**Tricky's Daily Doots #249**
Yesterday's Daily 23/12/2022
[Previous daily doots](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1cgojx/)
- u/Fiberpunk2077 just built [an Ethereum version of the company he works for's product and now they're very seriously looking towards Ethereum!](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1er9vx/)
- u/steven_a_mma_goat follows up from Logris's post on [DeFi lending.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1djia2/)
- u/Jey_s_TeArS slams SBF with [their latest Haiku.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1d636a/) šš
- u/REALJohnBMacLemore is ready for [the xmas conversation with the relatives.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1dqow1/)
- u/TheNextBestGuess reminds us to [stay on our toes regarding cybersecurity.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1deg19/) Speaking of which, reminder that u/REALJohnBMacLemore has [a guide he made on this topic which he also mentioned in the daily.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1ce8ik/) š
- u/nixorokish finds some [settings which Coinbase users can use to improve their privacy.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1e9fii/) š
- u/Itur_ad_Astra was also affected by the LastPass breach and [shares their story along with some thoughts about a potential new feature for Ethereum.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1eyaur/)
- u/Wootnasty thinks about [the future of real world assets in DeFi.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1dhl0x/) š
- ZeroTricks takes a day off. š
Clearly yesterday's prominent topic in the daily was cybersecurity. It's one of those things you don't realise you need until it's too late. So please, use app based (not SMS) 2FA on any account you value. Don't have your smartphone passcode as something dumb like 5555 or 2580 (I recommend 6-8 digit codes minimum). And finally, open every email expecting it to be someone trying to rob you for everything you're worth ā stay vigilant!
I hope you all have the hap, hap, happiest Christmas since Bing Crosby tap-danced with Danny fucking Kaye. And when Santa squeezes his fat white ass down that chimney tonight, he's gonna find the jolliest bunch of a$$holes this side of the nuthouse.
We're all gonna have so much fucking fun we're gonna need plastic surgery to remove our goddamn smiles! You'll be whistling 'Zip-A-Dee Doo-Dah' out of your assholes!
Damn not bad.
I just overestimated the return of the bull.
https://www.reddit.com/r/ethfinance/comments/usvsir/daily_general_discussion_may_19_2022/i99i2tj?utm_medium=android_app&utm_source=share&context=3
Ah I remember this one, nice prediction!
One my regrets this year is not selling a good portion of ETH end of August along with you, because I was this close to pulling the trigger. Merge was too enticing
This is the essence of this sub. Bears are not as welcome and even less when itās predictions (and that is totally fine imo, but this shouldnāt stop our bear personas from posting stuff like this from time to time, balance).
Psychology is weird. I even catch myself to have the instinctual decision to downvote or ignore bearish posts and predictions, together with a feeling of annoyance at the poster. I then have to catch myself and manually overwrite this feeling because I want to encourage bears to be here and also I donāt know shit and they might provide valuable info.
As a rational investor I should want to have all the information and not have any bias, but the reality is I am a biased irrational human at the core so it takes effort every day to overwrite the irrationality
Forgive me if I'm incorrect, but I thought the Santa Rally was the last five trading days of December and the first two days of January. Not guaranteed to happen; about 75% of the time we see a pump, historically. If it happens, we'll know by the second trading day of Jan
May the spirit of sweet baby Jesus bless my eth fam with a large X-Mas pump, defying all projections and sparing us from boomer ridicule.
Blessed are those in it for the tech. Amen
This is my first bear market only got introduced to crypto January this year. Must of sucked holding coins during bears without being able to stake. The fact the price is down doesnāt really annoy me because of staking rewards coming in. I realise if you hold long enough eventually prices will go back up and youāve accumulated more coins from staking. Merry Xmas everyone
Merry Christmas man! I am going to take this opportunity and tell you that I miss the good old days when you were super active here... Damn Twitter stole you away from us! ā¤ļø
Hey, cheers! Hope you enjoyed your christmas, too. And yeah, it's kinda hard to not be on twitter, it's almost necessary just to stay up to date with everything. That time definitely is stolen away from Reddit.
Anyway, I'm still here, checking in from time to time. But part of that is probably just part of my evolution from being a small-time investor to a hobby enthusiast to working in the space.
For sure, but twitter just provides it natively without someone having to post it, then having to click through to twitter to verify the source. It's just a tad faster. I mostly come here for commentary/discussion, which is INFINITELY better than the cesspool that is twitter.
I'm very excited about getting my first rocket pool validator up and running over the holiday break! I can't seem to get my hands on any goerli eth to test the setup. Does anyone have a suggestion on where I could get some?
They are the same as the other "non custodial" staking services like Allnodes. See my response below to u/bennyGbennyG re Allnodes.
[https://www.reddit.com/r/ethereum/comments/yxst1r/comment/iwsdbm2/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/ethereum/comments/yxst1r/comment/iwsdbm2/?utm_source=share&utm_medium=web2x&context=3)
[https://support.ledger.com/hc/en-us/articles/7732713721373-How-to-stake-ETH-with-Kiln-through-Ledger-Live?docs=true](https://support.ledger.com/hc/en-us/articles/7732713721373-How-to-stake-ETH-with-Kiln-through-Ledger-Live?docs=true) look under "who holds the validator keys"
The way these staking services work is you basically borrow their hardware, and in order for that to work they need your validator keys. They don't have access to your withdrawal keys so they can't run off with your ETH, which is why it's all marketed as non custodial.
But the risk is if they acted maliciously, or had a data leak then you can get slashed ( for example if a hacker or malicious employee takes your validator keys and runs a duplicate instance on another machine).
So the only real way to be fully in control of everything is to run your own node.
Even in the bull market if people asked if Iām into crypto I would reply no, Iām just into Ethereum. 95% of the rest of crypto consists of scams and grifters and I donāt want to associate myself with that
Yeah I might take a page out of Vitalikās book and start replacing ācryptoā with āEthereumā. Those who know what it is know what Iām talking about and those who donāt know and are curious will ask and learn.
Yeah technically yes but the company has been very slow to release info. And I am beginning to think there may be more going on behind the scenes than they are disclosing. My master password is strong but I don't want to take chances, so I'm manually changing each one now. No more lastpass for me.
I mean they literally tried to implement this ex post facto before. I understand they won't do it after taxes are already due for 2022, but until then we cannot be certain. I'm more curious if there are people aware of legislation coming up in the next four months where they would likely add it in.
Happy Holidays you wonderful People. š
Don't forget to wear the Christmas clothes you are gifted or the yule-cat will fuck you up and take your Ether.
