Share this page!

Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J Profile picture
Twitter logo
13 Dec, 4 tweets, 1 min read
BTW, I hate the press when they say it's "false". Well, no, we can't prove a negative. We can't say mass voter fraud is "false".

All we can say is that it's so far "unsubstantiated".
Our voting systems are fragile and we should always be vigilant for problems. To say it's "false" then creates a political barrier if somebody finds something that's true. Election fraud is certainly true in other countries (e.g. Belarus, recently).
But we should expect an easy bar to cross: first a coherent explanation of what happened, and secondly evidence that substantiates that explanation.
Oltman and Doug Frank both claim they can show statistical anomalies, but neither have done so in a coherent way that I can replicate and either confirm or refute. If they are right, then they do a disservice to the cause by not being coherent/replicatable.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J

Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J Profile picture
15 Dec
All NFTs are nonsense, but on top of that, most are fake/fraudulent, with serious flaws such as pointing to a website instead of the promised artwork.

So I was surprised that these actually aren't fraudulent. Still nonsense, of course, but not fraudulent.
The most important issue is whether the URL points to a website (fake NFT) or to a hash of the promised artwork (real NFT). This points to a hash: Image
This means that when the world collapses, the Internet as we know it has died, and all that remains is the Ethereum blockchain -- you can still prove there's a connection between the NFT you control and the promised artwork.
Read 5 tweets
Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J Profile picture
14 Dec
The New York Times has sold an NFT.
The Associated Press sells NFTs.
It can't be a scam if the mainstream press has validated that it's not a scam. Thus, you can't criticize people for getting in on it.

...except, of course, it's a scam.
I say this as somebody who READS THE FREAKIN' CODE. Blockchain 'tokens' (whether fungible or not) are really interesting and useful. I've got no qualms with the tech. It's the use of the tech that's a scam, which is provable by looking at the code.
People are promised things like "ownership" of something (there is no "ownership", either of the NFT or of the artwork they are claimed to represent). They are promised they are "decentralized", which usually isn't true.
Read 7 tweets
Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J Profile picture
13 Dec
I don’t believe in open source, as I don’t believe calling things “open source” is a meaningful abstraction. Most source code has always been open and always will be.
It’s just a political term used by people jealous of those who don’t show their source and who are nonetheless wildly successful.
It’s basic economics: building source code to your own spec is vastly (orders of magnitude) more efficient than building software to somebody else’s spec.
Read 6 tweets
Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J Profile picture
13 Dec
Um, this isn't really true.
The 2016 discusses the general problem with JNDI, log4j wasn't mentioned.
Java (JDKs) were updated so that this JNDI issue was disabled by default, which is why the log4j exploits don't work if you are using a newer JDK.
The JNDI thing the BlackHat presentation presented is a potential risk, not presented as an exploitable vulnerability. Now, somebody who saw that presentation should've probably done an exhaustive search of open-source projects using JNDI-LDAP invocations, but none of us did.
But that's "us" who are to blame, not "them". Before you start criticizing the infosec or open-source communities for lack of action, you have to first answer why you yourself didn't take action.
Read 5 tweets
Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J Profile picture
7 Dec
@taviso This is deep.
Reading the specifications, I can tell that the creators have deep understanding of both the code and the philosophical arguments.

I think the buyers have faith, and are immune to understanding.
@taviso That an NFT can point to a URL is not a flaw but a feature. The point of contracts like ERC1155 is so that anybody can tokenize things in the real world to allow them to be traded on the blockchain for other tokens -- but still requires confidence in the token provider.
@taviso "NFT artwork" is actually a tiny subset of a grander vision about tradeable tokens. That it really needs to point to a hash (or IPFS link) rather than a URL is thus something that doesn't come up often, when it's really the core issue of artwork.
Read 4 tweets
Robᵉʳᵗ Graham THREAT LEVEL RED 🚨 FIX YOUR LOG4J Profile picture
7 Dec
Yes, web3 is 99% fake -- objectively so. The promise is "decentralized" stuff, but when you look at the details, you find that they are usually "centralized". Any interaction with the real world breaks the "decentralized" model.
Most NFTs point to URLs rather than a hash of the artwork. Websites like OpenSea respond to DMCA takedown notices. That means if you buy an OpenSea NFT, you can still have it taken away from you when OpenSea deletes the URL.
A lot of smart contracts can be updated by whoever controls the contract. Thus, in theory, while the contract itself governs transactions in a decentralized manner, the owner of the contract can re-assert control at any time.
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ErrataRob has new unrolls!

Check out other threads from @ErrataRob!

Read all threads by @ErrataRob

:(