The most important issue is whether the URL points to a website (fake NFT) or to a hash of the promised artwork (real NFT). This points to a hash:
This means that when the world collapses, the Internet as we know it has died, and all that remains is the Ethereum blockchain -- you can still prove there's a connection between the NFT you control and the promised artwork.
It's still nonsense. You can don't get ownership or copyright control over the work in question, which is spelled out in the Terms and Conditions. When the Internet collapses, you can't prove it was the real Kasperov. So lots of of problems.
But at least it isn't like all those other stupid people who point their NFTs to websites, or who maintain control over the contract.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The New York Times has sold an NFT.
The Associated Press sells NFTs.
It can't be a scam if the mainstream press has validated that it's not a scam. Thus, you can't criticize people for getting in on it.
I say this as somebody who READS THE FREAKIN' CODE. Blockchain 'tokens' (whether fungible or not) are really interesting and useful. I've got no qualms with the tech. It's the use of the tech that's a scam, which is provable by looking at the code.
People are promised things like "ownership" of something (there is no "ownership", either of the NFT or of the artwork they are claimed to represent). They are promised they are "decentralized", which usually isn't true.
I don’t believe in open source, as I don’t believe calling things “open source” is a meaningful abstraction. Most source code has always been open and always will be.
It’s just a political term used by people jealous of those who don’t show their source and who are nonetheless wildly successful.
It’s basic economics: building source code to your own spec is vastly (orders of magnitude) more efficient than building software to somebody else’s spec.
Our voting systems are fragile and we should always be vigilant for problems. To say it's "false" then creates a political barrier if somebody finds something that's true. Election fraud is certainly true in other countries (e.g. Belarus, recently).
But we should expect an easy bar to cross: first a coherent explanation of what happened, and secondly evidence that substantiates that explanation.
Um, this isn't really true.
The 2016 discusses the general problem with JNDI, log4j wasn't mentioned.
Java (JDKs) were updated so that this JNDI issue was disabled by default, which is why the log4j exploits don't work if you are using a newer JDK.
The JNDI thing the BlackHat presentation presented is a potential risk, not presented as an exploitable vulnerability. Now, somebody who saw that presentation should've probably done an exhaustive search of open-source projects using JNDI-LDAP invocations, but none of us did.
But that's "us" who are to blame, not "them". Before you start criticizing the infosec or open-source communities for lack of action, you have to first answer why you yourself didn't take action.
@taviso This is deep.
Reading the specifications, I can tell that the creators have deep understanding of both the code and the philosophical arguments.
I think the buyers have faith, and are immune to understanding.
@taviso That an NFT can point to a URL is not a flaw but a feature. The point of contracts like ERC1155 is so that anybody can tokenize things in the real world to allow them to be traded on the blockchain for other tokens -- but still requires confidence in the token provider.
@taviso "NFT artwork" is actually a tiny subset of a grander vision about tradeable tokens. That it really needs to point to a hash (or IPFS link) rather than a URL is thus something that doesn't come up often, when it's really the core issue of artwork.
Yes, web3 is 99% fake -- objectively so. The promise is "decentralized" stuff, but when you look at the details, you find that they are usually "centralized". Any interaction with the real world breaks the "decentralized" model.
Most NFTs point to URLs rather than a hash of the artwork. Websites like OpenSea respond to DMCA takedown notices. That means if you buy an OpenSea NFT, you can still have it taken away from you when OpenSea deletes the URL.
A lot of smart contracts can be updated by whoever controls the contract. Thus, in theory, while the contract itself governs transactions in a decentralized manner, the owner of the contract can re-assert control at any time.