Tim Berners-Lee on the Web 224
notmyopinion writes "In a wide-ranging interview with the British Computer Society, Sir Tim Berners-Lee criticizes software patents, speaks out on US and ICANN control of the Internet, proposes browser security changes, and says he got domain names backwards in web addresses all those years ago."
Finally! (Score:5, Funny)
Re:Finally! (Score:2)
Sir Tim (Score:5, Insightful)
I found this amusing, along the lines of "there are those who call me.... Tim."
Seriously though, I thought he had some great things to say about professionalism in IT. We all need to absorb and remember this:
Re:Sir Tim (Score:2)
Re:Sir Tim (Score:2)
I found this amusing,
I found it saddening against the recent UK Honour scandal [bbc.co.uk].
If Sir Tim [w3.org] was viewed as a member of traditional sphere such as Law, Economics, Education he would be Lord Tim [parliament.uk].
His work [w3.org] has changed the world in all of those traditional spheres.
The whole interview content, our agenda would, would gain real traction in the second house of a G8 Nation.
Looking back... (Score:4, Funny)
I would have skipped on the double slash - there's no need for it. Also I would have put the domain name in the reverse order - in order of size so, for example, the BCS address would read: http://uk.org.bcs/members [org.bcs]. The last two terms of this example could both be servers if necessary."
He could do anything differently and he would drop a slash?
Re:Looking back... (Score:2)
Har har.
C//
Re:Looking back... (Score:5, Interesting)
Re:Looking back... (Score:2)
Re:Looking back... (Score:2)
Re:Looking back... (Score:5, Insightful)
Re:Looking back... (Score:5, Insightful)
Re:Looking back... (Score:2)
Please tell me no-one actually writes like that.
Re:Looking back... (Score:2)
Very confusing for people from other countries (although when the middle date is >12 at least you get to wonder something might be wrong).
Another problem I've had is signs with things like "Parking prohibited between Nice Friday and President's Holiday" (or whatever vacation days they have over there and expect that everyone have comitted to memory). Apparently using plain dates is a big no no, even in middle-endian format.
Re:Looking back... (Score:2)
Re:Looking back... (Score:2)
Re:Looking back... (Score:2)
road signs (Score:2)
Each state has its own convention for road signs and traffic systems (loosely based on federal standards.) Some states are downright awful (Massachusetts, New Jersey) and other states are really good. (My Ohio for instance goes out of its way to make road signage detailed and clear.)
Depends where you go.
Re:Looking back... (Score:2)
You can't use dates for many holidays because they're not observed on the same date every year.
Re:Looking back... (Score:2)
Ah well, I guess every country is entitled to its little weirdnesses...
Re:Looking back... (Score:2)
So it's even more convenient to use those as delimiters for a time period instead of dates ! Briliant !
Well, I suppose in some cases the reason for having the restrictions is related to the holidays, so using specific dates wouldn't work. I can't think of an example, but that's okay, because I've never seen any signs like that, either.
Re:Looking back... (Score:3, Interesting)
Re:Looking back... (Score:3, Funny)
Re:Looking back... (Score:2, Funny)
Re:Looking back... (Score:4, Insightful)
I wish more apps had a "web ordering" mode for sorting directories, files, or bookmarks. I think there was a version of Firefox with that, but the current build I'm using doesn't seem to have it.
One reason is that it's easier to sort, since right now the server name goes from most detailed to least, while the directory structure behind it goes from least detailed to most. If you're a programmer, it's much easier to work with consistent ordering.
Another is that it makes organization of sites with many subdomains easier, especially sub-sub-domains. Imagine sorting through
africa.news.search.com
americas.news.search.com
art.some.edu
asia.news.search.com
cs.some.edu
europe.news.search.com
linux.cs.some.edu
linux.search.com
ms.cs.some.edu
news.search.com
news.some.edu
physics.some.edu
search.com
store.search.com
store.some.edu
As
edu.some.art
edu.some.cs
edu.some.cs.linux
edu.some.cs.ms
edu.some.store
edu.some.store
edu.some.physics
com.search
com.search.store
com.search.linux
com.search.news
com.search.news.africa
com.search.news.americas
com.search.news.asia
com.search.news.europe
Re:Looking back... (Score:2)
the key problem (Score:2)
HTTP urls are essentially formatted as a file path with a dns name as one component so the top level name ends up somewhere in the middle and if the hostname is long potentially quite hard to spot.
Re:Looking back... (Score:2)
org.dotslash? org.slash?
Re:Looking back... (Score:3, Funny)
Re:Looking back... (Score:5, Funny)
There is a reason for the double slash. The double slash says it's the traditional format. The single slash signifies the domain name extension should go first. In the new-Berners-Lee format...
For example.
http://slashdot.org
http:/org.slashdot
Should both be allowed addresses. They aren't. But, because he did a double slash in the beginning we could actually flip the extention order and drop the slash and it wouldn't be confused with the original format. See, Sir Tim is such a foward thinker he added a worthless slash to save the day years later!
