Renowned security expert Moxie Marlinspike: Opensea is critical and Web3 is very dry.

老雅痞 view 30 2022-1-8 17:40
share to
Scan QR code with WeChat

著名安全专家Moxie Marlinspike:Opensea很中心化、Web3很鸡肋

I consider myself a cryptographer, but I don't particularly like "cryptography". I don't think I always say "don't break my law" (meaning the enjoyment of all sorts of complaints, especially when adults complain about teenagers), but I most likely click Pepperidge Farm Remembers. In graphic meme style, "encrypt" means "encrypt" and now I understand that there is a lot of impact on NFT airdrop. (Here is the root of American meme culture)

著名安全专家Moxie Marlinspike:Opensea很中心化、Web3很鸡肋

Also - and I will describe it briefly here - I am not very happy that these generations are changing everything from their lives to mechanized industry.

Technically, I had never become a Christian about technology. So, since everyone's focus has been on Web3 lately, I decided to take a closer look at some of the happenings on this site that I'm going to recall.

How to display Web1 and Web2

Web3 is a vague term that makes it difficult to determine what the purpose of web3 is, but the general argument is that web1 is decentralized, web2 centralizes everything on the platform, and web3 decentralizes everything again.

It would be nice to understand why intermediate platforms appeared first, and the explanation seems simple.

1. Users don't always set up their own servers because they need specialized services. The goal of web1 is for everyone on the Internet to be the publisher and user of content and the advertiser and user.

Geeks has its own web server and website, its own mail submission system, its own fingerprinting service to send its own personal information, and its own paid server to respond to its needs. But - I don't think this content can be overstated. Not what the average user needs. People don't want to manage their own servers.

This time, even nerds don't want to run their own servers. Even organizations that develop software full-time don't want to run their own servers yet. If there's one thing I want the world to understand, the average user doesn't want to run their own servers when they need help. New businesses working for you and those iterating on new capital these networks can do better.

2. The design process is slower than platforms. After 30 years, emails are still not encrypted, while WhatsApp has not used all e2ee (End-to-End Message Encryption) for a year. People are still video chatting through the traditional IRC process. Slack also lets you create custom emojis based on your face.

It is not a question of finances. When something is truly decentralized, it can be very difficult to change and take a long time. This is a technological issue, as the rest of the ecosystem is moving too quickly and will fail if not followed. All industries are focused on interpreting and improving engineering like agile development, and only success can be achieved by solving this critical problem and identifying how to prepare people to spend as much as possible so that their services be decentralized as soon as possible.

This is a problem when the machine itself is more prone to slowing down than moving. The path to success is to take the politics of the 90s, work in the middle and repeat quickly.

But web3 has a different purpose, so let's take a look. In order to get a quick idea of ​​the location and get a good idea of ​​what the future holds, I decided to develop some dApps and build NFT.

Create decentralized applications

To understand what is happening in the world of web3, I created a dApp called Autonomous Art where anyone can provide tokens by NFT illumination. The cost of viewing increased over time, and participants' income was distributed to each previous performer (the visual financial model looks like a pyramid). As of this writing, over $38,000 has been spent on joint ventures.

We have also developed a DApp called First Derivative which allows you to create, discover and trade NFT derivatives that track the NFTs below, similar to financial derivatives that track assets.

Both let me know how the site works. To be clear, the application itself is not specifically "deployed". It's just an ordinary website. "Distributed" refers to the state logic/authority location and updated residence state. It depends on the blockchain, not the "centralized" database.

One thing that I always find odd about the cryptocurrency world is the lack of focus on the user/server interface. When people talk about blockchain, they talk about trust, leadership disagreements, and the process by which it all works, but often undermine the fact that consumers cannot participate in this process. Every network diagram is about servers, the trust model is server-to-server, and everything is about servers. When blockchain refers to a peer-to-peer network, it is not designed for a user's mobile phone or browser to become one of their peers.