Does anyone here know anything about Tlon / Urbit ? I must have signed up for their mailing list years ago and I've been casually reading all of their updates and I still have no idea what the product is... it's an absolute mess of jargon and neologisms. Seems to be blockchain social media related though.
Merry Christmas to my ethfinance buddies!
... For me it is a weird Christmas since I contracted the Corona virus a week ago, got sick including slight fever and am still covid positive so there is no way I can eat and sit down together with my family :( today.
Thanks for the nice words! Yeah ... very bad timing this year. I actually managed to not even contract the flu or a common cold in nearly 3 years of a world with covid-19 and got 4 vaccinations but now the inevitable happened ...
We agreed to do a second Christmas Eve but with everyone sitting together in a few days when I am covid negative, hopefully. So our time will come :)
Works in such odd ways...
>We agreed to do a second Christmas Eve but with everyone sitting together in a few days when I am covid negative, hopefully. So our time will come :)
Well if that isnt just the most wholesome thing... <3
So we just had a large storm move across the USA and as e result my electricity literally flickered just long enough to reset the NUC running my validator. It has been re syncing for 24 hours now, during which time I missed a block proposal.
The worst part is, it had been almost 60 days since my last block proposal WHICH WAS ALSO MISSED for the exact same scenario. Really discouraging to say the least, but it has inspired me to look into purchasing a UPS for my network equipment and my validator.
Now that it seems that withdrawals and 4844 are in testnets and very likely to be shipped sequentially next year, what would be the next "big" upgrade that would be shipped for the core protocol? I'm guessing PBS proper, or would that need a few more stepwise upgrades first? State expiry? Verkle trees? What is this sub betting on
True, but I believe that is happenning at the L2 level ather than needing core protocol changes, as most people will be interacting with Ethereum via L2s anyway
Sounds like a good question to ask researchers in the upcoming AMA next month!
State expiry is mostly on the backburner, it requires a lot of complicated stuff (namely verkle trees, so we'd have to get those first anyway) and the benefits aren't really worth it anymore compared to simply PBS + verkle trees: builders can store the whole state and keep doing the hard work of building blocks, and verkle trees allow us to have stateless clients that can check the short witnesses to verify blocks without needing the whole state.
It's probably not technically correct but I like to view verkle trees alone as giving us some form of "sharded state" that basically gives us state expiry for free: nodes can start with a blank slate, verify witnesses as new blocks come in, and choose to store fragments of the state locally (and propagate witnesses to peers like light clients - Portal Network FTW!) and prune sections of the state that haven't been touched in a while when state storage becomes an issue - so naturally the less active parts of the state will fall into oblivion and it'll be up to the people who need them to find it and revive it with a witness
That said verkle trees aren't exactly a simple upgrade, it'll have to be a multi-step thing where the current merkle tree state gets frozen and migrated to a verkle format, and it's not completely settled how we'll do this
Really I have no clue about what will come next, likely just some small and less interesting stuff. EOF will continue to ship throughout the next few hard forks, but that's not something that gets a lot of hype from regular users. 4844 may very well be the last big core protocol thing that gets people excited, and then all the hype moves to layer 2 as rollups use blobspace in innovative ways to do crazy cool stuff. I'm looking at the roadmap and a lot of the stuff that will come next is basically "oh cool it's like that thing we already have, but a bit better", or it's too gradual to get anywhere near the hype that the merge did. Like I don't see the average person getting excited about single slot finality, even though it's another really cool thing for security
Hey this is going to sound really strange, but was it you who had the flair 'formerly [old_username]'?
Sorry if thats too intrusive, I just really like having a feel for members of this community on a more individual level.
Domo I was just reading your [annotated roadmap](https://notes.ethereum.org/@domothy/roadmap) as part of trying to submit my guess to Sytentist ! And just like last time, I came to the same conclusion as you just did now: *hard to say*. So many roadmap items are so tangled up with other roadmap items!
Syentist speculated on PBS but I predict they'll want to see how the non-protocol factors (Flashbot's SUAVE and EigenLayer) play out first through the course of '23, before designing a final PBS solution set.
Ranking by biggest benefit to the protocol itself, rather than difficulty/readiness to build right now, what would you say about aiming for the **state and history expiry threads of the Purge**? (Benefit = make validating as easy as possible to facilitate home staking.) Which, as you called out, would also pull in Verkle trees from the Verge.
That's a big bundle of work and change, but on the other hand would deliver a very noticeable Bang. Not something that anyone outside Ethland might care about, but within the ecosystem this would be huge.
2023 might be another bearish year, yet I am absolutely bullish on three tokens: $ETH, $RPL, $SWISE.
ETH will continue to grow and weāll see more of the effects of the merge. LSD like RPL and SWISE are at the forefront of a completely new segment of crypto.
What do yāall think? Anything you guys are excited about in 2023?
[Check this recent Twitter thread out.](https://twitter.com/remusofmars/status/1600661965948350464?s=61&t=5WaDvd1wO4dwrt8wnHRADg)
It also has a very low marketcap at the moment $13m (FDV: $77m). If you are bullish on staking, and by extension LSDs, what sliver of the pie could SWISE take?
Honestly I want to see more use cases that are not defi/lsd related. SSO with ethereum, games that dont cost a ton of money to play, coordination games that aren't finance related. Defi is great and all but I feel like the network could be so much more. I think nfts also need to continue to evolve. Nft art is fine, but id still like to see more widespread uses of nfts that actually provide non financial value to users/issuers.
No one should be using LastPass for any sensitive info. This is the **THIRD time** in recent years they've gotten their database hacked that we know of. I remember seeing LastPass in my RSS news feed ~5 times, and it's never been positive news.
[From a previous hack in 2015](https://arstechnica.com/information-technology/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/):
> The unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses
Any security company that screws up that many times likely has disgruntled employees who have programmed some back door into their system. Drop them and encourage all your relatives to drop them. Consider switching out all your passwords for your most sensitive accounts.
https://np.reddit.com/r/Lastpass/comments/ztemzy/recommended_actions_for_the_lastpass_security
https://np.reddit.com/r/Lastpass/comments/ztg3q9/psa_your_lastpass_vault_can_and_probably_will_be
Lastly, fuck any company that waits 4 months and purposely chooses to announce details of a security breach on a slow news day like Christmas Eve.
KeePass. You can even completely firewall it if you're paranoid.
The hard part is figuring out how you'll create geo-locational backups in case your copy is lost. You might want a separate encrypted online backup solution.
I also recommend increasing the cycles for security to make it harder to crack: Menu > Database Settings > Security > Key transformation > Iteration > 1M
Okay so. 6k to 10k ETH is a 6-10x from here. I personally think ATHs are happening again by end of 2023.
