I've read all of Vitalik's 2024 posts so you don't have to (part 1)

Vitalik, why do you write like you’re running out of time?

how cool that the founder of a new computing paradigm is writing about it while it's happening. It's personal takes, no marketing speak. He links to other people's work and keeps it light with shitposting inbetween technical deep-dives. I've got excited, wanted to read all of the posts of this year in a few days. After I started to take notes, I realized I have to break it down into a few parts. So here is part 1. Vitalik, why do you write like you’re running out of time?

from 2024 Mar 28

six months after this post we can look at the same dashboard and see the current blob fees at $0.00. does this mean Layer 2s store data for free?


blobs went live on March 13.

This milestone represents a key transition in Ethereum's long-term roadmap: blobs are the moment where Ethereum scaling ceased to be a "zero-to-one" problem, and became a "one-to-N" problem.

how can L2s improve:

  • increase compression of the data stored in blobs

  • Use Plasma techniques that secure L2s by only using the L1 in exceptional situations

  • Improve on parallelization and storage

  • Improve security

quotes that I liked and wasn't aware that Vitalik wrote them just six months ago:

The ecosystem's standards need to become stricter: so far, we have been lenient and accepted any project as long as it claims to be "on a path to decentralization". By the end of the year, I think our standards should increase and we should only treat a project as a rollup if it has actually reached at least stage 1.

The first ten years of Ethereum have largely been a training stage: the goal has been to get the Ethereum L1 off the ground, and applications have largely been happening within a small cohort of enthusiasts. Many have argued that the lack of large-scale applications for the past ten years proves that crypto is useless. I have always argued against this: pretty much every crypto application that is not financial speculation depends on low fees - and so while we have high fees, we should not be surprised that we mainly see financial speculation!

guidance for application developers → drop your 2010 Ethereum mindset and get into the 2020 Ethereum workflow:

  • Architecture: Build on a specific L2, or architect the application so that it supports every L2 that follows some standards

  • Privacy: A user's data is private by default, users merkle-prove or ZK-prove specific claims as needed to establish trust

  • Anti-sybil: Application can require an ETH deposit, but clients should offer wrappers for non-crypto users that provide "centralized anti-sybil" (eg. SMS)

  • Wallets: Account abstraction wallets: key recovery, different access control for different security levels, sponsored txs...

  • Proof of community membership: ETH + proof of personhood + POAPs + ZuStamps + EAS + third party curated lists

from 2024 Feb 09

an audio or even video stream of a person is no longer a secure way of authenticating who they are

Deepfakes are here and makes scams more likely. To enhance security, Vitalik suggested to use unique security questions based on shared experiences, as they are harder to guess and remember.

In the scenario where somone is texting you claiming to be a friend. They reach out from an account you have never seen before, and they claim to have lost all of their devices.

You should ask them about shared experiences. They fulfill the following criteria:

  1. You know it

  2. You expect them to remember it

  3. The internet doesn't know about it

  4. It's difficult to guess

  5. Even someone who has hacked corporate and government databases does not know it

Examples:

  • When the two of us last saw each other, what restaurant did we eat at for dinner, and what food did you have?

  • Which of our friends made that joke about an ancient politician? And which politician was it?

  • Which movie did we recently watch that you did not like?

Keeping it real:

People will often stop engaging in security practices if they are dull and boring, so it's healthy to make security questions fun! They can be a way to remember positive shared experiences. And they can be an incentive to actually have those experiences in the first place.

Keeping it serious:

In a post-deepfake world, we do need to adapt our strategies to the new reality of what is now easy to fake and what remains difficult to fake, but as long as we do, staying secure continues to be quite possible.

from 2024 Jan 30

four categories of AI as:

  • a player in a game: AIs participating in mechanisms where the ultimate source of the incentives comes from a protocol with human inputs.

    • AIs placing bets in Polymarket or smaller 'microscopic scale' prediction markets

  • an interface to the game: AIs helping users to understand the crypto world around them, and to ensure that their behavior (ie. signed messages and transactions) matches their intentions and they do not get tricked or scammed.

    • AI can help users understand what's going on in plain language, it can serve as a real-time tutor, it can protect users from mistakes, but be warned when trying to use it directly against malicious misinformers and scammers.

  • the rules of the game: blockchains, DAOs and similar mechanisms directly calling into AIs. Think "AI judges". attackers trying to hack a model is very likely (adversarial machine learning). if model is closed-source, it's a centralized solution. if it's an open model, attackers can run local tests to to trick the model. going over cool cryptographic solutions to this:

    • creating zero-knowledge proofs has a computational overhead: he greatest part of an AI computation is matrix multiplications, for which it is possible to make very efficient ZK-SNARKs or MPCs (or even FHE), and so the total overhead of putting AI inside cryptographic boxes is surprisingly low.

    • Black-box adversarial machine learning: you can train an attacker LLM if you know the training data or if an attacker knows which LLM is used. But the hope is that if you combine all the defenses together, hiding the AI model itself, greatly limiting the number of queries, and requiring each query to somehow be authenticated, you can make adversarial attacks difficult enough that the system could be secure.

  • the objective of the game: designing blockchains, DAOs and similar mechanisms with the goal of constructing and maintaining an AI that could be used for other purposes, using the crypto bits either to better incentivize training or to prevent the AI from leaking private data or being misused.

    • honestly, I didn't fully understand this

from 2024 Jan 31

this is more of a vibe and storytelling. highlighting some quotes here, you can always read the full post linked above.

younger people than Vitalik are stepping up into leadership roles. he transitioned from a focus on math and economics in his work and writing to see the larger picture.

I actually have responsibilities in this world, and I need to be intentional about how I operate. Doing nothing, or living on autopilot and letting myself simply become part of the plans of others, is not an automatically safe, or even blameless, course of action.

Ethereum's development was, almost since the beginning, de-facto headquartered in Berlin, and it was out of European open-source culture that a lot of the early ideas for how Ethereum could be used in non-financial applications emerged.

You're allowed to have preferences without needing to have a complicated scientific explanation of why your preferences are the true absolute good.

herocast logo
Subscribe to herocast and never miss a post.