Dr. Berry Pierre

⁦@DrBerryPierre⁩ in case ya innnnaaaanet got taken out by a crocodile

New Health Blog Post - Hydration Myths: Do You Really Need 8 Glasses and What Actually Counts? media.drberrypierre.com/4tixniw

Scared of Results? How to Handle Health Anxiety While Waiting media.drberrypierre.com/4m48sNa #healtharticle

Health Equity Is Not Abstract: How Your Zip Code Shapes “Normal” Labs and Outcomes media.drberrypierre.com/4s6e8YK #healtharticles

World TB Day: What TB Is Today, Who’s at Risk, and Why It Still Matters media.drberrypierre.com/4mqZwlz #drberry

Why Healthcare Feels So Confusing media.drberrypierre.com/4v9JsbQ #drberry #lunchlearnpod

media.drberrypierre.com/4cejxIf #drberry

Why Healthcare Feels So Confusing media.drberrypierre.com/4v9JsbQ #drberry

Health Equity Is Not Abstract: How Your Zip Code Shapes “Normal” Labs and Outcomes media.drberrypierre.com/4s6e8YK #articles

Colorectal Cancer Screening Choices: Stool Tests vs Colonoscopy Pros and Cons media.drberrypierre.com/4c8mkCS #drpierresblog

BTC - GOLD ROTATION SOON Preparation ➡️ Positioning ➡️ Patience • BTC/GOLD • Weekly - cycle position • Daily - Elliott Wave structure • 4hr - validation paths This is not about reacting It is about positioning within the cycle Full breakdown on Substack 👇🏻 moderndayelliottwave.substack.com/p/btc-gold-rot… This is Elliott Wave 2.0 Structure first Price confirms Patience wins

Scared of Results? How to Handle Health Anxiety While Waiting media.drberrypierre.com/4m48sNa #healthblog

⚡ In this episode, I explain why so many people walk out of doctors' appointments confused—and why that confusion is actually dangerous for your health. media.drberrypierre.com/3PHvYUj #medicineMondays #HealthcareConfusion #NavigatingHealthcare #HealthcareSystem #MedicalComplexity

New Blog media.drberrypierre.com/4tixniw #drberry

Shared Decision-Making: How to Use It Without Getting Steamrolled media.drberrypierre.com/4bSaStS #healthblogs

New Blog Out Hydration Myths: Do You Really Need 8 Glasses and What Actually Counts? media.drberrypierre.com/4tixniw

Our investigation into the @DriftProtocol incident remains ongoing. Early evidence points to two compromised signers on Drift's admin multisig, which were used to execute a transaction modifying Drift's program configuration. Squads programs were not compromised. We have also found no evidence of compromise to Squads infrastructure, though we are actively investigating to confirm this with full confidence. We will share further findings as they become available. Best Practices for Operationally Critical Multisigs Thresholds: Any multisig with operational or administrative control over a program should have a signing threshold of 3 or above. This requires an attacker to concurrently compromise multiple independent signers, significantly raising the difficulty of this type of attack. Where possible, signers should also be geographically and organizationally dispersed. Signers sharing the same location, devices, or org structure introduce correlated risk. Timelocks: Multisigs with program-level control should implement a timelock (can be set up in Settings of your Squads multisig). It won't prevent a malicious transaction from being proposed, but it creates a window to detect and reject it before execution. The tradeoff: timelocks also slow down legitimate emergency responses to bugs or active exploits, so teams should factor this into their operational setup. Alerts & Monitoring: We encourage all operationally critical multisigs to set up monitoring and alerts through our security partner @RangeSecurity. Range provides two key things: an alternative interface for independently verifying transaction content outside of the Squads UI, and proactive Slack alerts so signers are notified before a proposal moves forward. If you want help getting set up, reach out and we'll connect you directly. A high threshold, a timelock, and monitoring are the foundation for any multisig with program-level control. Signing Process: Signers should use dedicated devices and hardware wallets, never a general-purpose machine. Additionally, signatures are only valid for approximately 2 minutes each, so introduce at least a 2 minute delay between each signer taking actions to ensure signatures cannot be collected & bundled by an attacker. Always verify transaction content independently across all three available sources: the Squads UI, Range's alternative interface, and Solana Explorer or Solscan On Durable Nonces 
The Drift attack exploited durable nonces to collect signatures without time pressure, bypassing the 2-minute transaction expiry that would otherwise limit this type of attack. We are actively exploring ways to block durable nonce usage across all of our programs, both at the program level and through other enforcement mechanisms, to ensure this protection extends to our immutable programs V3, V4, and our current Smart Account Program. Beyond this, the broader Solana ecosystem is taking steps to address this at the protocol level, with a new transaction format that drops durable nonces as a feature entirely. We will follow up with more information on this soon.

Beyond Multisig, Operational Security Technical controls only go so far. Most high-profile compromises lately have been social engineering attacks targeting the people behind the keys, not the contracts themselves. If you are running mission-critical protocol operations, invest in your internal opsec processes and team culture accordingly, how proposals are initiated, communicated, and approved all matter. We recommend engaging dedicated security advisors. @zeroshadow_io and @0xGroomLake are trusted starting points, and we are happy to connect you directly.

New episode media.drberrypierre.com/4cejxIf