sudo rm -rf --no-preserve-root / (pcaversaccio)

if someone ever managed to breach all _private_ GitHub repos (I mean it's insanely difficult but not impossible) it would be one of the most catastrophic events in the security history, and if I were a state-level actor that's exactly the kind of target I'd prioritise rn. I was thinking about this scenario since this morning I wanted to push something (more or less sensitive) to a private repo but ended up rolling it back purely out of paranoia. I guess the right threat model for private repos is that it can be assumed to be leaked one day.

• 9 replies
• 7 recasts
• 62 reactions

guys, we need your feedback. The `GAS2ETH` opcode (the EIP is written by @big-tech-sux and myself) is proposed for inclusion for Glamsterdam and we need further feedback about potential ambiguities in the specs, security issues, or any other concerns. The tldr for the EIP is that the new opcode `GAS2ETH` enables the direct conversion of gas into ETH which means it provides a new _native_ (i.e. L1-enshrined) monetisation mechanism for contract authors and public goods projects that scales with network usage.

• 1 reply
• 8 recasts
• 29 reactions

folks, hear me out, the best long-term trading strategy is privacy itself. Those who build and hold it are shaping the foundation of a free economy. And guess what, its yield is true sovereignty: the _only_ return that truly endures.

• 0 replies
• 1 recast
• 16 reactions

In light of the recent incident at Radiant and the clear challenges of verifying multisig transactions on a Ledger device, I've built a simple Bash script designed to simplify the process. This script generates the domain, message, and Safe transaction hashes, making it easier to cross-check them with the values displayed on your Ledger hardware wallet. All you need to provide are the network name, multisig address, and transaction nonce. It supports all Safe networks, and I hope it will serve as a useful tool to temporarily ease the burden of blind signing verification for multisig transactions. Eventually, make sure to check out the trust assumptions laid out in the README for this script. https://github.com/pcaversaccio/safe-tx-hashes-util

• 17 replies
• 45 recasts
• 88 reactions

We've fucking lost it. Nobody in their right mind wants over 50 rollups and endless layers that take days to bridge back. What the world wants is one goddamn chain that just works, and that should be Ethereum. No one with a shred of sanity wants to switch networks in M***Mask. No one wants the headache of adding a token manually on another chain because the contract address isn't the same. Bridging is a pain in the ass. What people want is to transact value simply and directly, without all this convoluted bullshit!

• 23 replies
• 18 recasts
• 102 reactions

This morning I've been reviewing our last months' SEAL 911 tickets. Guys, it's clear that soon (probably sooner than you think) a large portion of our ecosystem will be running on compromised devices. I mean, man, infostealers are probably the _biggest_ ecosystem problem right now. However, and that's what I want to address here, is that OS design choices like weak data compartmentalisation & permissive default trust models are the _major enablers_, especially on macOS and Windows. Please remember: these OSes weren't built with the strict sandboxing, strong application isolation, or zero-trust principles needed to defend against these today's threats! I understand that shifting most of the space to something like QubesOS isn't realistic, but we must start prioritising security-first OS choices in our ecosystem, not just UX. Honestly, fancy features won't stop your device from being compromised.

• 3 replies
• 9 recasts
• 68 reactions