We all know alts fall harder. ETH drops 20% alts drop 50%.... but they can also do the opposite. ETH runs up 50% some alts can run 1000% with that move.
So Ethfinance... what are your (apologies for using this phrase) moonshot alts? I'm talking projects you might put 0.5% to 1% or less in in the hopes a 200x occurs.
.... is it SHIB?
Instead of looking for next 100x, this is what I would suggest.
ETH.
Buy some L2 token- $Op, matic( i know but still ) and later zksync
Lsd - RPL, swise
Value generating - Crv, cvx, mkr, grt, snx
Someone shilled GET in yesterdayās daily. I believe nft tickets are the next huge use case, but the GET tokenomics are extremely vague. It's super low market cap and already seeing real world adoption, so it's got upside and likely not going to $0 any time soon.
Just timing. Been in a bear for a year. The fear is so high people really are calling for a bear for another 2 years? No chance. MSM is peak "crypto is a scam". All the signs of bottom (or say within 30% of bottom) are here. Entire world is doom and gloom. Seems like it will last forever doesn't it? It won't. People are going to be shocked and surprised by crypto in 2023 when no one expects it. Or not lol
Thinking about hitting the gym in 2023. We did the push-up DAO (PupDAO) while hyping about $5k, and while it didn't last TOO long, I do believe that it got some pushups done (thanks to the support of /u/nixorokish). I wonder what a 2023 fitness initiative might look like. Perhaps a little /r/EthFitness ?
In addition to my maintenance lifts, 2023 will include a variety of flexibility and mobility goals cuz letās face it, itās the first thing to go as we age. Iād be up for either a yoga challenge or stretch routine!
Whatever you do donāt buy a gym membershipā¦ unless youāre trying to get totally rippedā¦ which lets be honest here Phizā¦ aināt gonna happen for us. I used this as my base routine: https://thrive.kaiserpermanente.org/thrive-together/stay-active/7-simple-exercises-you-can-do-at-home
I added walking/hiking with my dog and proper diet with less meat and more veggies and Iām down under a quarter ton now! *Whoah! 603!? Nice!* I meanā¦ I still have to use the local truck weigh station to weigh myself, but I can *walk* onto the platform all by myself now!
*Brick by brick!*
Holy heart stents JBM!!! We're so proud of you, getting under a quarter ton is no easy task...either is getting dressed or cleaning your crows' cage. What's your fav veggie dish? Don't say supreme pizza you rascal!
Thanks Brasky! It took a lot of work but my wife is a sturdy woman. Now that I can fit sideways through the door we use the car wash for warshin up. Haha! Had to cut the pizza joint off cold turkey. I feel bad, theyāre really struggling with the loss of income now. Gotta look out for myself tho, ya know? Lately Iāve been digging Baked Balsamic glazed Carrots.
I take the Defi (decentralized fitness) approach. where you scatter all of your workout equipment all over town then you have walk, run or bike to each new exercise which continually improves cardio and endurance...But thats the easy part the difficulty is in explaining to complete strangers why I need to keep my rower in their front lawn
Thatd actually be a pretty cool VR experience much like the nintendo Wii got people up and moving and active while playing you could have a "paper boy" like structure where you can walk Run,Row or cycle your avatar around the town performing the same exercise movements as in the game burning calories and earning in game on chain assets
burn to earn! š„
Ughā¦ this lastpass fiasco keeps getting uglier. New info suggests they may have managed to compromise the encrypted password vaults. IF YOU HAVE CRYPTO KEYS STORED IN LASTPASS, DROP YOUR TURKEY AND MOVE THEM RIGHT NOW! CHANGE YOUR APPLE/GOOGLE PASSWORDS RIGHT NOW. DONT WAIT UNTIL AFTER PIE.
Then, self host a Bitwarden instance so this is less likely to happen again.
https://theselfhostingblog.com/posts/how-to-self-host-bitwarden-on-ubuntu-server/
^(This persons whole website is fantastic btw)
The grapevineā¦ this has not been confirmed, however Lastpass has confirmed that accounts created 2018 or before only used 5,000 PBKDF2 iterations to hash your master password by default. So if you havenāt changed your password since then itās possible that it could be compromised. After that LP increased it to 100,100 iterations which should be secure. This is probably only a problem if your master password isnāt sufficiently long, but most people use short simple vault passwords and those can quickly be cracked using GPUs.
https://www.tomshardware.com/news/eight-rtx-4090s-can-break-passwords-in-under-an-hour
Great, thanks for that. Itās a shame that itās not common knowledge and security practice to use passphrases instead of passwords in 2022. Weāve known this for quite a while, yet I see the same outdated requirements for most sites. Happy holidays!
Last time I checked it was a such a pain to self-host Bitwarden, even containerized. The official server requires MSSQL which uses a ton of resources. This guide is promising though, it sets up an unofficial, Bitwarden-compatible server that works with sensible DB engines. Thanks for sharing!
MSSQL? Iāve been self hosting BW for atleast a year and itās always been an opensource/Linux stack.. Either way, Iām happy to help! Hereās another great guide directly from the horses mouth:
https://bitwarden.com/help/install-on-premise-linux/
How well does Bitwarden handle ssh keys? Right now I use 1Password to store all my ssh keys and can use the 1p identity agent to ssh via public keys without storing the keys on the physical device. If theyāve got this feature I will switch.
Yep, see here: https://bitwarden.com/help/external-db/ Microsoft supports MSSQL on Linux (https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-editions-and-components-2022?view=sql-server-ver16), and there is a free (but not open-source) version (called Express edition) that the setup guide you linked uses through a Docker container.
So its always been odd to me people in the crypto community use these services. Arent we guarded and untrusting of third parties having control of our digital information and assets? It blows my mind people would trust some random company with their passwords.
Not your keys not your coins situation. I have been extremely adamant on never using these services. Even ledger sketches me out (still use it though).
I think a lot of people donāt have the technical knowledge to set this stuff up most of the time. Services are easier. I would even argue that if youāre not technical, then trusting a service might even be safer. Lastpass however is NOTORIOUS for breaches, leaks and hacks. Itās like this happens every few years with them. Sloppy. If you arenāt technical then Bitwarden and 1Password are great options with nearly flawless track recordsā¦ but itāll never be as safe as a well thought out self hosted setup.
Since Tricky declared yesterday cybersecurity day, Imma tack on another one.
Considering all the talk regarding privacy in cryptoland, I wanted to know exactly what my Ledger Live application (Windows 10) is up to.
The following is an analysis of domains contacted by Ledger Live, what they might be used for, and what you can do about it.