With the transition to mobile devices, we are now firmly entrenched in the world of users and servers. The first cannot be responsible for the second. These issues seem more important than ever. At the same time, Ethereum refers to servers as "users", so there is no word to describe the authentic and unreliable user/server interface that should be present anywhere, and if no one succeeds, you'll end up with a billion (!) servers.

For example, dApps such as Autonomous Art or First Derivative, whether running on a mobile phone or a website, have events (aggregated artwork creation, editorial history, NFT derivatives, etc.). However, this cannot be done on the user side, as the blockchain cannot be found on the mobile device (or possibly the desktop browser). So your only option is to manage the blockchain from one of the remote locations on a server.

server! But as we know, people don't want to manage their own servers. Coincidentally, companies have emerged that sell access to the Ethereum Node API service while providing testing, API enhancements atop the Ethereum API, and access to the history of the Ethereum API. industry. This voice is... know. In this case, there are two companies. Almost all dApps use Infura or Alchemy to interact with the blockchain. In fact, even if you link a wallet like MetaMask to dApp which interacts with the blockchain from the wallet, MetaMask just calls Infura!

These API users do not use anything to identify the state of the blockchain or the accuracy of the response. The results are not yet signed. Apps like Autonomous Art say, "What are the benefits of this vision in this smart contract?" Alchemy or Infura responds with a JSON blob that says "this is a release" and the app triggers it.

It surprised me. Although it takes a lot of work, effort and time to establish a trusting relationship without endorsement, almost all consumers have to trust the benefits of both companies without further proof. That doesn't sound like the best privacy situation. Consider that whenever you interact with a website in Chrome, the request is first sent to Google and then sent back to the site. This is the case with Ethereum today. All scripts have already been published on the blockchain, but these companies can see all scripts of almost all users of almost all dApps.

Blockchain proponents may argue that the type of integration in the middle does not matter. Because the state itself exists on the blockchain, users can move elsewhere if that platform isn't working properly. However, I think this is the most direct cause for the appearance of various types of chains.

Let us give you an example.

Create NFTs

I also want to be ever more NFT. While most people think of NFTs, they think of digital charts and graphs, but most NFTs do not store this information on strings. It's very expensive for NFT on most images.

Instead of storing data on the string, NFT has a URL guide for the data. What surprises me with this model is that there is no contract hash for the file in the URL. If you look at many NFTs selling for tens, hundreds, or millions of dollars in the popular industry, the URL usually points to a dedicated VPS running Apache. Anyone with access to the machine, who buys the name in the future, or breaks the machine can change the image, title, description, etc. NFT at will. ). There is nothing in the NFT spec to tell you which image should "be" or be identified as a "version" image.

So, as an experiment, I created an NFT that changes depending on the viewer, because the web server's image server can choose to create different images based on IP request or rep request. For example, it looks very different from OpenSea and different from Rarible, but when you make a purchase and look at it in a cryptocurrency wallet, it still appears as a big emoji. What you bet is not what you get. Nothing special about this NFT. This is how the NFT specification is created. Many expensive NFTs can be converted into emojis at any time.

著名安全专家Moxie Marlinspike:Opensea很中心化、Web3很鸡肋

A few days later, NFT I created was removed from OpenSea (NFT Marketplace) without notice or explanation.

著名安全专家Moxie Marlinspike:Opensea很中心化、Web3很鸡肋

"Delete" indicates that I violated some TOS. However, after reading the statement, I saw nothing that prohibited the NFT from modifying it as it went along, and it was announced to the public.

But the interesting thing is that after OpenSea deleted my NFT, it does not appear in my device's cryptocurrency wallet. It's web3, but how does it work?

Crypto wallets like MetaMask, Rainbow, etc. are "non-manager" (keys stored on user), but have the same problem as my dApps above. The wallet must be running on your mobile phone or browser. . At the same time, Ethereum and other blockchains were created with the idea of ​​peer-to-peer collaboration, but not so that the mobile phone or browser could be peer-to-peer.

A wallet like MetaMask should perform simple tasks such as displaying balances, recent changes, and NFTs, as well as more complex tasks such as setting up a business and engaging with other smart contracts. In fact, MetaMask should interact with the blockchain, but the blockchain was designed so that users like MetaMask could not interact with it. So like my DApp, MetaMask does this by calling APIs for 3 companies placed there.

