Olivia
Online
Vyacheslav
@thought_sync
Weaponized curiosity. CTO @
Riga, Latvia
Joined March 2010
366 Following
1.2K Followers
13.8K Posts
The EU age verification app is presented as “completely anonymous”. But the risk is that member states (the countries are supposed to create their own versions of the open-source EU app) use it to introduce identity verification that makes it impossible to post anonymously on social media.
The idea behind “completely anonymous” is to use Zero-Knowledge Proof (ZKP) cryptography to break the link between the age credential issuer (EU governments) and the regulated services/sites. Currently, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model. Even if fully developed ZKP technology could be implemented in the future, it would remain an optional extra feature that countries may choose to disable and that the EU could remove at any time.
This means that the EU could decide at any time that ZKP may no longer be used, and in one stroke the app would fall back to its default mode, meaning that every post on social media carries an ID tag. By that point, an infrastructure will already have been rolled out; people will have gotten used to it, and it will be harder to roll it back.
More details on https://t.co/wTVKHMS1zg
Тяжелейший аспект жизни в Париже: люди, которые не живут в Париже постоянно рассуждают о том, как живется в Париже. Например, из городов с худшей статистикой убийств, чем в Париже.
Одна из главных причин, почему я выбрал жить в Аргентине - что здесь безопасно и общество живёт в социальной гармонии.
Вот к примеру, как отпраздновали вчера победу ПСЖ в Париже:
https://t.co/hKxSoV2lox
И вот, как в Буэнос-Айресе отпраздновали победу нашей сборной на чемпионате мира в 2022 г:
https://t.co/JKB3n9fF8b
На улицы вышло 5 миллионов человек и ни одной разбитой витрины или сожжённой машины.
Мне очень важно, чтобы мои дети могли безо��асно гулять по улицам, в том числе, когда ��арод массово выходит на улицы по разным поводам. Мы финал смотрели на улице. И тут же все аргентинцы бросились праздновать и гулять. Я был абсолютно спокоен. В Париже я, конечно, в день игры местной сборной детям идти на улицу праздновать не разрешил бы
@headinthebox Yeah, I’m just using pi agent and you can configure ANYTHING
My first real contribution to ethereum spec (execution-apis) https://t.co/s8qLNZall4 I'm really impressed with the level of coordination and support from eth client developers. Really big thanks to https://t.co/UNXfR2GRzi
Who to follow
Maria Prosvirnina
@prosvirnina12
Кудрявый деврел и немножко путешественница ☺️ ex-Frontend lead. Вела Веб-стандарты, организовывала Frontend conf
Polina Gurtovaya
@pgurtovaya
Occasional frontend, recreational wheel-reinventing, and dusty tomes on ancient tech
@[email protected]
@andrey_sitnik
Создатель PostCSS и https://t.co/hUfegeuR3I. Пишу про Барселону, Local-First, кинки-события, языки.
🦋 @ru.sitnik.es
In English: @sitnikcode
@antirez But I’m using it for other stuff mainly for async long running tasks, where latency is not important.
@antirez I’m trying your inference engine on my M3 ultra. It works great for inference, however I still kind of think until prefill can be significantly faster it’s not really reasonable to use local models for coding. Now it takes too much time to load files etc into context
@antirez Is it possible to try out your inference engine!?
Add a 7-day dependency cooldown.
uv's `exclude-newer` refuses any version published inside a rolling window. With 7 days set, today's malicious uploads would not be considered for resolution at all.
Most malicious uploads are caught within that window.
@antirez Doesn’t mean Europe should stop investing in LLMs even though weak ones
@paulg Wow, US airlines must suck so bad that traveling 15 hours is better than 2 hour flight
We got a lot of requests to bring this back to life, and as promised, it's live now! https://t.co/gNoQQJrclU
If you build a mission-critical dApp, or if part of your functionality is super fragile to RPC poisoning, please use the Verification feature from dRPC via NodeCloud or NodeCore; there is no excuse not to use it, and you can't say, after yet another hack, that you were not aware of this.
