I felt that captcha is over when I struggled to solve microsoft rotating planet captcha when I tried to restore account there. It looked like those IQ test questions.
Readit Newsdrog commented on CAPTCHAs are over (in ticketing) behind.pretix.eu/2025/05/... · Posted by u/pabs3
I've been using my own telegram -> ai bot and its very interesting to see what others do with the similar interface.
I have not thought about adding memory log of all current things and feeding it into the context I'll try it out.
Mine is a simple stateless thing that captures messages, voice memos and creates task entries in my org mode file with actionable items. I only feed current date to the context.
Its pretty amusing to see how it sometimes adds a little bit of its own personality to simple tasks, for example if one of my tasks are phrased as a question it will often try to answer the question in the task description.
drog commented on Csvlens: Command line CSV file viewer. Like less but made for CSV github.com/YS-L/csvlens... · Posted by u/ingve
One of the things that greatly improved my csv workflow is duckdb. It’s a small binary that allows querying csv with sql.
>There is no designated class of slashers.
Not true. In your defence, I also only learned this today.
https://docs.prylabs.network/docs/prysm-usage/slasherhttps://lighthouse-book.sigmaprime.io/slasher.html
I know about that but thanks for your comment - I’ll clarify what I mean.
It’s just the specifics of how this works - slashing is part of the protocol in the sense that I described: when you are chosen to create a new block and you have proof that someone violated the rules then you include this proof in your proposed block and update balance. Any validator can do it including the smallest of home stakers.
More details here. https://github.com/ethereum/annotated-spec/blob/master/phase...
Here we have slashing fields in the block body where you insert your proofs of slashable offense. There are functions with a “slash” in the name that describes precise state transition.
The hard part of slashing is finding these proofs because you have to do more work than necessary to detect slashing and produce proofs - that’s what this software does. It’s more expensive to run a slasher but you need only one and it does not matter who runs it, anyone can run it. The link that you sent says that this slasher broadcasts proofs by default - that way anyone can include it.
Is it incorrect to say that ethereum is now entirely centralized with some extra steps?
Like, you have this proof of stake thing, but the only reason it works is because there's just a small number of validators, which is just going to be the ethereum foundation and friends.
edit: putting this at the top because nobody is responding on topic. I am NOT talking about the class of people who stake 32 eth to validate nodes. I am talking about the class of people with the ability to declare that the people with stakes did not validate correctly and therefore lose their stakes. My understanding is that this is a very small number of people and is mostly just the ethereum foundation.
edit edit: The term for this class is apparently called slashers, not validators.
There is no designated class of slashers.
Slashing is part of the protocol and to slash somebody you have to prove it to the protocol that they broke rules of slashing. One of the rules is that you can't create two different blocks in the same slot (block number) i.e. you can't deliberately fork.
There is a designated place in the block of the beacon chain where you can put signatures of the different blocks in the same slot as a proof and nodes will slash validator that produced that signatures (update his balance). Anyone can find these signatures, and block proposers of the new blocks will include them into the chain.
Running a small validator is much riskier than being a small miner. If you're running a validator and have network downtime or any operational issues, you risk losing funds (the inactivity leak[1]). If you're mining and you have downtime, your only downside is the opportunity cost of not mining any blocks while you're offline.
[1]: https://eth2book.info/altair/part2/incentives/inactivity
No.
Inactivity leak is an emergency measure to restore liveness when the network stops finalizing blocks. It happens when >33% of validators are offline(WW3 scenario), major bug in widespread implementation, etc.
Your link explains that.
ETH2 is friendly to home stackers - you may lose some profit by being offline sometimes, and in the worst case minor penalties are applied.
EDIT: If you are interested in a much better description of what happens if you are offline, see this:
https://eth2book.info/altair/part2/incentives/penalties
Some points from the link:
- penalties =/= slashing
- If you are online > 42.5% of the sime - you are earning profits
drog commented on Nomad drained of $150m due to a coding mistake twitter.com/samczsun/stat... · Posted by u/onion2k
Apparently the coding mistake was identified and deemed "impossible to exploit": https://certificate.quantstamp.com/full/nomad
> QSP-19 Proving With An Empty Leaf
> Recommendation: Validate that the input of the function is not empty
> The Nomad team responded that "We consider it to be effectively impossible to find the preimage of the empty leaf".
> We believe the Nomad team has misunderstood the issue. It is not related to finding the pre-image of the empty bytes. Instead, it is about being able to prove that empty bytes are included in the tree (empty bytes are the default nodes of a sparse Merkle tree). Therefore, anyone can call the function with an empty leaf and update the status to be proven.
That's common misinformation. The issue discussed in the review has no connection to what happened, and the narrative that it is the same issue, but it became exploitable after the update is incorrect too. It affects different part of smart-contract logic. Yes, it's pretty close at a glance—because you have zero-by-default problem somewhere close to Merkle tree.
drog commented on What is a programmable programming language? (2019) hiphish.github.io/blog/20... · Posted by u/behnamoh
Lisp advocacy (for the last few decades) is always about how you can write anything in 10 lines of macros, but I never see anyone discuss security or whether the result actually does what you meant it to do.
Smaller programs are easier to understand and often you can be sure that they are correct just by looking at them.
Macros allows you to decompose and simplify problems in a way that is impossible with functions. Macros are especially good at removing boilerplate and writing syntactic glue code.
Since macros are programs making sure that they do what you meant them to do you can use similar techniques as you use for other programs: making them small and obvious, testing.
And then someone will guess that the school administrators password is “StudentsSucks2022” and steal all the private keys they left in their documents folder.
You are correct, but I think "identity based encryption" protocols can run in MPC mode.
Multiple parties will generate distributed secret that will be used to generate private keys. Anyone can easily generate public key for any identity (e.g. email) for the given "key generator" setup using public data of this setup. But for a user to get their private key, they need to assemble secrets by proving their identity to multiple independent parties - you have to hack every one of them to restore the private key of user.
This protocol has some downsides - if you share the link with large adversarial group (e.g. your school) they can brute force your crush name and it’s basically no different then embarrassingly shouting out your crush name in public and it has problems with canonical names.
Instead we can alter it and fix this problems: Bob will find out his crush’s public key, encrypt "you are my crush" message to it and post it with his own signature to public bulletin (blockchain can be good shelling point). When crush decrypts message they will see proper string, while everyone else will see gibberish.
- to solve problems with key distribution we can use "identity based encryption". it requires trusted third party (e.g. school administrators) but it solves problem for key generation of participants. With identity encryption bob can encrypt message to some canonical identity such as school email. Owner of that email can prove it’s identity to the third party and receive corresponding private key.
Thanks to other people pointing out, I now see that there is still a fundamental problem — crush can see that you appointed them to be your crush without liking you back, and the solution is that:
1) everobody precommits to your crush set in advance
2) users use mpc protocol that will ensure that your crush reveals if both of you precommitted to each other. (I guess it's similar to "Yao millionaire problem" where two parties calculate "x < y" without revealing x and y. but you calculate "x == y" where x and y is values that you committed to previously and you dont reveal x and y)
Previous variant does not need any blockchain because you can just embed encrypted message to the web page similarly to the original hash variant (really it's the same as sending private message to your crush) but MPC variant probably needs blockhain because that's a perfect way to publicly precommit to something.
Note: there is still the possibility that you can precommit to "x is my crush" without x being your real crash to lure out if you are crush of x.
P.S. I think that's a good illustration of a service that can't be done without crypto and have similar properties.