Alan

Everyone wants to create a unicorn. Perhaps this is a problem with the American dream, not cryptocurrency. There are also many books, films, and TV series that feature dreams. Many people have achieved success on social media. That's why people rush to become what they are not yet. I think we live in an environment where being ordinary is abnormal. But I agree that in addition to dreaming, you need to become better at what you do.

For the most part, chains that do not have problems with validators are popular. And in principle, if this happens, we can talk about a global crisis in the world. Another question is, why would tokens be frozen? If we are talking about USDT, there must be a sufficiently compelling reason. As for the other tokens, they were most likely issued as scams from the outset. And the 99% figure is taken from the source - trust me, bro. At the same time, centralized storage sources can actually block your funds. For example, based on your place of residence. In general, I don't see a big problem in entrusting my keys to another platform. But one way or another, the platform is subject to regulation and most likely requires KYC for withdrawal. This makes it easier to track and freeze funds. That's why I prefer self-custody solutions.

I love Solana. But based on my experience with EVM, I see several issues that prevent me from preferring Solana in terms of user experience: - The lack of universal solutions for creating dapps, such as viem/wagmi, on EVM-type chains. Because of this, we don't have different versions of the user interface, and as a result, monopoly packages such as solana-connect appear. - The lack of a normal gateway for connecting a mobile wallet, such as walletconnect on EVM-type chains. I have seen that the walletconnect team is trying to do this at the moment. For these reasons, EVM chains remain more convenient. However, Solana is still a more promising chain for new startups.

A new story about a developer being hacked during a job interview. My friend and former colleague, let's call him James, was hacked and lost several thousand dollars. How did it happen? HR wrote to James on LinkedIn and scheduled a call. Everything was as usual. A screening call, followed by a technical interview, and finally a simple real-time task involving connecting a wallet to a dapp. James launched the project. He wrote the connection logic. For reference: connecting a wallet takes approximately 15 minutes for experienced developers. And finally, the task was completed - the wallet connection worked. But there were some nuances - the funds were sent to a different address, and the interview was immediately closed. As we saw later, the project contained infected and confusing code that was disguised as a library. We tried to track where the funds would be withdrawn. But in the end, we got hundreds of addresses without a single gateway for withdrawing funds. How did it work? The Chrome data stores were sent with infected code. But since the data was encrypted, they needed a password to decrypt it. That's why the test task was devised. In fact, James did not connect her wallet. He entered her password into an interface that looked like a wallet, and it displayed as a wallet (pop-up window). And I think these guys have a fully automated system for decrypting, scanning balances, and sending tokens, because everything was done instantly. So remember: - Do not connect to new applications from your main account; use a disposable account. - Do not trust any applications, even if the person on the call assures you that they are safe. - Be careful on social networks and platforms where you communicate with other people. - And if you are a developer, don't launch other people's projects)

Funds that cannot be recovered even by the owner if the key is lost are truly secure. In other cases, everything is in the hands of the project you have entrusted with storage. I saw in the project documentation how securely they store my keys. And how they send my key for storage without any encryption. For these reasons, I only use self-storage solutions.

It's an endless war between the sword and the shield. When someone came up with the idea of measuring a product's success by volume, products appeared that began to inflate volumes. I think that if we come up with other metrics, the founders will come up with new approaches to increase them. You say that it is very cheap to fake. But that is only for one reason - it is a fundamental indicator. Many founders thought about how to fake it. And, as you can see, they succeeded.

So, these are two sides of the same coin. If you create a more anonymous and confidential application, you should be prepared for the emergence of fraudsters. You can add verification and validation badges for real profiles. This can be a good solution for public persons and an approach that does not affect private persons. But if your company's management believes that you should start selling verification as something useless, you should come up with other ideas for verification, such as the solution described in the previous post. I don't think this is critical for privacy, but it may be a step in the wrong direction.

Even if it really is done by AI, it takes several hours to write prompts and correct the results of the AI's work. Unfortunately, that's the reality. AI is still helpless, and without detailed description and verification by a person with technical knowledge, the result will be terrible. However, being the only person with technical knowledge is not enough nowadays. To be a sought-after specialist, you need to actively delegate routine tasks to Ai.

A notable example of the centralized future we saw today. A major outage at Cloudflare and, as a result, an internet blackout. Apps such as X, Spotify, OpenAi, and others were unavailable until Cloudflare restored service. How is this possible? Cloudflare is a CDN, DNS, security tool, and router. For those who don't know what CDNs, DNS, and routers do: it means that when you type a website address into the address bar and press Enter, the website is first prepared in Cloudflare, and then you see the website. And in the chain “you -> Cloudflare -> website,” Cloudflare wasn't working. What if we had a decentralized communication model? In that case, this would not have happened. But for now, we continue to use Cloudflare as a powerful product with no worthy alternatives, especially decentralized ones. In a sense, we are hostages to the current centralized system. Will this change in the near future? We'll see.

In addition to the story about the vulnerability of crypto products. If everything is more or less clear with smart contracts - you can request an audit from professionals and rest assured. In the case of server and client infrastructure, questions arise — many devs ignore them or do not consider them a vulnerability. However, recent hacks show that even if the packages used by the frontend are infected, they can already cause a lot of problems. Therefore, if you don't want to order an audit, I can recommend https://t.co/1DhzJQ68VQ And, of course, stay connected on Twitter😅