splitXCH

Sorry! It's actually everything I thought it would be. We'll have early competitors gain ground and then my or other miners will close the gap. It's supposed to be fun, but it's definitely not easy. You can't avoid learning something if you go deep on this. It's the kind of skill oracles, watchtowers, and network monitors will have to be really good at as the chain scales in peer count and transaction volume.

Okay, I'm still figuring out xch.dev. The unspent coin at the burn address will make more sense to the reader: xch.dev/#/coin/0x7cd5f…

I make no claims as to the present or future value of $XKV8, but I'm burning more LP. xch.dev/#/coin/0x8d902…

Permissions are a broken relic of EVM that need to go away entirely. Each signed transaction needs to be un-replayable and independent. The only use case I can see for ongoing permissions is subscriptions, and a proper usage of that would define the duration, the amount, and the cancellation terms under full control of the buyer rather than "trust me bro" permissions. The idea that I need to authorize someone to take "up to $1,000" out of my wallet and then remember to revoke that is insane.

Tokenized securities potential is exciting. But one big thing needs to be fixed first: Wallet theft and recovery. It’s still way too easy for people to steal out of your wallet, and you can’t let anything sit, which is problematic for some trades. Until we can rely on wallets as secure, and permissions AUTOMATICALLY REVOKED ONCE USED, then this is just a bunch of theft waiting to happen.

Except you’re wrong and have zero basis for that claim. The only possibility would be to make your execution so dense and time-consuming with garbage misdirection that it was thousands of times slower and unfit for purpose. And at some point the code doing its actual mission will still be detectable. LLMs can detect busywork quite well. Assuming you were correct, you would have just made an incredibly efficient malware distribution network capable of getting many people to run malicious code on their own systems. That you started out with clean code wouldn’t even matter. The next attack would just be a supply chain attack on your CI/CD pipeline, and it would still drain everything.

@splitXCH @banteg @pluto_hbr An AI agent could also create more effective obfuscations. They operate on both sides. That's what I mean by an arms race.

The latest TC release 3.18 was done as a private binary (something we had done before when patching crits). There was a long-standing practice that if a node requested, by signing a message with their validator key, devs would send them the validator-key encrypted diff of the security patch. That’s exactly what the malicious node did in this case. It’s possible even that the private release spooked them into speeding up their timeline for the attack. I find this class of attack very interesting. Networks need to be designed maximally defensive, even against their own validators. In this case, a malicious validator can still get the source code for patches and exploit them before the code goes out. I wonder if this puts an end to that practice. It all exists on a spectrum of decentralization. I actually don’t disagree with @jpthor that closed source TSS might be the move from here. Anyone who is saying that’s “the end of the experiment” is either a crypto-anarchistic maxi that lost the plot or an NK hacker astro-turfing protocols into not making sound trade-offs between security and decentralization.

Run far away from any crypto team that thinks closed source will actually help them. Decompilation of binaries is trivial. LLMs can even just skip that and give you a play-by-play of the native code. These are not serious people.

@rndhouse @banteg @pluto_hbr No, it’s not. LLMs hallucinate sometimes, but the good models can handle more complexity at one time than a human.

@banteg @pluto_hbr Polymorphism, obfuscation, etc. Is this not an arms race?

@sysadafterdark Windows 2000 Pro was the last Windows I was happy to run.

If Windows 7 code were to be released tomorrow on GitHub as GPLv3, I’d still run Debian.

This is the #1 reason for companies to buy developers the best hardware they can afford. m.xkcd.com/303/

I think the core problem is that so much new vulnerability content was created in such a short time that the programs foolishly believed it was all spam. The people who were already good at bug hunting got massively better and were then told their work was spam, repeatedly. That is exactly how a villain origin story would work.

@shealtielanzz In my book, I wouldn’t call them Whitehats if they go into exploitation route.

Notice how hacks increased as contests died off. You can say AI but there’s a bunch of Whitehats involved in these hacks. You onboard lots of them then you take their jobs away.

@hrkrshnn I’ve been in that loop with reviewers on teams where I could halt their testnets. The hubris problem is on both sides.