For example, MetaMask reports on recent changes to the API called etherscan.

Get https://api.etherscan.io/api?module=account&address=0x0208376c899fdaEbA530570c008C4323803AA9E8&offset=40&order=desc&action=txlist&tag=latest&page=1 HTTP/2.0

... display the balance of the Infura API call.

... call the API for OpenSea to extend NFT.

Get https://api.opensea.io/api/v1/assets?owner=0x0208376c899fdaEbA530570c008C4323803AA9E8&offset=0&limit=50 HTTP/2.0

Again, like my DApp, this answer is by no means guaranteed. They haven't signed yet to prove they're lying. Reuse the same connection, TLS chat map, etc. for each account in the Wallet, so if you maintain some separation by managing multiple accounts in your Wallet account, your business will know that they are connected.

MetaMask doesn't really do anything, it just displays the data provided by the APIs in the middle. This is not a particular problem for MetaMask. Are there any alternatives? Rainbow lights are all set the same. (Fortunately, Rainbow has its own social features profile (social graph, showcase, etc.) that it created in its portfolio, and opted to create a comprehensive whole on Firebase rather than blockchain.

All of this means that once the NFT is removed from OpenSea, it will still disappear from your wallet. Functionally, it doesn't matter that my NFT is indelible somewhere on the blockchain. Since wallets (and many others in the ecosystem) use OpenSea's API to present their NFTs, they start with requests for the NFTs they have. My 304 return address. No content to display...

recreate the world

What is different with web3, given the history of how web1 became web2, is that technology like Ethereum implements many different interfaces like web1. In order to make this technology available, the site is ... assembled on a platform. Say it again. People will run servers for you and it will repeat as new features come out. Infura, OpenSea, Coinbase, Etherscan.

Similarly, installing the web3 protocol is also slow. It would be nice to be able to value coin derivatives as a percentage of their base value when creating the first derivative. This information is not in the chain, but in the API provided by OpenSea. People are going crazy because NFT debts can benefit developers, but since no debts are listed in ERC-721 and it's too late to change, OpenSea has its own way of improving the value of web2 sites. The speed of the intermediary platform beyond the legal process and co-management of the platform.

Given this information, we must recognize. Not surprisingly, what cryptocurrency wallets presented to NFTs is the same as what OpenSea presented to NFTs. Do not be surprised that OpenSea is not a pure "watch" to replace. Because they're not busy iterating on the platform beyond impossible or hard to change.

I think it's similar to the case with email. I can run my own mail server, but it doesn't work for privacy, deny censorship, or control. Because GMail is the flip side of every email I send or receive. While a decentralized ecosystem is centralized on one platform for convenience, it's the worst of both worlds. Centralized control, but also decentralized enough to stay locked in time. You can start your own NFT business, but OpenSea doesn't give you extra control by looking at all the NFTs in the wallet that people use (and all the other apps in the ecosystem).

This is not a complaint about OpenSea or anything they create. Instead, they try to create something that works. I think we should expect that platform integration to happen, and with that vision in mind, we should hope there's a design that we need it when things get set up in this way. But my thought and concern is that the Web3 community needs a different result than what we have seen.

the past

"She is still in her infancy." This is the most common disagreement people see on web3 when discussing similar issues. If cryptocurrencies somehow fail to improve their little business, one can imagine today, more than a decade, "babies".

But even if it's only a start (and it seems!), I don't know if it should be taken as a consolation. I think the opposite will be true. We've seen from the beginning that this tech release seems to be an immediate priority across the entire platform, which has a ~0 negative impact on ecosystem speed and most players don't even know or don't don't care if it happens or not. This may mean that self-distribution is not immediately large or quick for most people below. The same level of decentralization that people need is the minimum required for anything to exist. If you don't take it seriously, over time some energy will push it away. It takes you further than close to need.

But you can't stop the heat.

