โ ๏ธ These notes do not cover all topics discussed, they will mainly be looking just at things I thought Iโd need to cover deeper โ ๏ธ
I had some initial issues joining the Discord due to permission issues, and it turned out to be that my Arc Browser had gotten something screwed up and wasnโt launching Discord correctly. I ended up just using Firefox to complete the account connection process with Alchemy, but a wipe of the cache on Arc might also be able to solve the problem.
It looks like there is a ton of great content and super cool people on the Discord, so Iโm really looking forward to interacting with everyone and learning from them. I went ahead and joined the โDeveloper Guildโ as a โDeveloper Apprenticeโ. If you see me hanging around donโt be afraid to say hi!
Plain and simple.ย Anyย person or organization should be able toย participateย in this process.ย Noย person or organization should be able toย controlย this process.
This is an important note that deeply resonates with the crypto community in general. I feel like less people โseeโ the traditional borders of nations and states as a necessary item when participating in the global economy, and crypto helps push the individuals utilizing it into being more of a โglobal citizenโ or โdigital citizenโ. The protocols are open, the tokens are easily flowing, all you have to do is participate. Instead of a 2 week settlement time and $20 in fees someone could have sent their grandma in the EU $500 to help with rent, or it could be there in under a minute using USDC. Of course, there are many upsides and downsides that come with these options, but I thought it was an interesting start to the course to reinforce those kind of underlying values.
With a traditional banking setup you are placing your blind trust in the bank to keep your money safe, along with the government to ensure that it will back you up if your bank goes under. Alongside that, there is generally no transparency available to the average consumer in this operation, as the bank and the software it runs on is not anywhere near being what could be described in typical web2 standards as โopen sourceโ. The labor involved at the bank impacts not only the trust, but the availability of the bank. What happens if the only two tellers are out sick? What happens if the bank manager gets hit by a bus in the morning? Thatโs automatic downtime for the bank and a restriction of your physical access to your own money through that branch.
These are all worst case scenarios of course and banks are required to maintain certain branch-wide uptime numbers in order to continue operating, but scaling it down can really show how easy it would be for this system to spiral out of control or for something to happen at any point of the normal banking process. In general, there is no way for the average consumer in a banking operation is able to verify right then and there that:
The teller wonโt steal the money.
That the balance in their account is actually there and accessible.
That their transaction will go through within 30 minutes.
That the software or banking platform is secure or has been audited.
And a myriad of other things.
Itโs just so closed source and centralized, itโs almost anti-consumer. So where does โtrustlessโ come in?
To tie it altogether, blockchain was invented to solve forย trust. To create a system that is completely neutral and resistant to any censorship or bribe.
Smart contracts brought blockchains to the next level by enabling code to be run everywhere (decentralized), making that code essentially a public resource. No one owns the code, it exists on the blockchain, and it is able to be seen and evaluated by everyone. When that code is deployed to the blockchain, magical things happen.
nodes in the network will enforce the logic of the code through the financial incentives of the blockchain protocol.
Hashes need to be:
Deterministic
Pseudorandom
One-way
Fast to Compute
Collision Resistant
An easy way to take a quick look at what a SHA256 hash is to open your terminal window and type the following command, and then append a random file to the end of it. The output is the hash of the file.
openssl sha256 <test file here.txt> SHA2-256(<test file here.txt>)= 1108cc5f0348120e744e6e8a17aba4a99bce53eefd96e94aa3c361e9f688885dIโve played around with hashing quite a bit in the past so Iโll just leave a handy tool here. The entirety of crypto relies on cryptographyโฆ without it, we wouldnโt have any of this.
Solution:
const { sha256 } = require("ethereum-cryptography/sha256"); const { toHex, utf8ToBytes } = require("ethereum-cryptography/utils"); // the possible colors that the hash could represent const COLORS = ['red', 'green', 'blue', 'yellow', 'pink', 'orange']; // given a hash, return the color that created the hash function findColor(hash) { return COLORS.find(x => toHex(sha256(utf8ToBytes(x))) === toHex(hash)); } module.exports = findColor;Constant โCOLORSโ contains an array of strings that have the colors that need to be hashed and compared. โ.findโ is described as:
Theย
find()ย method ofยArrayย instances returns the first element in the provided array that satisfies the provided testing function. If no values satisfy the testing function,ยundefinedย is returned.
This means that the โxโ within it is each string within the array that is then passed to the comparison functionality after the string has been converted from UTF8 to bytes, hashed, then converted to hex. After all of that, it is compared to the original hash that is passed to the โfindColorโ function, which is called by โtest.jsโ where it loops through the array of the colors.
Going through this exercise has made me realize it has been a hot minute since Iโve actually written anything in JavaScript though, so I may pause this course and go run through Alchemyโs other course; Learn JavaScript.
โ ๏ธ These notes do not cover all topics discussed, they will mainly be looking just at things I thought Iโd need to cover deeper โ ๏ธ
I had some initial issues joining the Discord due to permission issues, and it turned out to be that my Arc Browser had gotten something screwed up and wasnโt launching Discord correctly. I ended up just using Firefox to complete the account connection process with Alchemy, but a wipe of the cache on Arc might also be able to solve the problem.
It looks like there is a ton of great content and super cool people on the Discord, so Iโm really looking forward to interacting with everyone and learning from them. I went ahead and joined the โDeveloper Guildโ as a โDeveloper Apprenticeโ. If you see me hanging around donโt be afraid to say hi!
