Rupert Klopper

yup

NPM packages mbt@1.2.48 and @\cap-js@2.2.2 got popped chat

the fucking irony

@antonlivaja buying goldfish

Supply chain pwnage from package managers like npm will continue until people radically change how they think about the problem. Npm is malware roulette, and so are other package managers. Until people stop yolo installing random third party code nobody actually reviewed, this type of thing will continue to happen *frequently*. You review your first party code. But third party code you don’t? Do you see how that’s a fundamental oversight? “But we use scanners and analysis tools” - nice, and I have a goldfish at home, not sure how anyone who is serious about security thinks that’s enough. I wrote a little piece about my thoughts on this topic a while back: distrust.co/blog/package-m…

yuppers

also worth nothing that you might have to do this multiple times, very likely attacker is still in vercel infra & this is not the end of it

@pcaversaccio @PabloSabbatella yay i was wondering if anyone would do this, ty @pcaversaccio

i spent the last two days building a hardened Qubes OS salt config for my `safe-tx-hashes-util` verification script. think infra-as-code, but for app qubes. it sets up a minimal, reproducible template vm that you can use to spin up an app vm specifically for verifying Safe tx hashes. i know the product-market-fit here is basically near zero, but i'm going to keep pushing things toward Qubes OS anyway. so if you care about a secure, reproducible env for Safe multisig tx verification, use the config. ps: read every `.sls` file before applying them ;D

lfg

haah

huge

had the same today

github > slophub macOS > slopOS ..

watch A Knight of the Seven Kingdoms, thinks, how cool would a medieval fight today be, randomly see “Longsword Profight: Armored MMA” in youtube feed, all is well in the world

@jonwu_ we are doing exactly what you need at ether.fi you can accept a USDC send into your vault address and it will be there right away, spendable, no waiting :)

I would estimate as a business that it costs me an additional 2% to accept stablecoins over simple wire / ACH. For customers with stablecoin balances it's almost always easier to *send* stables: - instant test txn - instant settlement - "flight tracking" via block explorer - close to 0 fees But as a receiver, there's a much higher operating burden. Here's the workflow for accepting wires: - send invoice to customer via Quickbooks, including wire instructions in PDF - confirm wire instructions over phone (best practice, but in reality I don't do it) - customer wires; wait 1-3 days - funds hit Mercury account and are spendable immediately - Quickbooks invoice automatically confirmed paid, AR report updated And here's the stablecoin workflow: - send invoice to customer via Quickbooks - send receiving address instructions - confirm network and request test transaction - confirm test transaction, request full send - receive $USDC transaction to Coinbase - remit funds to Mercury; wait 1-3 days ("instant" withdrawal costs $100-200) - manually close Quickbooks invoice as paid - manually update AR report - manually tag transaction with customer name (otherwise all transactions are simply from Coinbase) - and all of this has to be done immediately, otherwise it gets mixed into one big Coinbase balance and it becomes impossible to untangle EOY So: - stablecoins practically take the same amount of time (1-3 days) - they require 4-5 extra manual touchpoints - they don't automatically reconcile, so someone with less context on the business would have to follow a paper trail vs. simply looking at Quickbooks I'd guess this overhead is +2% friction over traditional rails, mostly in operating labor and owner mental overhead. The way this has to improve is via a stablecoin-native neobank (of which there are many starting right now). That neobank has to be at feature parity at Mercury in order for me to switch--a tall order given Mercury is (in my opinion) a best-in-class financial front-end. I'm beyond pleased with my experience with Mercury and the product geniuses there seem to anticipate every need I have while proactively designing the interface to intercept and eliminate friction. I'm rooting for a provider built on stablecoin payment rails that can actually take advantage of the speed and transparency of stablecoins while also meeting all the boring reconciliation and accounting needs of a business.

this 100x

@CodeByNZ yak! yaak.app/blog/postman-a…

any alternative to postman ?

@realgmhacker keep going regardless, still some humans left listening 💪🏻

Slowly realizing that the majority of users interacting with my posts are just grifter bots. They are always very supportive tho 🙏

Cloudflare down Ethereum is never down ethereumstatus.org

ethereum is always up, truly decentralized, aws outage, no problem, cloudflare outage, no problem

@antonlivaja so clean 🔥

new website for the stagex linux distro dropped. reproducibility and bootstrapping has never been so slick: stagex.tools