2074
Dan Finlay 🦊
@danfinlay #2074
co founder of @metamask . Making computers behave for us.
252220 Follower 191 Following
Going to share a little update related to my security incident Monday. Going to keep it terse for now, because I still have work to do, to fully put my mind at ease, but a few things I wanted to get out there for others, and I now have secured danfinlay.com to a degree where I no longer feel threatened by some self righteous sysadmins.
Ok, well I've rotated my FC signer here. I *should* be rid of co-residents in this account for the moment.
Thanks to the FC team for helping me speed through the recovery process despite some complications.
This is an extremely concerning security incident to me, and I'll be doing my best to identify how it happened.
Thanks to the FC team for helping me speed through the recovery process despite some complications.
This is an extremely concerning security incident to me, and I'll be doing my best to identify how it happened.
Deleting my initial groggy sign-on where I shame people for following screenshots. It sounds like my warpcast account posted some memecoin this morning. Still investigating how.
I'm really sorry if you were taken by that, I'll do my best to figure out what happened. https://warpcast.com/danfinlay/0x2f2a2e3b
I'm really sorry if you were taken by that, I'll do my best to figure out what happened. https://warpcast.com/danfinlay/0x2f2a2e3b
2074
Dan Finlay 🦊
@danfinlay·16:22 20/01/2025
Hi, just woke up here, I currently have Flu-A. People are saying there was a verifiable FC post from my account. Any WC protocol sleuths who can help me identify the exact signer that sent it (would sure be nice if these were device linked), I'd appreciate it.
Hi, just woke up here, I currently have Flu-A. People are saying there was a verifiable FC post from my account. Any WC protocol sleuths who can help me identify the exact signer that sent it (would sure be nice if these were device linked), I'd appreciate it.
My friend called MJF "The best heel in wrestling", and he's a New York Jewish boy?! And he got the crowd angrily chanting "Santa" at him?!?!?! Incredible.
https://www.youtube.com/watch?v=DSVh-_kXhhA&themeRefresh=1
https://www.youtube.com/watch?v=DSVh-_kXhhA&themeRefresh=1
I will not be baited into diverting my focus in the interest of a WC leaderboard.
I will not be baited into diverting my focus in the interest of a WC leaderboard.
I will not be baited into diverting my focus in the interest of a WC leaderboard.
I will not be baited into diverting my focus in the interest of a WC leaderboard.
I will not be baited into diverting my focus in the interest of a WC leaderboard.
Evm nerds unite: Reduce the cost to deploy a new SCA by up to 20x by solving this one weird puzzle!
2074
Dan Finlay 🦊
@danfinlay·17:23 19/12/2024
My current solution requires a commit-reveal scheme (two transactions). I'm not sure it's possible to achieve this in a single transaction.
Ok, weird hackenstein way to reduce the cost to deploy a new smart contract:
Use EIP-7702 AUTH instead of deploying a smart contract using Nick's Method. Nick's Method allows an AUTH from a key that doesn't exist. That means 7702 provides an EVM-layer proxy contract alternative at around 1/10th the cost.
Use EIP-7702 AUTH instead of deploying a smart contract using Nick's Method. Nick's Method allows an AUTH from a key that doesn't exist. That means 7702 provides an EVM-layer proxy contract alternative at around 1/10th the cost.
I've been signed out of my twitter account on all devices. My password has been changed, and I am not receiving password reset emails. No unusual activity from the account yet, but I'm concerned what it may lead to. Don't believe anything that account says until this + my Bluesky account says otherwise. https://bsky.app/profile/danfinlay.com
There's no excuse to leave critical JS infrastructure this vulnerable to supply chain attacks, thanks to LavaMoat from @metamask.
Hasn't been for a few years, but if it takes a big hack to get you to think longer term, then I recommend you seize the opportunity:
https://github.com/LavaMoat/LavaMoat
Hasn't been for a few years, but if it takes a big hack to get you to think longer term, then I recommend you seize the opportunity:
https://github.com/LavaMoat/LavaMoat
862100
anon
@superanon·17:32 04/12/2024
what do we all think about the /solana supply chain attack? https://paragraph.xyz/@bytebot.eth/the-solana-web3js-supply-chain-attack
GitHub - LavaMoat/LavaMoat: tools for sandboxing your dependency graph
tools for sandboxing your dependency graph. Contribute to LavaMoat/LavaMoat development by creating an account on GitHub.
github.com
Spritely has a unique and powerful approach to the social decentralized web. One where privacy and programmable interactivity are both first class citizens.
A nonprofit with no VC baggage, publishing FOSS, looking to find the supporters who will help make its mission possible.
https://spritely.institute/donate/
A nonprofit with no VC baggage, publishing FOSS, looking to find the supporters who will help make its mission possible.
https://spritely.institute/donate/
How about an anonymity pool for the anonymity feed curators?
