Ooh, I think I found the paper!

Oof:

The actual bug I planted in the compiler would match code in the UNIX "login" command. The re- placement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user

I think that any step that facilitates verifying the build is great. If trust is required, then I should simply not release any executables if I want to remain anonymous. I would like to be able to release executables without needing to ask people to blindly trust me. I would like to be able to show them reasonably good evidence that the program is built from the source that I say it is.

If I understand this correctly, signify would allow someone to verify that the executable was built by me. But then they would still have to trust me, because I can also sign the malicious executable.

Finally. Someone noticed 🥹

The creator of the tool is the admin of lemmings.world, and the tool is hosted at schedule.lemmings.world. So, if you have a user at lemmings.world, you can use this tool without having to trust a third-party.

If you don't have a user there, you can create a user in that instance for the purpose of creating scheduled posts. Removing the need to trust two parties rather than one.

And, of course, since the source code is open anyone else can attach this to their own instance! Pretty cool.

Ah, do you mean "hate speech"?

Aah, ok! That at least explains what they could have been thinking.

But, of course, this is a terrible idea!!

Both sides? "Oh yeah, the front looks a lot like the ID I lost, but can you please send me the back side too so that I can confirm?"

Some virus managed to wreck inflammatory havoc around some of my nerves and the right side of my head has been numb since Thursday, my ear in pain, and a zoo of sporadic symptoms come and go 😅 So I have been in the computer a lot. I've been working on setting up a lemmy instance and I also played in the canvas.

As for the rest of the week... I have been procrastinating on thesis writing, and I need to be done before September, so I am trying to find a source of will-power to force myself to write. But this infection is not helping me 😬

Ah, it's always in the small-text (Note [2] at the bottom of https://www.paypal.com/us/digital-wallet/manage-money/crypto/pyusd):

PayPal Balance account required to access cryptocurrency. When you buy or sell cryptocurrency, including when you check out with crypto, we will disclose an exchange rate and any fees you will be charged for that transaction. For currencies other than PYUSD, the exchange rate includes a spread that PayPal earns on each purchase and sale. Learn more about cryptocurrency fees.

So, it is not clear to me whether you would be able to exchange monero for PYUSD in some non-KYC exchange, but from this I gather that the only way to actually pay a vendor using PYUSD would be to have a PayPal account that is tied to your identity.

Furthermore, their smart contract has a built-in "asstProtectionRole" that allows them to uni-laterally freeze the balance in any account.

You can find the read-me in their github project here: https://github.com/paxosglobal/pyusd-contract

Here is an excerpt:

Asset Protection Role

Paxos Trust Company is regulated by the New York Department of Financial Services (NYDFS). As required by the regulator, Paxos must have a role for asset protection to freeze or seize the assets of a criminal party when required to do so by law, including by court order or other legal process.

The assetProtectionRole can freeze and unfreeze the PYUSD balance of any address on chain. It can also wipe the balance of an address after it is frozen to allow the appropriate authorities to seize the backing assets.

Freezing is something that Paxos will not do on its own accord, and as such we expect to happen extremely rarely. The list of frozen addresses is available in isFrozen(address who).

You can see the actual function here.

I don't see this as much of an improvement over using PayPal and a bank. Maybe it can be useful if you want to move crypto into an asset that you can pay with in regular online purchases without going through an exchange. But PayPal will still play the role of the intermediary that knows you. Storing value in an asset that can be frozen by PayPal is absolutely not desirable. So I think that this coin is kind of a gimmick.

But it could have a positive influence in that online vendors might become more accustomed to accepting crypto payments, and it could help adoption in the long run. Let's hope.

You have a good reason to be proud. It's awesome!

Funny thing is that those of who left aren't there anymore to comment that we did leave... So anyone who is still there is probably looking at the others who stayed and saying "See?! The protest didn't work because we are still here!"