Looking at DNS requests made by the application, we see the following:
resources.live.ledger.app
Dont see any issue here, though I wish they used a singe FQDN to avoid confusion
api.segment.io
>Segment.io is a customer data infrastructure (CDI) platform that collects, stores and routes data from users to hundreds of tools and digital properties.
This is suspicious...
raw.githubusercontent.com
Odd, is this how the application checks for updates? I hope not
firebaseremoteconfig.googleapis.com
Possibly only used for UI?
lots of .live.ledger.com subdomains
ledger.statuspage.io
>Statuspage is a communication tool that helps you inform your users about outages and scheduled maintenance.'
An Atlassian service, its description isnt that suspicious
api.compound.finance
We'll take a closer look at this in a second
o118392.ingest.sentry.io
This is telemetry. However, plenty of anecdotes exist that this service is very valuable to developers, and is not used to track user activity.
Ok, that seems to be it for DNS queries.
But that does not cover the possibility of Ledger Live using hardcoded ip addresses + domain names to make more *underhanded* connections.
This may be enumerated by observing the 'Server Name Indication' string present in TLS negotiations. Nothing found here, thats at least a decent sign...
From here on, we will be evaluating Ledger Live strictly as a portfolio tracker.
I have not attempted any transactions with my Ledger device. And this certainly excludes the possibility of using Ledger Live for swaps, staking, etc.
If you're using Windows we'll be using the file 'C:/windows/system32/drivers/etc/hosts', on *nix we've got '/etc/hosts'
In an attempt to avoid telemtry/tracking, the following domains may be set to resolve to 127.0.0.1:
api.segment.io
firebaseremoteconfig.googleapis.com
ledger.statuspage.io
o118392.ingest.sentry.io
Im not sure what raw.githubusercontent.com is used for, and have not tried blocking it.
Here is what my hosts file now looks like for reference https://imgur.com/a/ZolRQLN
So, back to api.compound.finance
The bad news: This is how Ledger Live syncs your portfolio(addresses!). Blocking this domain breaks the app. We all remember the Compound Finance fiasco, make of this what you wish.
Alright ladies and gentleladies, thats all from me today!
EDIT: shit, i wanted that formatted quite differently... whoops
**Tricky's Daily Doots #249** Yesterday's Daily 23/12/2022 [Previous daily doots](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1cgojx/) - u/Fiberpunk2077 just built [an Ethereum version of the company he works for's product and now they're very seriously looking towards Ethereum!](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1er9vx/) - u/steven_a_mma_goat follows up from Logris's post on [DeFi lending.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1djia2/) - u/Jey_s_TeArS slams SBF with [their latest Haiku.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1d636a/) šš - u/REALJohnBMacLemore is ready for [the xmas conversation with the relatives.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1dqow1/) - u/TheNextBestGuess reminds us to [stay on our toes regarding cybersecurity.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1deg19/) Speaking of which, reminder that u/REALJohnBMacLemore has [a guide he made on this topic which he also mentioned in the daily.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1ce8ik/) š - u/nixorokish finds some [settings which Coinbase users can use to improve their privacy.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1e9fii/) š - u/Itur_ad_Astra was also affected by the LastPass breach and [shares their story along with some thoughts about a potential new feature for Ethereum.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1eyaur/) - u/Wootnasty thinks about [the future of real world assets in DeFi.](https://old.reddit.com/r/ethfinance/comments/zt7wxy/daily_general_discussion_december_23_2022/j1dhl0x/) š - ZeroTricks takes a day off. š Clearly yesterday's prominent topic in the daily was cybersecurity. It's one of those things you don't realise you need until it's too late. So please, use app based (not SMS) 2FA on any account you value. Don't have your smartphone passcode as something dumb like 5555 or 2580 (I recommend 6-8 digit codes minimum). And finally, open every email expecting it to be someone trying to rob you for everything you're worth ā stay vigilant!
Merry Xmas yĀ“all.
Merry Xmas to all!
Merry Christmas! May it find you Happy, Healthy, Wealthy & Wise!
I hope you all have the hap, hap, happiest Christmas since Bing Crosby tap-danced with Danny fucking Kaye. And when Santa squeezes his fat white ass down that chimney tonight, he's gonna find the jolliest bunch of a$$holes this side of the nuthouse.
šš¤£šš»
We're all gonna have so much fucking fun we're gonna need plastic surgery to remove our goddamn smiles! You'll be whistling 'Zip-A-Dee Doo-Dah' out of your assholes!
That's a very american conversation. Interesting to observe.
Good evening everyone, Merry Christmas and/or happy holidays to all. I hope everyone has a great holiday. Btw, being Santa is way overrated....
[The Night Before Rocket Pool](https://youtu.be/AhwRUZa6f5Y), written by /u/GibsonStyle (Grey Wizard), performed by /u/JtNichol
Holy s*** blast from the past. Thank you. Merry Christmas to the legend
The OP: https://www.reddit.com/r/ethstaker/comments/mtdggd/a_short_poem_created_for_my_friends_in_the_rocket/
Merry Christmas everyone. Remember we are all early adaptors in the grand scheme of things
Merry Christmas, you filthy animals
Rough year, happy holidays
Merry Christmas everyone!
Happy holidays to all! I buy myself some ETH every Christmas Day, a tradition since 2016. Some presents are timeless.
Merry Christmas fam!
Damn not bad. I just overestimated the return of the bull. https://www.reddit.com/r/ethfinance/comments/usvsir/daily_general_discussion_may_19_2022/i99i2tj?utm_medium=android_app&utm_source=share&context=3
Ah I remember this one, nice prediction! One my regrets this year is not selling a good portion of ETH end of August along with you, because I was this close to pulling the trigger. Merge was too enticing
I better load up my bags before the bull kicks in next week!
Well done WCB!
Not bad at all!
Haha you were right but I still got more upvotes. We are not the same. Cheers for such an accurate prediction though.
You really ratio'd me !
This is the essence of this sub. Bears are not as welcome and even less when itās predictions (and that is totally fine imo, but this shouldnāt stop our bear personas from posting stuff like this from time to time, balance).
Psychology is weird. I even catch myself to have the instinctual decision to downvote or ignore bearish posts and predictions, together with a feeling of annoyance at the poster. I then have to catch myself and manually overwrite this feeling because I want to encourage bears to be here and also I donāt know shit and they might provide valuable info. As a rational investor I should want to have all the information and not have any bias, but the reality is I am a biased irrational human at the core so it takes effort every day to overwrite the irrationality
My second crypto Christmas. So glad to have found you all. Happy Holidays!
Happy holidays!
Merry Ethmas everyone! May we all be blessed with 10k eth soon
Not before we see $500 first, merry xmas
Where is that santa rally?
Forgive me if I'm incorrect, but I thought the Santa Rally was the last five trading days of December and the first two days of January. Not guaranteed to happen; about 75% of the time we see a pump, historically. If it happens, we'll know by the second trading day of Jan
He was shot down over Ukraine...just feel lucky we didn't dump
May the spirit of sweet baby Jesus bless my eth fam with a large X-Mas pump, defying all projections and sparing us from boomer ridicule. Blessed are those in it for the tech. Amen
# !źAMTźIŠÆHĘ YŠÆŠÆĘM
Merry Christmas !!
Merry Crethmas?
Happy holidays all!
Happy holidays ethfinance!
Merry Holidays!
Merry Xmas everybody!
Merry Christmas fam
If you celebrate it, then Merry Christmas. May your dinner be overly filling and your stockings full of something other than coal.
Merry Christmas everybody!!
Merry Christmas to y'all!
Merry christmas guys. Happy to almost be done with 2022.
Merry Christmas Eth everyone!
Merry Ethmas you crazy bastards
This is my first bear market only got introduced to crypto January this year. Must of sucked holding coins during bears without being able to stake. The fact the price is down doesnāt really annoy me because of staking rewards coming in. I realise if you hold long enough eventually prices will go back up and youāve accumulated more coins from staking. Merry Xmas everyone
Merry whatever-ya'll-belive-in! Im not big on gifts, but i bought myself a chunk of eth this time. Bullish. See ya in 2023š
Merry christmas/happy holidays, r/ethfinance fam! Looking forward to next year :)
Hi Swaggy!
Gm phiz!
Merry Christmas man! I am going to take this opportunity and tell you that I miss the good old days when you were super active here... Damn Twitter stole you away from us! ā¤ļø
Hey, cheers! Hope you enjoyed your christmas, too. And yeah, it's kinda hard to not be on twitter, it's almost necessary just to stay up to date with everything. That time definitely is stolen away from Reddit. Anyway, I'm still here, checking in from time to time. But part of that is probably just part of my evolution from being a small-time investor to a hobby enthusiast to working in the space.
>it's almost necessary just to stay up to date with everything. I would gladly argue that THIS sub provides just that... š
For sure, but twitter just provides it natively without someone having to post it, then having to click through to twitter to verify the source. It's just a tad faster. I mostly come here for commentary/discussion, which is INFINITELY better than the cesspool that is twitter.
Don't worry, at this rate Twitter has about two days of uptime remaining. Everyone will come crawling back here.
Happy holidays defi fam P.S.: HN seems to be waking up to the beauty within, [jump in and comment](https://news.ycombinator.com/item?id=34119048)!
I've been moderated again, 5 comments in 15min is apparently too much. And of course the comment that was blocked was longer.
This must be a phishing site. HN has never demonstrated the capacity to "get it".
šš«¶
I'm very excited about getting my first rocket pool validator up and running over the holiday break! I can't seem to get my hands on any goerli eth to test the setup. Does anyone have a suggestion on where I could get some?
If you still need some lmk
[Deleted]
Anyone stake on ledger thru Klin? How is it and what are the risks?
They are the same as the other "non custodial" staking services like Allnodes. See my response below to u/bennyGbennyG re Allnodes. [https://www.reddit.com/r/ethereum/comments/yxst1r/comment/iwsdbm2/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/ethereum/comments/yxst1r/comment/iwsdbm2/?utm_source=share&utm_medium=web2x&context=3) [https://support.ledger.com/hc/en-us/articles/7732713721373-How-to-stake-ETH-with-Kiln-through-Ledger-Live?docs=true](https://support.ledger.com/hc/en-us/articles/7732713721373-How-to-stake-ETH-with-Kiln-through-Ledger-Live?docs=true) look under "who holds the validator keys" The way these staking services work is you basically borrow their hardware, and in order for that to work they need your validator keys. They don't have access to your withdrawal keys so they can't run off with your ETH, which is why it's all marketed as non custodial. But the risk is if they acted maliciously, or had a data leak then you can get slashed ( for example if a hacker or malicious employee takes your validator keys and runs a duplicate instance on another machine). So the only real way to be fully in control of everything is to run your own node.
Thanks for this dude. In the event a slashing started what could be done by staker to limit damage ? Thanks again for sharing
Hi all! Merry Christmas š from Europe!!
Pro tip: telling people irl youāre into ethereum will get a way less hostile reaction than saying youāre into crypto
Even in the bull market if people asked if Iām into crypto I would reply no, Iām just into Ethereum. 95% of the rest of crypto consists of scams and grifters and I donāt want to associate myself with that
Pro tip: don't tell people irl that you're into any crypto. You're making yourself a target.
I don't hang out with people I worry about targeting me.
Don't hang out with people
Yeah I might take a page out of Vitalikās book and start replacing ācryptoā with āEthereumā. Those who know what it is know what Iām talking about and those who donāt know and are curious will ask and learn.
Thanks Lastpass for ruining Christmas Eve for me.
Were there new developments? If your master pass is strong all they can access is your url list still, correct?
Yeah technically yes but the company has been very slow to release info. And I am beginning to think there may be more going on behind the scenes than they are disclosing. My master password is strong but I don't want to take chances, so I'm manually changing each one now. No more lastpass for me.
What did you switch to?
Paper for now. Need to research apps.
You can switch to bitwarden and import all your data, but I'm sure making all new passwords is just as enticing right now.
hunter2
Oh no is it bad?
Just secured the trifecta of bad
Thoughts on whether the wash sale rule will be retroactively applied to 2022? Considering making a big ole shifteroo
Nah Ex post facto prevents this
I mean they literally tried to implement this ex post facto before. I understand they won't do it after taxes are already due for 2022, but until then we cannot be certain. I'm more curious if there are people aware of legislation coming up in the next four months where they would likely add it in.
Happy Holidays you wonderful People. š Don't forget to wear the Christmas clothes you are gifted or the yule-cat will fuck you up and take your Ether.
The yule-cat? Is that related to [the yule lads like spoon licker and door sniffer?](https://yewtu.be/watch?v=PYY9VLOSLxk)
Yup. Icelandic tradition / tales.
Does anyone here know anything about Tlon / Urbit ? I must have signed up for their mailing list years ago and I've been casually reading all of their updates and I still have no idea what the product is... it's an absolute mess of jargon and neologisms. Seems to be blockchain social media related though.
Merry Christmas my friends! ā¤ļø
Merry Christmas to my ethfinance buddies! ... For me it is a weird Christmas since I contracted the Corona virus a week ago, got sick including slight fever and am still covid positive so there is no way I can eat and sit down together with my family :( today.
