I spent too much of my day talking about Ledger. Most of it was alarm at their firmware update and how the team refused to acknowledge this increases the attack surface area.

However I don't think all is lost for @Ledger - here's 5 things they can do to regain my trust.

🧵 1. Admit this was a mistake, pause the firmware update, provide a new update that removes this feature.

The existence of the capability to share secrets off the device and the increased attack surface are things many are justifiably not comfortable with.

Some of y'all have never done security thread modeling.

Ledger implemented a capability to send your seed phrase off the device. This increases the attack surface area.

Your device is now less secure, regardless of whether or not you sign up for the recovery service. *threat modeling

Trezor: We're going to integrate features from Wasabi wallet for 'privacy' that use chainanalysis to censor bad UTXOs.

Ledger: Lol, amateurs. We're going to copy your seed phrase to our servers. Context for those who missed it: beincrypto.com/ledger-recover…

@Ledger this is completely unacceptable. Firmware on the device should *NEVER* have the ability to send your seed phrase off the device.
Under any circumstance.

If you want to offer recovery then do some research on MPO. twitter.com/i/web/status/1…

PSA: Don't update your @Ledger hardware to version 2.2.1
Don't enable the new 'Recover' feature.

Unless you want your crypto to be easily confiscated by government agencies.

Seriously, WTF @Ledger?
Why even bother with a hardware wallet if you're going to do this?

https://twitter.com/alistairmilne/status/1658381708763209729

For those who don't understand how bad this is.

Previously the Ledger firmware could not send your seed phrase off your device.
Now they can.

Regardless of whether you sign up for this service or not, the capability to send your seed phrase exists, and will be exploited.

This is going to be a mega thread on Cardano governance.

We're about to enter the Voltaire era, and I've got things to say on the proposed governance mechanisms.

Follow along to learn what is being proposed, what it means for you, and how I think it should be changed

🧵

1/ Since Github is a confusing mess for comments I'm creating a tweet thread and Youtube video. Github is not accessible to non-engineers. If we want inclusive feedback I strongly urge the team move to a forum for conversations.

Otherwise your conversation will look like:

2/

Contingent Staking on Cardano.

This is going to be a decent sized thread as I collect my thoughts from many discussions we've had over the last few days.

Before I begin I think it's important to recognize that both those who are for CS and those who are against CS...

1/ ...are arguing from a place of conviction, with good intentions for the future of Cardano and the Cardano ecosystem.

Name calling and labelling others as drama queens or engagement farmers does not further discussion.

Decentralized governance is the final boss.

2/

The team behind Cardano just announced a new privacy blockchain, Midnight.

🤨 What is Midnight?
🛠️ The problems it solves
👤 How it compares with Monero
🚪 Does it have a backdoor?
🧐 Concerns
🔮 Promises

Lets dive in! 🧵

#Cardano $ADA #Midnight $DUST Midnight is a data protection-based blockchain that safeguards sensitive commercial and personal data, protecting the fundamental freedoms of association, commerce, and expression for developers, companies and individuals.

The new xExchange and LKMEX 2.0 are almost upon us.

Lets break down 5️⃣ strategies to consider before lkmex 1.0 is gone forever on 📆Nov 24th.

We're got something for everyone, whether you're bullish, bearish or just a simple farmer.

Lets dig in 🧵

#MultiversX #Elrond $EGLD As you form your thesis on $LKMEX consider these factors

🏪 Sell pressure from lkmex unlocking
🛠️ Value of lkmex utility
🪙 Thesis on Metabonding program - # coins, token value
🔟 Value of Metabonding 2x-10x boost
🔋 Value of energy APR boost

LKMEX is getting a HUGE upgrade soon, with changes to:
💸 Supply and inflation
🚀 Metabonding Rewards
💪 Real Yield
🔋 Energy
🏛️ Governance

Buckle up for are read all about the changes below and when you can use the new xExchange!
🧵

#MultiversX #Elrond $EGLD 💸 Supply and Inflation
MEX will be 3x less inflationary!

The supply will be capped, with emissions decreasing yearly to zero in 8 years. There will be a governance vote in 5 years to decide whether to adjust the emission schedule

I'd love to hear thoughts from @TeamKujira on this.
Closed source allows risks to hide and fester, even with the best intent.

I started my career working on Windows XP SP2 - The sea-change that brought more secure engineering practices to Microsoft. I've seen some scary things

https://twitter.com/gadikian/status/1593171436424032256

Had a good chat w/ @TeamKujira about this. Was quite impressed at their willingness to talk through it, and it sounds like they have been open in interviews and other conversations in the past.

Given our conversation, I think they have made a reasonable tradeoff.

What do I enjoy doing on a Sunday afternoon?
Scheming of ways to break proof of stake with a 51% attack conducted by a nation state over a long period (decade) to accumulate through liquidity droughts combined with MAV based attack on a small number of key validators

1/ If a large portion of critical infrastructure is put onto that PoS chain by a nation or corporation, then the entity with patience and determination to mount an attack can conduct economic nuclear warfare.

2/

There is a contention among some on crypto Twitter that Cardano doesn't have a killer app, and the blockchain doesn't distinguish itself in a meaningful ways from newer and more sprightly competitors.

I'm going to share my perspective on what I believe makes Cardano special

1/ This claim was eloquently expressed by @Cephii1 in a recent Twitter spaces. It's worth listening to understand the perspective.

https://twitter.com/technologypoet/status/1507721499159011329?s=20&t=mVf5uF9m6u6yWKULKWqRCg

I would've stayed longer to discuss in the Space, but my yoga teacher was going to start class without me. (Priorities)

2/

$PRISM from @prism_protocol on $LUNA has one of the most well designed tokenomics of any DEX token I've seen so far.

What makes $PRISM so special, and why do I think it deserves to be considered among the best DEX tokens in defi token?

A short thread 🧵

$LUNA #Terra

1/ $PRISM is the native token of the Prism protocol.
The protocol itself is a novel innovation that splits LUNA into yLUNA (yield) and pLUNA (principle), allowing you to trade and borrow against either principle or yield, with more interesting functionality still to come.

2/

The Elrond team just launched the Maiar Exchange. This is a fantastic opportunity to earn yield by farming without insanely high gas fees.

A few have asked me my strategy for yield farming on Maiar exchange, since there are many ways to go about it.

Lets get started 1/

$EGLD First, none of this is financial advice. I strongly encourage you to do your own research. Yield farming is extremely risky with a high chance of losses.

If you are unsure how to begin using the Maiar Exchange, I wrote a how-to-guide here:

technologypoet.com/how-to-use-def…

2/

I’m super excited to share the next step in my career.
Today I joined @PermissionIO as their Chief Product Officer.
Permission is a startup at the intersection of crypto, advertising and data sovereignty with a mission to give people back ownership of their time and data.

1/6 Their mission resonates strongly with me, and is a worthy place for me to invest my own time and energy. I also deeply respect their founder @PermissionCEO, his vision and persistence. We’ve had conversations on and off for a few years, and the time was right for me to join.

2/6