Andreesen sure wants listeners to believe Bluesky is completely homogenous. There is definitely a large cluster of what he describes, but it sure isn’t one culture.
Gratitude to all this passing stuff
Last night I created an experiment on Farcaster that went farther than intended. What started as platform research revealed deeper truths about incentives, boundaries, consent, and human impact in web3. Some important lessons and thoughts on building better systems: https://blog.danfinlay.com/meme-tokens-and-consent/
Ok so the increasingly noisy anon casts can quote tweet you and it makes it to the "priority" feed?
If I just had good control of my own notifs & feed It'd be fine. The current notification system here is well situated for amplifying abuse, and abusive people here seem to know it.
If I just had good control of my own notifs & feed It'd be fine. The current notification system here is well situated for amplifying abuse, and abusive people here seem to know it.
Shout out to the Clanker team for being open when receiving frustrated feedback.
It's easy to seize up when someone is having negative emotions with your product. It's easy to mix up the thing you've poured love into with yourself. It's really important we builders all practice making that distinction.
It's easy to seize up when someone is having negative emotions with your product. It's easy to mix up the thing you've poured love into with yourself. It's really important we builders all practice making that distinction.
I am comparing the WC vs SOL memecoin experiences. Two tokens named CONSENT. Only one will win:
https://pump.fun/coin/5dSqxyEpAYwp7rAS6ocwmgyZqYKdeyNjWchwr91fpump
https://www.clanker.world/clanker/0x38AEe4574c260855914d9E19221cf4C10B016051
https://pump.fun/coin/5dSqxyEpAYwp7rAS6ocwmgyZqYKdeyNjWchwr91fpump
https://www.clanker.world/clanker/0x38AEe4574c260855914d9E19221cf4C10B016051
Consent to view this coin (CONSENT) - Pump
Dan Finlay 🦊 avatar danfinlay 25m @clanker please create a token called “Consent to read this”. Ticker $CONSENT. It’s about the ambiguous consent of sharing information with expectations of an effective intellectual property regime in an age of ubiquitous AI. Token holders are granted consent to use this post to train AI.
pump.fun
Consent to read this | clanker world
Check out Consent to read this from clanker world
www.clanker.world
Here's how anoncast is going to go:
It's going to be fun and edgy for a while, and then people are going to realize that it makes slander free, and it will get noisy and useless and then people will unfollow it because it isn't high enough signal.
It will be more meaningful to say `anon of ${KNOWN GROU} says:`
It's going to be fun and edgy for a while, and then people are going to realize that it makes slander free, and it will get noisy and useless and then people will unfollow it because it isn't high enough signal.
It will be more meaningful to say `anon of ${KNOWN GROU} says:`
I'll be honest, this was a crap experience:
1. Getting raced by 200 bots to my own token is just rug-city, obviously. Maybe let issuers deposit initial funds?
2. Uniswap doesn't even show MM as a mobile login option on its widget 🫠
1. Getting raced by 200 bots to my own token is just rug-city, obviously. Maybe let issuers deposit initial funds?
2. Uniswap doesn't even show MM as a mobile login option on its widget 🫠
@clanker please create a token called “Consent to read this”. Ticker $CONSENT.
It’s about the ambiguous consent of sharing information with expectations of an effective intellectual property regime in an age of ubiquitous AI.
Token holders are granted consent to use this post to train AI.
Image should be:
It’s about the ambiguous consent of sharing information with expectations of an effective intellectual property regime in an age of ubiquitous AI.
Token holders are granted consent to use this post to train AI.
Image should be:
I hope I don't get shadowbanned for this, but Bluesky got a lot better since the recent influx. A lot of freshly inspired content producers from a lot of different disciplines.
And then the intersections are also unbeatable. Geth Peter talking to Mastodon Christine about Spritely? Goddamn.
And then the intersections are also unbeatable. Geth Peter talking to Mastodon Christine about Spritely? Goddamn.
fc culture going like
I asked this here in part because LLMs were failing, not because I lacked access to them. If your LLM reply bot isn't doing something fantastically unique to enhance its answers, it's probably a waste of your cloud compute credits.
2074
Dan Finlay 🦊
@danfinlay·21:35 21/11/2024
Has anyone written eth contracts where one token is continuously minted to the holders of another token? I know the GNO/OWL pattern (which only works when staked). Seems like doing it safely requires meticulous, maybe UTXO-like tracking of proportions & flow rates change. Any efficient solutions?
