✨ Try hovering over any cast and click to mint it
How I think about "security": The goal is to minimize the divergence between the user's intent, and the actual behavior of the system. "User experience" can also be defined in this way. Thus, "user experience" and "security" are thus not separate fields. However, "security" focuses on tail risk situations (where downside of divergence is large), and specifically tail risk situations that come about as a result of adversarial behavior. One thing that becomes immediately obvious from the above definition, is that "perfect security" is impossible. Not because machines are "flawed", or even because humans designing the machines are "flawed", but because "the user's intent" is fundamentally an extremely complex object that the user themselves does not have easy access to. Suppose the user's intent is "I want to send 1 ETH to Bob". But "Bob" is itself a complicated meatspace entity that cannot be easily mathematically defined. You could "represent" Bob with some public key or hash, but then the possibility that the public key or hash is not actually Bob becomes part of the threat model. The possibility that there is a contentious hard fork, and so the question of which chain represents "ETH" is subjective. In reality, the user has a well-formed picture about these topics, which gets summarized by the umbrella term "common sense", but these things are not easily mathematically defined. Once you get into more complicated user goals - take, for example, the goal of "preserving the user's privacy" - it becomes even more complicated. Many people intuitively think that encrypting messages is enough, but the reality is that the metadata pattern of who talks to whom, and the timing pattern between messages, etc, can leak a huge amount of information. What is a "trivial" privacy loss, versus a "catastrophic" loss? If you're familiar with early Yudkowskian thinking about AI safety, and how simply specifying goals robustly is one of the hardest parts of the problem, you will recognize that this is the same problem. Now, what do "good security solutions" look like? This applies for: * Ethereum wallets * Operating systems * Formal verification of smart contracts or clients or any computer programs * Hardware * ... The fundamental constraint is: anything that the user can input into the system is fundamentally far too low-complexity to fully encode their intent. I would argue that the common trait of a good solution is: the user is specifying their intention in multiple, overlapping ways, and the system only acts when these specifications are aligned with each other. Examples: * Type systems in programming: the programmer first specifies *what the program does* (the code itself), but then also specifies *what "shape" each data structure has at every step of the computation*. If the two diverge, the program fails to compile. * Formal verification: the programmer specifies what the program does (the code itself), and then also specifies mathematical properties that the program satisfies * Transaction simulations: the user specifies first what action they want to take, and then clicks "OK" or "Cancel" after seeing a simulation of the onchain consequences of that action * Post-assertions in transactions: the transaction specifies both the action and its expected effects, and both have to match for the transaction to take effect * Multisig / social recovery: the user specifies multiple keys that represent their authority * Spending limits, new-address confirmations, etc: the user specifies first what action they want to take, and then, if that action is "unusual" or "high-risk" in some sense, the user has to re-specify "yes, I know I am doing something unusual / high-risk" In all cases, the pattern is the same: there is no perfection, there is only risk reduction through redundancy. And you want the different redundant specifications to "approach the user's intent" from different "angles": eg. action, and expected consequences, expected level of significance, economic bound on downside, etc This way of thinking also hints at the right way to use LLMs. LLMs done right are themselves a simulation of intent. A generic LLM is (among other things) like a "shadow" of the concept of human common sense. A user-fine-tuned LLM is like a "shadow" of that user themselves, and can identify in a more fine-grained way what is normal vs unusual. LLMs should under no circumstances be relied on as a sole determiner of intent. But they are one "angle" from which a user's intent can be approximated. It's an angle very different from traditional, explicit, ways of encoding intent, and that difference itself maximizes the likelihood that the redundancy will prove useful. One other corollary is that "security" does NOT mean "make the user do more clicks for everything". Rather, security should mean: it should be easy (if not automated) to do low-risk things, and hard to do dangerous things. Getting this balance right is the challenge.
Come join us for the monthly Earth Day @treegens Impact Concert in just a couple hours!!🤠🎶 My incredibly talented cofounder @joseacabrerav is bringing the musical Venezuelan connection, & @jimicohen is charging the Growmunity with energy & passion to get 1 billion trees planted in a single day this year!!!😎🌴💪 12pst 3est on Twitter/X https://twitter.com/i/spaces/1dKrPEEVXdQJX
0x0dc780aAfFb374D9CF36470957EEC1447c1BC536 ⬆️buy in and hodl I will share fees with $CLAIM All holders over 50 million tokens… It’s literally 0.00000023 right now 🙃
AUCTION #353 COMPLETE ✅ Winners = @sovereignty 🏆 Winning Bid = $200 Winning Link = Sovereignty (mini app) Check it out through our mini app to claim up to 20,000 $QR! https://qrcoin.fun
can’t wait to see these infinite rounds art contest entries roll in — this one from @pramadan.eth is epic!
“but wake, if we didn’t collude with orange man to hide his sex trafficking ring, destroy the republic, embarrass our armed forces, and invite the Feds into our communities, bedrooms, and bathrooms, Kamala Harris would cut off my penis and make me go potty in a kitty box…” …is something I hear way, waaaaaaaay too often. wtf happened to you anyway gm ☀️
Lets talk about Farcon Rome, has anyone found a place to stay, if so which area and locations are you considering to stay, how many people? What are the things to consider and look at?? I haven't travelled over 6 years and Ive never been to Europe, I need all the tips and advices I can get 🙏🏼
How to actually make money on Polymarket - from someone who's been making money on prediction markets for 10 years (full episode on BuildBetter pod coming): Most people lose on Polymarket because they bet their beliefs. 🚨 Read more 👇 Polymarket-John bets against yours. Here's his framework: 🧵 Polymarket is a zero-sum game. Someone loses every time someone wins. The edge goes to whoever is LESS biased — not whoever knows more. John's process is simple and hard: - Calculate his own probability independently - Compare it to the market price - Only bet when there's a real gap No bots. No algorithms. Pure judgment. We also touch on the part almost nobody talks about: RESOLUTION RISK. The market can be right. Your bet can be right. And you can still lose. Because UMA Protocol — the decentralized "judge" — decides what actually happened. And it's not always automatic, and not always obvious. Real example: The Titan submarine market. Rules said: "found" = locating the cabin with passengers. Debris was found. Cabin wasn't — because it imploded. UMA voted: found. John lost. He had read the rules correctly. He should have won 🔴 Lesson: complicated markets carry resolution risk, not just outcome risk. John's sizing rule: when opportunities are scarce, bet big. Standard "2% of portfolio" advice is for people with 1000 opportunities a year. John gets maybe a handful of high-conviction spots. Small bets on rare opportunities = staying small forever. The practical checklist before any bet: ✅ Read the resolution rules. Every word. ✅ Ask: is this outcome binary and clear? ✅ Calculate YOUR probability first, before looking at the market ✅ Only enter if the gap is meaningful ✅ Be more cautious the more complicated the resolution language is Full conversation with Polymarket-John on the BuildBetter podcast which drops on Thursday - set your notification on the link👇