New Avatar

👀

@SetProtocol Twitter has been hacked. Do not claim the $SET airdrop, you will get drained.

$set hacked. Do not click

This account has been hacked imo, $SET airdrop most likely a scam.

🚨 Security Alert 🚨 @SetProtocol X account is compromised and is started to promote $SET token airdrop ⚠️ DO NOT click on any links until further clarifications from their team ⚠️

Happy Christmas from all of us at @IndexCoop 🎄🦉

✍️Now that the worse is behind us but while everyone's attention is still on the mattter I am writing a bit of a longer post on this industry's architecture and security practises. @Ledger messed up badly. Having practically no opsec, no proper credential management, and not revoking former employees access and credentials. Amateur hour, and extremely embarassing for a company their size whose entire focus is supposed to be on security. Really bad. But surprisingly they are the least to blame for this failure. This industry has a serious problem. It preaches one thing and does another. Preaches decentralization, and nobody runs their own node. Preaches user being in control and don't trust verify, but everyone uses SaaS and centralized frontends. What you people call "dapps" is a joke. A farce. Centralized SaaS frontends that can monitor you or worse. Apps that are hosted by someone else and can change at any point under your feet. That's not what a decentralized app is. It's a travesty to even use this terms for the apps this industry has available right now. 🐦 I have devoted the last 5 years of my career trying to bring local apps and local-first software back into play. I am a strong believer in self-sovereignty, data ownership and decentralization and this is embodied in @rotkiapp. I want us all to start becoming more aware of what we use and how we interact with web3, otherwirse before you know it web3 will vanish, and this dream of self-sovereignty and the user being back in control will go away with it. To the users: Question every single tool you use. See what it does with your data, where it stores it, how it manages its dependencies, what its security practises are etc. Check the track record of its team. Do your due dilligence. If the tool is anywhere close to your funds, addresses or any private info be extra dilligent. You may not be able to do your due dilligence. Find someone who can! This is not something to just brush off in the name of convenience. Today you see what happens when you do so. To the devs: - Whatever you do, pin all your dependencies. Never ever just yolo pull the latest dependency. Freeze all of them all the way up to the smallest transient dependencies. If you are in JS and are pulling from a CDN then pin the hash too in case the CDN itself is compromised. Otherwise just serve/bundle your dependencies. Today's tragedy was preventable by this simple thing. - Build local-first. Respect your users, give them choices on how to consume your app. This is web3 damn it. Let them save their data locally, let them use their own node, let them self-host the app, let them inspect the code, be opensource! - Avoid centralized points of failure. Using a common library's latest version unpinned from a CDN is one such point of failure. But there is a lot more. Using only infura and/or alchemy. Using centralized indexers (especially if their number == 1). Hosting your app in a single server without any self-hosting capabilities. And so many more ways to fail ... This can probaly get a lot longer but I will stop here. Again I want to re-iterate. Ledger is definitely to blame here but the lion's share of the blame is on our industry and its software engineering practises. Let's stop regressing back to web2 and build the true vision of web3. A world where the user is self-sovereign, owns their data and is free. Freedom is what all this is about.

Hello everyone We're starting our search for someone to engage in heated, self-sustaining arguments with me about direction and functionality as the Head of Product at Wildcat I will pay you to tell me I'm wrong Application below, more info in thread jobs.lever.co/wintermute-tra…

Introducing… ic21 📢 A multi-chain large cap index all on Ethereum

Some body needs @LensProtocol twitter.com/jeremyvaught/s…

Our Diversified Staked ETH Index (dsETH) just got more diversified 📢 Today, we're excited to announce the addition of @fraxfinance's sfrxETH in dsETH's first rebalance

$gtcETH holders have officially contributed over $1,000 to @gitcoin grants while simultaneously: 1) earning staking rewards for themselves 2) diversifying their LST holdings 3) decentralizing the network #ReFi can be pretty neat.

#AllYouCanEarn looks interesting for GBP interest. Higher rates than most Defi, but centralised...

Fuck you @AtomicWallet Fuck you @gladkos Fuck you @Changelly_team Your security posture sucks, you refuse to listen to people, you aggressively silence people, and your products and services facilitate theft on a daily basis and have for years. web.archive.org/web/2022021015…

DeFi's largest sector by TVL, Liquid Staking, has been added to the DeFi Pulse Index 💦🥩

11/ Even 20 years later, I feel a nagging sense of guilt over at least two funerals I skipped. Show people that you show TF up when duty calls.

$DPI Rebalance Update The DeFi Pulse Index (DPI) is a capitalization-weighted index that tracks the performance of some of the largest protocols in the decentralized finance (DeFi) space. Meet the newest tokens in the DeFi Pulse Index. pic.twitter.com/MiTrf1IoNI

Summer is coming 🥳

Warning: No Secondary Liquidity 🚨 The Index Coop will not be providing DEX liquidity due to high gas costs associated with minting the token and maintaining an LP position

Introducing the 𝐌𝐨𝐧𝐞𝐲 𝐌𝐚𝐫𝐤𝐞𝐭 𝐈𝐧𝐝𝐞𝐱 ($icSMMT) Diversified stablecoin yield in a simple index token