8501
Pawel Pokrywka
@pawelpokrywka #8501
Privacy, security, cryptography.
Here is my blog:
https://www.pawelpokrywka.com/
125 Follower 335 Following
Just received $3 from Warpcast. I like it!
I made a little web demo that bends your idea of what “offline” really means.
Chrome + SXG + a few tricks = surprising results.
Try it yourself:
🔗 https://planujemywesele.pl/sxg-tests/offline-abuse
Chrome + SXG + a few tricks = surprising results.
Try it yourself:
🔗 https://planujemywesele.pl/sxg-tests/offline-abuse
Signed Exchanges enable instant loading, but hidden, often undocumented prefetching errors can break it.
In my latest post, I uncover these pitfalls and how to fix them so you can implement SXG without surprises.
Read it here: https://blog.pawelpokrywka.com/p/other-errors-with-signed-exchanges
In my latest post, I uncover these pitfalls and how to fix them so you can implement SXG without surprises.
Read it here: https://blog.pawelpokrywka.com/p/other-errors-with-signed-exchanges
Are privacy pools effective?
What prevents Lazarus to first move stolen funds to Tornado Cash, then slowly release them to multiple new accounts and later deposit to Railgun from those accounts?
What prevents Lazarus to first move stolen funds to Tornado Cash, then slowly release them to multiple new accounts and later deposit to Railgun from those accounts?
Saying to yourself "I'll do it tomorrow" without setting explicit reminder (such as calendar alert) or having implicit reminder (the car being dirty reminds to clean it everytime you use it) means "I won't do it".
1/6 Tried @transak Offramp Stream - looks promising but had multiple issues. First deposited $2 - no email confirmation or bank transfer. Later learned amount was too small, but they should've notify me.
More deployments = more errors?!
SXG makes websites load instantly for Google-referred users—but something went horribly wrong.
- Errors moved around randomly
- Deploying more made it worse
The culprit? Hidden cache.
Part 5 of the SXG series is live!
https://blog.pawelpokrywka.com/p/debugging-complex-signed-exchanges-subresource-issue
SXG makes websites load instantly for Google-referred users—but something went horribly wrong.
- Errors moved around randomly
- Deploying more made it worse
The culprit? Hidden cache.
Part 5 of the SXG series is live!
https://blog.pawelpokrywka.com/p/debugging-complex-signed-exchanges-subresource-issue
Part 4 of the SXG series is here!
SXG makes websites load instantly for Google-referred users, even in airplane mode. But mutable subresources can break it—silently.
🔍 What causes it?
🛠️ How can you fix it?
Find out in the latest post.
https://blog.pawelpokrywka.com/p/fixing-sxg-prefetching-errors-caused-by-mutable-subresources
SXG makes websites load instantly for Google-referred users, even in airplane mode. But mutable subresources can break it—silently.
🔍 What causes it?
🛠️ How can you fix it?
Find out in the latest post.
https://blog.pawelpokrywka.com/p/fixing-sxg-prefetching-errors-caused-by-mutable-subresources
Hey guys now that the bull market's officially over I just wanted to extend a wholehearted thank you to everyone. I'll be deleting my telegram account and logging off. Sold everything last night and waited about 12 hours to post this - had to hold some space for myself to process everything. You guys are like brothers to me and I'm so glad that we all finally made it together this cycle. Already called my real estate agent and I've secured a plot of land in the mountains. Fully off the grid from here on. I'll miss you all but I'll always remember our time in the trenches together.
Loading...
🔥 New post in the SXG series! 🔥
Seeing CORS errors after deploying Signed Exchanges?
❌ Google won’t help.
🤖 AI will mislead you.
🔍 The real cause? Not what you think.
I break it down in Part 3 of my SXG series:
🔗 https://blog.pawelpokrywka.com/p/understanding-cors-sxg-errors
Seeing CORS errors after deploying Signed Exchanges?
❌ Google won’t help.
🤖 AI will mislead you.
🔍 The real cause? Not what you think.
I break it down in Part 3 of my SXG series:
🔗 https://blog.pawelpokrywka.com/p/understanding-cors-sxg-errors
I prepared a list of newsletters related to front-end development. Maybe it will be useful for someone here.
This website is amazing! I wish it gets the same popularity as L2Beat. Actually, it could easily be larger, as wallets are much more interesting for users than L2s.
I believe lack of privacy NOW is a strategy for the privacy in the LONG TERM. We scale, get more users by being a casino with low fees. On the next bull market we will attract also non-gamblers by offering privacy on L2s like @aztecnetwork
Loading...
What if your website could load instantly—even in airplane mode?
In part 2 of my Signed Exchanges series, I explore how prefetching subresources makes this possible for Google-referred users.
Curious? Check it out: https://blog.pawelpokrywka.com/p/subresources-prefetching-with-signed-exchanges
In part 2 of my Signed Exchanges series, I explore how prefetching subresources makes this possible for Google-referred users.