Come to think of it, OpenSea would be "better" in direct understanding if all of web3 was gone. Each is faster, cheaper and easier to use. For example, accepting offers for NFTs would cost upwards of $80-150 on the Ethereum exchange rate. This applies to the ground material for each race. Otherwise, you will lose money by accepting an offer lower than the price of your gas. Compared to the cost of credit cards, which are often extorted, it would seem cheaper without Web3. OpenSea can also easily publish live data when people want to identify their account through public data from exchanges, statements, forecasts, etc.

However, if you have created the image for sale software as a phone call, it will not take. It is not affected because there are many reasons we could not share various things that have not been distributed. I don't get off because it's hot. The people who translate the places of marketing with money because they can get the money from understanding of the investment when giving up a gift.

After all, NFT fashionable people don't really care about reliability standards or payment procedures, but care about where the money goes. So the money will attract people to OpenSea and improve the experience by creating a platform that iterates the simple Web3 protocol into Web2 sites and ultimately gives you the ability to "write" NFTs by OpenSea itself rather only by your own smart contracts. . All of this allows Coinbase to provide access to NFT activity using its own debit card platform. This opens the possibility for Coinbase to control the token itself via the dark pool held by Coinbase, eliminating exchange rates and avoiding interference with smart contracts. Eventually all the Web3 parts are gone and there is a website to buy and sell JPEGs with a debit card. Although it is not possible to create a project like the web2 platform due to a strong market, it would seem that the same fundamental principles of industry dynamics and centralization will lead to this goal.

At the end of the group, NFT artists are happy with this move because it means more perspectives / investment in art, but also that the goal of web3 is to avoid the problems of web2, we know it is already a new process that requires a difference. In the future. It's a hobby

I think these wars will continue, and how long they last will depend on whether the massive cryptocurrency meltdown ends up in the engine or the bucket. When funds flow through NFTs eventually back into the crypto space, they can be accelerated forever (whether it's a simple web2x2 or not). If it flies away, that could be a clue. Personally, I think the money and the faucet are enough to make it work. It's not just a flashing fan. If so, it seems worth considering how to quickly prevent web3 from becoming web2x2 (web2x2 but less privacy) issues.

You may not be smart enough.

I've been in the web3 water for a while, but from the perspective of this little project, it's easy to see why so many people think the web3 ecosystem is clean. I don't think its trajectory will save us from the root platform. I don't think it will change our relationship to technology. I don't think his privacy stories are ever below internet level (which is the lowest, bar!), but I get why geeks like me are crazy for doing it. It's something new, at least on a grotesque level, which makes it a place of creation/exploration reminiscent of the early days of the internet. Ironically, some of this creativity may be caused by the limitations that make Web3 so clunky. Hopefully the ingenuity and research we are seeing will produce positive results, but it will not be enough to stop the same power of the internet from spreading again.

If you want to change your relationship to technology, I think you have to do it on purpose. My simple idea is to guess that.

1. Create a process that uses untrusted processes, accepting sites where people don't run their own servers. This means that the department needs and adapts to the outcome of the user/server relationship, but uses encryption rather than infrastructure to distribute trust. One of the surprises of web3 even though it was created by "encryption" is that encryption seems to have nothing to do with it! We must work to reduce the encryption burden.

2. Efforts should be made to reduce the burden of creating software. Currently, project software needs a lot of human intervention. Even a simple app requires a group to sit at a computer for eight hours a day, every day, forever. Although not always, there was a time when 50 employees in a software project was not considered a "small group". As long as the software needs to be more integrated and unique to people, I think it would be nice to work for the people who sit in this room every day rather than a larger goal than we think. I believe that if we want to change our relationship with technology, we have to make software easier. But all my life I've seen the opposite happen. Unfortunately, I think machine transmitters can make that difference by doing a lot more harder rather than harder.

GM is!

Stay calm.

btcfans公众号

Scan QR code with WeChat

Link
Disclaimer:

Tags: Web3 OpenSea
Previous: 16z: How to improve the Internet? 10 Ways to Build the Future of Web3 Next: The State and Future of Web3: An Internet Ruling Can Promote Commercial Products

Related