@banteg Well if they had quorum 2 of 3 and all others were DDoSed quorum wouldn't help, but I think it's easy to have 3/4 etc, which would prevent it. We actually built PoC years ago, but 0 intereset from clients https://t.co/gsqFXTREWA
@0xngmi 3. For a lot of methods (e.g, eth_getLogs, which is very widely used for bridges) its impossible to have locally verified data due to the fact that you can prove inclusion, but not omission.
4. Its REALLY slow, that's why almost nobody uses it in production
@0xngmi Unfortunately, reality is far more complicated.
1. Ethereum itself has pretty nice light client support (could be improved further though), however most of L2s have almost none.
2. eth_getProof method on most of the clients is almost broken, unfortunately nobody talks about it.
In dRPC you can run a quorum of data providers, including internal nodes, with custom rules for quorum. We made it in 2023: https://t.co/5K8YgG6z3K. For a mission-critical application like a bridge or oracle, there's no excuse not to set it up. But they didn’t.
The framing of the recent KelpDAO and LayerZero incidents as some novel attack vector, or the work of meaningfully smarter attackers, is mostly wrong. The actual failure mode - applications trusting a single RPC endpoint to return honest data - has been discussed openly for years, by @VitalikButerin, @lomashuk, @MicahZoltu, @wagmiAlexander, @ChainLinkGod, @banteg, and many others. It is neither new nor subtle. A closely related failure happened in 2022 with the Ankr DNS hijack on Polygon and Fantom: https://t.co/MYUn9vdXui
The point here isn't ideological. In a 24/7 market where automated systems act on RPC responses in real time, assuming one provider will always return correct data is a system-level risk. There is no T+2 window in which a human notices the error and reverses it.
When we launched dRPC, cross-verification across a permissioned set of RPC providers was the core idea. The original repo and docs are still up (although outdated since then):
-https://t.co/5K8YgG6z3K
- https://t.co/rMMaul9HJW
We used a simple quorum rather than zk-based verification, partly to test real demand before overbuilding. Two observations from that period:
1. The demand was not there. In public, everyone agreed with the thesis. In private, the responses were "we are not ready to pay more for quorum," or "yes, we could apply it to sensitive paths only, but it's not a priority."
2. The risk was real. The market is now discovering this at a cost of roughly $250M.
Because full cross-verification on every request is overkill for most workloads, we eventually shifted toward shadow checks — randomized background comparisons across providers that detect and eject unhealthy nodes before they serve meaningful traffic. This is a reasonable compromise for general workloads. It is not a substitute for quorum on sensitive paths.
So the practical rule, for anyone building infrastructure whose failure mode is user funds:
1. Use at least 3–5 independent, reliable RPC providers.
2. Do not build your load balancer on training wheels. Something like https://t.co/pJDU21rKi4 is open source, free, and almost certainly better than what you would build in-house. Contributing to it is a better use of time than reinventing it.
You cannot defend against every possible attack. But this particular class is avoidable at low cost, if you are willing to treat RPC as a system-level dependency rather than a commodity input. That is a reasonable bar for anything meant to serve more than a narrow circle of users.
We will update the dRPC NodeCore (https://t.co/pJDU21rKi4) with strict rules for quorum on your side in the near future, stay tuned. If you have more sophisticated requirements for security, we are fully open for your requests - feel free to each me our via DM here or by email [email protected]
@kellabyte @ashoKumar89 My first thought would be how to do it without interruptions, and it required scaling past 1 server
For years my journalist friends complaint that everybody taught them what is journalism, because everyone consider themselves “some kind of journalist” and because “everyone can write text”. Now when everyone is a coder I finally understand how that feels.
Canceled ChatGPT subscription. Kudos to Anthropic for standing for at least some of our freedoms. I’ll be using it more.
@SatiataOff @brain_slug Так что если поставить себе цель в жизни как разнообразие разных позитивных эмоций и опытов, то дети явно должны быть где-то в списке.
@SatiataOff @brain_slug Ну если все это рационализировать, то ситуация простая:
1. Жизнь бессмысленна
2. Есть набо�� ощущений и чувств, которые ты можешь получить только каким-то уникальным образом и никак иначе. И мне кажется, что дети это один из таких примеров. Но как и у всего есть негатив.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers