17 essays and counting! Explore the archive or browse by topic.
BLS12-381: One Curve for Consensus and Privacy ⚠️ Disclaimer: I’m learning math behind modern validator engines. Math shared here has been copied from the respective sources, and it takes an Eon to truly grok it. BLS12-381 is a pairing-friendly elliptic curve. It appears in Eth2 validator signatures, Filecoin storage proofs, Zcash shielded transactions, and - closer to the subject of this essay - in Commonware’s cryptographic toolkit for BFT consensus. The same algebraic structure that makes BLS threshold signatures possible also underpins several families of zero-knowledge proofs. ...
Same Playbook, New Hiding Spot If you read my previous write-up on the Dex-platform scam , you know the pattern: fake recruiter, polished repo, hidden malware. That attack hid its payload inside a fake npm package (tailwind-setting) loaded through tailwind.config.ts. This one is smarter. There’s no malicious npm package to flag. No suspicious dependency to Google. The entire attack lives in three lines of vite.config.ts - a file that most developers ignore if on the first glimpse it looks okay. ...
The Trap of Convenience March 2023. GPT-4 launched, and like many developers, I saw the potential immediately. Not the hype - the actual utility. I’d been writing Go for over a decade. Built distributed systems, debugged production nightmares, made every mistake worth making. I knew what good code looked like. But GPT was convenient. Why spend 20 minutes reading documentation when I could get an answer in 30 seconds? Why think through edge cases when AI could generate them? Why architect when I could prompt? ...
The Message That Should Have Been Obvious The LinkedIn message came from someone claiming to be a Paxos recruiter. For context, Paxos is a legitimate, well-funded blockchain infrastructure company. The kind of place where a recruitment message wouldn’t be weird. But I was curious. How much effort do these scammers actually put in? So I engaged. A few messages back and forth. They mentioned a “first round” that would be the usual call to discuss the role. I made it clear I wasn’t particularly interested in phone screening right now - too busy, maybe another time. ...
This is part of the series Startup that Failed . Infrastructure as Code: Why It’s Non-Negotiable Start with this rule: If you’re touching AWS console to create resources, you’re doing it wrong. Every resource goes through Terraform. IAM roles, security groups, RDS instances, S3 buckets, EKS clusters - everything. No exceptions. This isn’t about following best practices. It’s about three concrete problems: 1. Reproducibility. You will need to rebuild your infrastructure. Whether it’s disaster recovery, creating new environments, or (in my case) rebranding, you’ll need to recreate everything. With Terraform, it’s terraform apply. Without it, you’re clicking through AWS console trying to remember what you configured six months ago. ...