Least specific to most specific (Score:2)
Why not no slash? http:org/slashdot [org]. Much like mailto:foo@example.org [mailto] (or would that be mailto:foo@org/example [mailto]). Or aim:do_something_really_annoying, bittorrent:linux.iso.torrent, irc:freenode.org/#debian.
The good thing about going from least specific to most specific is that it's easy to chop off unnecessary data. In dates for example, "the 25th of March, 2006" is a mouthful to say. But saying just "the 25th" is sufficient because one can assume the month is March. Or if not, "the 25th of March" is enoug
domain name... (Score:2)
From the Article... (Score:2, Funny)
But how could you make a jingle out of ... (Score:5, Insightful)
But how could you make an advertising jingle out of
"com dot expediAAAAAAHHH!"
A true Brit. (Score:5, Informative)
So the idea that he started off having trouble with the Berkeley naming convention doesn't surprise me at all.
(I'd prefer a more heirarchical system, myself, where an organization can ONLY have one domain name and have all their actual addresses inside of that. It would make the namespace a lot less cluttered and would reduce trademark abuses. On the other hand, names would be a lot longer. However, if you're using a search engine, a portal or bookmarks most of the time anyway, that's no big deal.)
Re:A true Brit. (Score:3, Interesting)
If you're going to use bookmarks, portals and search engines anyway, why not leverage them fully and make all names/identifiers collision-free cryptographic names. Trademark problem: solved permanently.
Re:A true Brit. (Score:5, Funny)
In fact, every machine on the internet could be given a unique 32 bit number. Then you could connect to it using that number as the name. That would be awesome!
Re:A true Brit. (Score:3, Funny)
*gasp* 128-bits? Is that wise?
What's the matter, Colonel Sanders? Chicken?
(No, I have no idea why that popped into my head)
Re:A true Brit. (Score:2)
the trouble with using ip addresses directly is they are too close to the physical network infrastructure and as such not very portable (unless you own a very large private block.....).
also combined with name based virtual hosting using domain names allows sites to be combined onto one server and later split up again if nessacery without huge wastage
Re:A true Brit. (Score:2)
You do. My email address used to be [user]@uk.ac.swan.pyr
That was a boon to to us mudders, though. You could connect directly from the PAD in each terminal room to a MUD on JANet, without having to log on to an i
Re:A true Brit. (Score:3, Interesting)
The X25/X29 PAD addressing thing was very much akin to using the Internet without a DNS, that's all. A PAD was merely a terminal server which gave you a command line access. I've used TCP/IP terminal servers which were very similar.
The naming convention used in the UK for e-mail (which was supported long after the transition to TCP/IP) was purely that, an e-mail address convention. At the time it was decided upon the ARPAnet were making their own deci
Heh! (Score:2)
DNS often
Re:Heh! (Score:3, Insightful)
Who remembers it? Just Google the movie title. If it doesn't come up in the first 5 hits, add "IMDB" or "Tomatoes" to the search string, which should get you the IMDB and Rotten Tomatoes pages on the film respectively, either of which will have the link to the "official" site. The whole reason Google is successful is that the name of the most relevant website is rare
Re:But how could you make a jingle out of ... (Score:2, Interesting)
Re:But how could you make a jingle out of ... (Score:5, Funny)
Re:But how could you make a jingle out of ... (Score:5, Funny)
It's fun, it's naughty! Catholic.org! Nun.org! Starving-Panda.org!
Re:But how could you make a jingle out of ... (Score:2)
Re:But how could you make a jingle out of ... (Score:2)
But how would:
com.ebay/
com.amazon/
org.slashdot/
have been easier to remember? Or really easier technically overall?
On a second thought, it would have been:
org.dotslash/
But still.
TLDs (Score:5, Insightful)
at least someone realises this.
If i had my way i'd redo the whole domain system; the distinctions between TLDs are totally irrelevent these days.
That or enforce the distinctions, so that only ISPs can have
Won't work (Score:5, Insightful)
at least someone realises this.
If i had my way i'd redo the whole domain system; the distinctions between TLDs are totally irrelevent these days.
That or enforce the distinctions, so that only ISPs can have
The purpose of a domain name is to make it easy for poeple. Computers don't care, they use IP addresses and the DNS is simpy a way to make easy to rememeber names that are automatically converted to IP addresses by software.
There is no taxonomy or more correctly, ontology, behind domain names. They're arbitrary strings of characters. There is no meaning whatsoever in the TLD, that's sad articfact of the way things were; they should not ideally have any meaning.
NSI under the original Internic cooperative agreement tried for many years to enforce the
TLDS should be meaningful, but arbitrary. And pretending any sort of classification system can me made out of it belies two decades of expereince with the way we name computers on the network.
Sir Tim may be a Sir but he's dead wrong about this expansion of tld space. Would you find it easier to remember (and yes, there are times you'll rememeber and type in, instead of looking something up in a search engine) company.biz or perhaps company.info because that was available when perhapes the only thing available in
Typically the internet solves problems of scarcity (.com names) by creating new resources, not by regulating old ones.
Re:Won't work (Score:2)
? um, yes, there is. it's just that no-one adheres to it (myself included).
Before you answer, wonder if there's any non-arbitrary relationship between the proposed
"Would you find it easier to remember...."