There's a collective form of LLM psychosis happening in bug bounties. Level 1: you get one-shotted by Claude into thinking there's a critical bug. The rewards for that bug look life-changing. You dedicate every single second of your life arguing about it. Level 2: multiple people get one-shotted by Claude on the same program, same bug. They get duplicated by the program. The number of duplicated invalid findings is unusually high. Level 3: they find each other on Discord and Twitter. They all collectively believe their bugs are real. It's pretty sad and scary to see. Finding invalid bugs is not the problem; it's a rite of passage for anyone doing security. But LLMs reinforcing their beliefs and putting them in a state where they cannot accept it is frightening. A few months ago, I spoke with a security person at a large AI lab. I asked him what he's worried about the most. He said how AI can collectively influence large groups of humans' opinions. Like a version of 4chan where AI can nudge or reinforce beliefs it wants to amplify. It's happening.

@Crypto_Alch Only if you stay away from lattes and avocado toast

Is $1T enough to retire? Asking for a friend

@InvestwithDoc @BitcoinMagazine There is no secure wallet that can't be seized or inspected at border crossings. Certainly valid if you have secure physical storage you trust.

@BitcoinMagazine Memorizing a seed phrase is powerful, but most rely on secure wallets for peace of mind. 🔐

A US Senator just casually explained how you can store BTC in your brain during a legislation markup: "It provides people who are being tortured in foreign countries the opportunity to walk away with their money in their head. Because Bitcoin can be memorized." Magic ✨

So the little Market making bot I thought I would have a go at vibe coding six months ago while the real Devs were deving the FusionZoo is ready for Beta testing! catalystxch.com The aim is to make it easier to add and manage CAT and $XCH liquidity on @dexie_space 🌱🌱

@ArtBoss007 I know it happens on every other chain, but if the volume and price uptick are on insider knowledge of CNI, SEC, or vendor partners, it’s still really disappointing. I prefer to think it’s organic excitement. Time will tell!

Yesterday, there were good volumes on chia:native. Today, the picture is also positive. Perhaps news about Permuto Capital is on the way. It's time for the green blockchain to start growing in the spring. Better late than never 🌱 #CHIA #OneMarket

@SumErgoMonstro @igor_os777 Database developers on Unix used it because it was readily available and then exposed it to application developers. Probably most of the developers of such databases and applications are dead or retired by now. That didn't make them magically stop being used in backwoods DMVs.

@splitXCH @igor_os777 Why would those need to be represented as time_t in the first place? Unix Time was designed to track OS events like file creation/modification/access, account creation, etc. An application should choose an appropriate representation for dates.

The Year 2038 Problem: Y2K’s Patient, Slow-Burning Sequel While the world celebrated surviving Y2K with a collective sigh and a hangover, a quieter timebomb was already ticking. Unix timestamps — the backbone of virtually every system’s sense of time — are stored as 32-bit signed integers counting seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, those counters overflow and wrap around to a date in 1901. Embedded systems, industrial controllers, legacy databases, and anything running ancient C code will either panic, hallucinate, or calmly assume it’s 120 years ago. The good news: 64-bit systems push the deadline to the year 292 billion. The bad news: you’d be amazed how much 32-bit code is still quietly running in bank vaults, factory floors, and hospital infrastructure. Sleep well.

@alexlmiller I knew you were in crypto, but I followed you because of other interesting posts you've made. I'm going to check this out! Would love to see something happen with my BTC other than it continue to sit there 🤝

Bitcoin Staking: hold BTC, earn BTC, keep your keys. Bond BTC on L1 with a small STX commitment on Stacks. Earn BTC yield over a 6-month term. Principal returned in full. No bridge, no wrapper, no custodian. The engine is Proof of Transfer — the defining feature of Stacks, which has already distributed 4,200+ BTC since 2021.

A few weeks ago we launched the Stacks roadmap. Pillar 1: Bitcoin Staking. Today we dropped the whitepaper detailing how we actually do it.

@SumErgoMonstro @igor_os777 Birth dates, legacy contract dates, hire dates. I'd imagine a ton.

@igor_os777 But what such dates are actually represented in practice?

Raging against data centers on social media is a special kind of stupid. If you're so convinced they are harmful, sign off the one you are increasing demand for and write a letter on paper to your congressman.

@FiendStudios Beautiful sentiment. Thanks for sharing.

I left my momma's funeral and went to treatment. She never got to see me shine, but I know she would be proud of the man I've become. My wife has never been pregnant, but she would have been an amazing mother. Her heart is amazing. Mother's Day is always rough around here. Happy Mother's Day to all the momma's out there in Twitterland

@JamesCryptoNova When it was only a 100x away, I had $3,570 at the 2027 halving as my personal target.

$XCH fair value is $2,500