Curious? Check it out: https://blog.pawelpokrywka.com/p/subresources-prefetching-with-signed-exchanges
What if your website could load instantly—even in airplane mode?
In part 2 of my Signed Exchanges series, I explore how prefetching subresources makes this possible for Google-referred users.
Curious? Check it out: https://blog.pawelpokrywka.com/p/subresources-prefetching-with-signed-exchanges
In part 2 of my Signed Exchanges series, I explore how prefetching subresources makes this possible for Google-referred users.
Curious? Check it out: https://blog.pawelpokrywka.com/p/subresources-prefetching-with-signed-exchanges
Signed Exchanges and prefetching can transform how fast your site feels to users. Part 2 of my series is out tomorrow, but this quick demo shows what’s possible.
Loading...
Prefetching with Signed Exchanges is a game-changer for web performance. Curious how it works? Part 2 of my series drops tomorrow. For now, here's a glimpse of the potential. 🚀
8501
Pawel Pokrywka
@pawelpokrywka·16:43 12/01/2025
It’s possible for a website to load instantly, even in airplane mode. Signed Exchanges and prefetching make it happen.
Part 2 of my SXG series will be out tomorrow.
https://www.youtube.com/watch?v=BW_Hkthiawg
Part 2 of my SXG series will be out tomorrow.
https://www.youtube.com/watch?v=BW_Hkthiawg
It’s possible for a website to load instantly, even in airplane mode. Signed Exchanges and prefetching make it happen.
Part 2 of my SXG series will be out tomorrow.
https://www.youtube.com/watch?v=BW_Hkthiawg
Part 2 of my SXG series will be out tomorrow.
https://www.youtube.com/watch?v=BW_Hkthiawg
I joined Farcaster on 28th January 2023 which was 1 year, 10 months, 12 days ago.
Since then, 99.0 percent of users have joined after me
frame by @cashlessman.eth
Since then, 99.0 percent of users have joined after me
frame by @cashlessman.eth
"If Bitcoin is digital gold, Ethereum is digital Switzerland" Justin Drake
https://www.youtube.com/watch?v=thPIc-_h2ms&t=7070s
https://www.youtube.com/watch?v=thPIc-_h2ms&t=7070s
Idea: Protecting Your Validator from Attacks During Block Proposal to Prevent MEV Theft
Recently, I read a paper on validator deanonymization (linked in the last comment).
TL;DR: An attacker could find the IP address used by your validator. Then, when you're about to propose a block with significant MEV (Miner Extractable Value), the attacker can launch a cheap DoS (Denial of Service) attack on your internet connection. You would miss the opportunity to propose a block. The attacker would then DoS the next validator and repeat this until their validator is selected. This would allow them to propose a block, essentially stealing your winning lottery ticket and grabbing all the MEV.
Recently, I read a paper on validator deanonymization (linked in the last comment).
TL;DR: An attacker could find the IP address used by your validator. Then, when you're about to propose a block with significant MEV (Miner Extractable Value), the attacker can launch a cheap DoS (Denial of Service) attack on your internet connection. You would miss the opportunity to propose a block. The attacker would then DoS the next validator and repeat this until their validator is selected. This would allow them to propose a block, essentially stealing your winning lottery ticket and grabbing all the MEV.
Do you use disk encryption?
I've released a new version of cryptreboot, a tool for rebooting a Linux system with an encrypted disk that asks for the passphrase to unlock the disk before the reboot, rather than after as in case of normal reboot.
This can be useful when rebooting remote or headless systems, where entering the passphrase typically requires local access. The entire process is handled using an in-memory initramfs patching, ensuring that secrets are handled securely and never touch the disk.
Version 0.3.0 now includes native support for ZFS encryption.
I'm planning to add more features, including passphrase-less reboots, which would be particularly beneficial for desktop users.
If you'd like to try cryptreboot, here's a link. And if you've already tried it, I'd love to hear your feedback!
https://phantomno.de/cryptreboot
I've released a new version of cryptreboot, a tool for rebooting a Linux system with an encrypted disk that asks for the passphrase to unlock the disk before the reboot, rather than after as in case of normal reboot.
This can be useful when rebooting remote or headless systems, where entering the passphrase typically requires local access. The entire process is handled using an in-memory initramfs patching, ensuring that secrets are handled securely and never touch the disk.
Version 0.3.0 now includes native support for ZFS encryption.
I'm planning to add more features, including passphrase-less reboots, which would be particularly beneficial for desktop users.
If you'd like to try cryptreboot, here's a link. And if you've already tried it, I'd love to hear your feedback!
https://phantomno.de/cryptreboot
Cloudflare enabled Encrypted Hello (ECH) for all users (paid Plans need to turn it on explicitly). From now on, all the HTTPS traffic is encrypted, including website address. It makes censorship harder.
How to call homosexual mayor od French city who spends a lot of time in front of the screen?
Gay maire
Gay maire