Has anyone written eth contracts where one token is continuously minted to the holders of another token? I know the GNO/OWL pattern (which only works when staked). Seems like doing it safely requires meticulous, maybe UTXO-like tracking of proportions & flow rates change. Any efficient solutions?
The problem with modern smart home tech is that it all presupposes that no wiring is available: all communication must be wireless.
This makes the whole thing unreliable and laggy, and is a crap long-term assumption. It makes the modern smart home tooling not worth using while it matures towards... more same.
This makes the whole thing unreliable and laggy, and is a crap long-term assumption. It makes the modern smart home tooling not worth using while it matures towards... more same.
This is not a possession for a loose affiliation of internet randos. This is an asset about access and timing. You need to be able to respond as soon as the bat signal goes off (any one of you, different signals to respond to), and so ideally you share a proximity and have independently spontaneous reasons to benefit from access to such a vehicle. I just don't think you can rando together the idea purchasing community. One rogue agent and the crew loses its tumbler.
60
Brenner
@brenner.eth·04:49 15/11/2024
What part of the cycle do we need to be in for a DAO to buy one of these
hear me out: antibiotic resistant probiotics
Anyone else experience that 1Password passkeys never seem to work? Getting shoved into tying your crypto to your mobile OS for backup feels like an enshittifying lock-in accelerant.
Want to make sure a kid is staying hydrated to beat the heat? Try feeding them some spicy food!
Debugging is like a video game where the victory screen for each level is seeing a different error show up. The princess has moved to another castle, indeed!
WC feedback:
I had a moment where I opened Warpcast, moaned "nooo.." and closed the tab.
The reason: It was all posts I'd seen before.
Keeping the feed fresh might be key to re-engagement. Once I've seen what my following is saying, I'm definitely happy for it to start to dredge a bit. Better than old stuff.
Maybe this is a fringe issue bc I follow too few? Surely a newcomer issue too, at least.
I'd have narrow-casted this to a feature request channel if you didn't want me spamming criticism.
I had a moment where I opened Warpcast, moaned "nooo.." and closed the tab.
The reason: It was all posts I'd seen before.
Keeping the feed fresh might be key to re-engagement. Once I've seen what my following is saying, I'm definitely happy for it to start to dredge a bit. Better than old stuff.
Maybe this is a fringe issue bc I follow too few? Surely a newcomer issue too, at least.
I'd have narrow-casted this to a feature request channel if you didn't want me spamming criticism.
LLMs can be reliable as their context window.
Gold in, gold out.
The core skill needed will increasingly be gold sifting, at a time when the whole internet has specialized in sludge distribution.
Gold in, gold out.
The core skill needed will increasingly be gold sifting, at a time when the whole internet has specialized in sludge distribution.
@depatchedmode what's that one secure UX flow chart you've shared where it is a spectrum of friction severity levels based on things like whether the action can be taken back easily?
This book threads a miraculous needle between covertly retelling the story of Alien (for the parent) and teaching a child the alphabet. Excellent work.
I love this. It makes perfect sense that there's no free lunch, even from the tides. The moon's distance like a battery charge.
7237
Thomas
@aviationdoctor.eth·09:49 21/09/2024
When I was a kid, I had the idea of drawing energy from the tides and thought I might have cleverly invented a perpetual motion machine, because hey, free energy forever.
But of course, the downside is that the device pulls energy from the Earth-Moon coupling, contributing ever so negligibly to the Moon pulling away from the Earth (right now, by about one inch per year).
That’s how I learned there’s not free lunch and the laws of thermodynamics are as inescapable as death, taxes, and @july casting interesting content
But of course, the downside is that the device pulls energy from the Earth-Moon coupling, contributing ever so negligibly to the Moon pulling away from the Earth (right now, by about one inch per year).
That’s how I learned there’s not free lunch and the laws of thermodynamics are as inescapable as death, taxes, and @july casting interesting content
What’s your favorite way to get a steppable simulation of a tx that has occurred on an evm chain?
Fantastic year, and the team just keeps cooking. I especially loved the features that caught me by surprise, like supporting JSX for rendering custom UI, and supporting permissionless installation for many snaps.
But really what I love is how it's accelerating all sorts of development, in and outside of our company. Year 2 is going to be even more fun.
But really what I love is how it's accelerating all sorts of development, in and outside of our company. Year 2 is going to be even more fun.
4275
Christian Montoya 🦊
@m0nt0y4·14:56 12/09/2024
Today is the 1 year anniversary of the launch of the MetaMask Snaps platform. To say that the past year has been a whirlwind experience is an understatement. Time for a thread! 🧵
Guile Hoot 0.5.0 is probably the most performant, meterable, safest to write language to ever become trivially executable in the browser. It deserves to spark a modularity renaissance.