Plain and simple.ย Anyย person or organization should be able toย participateย in this process.ย Noย person or organization should be able toย controlย this process.
This is an important note that deeply resonates with the crypto community in general. I feel like less people โseeโ the traditional borders of nations and states as a necessary item when participating in the global economy, and crypto helps push the individuals utilizing it into being more of a โglobal citizenโ or โdigital citizenโ. The protocols are open, the tokens are easily flowing, all you have to do is participate. Instead of a 2 week settlement time and $20 in fees someone could have sent their grandma in the EU $500 to help with rent, or it could be there in under a minute using USDC. Of course, there are many upsides and downsides that come with these options, but I thought it was an interesting start to the course to reinforce those kind of underlying values.
With a traditional banking setup you are placing your blind trust in the bank to keep your money safe, along with the government to ensure that it will back you up if your bank goes under. Alongside that, there is generally no transparency available to the average consumer in this operation, as the bank and the software it runs on is not anywhere near being what could be described in typical web2 standards as โopen sourceโ. The labor involved at the bank impacts not only the trust, but the availability of the bank. What happens if the only two tellers are out sick? What happens if the bank manager gets hit by a bus in the morning? Thatโs automatic downtime for the bank and a restriction of your physical access to your own money through that branch.
These are all worst case scenarios of course and banks are required to maintain certain branch-wide uptime numbers in order to continue operating, but scaling it down can really show how easy it would be for this system to spiral out of control or for something to happen at any point of the normal banking process. In general, there is no way for the average consumer in a banking operation is able to verify right then and there that:
The teller wonโt steal the money.
That the balance in their account is actually there and accessible.
That their transaction will go through within 30 minutes.
That the software or banking platform is secure or has been audited.
And a myriad of other things.
Itโs just so closed source and centralized, itโs almost anti-consumer. So where does โtrustlessโ come in?
To tie it altogether, blockchain was invented to solve forย trust. To create a system that is completely neutral and resistant to any censorship or bribe.
Smart contracts brought blockchains to the next level by enabling code to be run everywhere (decentralized), making that code essentially a public resource. No one owns the code, it exists on the blockchain, and it is able to be seen and evaluated by everyone. When that code is deployed to the blockchain, magical things happen.
nodes in the network will enforce the logic of the code through the financial incentives of the blockchain protocol.
Hashes need to be:
Deterministic
Pseudorandom
One-way
Fast to Compute
Collision Resistant
An easy way to take a quick look at what a SHA256 hash is to open your terminal window and type the following command, and then append a random file to the end of it. The output is the hash of the file.
openssl sha256 <test file here.txt> SHA2-256(<test file here.txt>)= 1108cc5f0348120e744e6e8a17aba4a99bce53eefd96e94aa3c361e9f688885dIโve played around with hashing quite a bit in the past so Iโll just leave a handy tool here. The entirety of crypto relies on cryptographyโฆ without it, we wouldnโt have any of this.
Solution:
const { sha256 } = require("ethereum-cryptography/sha256"); const { toHex, utf8ToBytes } = require("ethereum-cryptography/utils"); // the possible colors that the hash could represent const COLORS = ['red', 'green', 'blue', 'yellow', 'pink', 'orange']; // given a hash, return the color that created the hash function findColor(hash) { return COLORS.find(x => toHex(sha256(utf8ToBytes(x))) === toHex(hash)); } module.exports = findColor;Constant โCOLORSโ contains an array of strings that have the colors that need to be hashed and compared. โ.findโ is described as:
Theย
find()ย method ofยArrayย instances returns the first element in the provided array that satisfies the provided testing function. If no values satisfy the testing function,ยundefinedย is returned.
This means that the โxโ within it is each string within the array that is then passed to the comparison functionality after the string has been converted from UTF8 to bytes, hashed, then converted to hex. After all of that, it is compared to the original hash that is passed to the โfindColorโ function, which is called by โtest.jsโ where it loops through the array of the colors.
Going through this exercise has made me realize it has been a hot minute since Iโve actually written anything in JavaScript though, so I may pause this course and go run through Alchemyโs other course; Learn JavaScript.
alp1n3.ethAn Infinite Free Trial of Pixelmator Pro
What was I supposed to do when Apple might be killing [another] product they acquired?
alp1n3.ethInferno Drainer Malicious JavaScript Analysis from the Squarespace Domain Hijacking
Taking a quick look at the inferno drainer javascript sample pulled from the malicious Compound Finance page.
alp1n3.ethParty Royale / Party World Web3 Scam & Malware Analysis
A new malicious party is on the horizon.
alp1n3.ethAn Infinite Free Trial of Pixelmator Pro
What was I supposed to do when Apple might be killing [another] product they acquired?
alp1n3.ethInferno Drainer Malicious JavaScript Analysis from the Squarespace Domain Hijacking
Taking a quick look at the inferno drainer javascript sample pulled from the malicious Compound Finance page.
alp1n3.ethParty Royale / Party World Web3 Scam & Malware Analysis
A new malicious party is on the horizon.
Ruminating on Web3, Security, and Privacy.
Ruminating on Web3, Security, and Privacy.
Share Dialog
Share Dialog
Subscribe to alp1n3.eth
Subscribe to alp1n3.eth
<100 subscribers
<100 subscribers
No activity yet