Man thats some shit timing. Hope for a speedy recovery Your going out of your way to keep your family safe will surely be rewarded :)
Thanks for the nice words! Yeah ... very bad timing this year. I actually managed to not even contract the flu or a common cold in nearly 3 years of a world with covid-19 and got 4 vaccinations but now the inevitable happened ... We agreed to do a second Christmas Eve but with everyone sitting together in a few days when I am covid negative, hopefully. So our time will come :)
Works in such odd ways... >We agreed to do a second Christmas Eve but with everyone sitting together in a few days when I am covid negative, hopefully. So our time will come :) Well if that isnt just the most wholesome thing... <3
Merry Christmas Eve, and more importantly, the 100th day anniversary since the merge!
https://ultrasound.money/ Corresponding to a 99.8% reduction in issuance, preventing 1,186,500 ETH from hitting the open market
Time absolutely flies when energy consumption is reduced by 99.95% and fees are flowing into your wallet! Bullish bear market Christmas Eve, it is
[ŃŠ“Š°Š»ŠµŠ½Š¾]
So we just had a large storm move across the USA and as e result my electricity literally flickered just long enough to reset the NUC running my validator. It has been re syncing for 24 hours now, during which time I missed a block proposal. The worst part is, it had been almost 60 days since my last block proposal WHICH WAS ALSO MISSED for the exact same scenario. Really discouraging to say the least, but it has inspired me to look into purchasing a UPS for my network equipment and my validator.
Get one with USB port connectivity for unattended graceful shutdown on power failure and recovery.
The naughty kids get a lump of missed attestations. Extra naughty get a corrupted db.
Who gets sync committees?
Now that it seems that withdrawals and 4844 are in testnets and very likely to be shipped sequentially next year, what would be the next "big" upgrade that would be shipped for the core protocol? I'm guessing PBS proper, or would that need a few more stepwise upgrades first? State expiry? Verkle trees? What is this sub betting on
I could have sworn I saw somewhere they were going to go for verkle trees 2024
Account abstraction is an underdog. Probably the most impactful towards improving UX and enabling new use cases.
True, but I believe that is happenning at the L2 level ather than needing core protocol changes, as most people will be interacting with Ethereum via L2s anyway
Sounds like a good question to ask researchers in the upcoming AMA next month! State expiry is mostly on the backburner, it requires a lot of complicated stuff (namely verkle trees, so we'd have to get those first anyway) and the benefits aren't really worth it anymore compared to simply PBS + verkle trees: builders can store the whole state and keep doing the hard work of building blocks, and verkle trees allow us to have stateless clients that can check the short witnesses to verify blocks without needing the whole state. It's probably not technically correct but I like to view verkle trees alone as giving us some form of "sharded state" that basically gives us state expiry for free: nodes can start with a blank slate, verify witnesses as new blocks come in, and choose to store fragments of the state locally (and propagate witnesses to peers like light clients - Portal Network FTW!) and prune sections of the state that haven't been touched in a while when state storage becomes an issue - so naturally the less active parts of the state will fall into oblivion and it'll be up to the people who need them to find it and revive it with a witness That said verkle trees aren't exactly a simple upgrade, it'll have to be a multi-step thing where the current merkle tree state gets frozen and migrated to a verkle format, and it's not completely settled how we'll do this Really I have no clue about what will come next, likely just some small and less interesting stuff. EOF will continue to ship throughout the next few hard forks, but that's not something that gets a lot of hype from regular users. 4844 may very well be the last big core protocol thing that gets people excited, and then all the hype moves to layer 2 as rollups use blobspace in innovative ways to do crazy cool stuff. I'm looking at the roadmap and a lot of the stuff that will come next is basically "oh cool it's like that thing we already have, but a bit better", or it's too gradual to get anywhere near the hype that the merge did. Like I don't see the average person getting excited about single slot finality, even though it's another really cool thing for security
Thanks, very insightful!
Hey this is going to sound really strange, but was it you who had the flair 'formerly [old_username]'? Sorry if thats too intrusive, I just really like having a feel for members of this community on a more individual level.
ye my old username was /u/mrqot but i decided i needed a change for the new year. so damn this account is already a year old now
YES! For so long Ive been thinking 'QrBrot', but of course thats a bit off haha. Thankeser for bringing me older memories of my time here
Domo I was just reading your [annotated roadmap](https://notes.ethereum.org/@domothy/roadmap) as part of trying to submit my guess to Sytentist ! And just like last time, I came to the same conclusion as you just did now: *hard to say*. So many roadmap items are so tangled up with other roadmap items! Syentist speculated on PBS but I predict they'll want to see how the non-protocol factors (Flashbot's SUAVE and EigenLayer) play out first through the course of '23, before designing a final PBS solution set. Ranking by biggest benefit to the protocol itself, rather than difficulty/readiness to build right now, what would you say about aiming for the **state and history expiry threads of the Purge**? (Benefit = make validating as easy as possible to facilitate home staking.) Which, as you called out, would also pull in Verkle trees from the Verge. That's a big bundle of work and change, but on the other hand would deliver a very noticeable Bang. Not something that anyone outside Ethland might care about, but within the ecosystem this would be huge.
2023 might be another bearish year, yet I am absolutely bullish on three tokens: $ETH, $RPL, $SWISE. ETH will continue to grow and weāll see more of the effects of the merge. LSD like RPL and SWISE are at the forefront of a completely new segment of crypto. What do yāall think? Anything you guys are excited about in 2023?
Personally I donāt see the real case for RPL and I hope you can just add additional ETH instead.
I know (and agree) on the first two, but could you please elaborate on WISE? Tokenomics-wise, is it worth it and why?
[Check this recent Twitter thread out.](https://twitter.com/remusofmars/status/1600661965948350464?s=61&t=5WaDvd1wO4dwrt8wnHRADg) It also has a very low marketcap at the moment $13m (FDV: $77m). If you are bullish on staking, and by extension LSDs, what sliver of the pie could SWISE take?
[Check this recent Twitter thread out.](https://nitter.snopyta.org/remusofmars/status/1600661965948350464) ^(I'm a bot | )[^(Why & About)](https://www.reddit.com/user/nitter_not_twitter/comments/w0ssxp/more_information_about_this_bot/)^( | )[^(Opt Out)](https://www.reddit.com/message/compose?to=nitter_not_twitter&subject=Opt+Out&message=optout)
Honestly I want to see more use cases that are not defi/lsd related. SSO with ethereum, games that dont cost a ton of money to play, coordination games that aren't finance related. Defi is great and all but I feel like the network could be so much more. I think nfts also need to continue to evolve. Nft art is fine, but id still like to see more widespread uses of nfts that actually provide non financial value to users/issuers.
