ً
7.8K posts
i like the spirit of this but you can go to jail for doing it. things are more complicated than just pushing and wanting to do things.
ً@lightclients
[x] Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it.
English
ً retweetledi
Hegota is for Hardness
- Censorship Resistance with FOCIL
- Native, trustless privacy with Frame Transactions and Keyed Nonces
vitalik.eth@VitalikButerin
Short-term things being done to shift Ethereum toward native privacy: * AA + FOCIL (makes privacy protocol txs, among many other things, first-class with strong inclusion guarantees) * Keyed nonces: x.com/soispoke/statu… * Access-layer work (Kohaku, private reads...)
English
ً retweetledi
Most python libraries (like web3.py) previously maintained by the @ethereumfndn, will now be maintained by @ApeFramework. Super excited for the next chapter!
No action needed for devs. All issues, PRs etc have been migrated.
Installing also is exactly the same
Ape Framework@ApeFramework
An important update from us: @apeworx/introducing-the-apeworx-collective" target="_blank" rel="nofollow noopener">paragraph.com/@apeworx/intro…
English
@MicahZoltu @hazae41 @PatrickAlphaC The only benefit I can see is if you want a better display than the hardware wallet can really offer to see the transaction. But it’s a weird trade off IMO to go from a secure platform to m of n untrusted devices just to check QR code result.
English
@hazae41 @lightclients @PatrickAlphaC If you are talking about dapps, they should be treated as entirely untrusted from the start. If you are talking about a browser or wallet compromise, then the attacker can present whatever QR they want (different from what is sent to hardware wallet for signing).
English
Brume Wallet will soon display a hash of whatever you are prompted to sign, and provide a QR code to verify it on other devices or tools, so you can detect when some device or tool is compromised
erc8213.eth.limo/?mode=typed#/v…
English
ً retweetledi
I strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out.
I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really).
It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely.
The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture.
We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying.
I worry.
English
ً retweetledi
My personal agent journey…
Jan 28: setup OpenClaw
Jan 30: autonomous
Feb 27: broke
Feb 28: fixed
Mar 10: quit
Apr 11: added Codex
Apr 15: quit again
Apr 24: switched to Hermes
Using Hermes nonstop since and it keeps improving daily… It’s 10x better than OpenClaw!
English
after some reviewing, i think instead of using github, protocols should deploy their intent json directly onchain and set an ens to that for wallets to query instead of relying on github.
i do feel like a disaster waiting to happen
Ethereum Foundation@ethereumfndn
6/ This is ongoing work, with contributors continuing to expand coverage, improve tooling, and drive adoption. Learn more at clearsigning.org
English
ً retweetledi
i look at pure research with a bit of contempt. it's for people who don't get their hands dirty and don't want to take the risks of seeing their idea perform in production. you just spent years in an insulated ivory tower, while others have a live feedback loop collecting data in the trenches.
English
@hazae41 @0xSulfurix well I found flaws in your retarded tweet, so next consider publishing nothing thx
English
@lightclients @0xSulfurix Not my job, I am not even a researcher and I found obvious flaws in your retarded EIP, research more and publish better solutions next time, or just publish nothing and let developers build their own solutions, have a nice cope
English
So according to the EF, the solution to blind signing is...
To make a centralized database of every smart contract on Earth...
And gate it behind some council that can refuse some,
Thanks the EF for making Ethereum centralized and corruptible
clearsigning.org/build/
Ethereum Foundation@ethereumfndn
0/ Clear signing is now live. An open standard to end blind signing, making human-readable transactions default. This effort brings a major UX and Security upgrade to transaction signing on Ethereum.
English
@hazae41 @0xSulfurix you sent like 10 tweets complaining about 7730 but you dont want to engage in an actual productive discussion about it? nice
English
@hazae41 @0xSulfurix To do 1) you would need to verify the authenticity of the scheme in the hardware wallet. Which means at minimum a light client running in the wallet. We theoretically have the tech to do this, but the devil is in the details.
2) is already 7730, but with a custom registry?
English
ً retweetledi
ً retweetledi
0/ Clear signing is now live.
An open standard to end blind signing, making human-readable transactions default.
This effort brings a major UX and Security upgrade to transaction signing on Ethereum.
English
ً retweetledi
🔐 EIP-8250: Keyed Nonces for Frame Transactions 🔐 was just merged, also check out this nice EIP explorer 👀
eips.sh/eip/8250
English
ً retweetledi
EIP-7702 is the greatest marketing disaster in Ethereum history...
- no mainstream (or any that I know of) wallet implements a flow for signing an arbitrary delegation
- attackers use EIP-7702 once they have the user's private key, to make draining easier
- user sees EIP-7702 on chain and immediately thinks "I got phished into signing a delegation", not "my private key is compromised"
For anyone in this situation who doesn't believe me, just send funds to your compromised address on a DIFFERENT chain. You will see a NEW delegation appear, without your involvement, and your funds get drained.
TailTop Re:Born🌙@tail_top_re
EIP-7702委任が設定される原因は、主に2つあると思っています。 1つ目は、悪質サイトでEIP-7702 Authorizationに署名してしまうケース。 見た目は「Claim」「Verify」「Connect」「Gasless」「Enable smart account」など普通の操作に見えても、実際には自分のEOAを不明なコントラクトへ委任する署名になっている可能性があります。 2つ目は、シードフレーズや秘密鍵の漏洩。 この場合、犯人がこちらの代わりに各チェーンで委任を設定できるため、委任を解除しても根本的には安全とは言えません。 今回、自分のウォレットではBaseだけでなく、Ethereum / BNB / PolygonにもEIP-7702委任が入っていました。 なので、EIP-7702をRevokeできたとしても、そのウォレットをメイン利用に戻すのは危険だと判断しています。 旧ウォレットはロック資産回収・監視専用。 今後のメイン利用は新しいウォレットへ移行。 これが安全だと思います。 「Approveを消せばOK」ではなく、RabbyのApprovalsで「EIP-7702」タブも必ず確認してください。 見慣れないDelegated Addressがあれば、かなり危険です。
English
BREAKING: Nvidia and PulteGroup to hang unprotected box worth $1 million on outside of new homes to accelerate local robbers' usage of AI inference.
Exec Sum@exec_sum
BREAKING: Nvidia and PulteGroup are partnering with startup Span to install mini data centers on the walls of new homes Each unit packs 16 Nvidia Blackwell GPUs, 4 AMD EPYC CPUs, and 3TB of RAM - and taps unused home electrical capacity to run AI inference workloads
English