Tharanga 🌐

Signs of Jet Fuel Hoarding Emerge in Asia on Iran Oil Shock Signs are growing that Asian countries are hoarding jet fuel after the Iran war sent oil prices surging, reflecting growing strain on the aviation industry. South Korean carriers got notified about refueling restrictions from some countries and the government is discussing whether to redirect export-bound jet fuel to the local market, the nation’s transport ministry said in a statement to Bloomberg on Wednesday. Philippine Airlines Inc.’s president said in an interview that the Southeast Asian nation may soon resort to fuel rationing. In Vietnam, the aviation agency warned of potential jet fuel shortages from early April and is cutting flights as a result. Difficulties securing fuel threaten to aggravate the airline industry’s woes as the Iran war rages on and keeps oil prices high. Though countries have largely been able to avoid running out of fuel, Asia is the most vulnerable region for shortages if the Strait of Hormuz stays effectively closed. (Bloomberg)

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

There is no such thing as "equal opportunity," because opportunity is a matter of perception, perspective, speculation, and understanding. The closest we can get is to have a framework that is unbiased, unprejudiced, universalist, and rewards productivity in value terms.

The Monero Research Lab has provided an update on the audits of the integration of Full-Chain Membership Proofs (FCMP++) into the Monero codebase! 'Full-Chain Membership Proofs prove the output spent is one of any output on the chain, effectively removing all of these risks. This means every input goes from an immediate anonymity set of 16 to 100,000,000.'

There's going to be a lot of people complaining this week when the Fed doesn't cut rates. Let them. It's the right decision. In fact, interest rates should be much higher than where they are today. The free market should be determining rates - not the President or the Fed. Price controls don’t work - whether it’s rent, oil, or interest rates.

Bitcoin Optech newsletter #396 is here: - describes a collision-resistant hash function using Bitcoin Script - summarizes continued discussion of Lightning Network traffic analysis - Optech Newsletter #396 Podcast bitcoinops.org/en/newsletters…

Crypto lending is shrinking. Since October, deposits across major protocols fell from $125B to $79.6B, a 36% decline. Nearly the entire drop comes from a handful of protocols: • Aave: −$27.6B • Spark: −$5.4B • Euler: −$2.6B • Fluid: −$2.4B • Compound: −$2.0B Together, they account for $40B of the $45B decline.

Explore economics with Cato Courses! This course explores how everyday economic freedom, not heavy government control, has helped millions escape poverty and build better lives. Learn more by signing up for Cato Courses today. 100% free – anytime, anywhere. ➡️ cato.courses

ZEC holders can vote on retroactive grant proposals starting March 19. To participate, make sure to move your funds into the Orchard pool before March 17 at 11:59 PM UTC. forum.zcashcommunity.com/t/review-perio…

Statement from CoW Protocol: Earlier today, a trader attempted to swap 50M aEthUSDT for aEthAAVE through Aave's swap interface, which is powered by CoW Protocol. Despite clear warnings that showed the user they would lose nearly all of the value of their transaction, and despite needing to explicitly opt into the trade after seeing the warning, the user chose to proceed with their swap. It is important to point out that CoW Protocol is a DEX aggregator that routes transactions through nearly every major public and private liquidity source. No DEX, DEX aggregator, public liquidity pool, or private liquidity pool (or combination thereof) would have been able to fill this trade at anywhere near a reasonable price. Preventing users from making trades removes choice and can lead to terrible outcomes in some situations (e.g. a market crash). That said, trades like these show that DeFi UX still isn’t where it needs to be to protect all users. As a team, we are now reviewing how we balance strong safeguards with preserving user autonomy. It goes without saying that we will also refund any fees sent to CoW DAO as a result of this transaction. We will keep the community posted as new information comes to light.

Consumers to feel the pinch. Maersk warns Iran war & Hormuz closure push 20-ft container costs $200 (+15–20%) as ships detour via the Cape of Good Hope. Oil ~$87–120/bbl.

The world is becoming increasingly unpredictable. Reports suggest the U.S. Treasury may intervene in the oil futures market to control rising energy prices. Governments stepping into futures markets… openly. And some still believe gold futures are untouched?

For national elections, you’re basically just voting for some social issues. War, spending, inflation, debt, foreign lobbyists, and corporate capture are very similar no matter who wins.

We understand the frustration. We went through 3 pivots of our tech, 1 migration, and ultimately the business did not survive. The winddown is real and final. Pools will go offline 7 days from the original notice. The pools have been reenabled for the next 7 days. Please withdraw funds before the deadline. Thank you to everyone who built with us, tested, and supported RADR.

0/ For years, proponents of blockchain technology and markets have traded off DeFi execution for decentralization. 3 years ago, Flashbots proposed an escape hatch through a Single Unified Auction for Value Expression. But it’s been a while. How about an update? 🧵⬇️

The SEC doesn't know how to regulate a company with no CEO The IRS doesn't know how to tax an entity with no address Banks don't know how to serve a business with no humans But crypto doesn't care Zero human companies will emerge because the infrastructure allows it Autonomous agents + crypto wallets + smart contracts = unstoppable economic entities Regulators will scramble Lawyers will debate Philosophers will pontificate Meanwhile, the first autonomous unicorn is probably already running in testnet somewhere The future doesn't ask for permission

We've just posted a proposal for the orderly wind down of the @AngleProtocol EURA and USDA stablecoins. Why? Activity has been steadily declining, and maintaining an idle protocol creates unnecessary smart contract liability. The decentralized stablecoin space has evolved: yield-bearing stablecoins are essentially a branding layer on top of vaults and lending protocols that already exist everywhere. There's no strong reason to keep running infrastructure for something others do natively. A huge thank you to everyone who believed in Angle and supported it along the way. It's been a great experiment and an incredible ride. The protocol remains fully collateralized, and the proposal gives everyone 1 year to redeem at 1:1 with no haircut, with a 2-year total window to recover funds. I'll probably write a longer piece to reflect on the learnings from building a decentralized stablecoin. The proposal will be submitted to a vote shortly. Separately, the surplus airdrop proposal has passed! The airdrop will be based on ANGLE balances as of March 5th. Make sure to bridge your ANGLE back to Ethereum and withdraw any liquidity before then to be eligible.

Social media age verification is disguised universal Digital ID. Just like the vax pass.

@NewmanJ_R qjae.mises.org/article/155501…