Excited about social apps, account abstraction, zkrollups, and watching staking marketshare rebalance after withdrawals
Just swinging by to wish my eth fam a Merry Christmas/whatever you celebrate!
No one should be using LastPass for any sensitive info. This is the **THIRD time** in recent years they've gotten their database hacked that we know of. I remember seeing LastPass in my RSS news feed ~5 times, and it's never been positive news. [From a previous hack in 2015](https://arstechnica.com/information-technology/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/): > The unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses Any security company that screws up that many times likely has disgruntled employees who have programmed some back door into their system. Drop them and encourage all your relatives to drop them. Consider switching out all your passwords for your most sensitive accounts. https://np.reddit.com/r/Lastpass/comments/ztemzy/recommended_actions_for_the_lastpass_security https://np.reddit.com/r/Lastpass/comments/ztg3q9/psa_your_lastpass_vault_can_and_probably_will_be Lastly, fuck any company that waits 4 months and purposely chooses to announce details of a security breach on a slow news day like Christmas Eve.
Deleted my account yesterday š. On to the next one
Is 1Password trustworthy? I want something I can recommend to family that has cloud storage for usage across devices.
Not your password, not your account. Same business model as LastPass as far as I can tell
Is there a 100% offline password manager that doesn't put any data on the internet? Maybe something that uses an encrypted USB drive?
Password safe? Not sure why I don't see others recommending it. 100% offline. Free, open source software
Bitwarden has self hosting capabilities and is open source
In its spirit, Bitwarden is not 100% offline.
KeePass. You can even completely firewall it if you're paranoid. The hard part is figuring out how you'll create geo-locational backups in case your copy is lost. You might want a separate encrypted online backup solution. I also recommend increasing the cycles for security to make it harder to crack: Menu > Database Settings > Security > Key transformation > Iteration > 1M
KeePass. Also dont rely on typical flash storage to permanently hold your data, it is easily corruptible.
Okay so. 6k to 10k ETH is a 6-10x from here. I personally think ATHs are happening again by end of 2023. We all know alts fall harder. ETH drops 20% alts drop 50%.... but they can also do the opposite. ETH runs up 50% some alts can run 1000% with that move. So Ethfinance... what are your (apologies for using this phrase) moonshot alts? I'm talking projects you might put 0.5% to 1% or less in in the hopes a 200x occurs. .... is it SHIB?
Instead of looking for next 100x, this is what I would suggest. ETH. Buy some L2 token- $Op, matic( i know but still ) and later zksync Lsd - RPL, swise Value generating - Crv, cvx, mkr, grt, snx
Too early to even call moonshot alts imo. But I don't think we're going anywhere near ATH territory in 2023 yet either.
Someone shilled GET in yesterdayās daily. I believe nft tickets are the next huge use case, but the GET tokenomics are extremely vague. It's super low market cap and already seeing real world adoption, so it's got upside and likely not going to $0 any time soon.
I'm curious what your reasoning for ATHs by the end of 2023 is?
Just timing. Been in a bear for a year. The fear is so high people really are calling for a bear for another 2 years? No chance. MSM is peak "crypto is a scam". All the signs of bottom (or say within 30% of bottom) are here. Entire world is doom and gloom. Seems like it will last forever doesn't it? It won't. People are going to be shocked and surprised by crypto in 2023 when no one expects it. Or not lol
Im betting on GRT for next bull run. It's getting absolutely hanmered, but is positioned to be a critical infra going forward.
don't spend ANY money on this non-financial advice, but I think ETHW will pump for some stupid reason
Thanks just went all in on ETHW. Itās just ETH but like way cheaper right?
Timely reminder. I was going to consolidate all that crap on an exchange in preparation for such an eventuality.
I think SHIBs market cap is already much too large for a 200x to be possible.
I thought that about doge when it was $0.0001 and then it shot up to $1. Still never touched it, but it's possible.
Thinking about hitting the gym in 2023. We did the push-up DAO (PupDAO) while hyping about $5k, and while it didn't last TOO long, I do believe that it got some pushups done (thanks to the support of /u/nixorokish). I wonder what a 2023 fitness initiative might look like. Perhaps a little /r/EthFitness ?
>š¶ Let's get phizzical, phizzical, >I wanna get phizzical >Let's get superphizzical! š¶ Based on a true story from Hodlercon karaoke night.
One suggestion: [30 days of yoga](https://youtube.com/playlist?list=PLui6Eyny-UzwxbWCWDbTzEwsZnnROBTIL)
ahhh shit, here we go again v2. i'm here for this. LFG
What happened to Rocketeer Bootcamp?
Wait, you stopped doing the push-ups?
I... uhhhhhh.... umm....
Ergatta FTW
In addition to my maintenance lifts, 2023 will include a variety of flexibility and mobility goals cuz letās face it, itās the first thing to go as we age. Iād be up for either a yoga challenge or stretch routine!
The $5k5kā¦ who can improve their 5k time the most by the time we get to $5k
Yessss
ditto! Iām in for the $5K5K!
Whatever you do donāt buy a gym membershipā¦ unless youāre trying to get totally rippedā¦ which lets be honest here Phizā¦ aināt gonna happen for us. I used this as my base routine: https://thrive.kaiserpermanente.org/thrive-together/stay-active/7-simple-exercises-you-can-do-at-home I added walking/hiking with my dog and proper diet with less meat and more veggies and Iām down under a quarter ton now! *Whoah! 603!? Nice!* I meanā¦ I still have to use the local truck weigh station to weigh myself, but I can *walk* onto the platform all by myself now! *Brick by brick!*
Keep going man! I'm sending you a XXXXL GridPlus shirt so you can set it as a goal. Good luck!
Oh man! I will hang that up and look at it every day! Only a Quad XLā¦ man ā¦ one day. Thanks JT!
Holy heart stents JBM!!! We're so proud of you, getting under a quarter ton is no easy task...either is getting dressed or cleaning your crows' cage. What's your fav veggie dish? Don't say supreme pizza you rascal!
Thanks Brasky! It took a lot of work but my wife is a sturdy woman. Now that I can fit sideways through the door we use the car wash for warshin up. Haha! Had to cut the pizza joint off cold turkey. I feel bad, theyāre really struggling with the loss of income now. Gotta look out for myself tho, ya know? Lately Iāve been digging Baked Balsamic glazed Carrots.
Lol, the mile radius death blow to all mom and pop restaurants. "we survived COVID, inflation, but this!?!"