It is a strong answer to "how to give an AI agent limited permissions that are also dynamic?" People have no idea.
https://spritely.institute/news/guile-hoot-v050-released.html
It is a strong answer to "how to give an AI agent limited permissions that are also dynamic?" People have no idea.
https://spritely.institute/news/guile-hoot-v050-released.html
2074
Dan Finlay 🦊
@danfinlay·19:06 07/09/2024
"I want to improve this software with one feature but not inherit the whole codebase or have to hard fork its community" is the major social challenge that a good monetized plugin system solves. Commoditize plugin systems. Hoot 0.5.0 is an exciting step forward. https://spritely.institute/news/guile-hoot-v050-released.html
Guile Hoot v0.5.0 released! — Spritely Institute
spritely.institute
Dad: Earth Wind & Fire, Mom: The Beatles, Me (semi-chronological): Pearl Jam, Green Day, Radiohead, Rancid, Sublime, Operation Ivy, Link 80, Skankin' Pickle, Slow Gherkin, Fifteen, Streetlight Manifesto, Eyedea, Sage Francis, Buck 65, Bob Dylan, Talking Heads, Captain Ahab, Cloud Cult, David Bowie, Brian Eno.
2600
depatchedmode
@depatchedmode·17:34 04/09/2024
Battles, Deerhoof, Digable Planets, Ex Eye, Boards of Canada, Dungen, Ozomatli, Lil Simz, Goblin, Devo, Lady Wray, Goat, Canned Heat, ESG, Juana Molina, CAN, Del The Funky Homosapien, Beastie Boys, Harry Nilsson, Beak>, Marie Davidson, Sneaks, DJ Nigga Fox, Shabazz Palaces, Blonde Redhead, Gang of Four, J Dilla, Women
What if a site wants to manage a key directly, but have it derived from the user's wallet? This seems like a growing use case with embedded wallets. Should we have a method that just passes sites keys that are generated deterministically to their domains?
https://ethereum-magicians.org/t/wallet-getexposedappkey/20958
https://ethereum-magicians.org/t/wallet-getexposedappkey/20958
Happy Labor Day, folks. Amazing how much people have managed to organize to protect themselves in the face of the mill of economics. I wonder how much further people might negotiate their positions given more ideal coordination tools.
People throwing around "proof of personhood" like it's a problem that has already been solved, or is trivially solved.
I can't shake the feeling we've done our people wrong by letting this stuff slide.
Is it too late to adopt a culture of being specific about the solutions we're referring to?
I can't shake the feeling we've done our people wrong by letting this stuff slide.
Is it too late to adopt a culture of being specific about the solutions we're referring to?
🌎 🧑🚀 🔫 🧑🚀
16085
Samuel ツ
@samuellhuber.eth·19:28 31/08/2024
We have the tools to slash abusive bots/accounts! Let's do it!
5650
Vitalik Buterin
@vitalik.eth·05:20 30/08/2024
Yay https://ethresear.ch/t/conditional-proof-of-stake-hashcash/1301 is finally happening!
Would love to see this.
Would love to see this.
Was thinking about what I play board games for (fun + collecting mechanisms and their intuitions), in light of what I hope those mechanisms can do (empower the disadvantaged), and it started making me wonder if you could make a board game where:
1. Players start with deliberately unfair distribution of points/resources.
2. Resources could be purchased directly from other players at agreed/colluded prices.
Could we start a genre that develops the muscles for coordinating under severe imbalance? Seems like it could develop more relevant skills than the normal ("zero to win") type games today.
1. Players start with deliberately unfair distribution of points/resources.
2. Resources could be purchased directly from other players at agreed/colluded prices.
Could we start a genre that develops the muscles for coordinating under severe imbalance? Seems like it could develop more relevant skills than the normal ("zero to win") type games today.
I think it’s awesome to create avenues for people to start small cottage businesses, yes even with a little warning on the label.
4698
ȷď𝐛𝐛
@jenna·10:58 28/08/2024
In the ongoing dance btw freedom vs safety. Yes, in Vermont you can sell food from your home kitchen, but with this label:
“‘Made in a home kitchen not inspected by the Vermont Department of Health.’ It must be printed in at least 10-point type and a color that contrasts with the background of the product’s label”
https://vtdigger.org/2024/08/26/new-vermont-food-labeling-rule-raises-concern-among-some-purveyors-of-homemade-food/
“‘Made in a home kitchen not inspected by the Vermont Department of Health.’ It must be printed in at least 10-point type and a color that contrasts with the background of the product’s label”
https://vtdigger.org/2024/08/26/new-vermont-food-labeling-rule-raises-concern-among-some-purveyors-of-homemade-food/
The bots will never be this easy to detect again.