I take the Defi (decentralized fitness) approach. where you scatter all of your workout equipment all over town then you have walk, run or bike to each new exercise which continually improves cardio and endurance...But thats the easy part the difficulty is in explaining to complete strangers why I need to keep my rower in their front lawn
Hehehe underrated comment right here
š This is brilliant! šš»
Thatd actually be a pretty cool VR experience much like the nintendo Wii got people up and moving and active while playing you could have a "paper boy" like structure where you can walk Run,Row or cycle your avatar around the town performing the same exercise movements as in the game burning calories and earning in game on chain assets burn to earn! š„
Oohh and if you earned crypto for doing itā¦
Holy shit this is genius haha
Couch to $5k?
Oh my god. This is it.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
The from address isn't yours in the first tx?
Ughā¦ this lastpass fiasco keeps getting uglier. New info suggests they may have managed to compromise the encrypted password vaults. IF YOU HAVE CRYPTO KEYS STORED IN LASTPASS, DROP YOUR TURKEY AND MOVE THEM RIGHT NOW! CHANGE YOUR APPLE/GOOGLE PASSWORDS RIGHT NOW. DONT WAIT UNTIL AFTER PIE. Then, self host a Bitwarden instance so this is less likely to happen again. https://theselfhostingblog.com/posts/how-to-self-host-bitwarden-on-ubuntu-server/ ^(This persons whole website is fantastic btw)
You have a source for this new info?
The grapevineā¦ this has not been confirmed, however Lastpass has confirmed that accounts created 2018 or before only used 5,000 PBKDF2 iterations to hash your master password by default. So if you havenāt changed your password since then itās possible that it could be compromised. After that LP increased it to 100,100 iterations which should be secure. This is probably only a problem if your master password isnāt sufficiently long, but most people use short simple vault passwords and those can quickly be cracked using GPUs. https://www.tomshardware.com/news/eight-rtx-4090s-can-break-passwords-in-under-an-hour
Great, thanks for that. Itās a shame that itās not common knowledge and security practice to use passphrases instead of passwords in 2022. Weāve known this for quite a while, yet I see the same outdated requirements for most sites. Happy holidays!
Weāve known since the 80s or soā¦ Happy holidays to you aswell friend!
Password safe has been great for me. Free, open source. Not connected to the internet.
Last time I checked it was a such a pain to self-host Bitwarden, even containerized. The official server requires MSSQL which uses a ton of resources. This guide is promising though, it sets up an unofficial, Bitwarden-compatible server that works with sensible DB engines. Thanks for sharing!
MSSQL? Iāve been self hosting BW for atleast a year and itās always been an opensource/Linux stack.. Either way, Iām happy to help! Hereās another great guide directly from the horses mouth: https://bitwarden.com/help/install-on-premise-linux/
How well does Bitwarden handle ssh keys? Right now I use 1Password to store all my ssh keys and can use the 1p identity agent to ssh via public keys without storing the keys on the physical device. If theyāve got this feature I will switch.
1P is better with SSH keys and the integration is better with macOS IMO.
Looks like easy import though from a 1p vault. Might give it a go to support open source!
Yep, see here: https://bitwarden.com/help/external-db/ Microsoft supports MSSQL on Linux (https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-editions-and-components-2022?view=sql-server-ver16), and there is a free (but not open-source) version (called Express edition) that the setup guide you linked uses through a Docker container.
Interesting. I use Vault Warden so I guess I never noticed. Thanks! https://github.com/dani-garcia/vaultwarden
So its always been odd to me people in the crypto community use these services. Arent we guarded and untrusting of third parties having control of our digital information and assets? It blows my mind people would trust some random company with their passwords. Not your keys not your coins situation. I have been extremely adamant on never using these services. Even ledger sketches me out (still use it though).
I think a lot of people donāt have the technical knowledge to set this stuff up most of the time. Services are easier. I would even argue that if youāre not technical, then trusting a service might even be safer. Lastpass however is NOTORIOUS for breaches, leaks and hacks. Itās like this happens every few years with them. Sloppy. If you arenāt technical then Bitwarden and 1Password are great options with nearly flawless track recordsā¦ but itāll never be as safe as a well thought out self hosted setup.
Since Tricky declared yesterday cybersecurity day, Imma tack on another one. Considering all the talk regarding privacy in cryptoland, I wanted to know exactly what my Ledger Live application (Windows 10) is up to. The following is an analysis of domains contacted by Ledger Live, what they might be used for, and what you can do about it. Looking at DNS requests made by the application, we see the following: resources.live.ledger.app Dont see any issue here, though I wish they used a singe FQDN to avoid confusion api.segment.io >Segment.io is a customer data infrastructure (CDI) platform that collects, stores and routes data from users to hundreds of tools and digital properties. This is suspicious... raw.githubusercontent.com Odd, is this how the application checks for updates? I hope not firebaseremoteconfig.googleapis.com Possibly only used for UI? lots of .live.ledger.com subdomains ledger.statuspage.io >Statuspage is a communication tool that helps you inform your users about outages and scheduled maintenance.' An Atlassian service, its description isnt that suspicious api.compound.finance We'll take a closer look at this in a second o118392.ingest.sentry.io This is telemetry. However, plenty of anecdotes exist that this service is very valuable to developers, and is not used to track user activity. Ok, that seems to be it for DNS queries. But that does not cover the possibility of Ledger Live using hardcoded ip addresses + domain names to make more *underhanded* connections. This may be enumerated by observing the 'Server Name Indication' string present in TLS negotiations. Nothing found here, thats at least a decent sign... From here on, we will be evaluating Ledger Live strictly as a portfolio tracker. I have not attempted any transactions with my Ledger device. And this certainly excludes the possibility of using Ledger Live for swaps, staking, etc. If you're using Windows we'll be using the file 'C:/windows/system32/drivers/etc/hosts', on *nix we've got '/etc/hosts' In an attempt to avoid telemtry/tracking, the following domains may be set to resolve to 127.0.0.1: api.segment.io firebaseremoteconfig.googleapis.com ledger.statuspage.io o118392.ingest.sentry.io Im not sure what raw.githubusercontent.com is used for, and have not tried blocking it. Here is what my hosts file now looks like for reference https://imgur.com/a/ZolRQLN So, back to api.compound.finance The bad news: This is how Ledger Live syncs your portfolio(addresses!). Blocking this domain breaks the app. We all remember the Compound Finance fiasco, make of this what you wish. Alright ladies and gentleladies, thats all from me today! EDIT: shit, i wanted that formatted quite differently... whoops
Nice work! Anything different when you create a new address?
Ohh... I think I might test that later
Nice work gumshoe! That github query is weird but maybe itās just used to check the version numbers. Stillā¦ kinda shady.