I think what STBL is suggesting is a complete rewrite of the way DNS works, according to his semantic web vision. Perhaps search engines would be a thing of the past, perhaps URLs would (though that's unlikel
Re:TLDs (Score:2)
I wouldn't want it taken away because I'm not able to use it for its intended purpose at this time. There's no guarantee someone else would be as nice about it.
Re:TLDs (Score:2)
Re:TLDs (Score:2)
Re:TLDs (Score:2)
Re:TLDs (Score:2)
Oh, man. My boss got sucked up in the hype around that and had me (over my objections) enter the lotteries, sometimes several times through different domain name services, for a dozen variations on our company name, plus a bunch of other words somewhat related, for both .info and .biz. All of the ones that we won he has now let lapse.
Thousands of dollars spent for nothing.
The onl
A sad case of marketing anti-genius (Score:5, Interesting)
The following story is true, though extraordinarily sad.
At the company where I used to work, they registered all TLDs for their name. We had .com, .net, .org, .biz, etc.
One day, our chief marketing goober decided that .biz was going to be the next "in" thing on the Internet, and we would be one of the first companies to capitalize on it. So we had all of our business cards chaged, our mailers, our letterhead... everything. We were explicitly told never to use the .com domain name in our business dealings, it was .biz. We, the IT gurus, begged and implored them not to do this, that it would cause more trouble in the end than it was worth, and that the only companies that use .biz are fly-by-night companies that grab the .biz equivalent of famous .com names so that they can rip people off.
Who do you think they listened to?
Long story short: Within a few months, after our customers, suppliers, vendors, and lots of other really, really important people started complaining that their e-mails to us were bouncing back and e-mails from us were not being received because spam blockers were automatically assuming that our .biz address either weren't valid, our chief marketing goober decided to "spend more time with his family," our old business cards, letterhead, etc. was dug out, and we were instructed never to use the .biz domain name again.
Re:A sad case of marketing anti-genius (Score:3, Interesting)
Sorry, I forgot, they're management. Survival of the skinniest and hardest-working, then. Yanno, like the fable of the ant and the grasshopper.
Already exists (Score:2, Funny)
Re:TLDs (Score:2, Funny)
Aw shucks, they noticed!
just a question here (Score:2)
Do joo mean the symantec web? (Score:2, Funny)
startkeylogger
Re:just a question here (Score:2)
Re:just a question here (Score:2)
Re:just a question here (Score:2)
Oh yeah, and tag spam.
'Duh' Browser security (Score:5, Interesting)
"Most browsers have certificates set up and secure connections, but the browser view only shows a padlock - it doesn't tell you who owns the certificate."
I still can't believe that, to this very day, there is no major browser that displays the right information about a certificate by default! This is the whole point of a certificate: it tells you that paypal.com actually belongs to a real-world entity named "PayPal Inc."
At the very least, when connected via SSL to a site with a valid cert, the browser address bar should have an extra line that names the real-world entity. A yellow padlock and location bar tell you nothing about who you're really talking to. You shouldn't have to manually examine the certificate to find out this information.
Does anyone have any idea why even Firefox, with all its other great usability and security innovations, still gets this basic thing wrong??
Re:'Duh' Browser security (Score:2, Informative)
Re:'Duh' Browser security (Score:2)
Re:'Duh' Browser security (Score:2, Informative)
Re:'Duh' Browser security (Score:5, Insightful)
This makes it a major pain when you just want to encrypt data without claiming to be anyone in particular, since you have to jump through a lot of hoops both on server and client side to get it working. The browser gets bitchy about a certificate that isn't signed by any of its roots, even though it may very well be the case that nobody cares.
If we clearly thought about these two aspects, and separated them, it would become clear that A: we need a better way to just say "secure the damn connection" without claiming to be anybody and B: When a site is claiming to be somebody, it hardly makes sense to not show the claim clearly to the user. But since the concepts are all mushed up, you get a lock icon that sort of covers half the situation, mostly, and few people really realize there's a problem.
Re:'Duh' Browser security (Score:3, Insightful)
It is no point in having a secure connection to a person you do not know who is.
You cannot know if you are talking to a man in the middle or you are actually talking to the man you want to be communicating with.
To get the ww2 version of this:
You got an ubersecure connection with a german spy which got an ubersecure connection to the man you think you are communicating with. Then the german spy can listen in and you nor the person you
yea, you need a secure path of transmission (Score:2)
But the parent is somewhat right too, because actually you would first have to make sure that you have correctly established the identity of the root key-signing enitity over a secure handshake, which often is not the case.
On the other hand, with an extended web of trust, man in the middle attacks
Re:'Duh' Browser security (Score:3, Informative)
We made a mistake back in the day.
We made many mistakes, but this wasn't one of them.
Certificates are serving two purposes: One is to encrypt the data, one is to verify identity.
Those two purposes are the *same* purpose. There is a distinction here, but you're drawing it in the wrong place.
SSL-sytle secure connections do two things: Encrypt data and authenticate data. After establishing session keys, the data that is sent both directions is encrypted and has cryptographic authentication codes (
Re:'Duh' Browser security (Score:5, Insightful)
That's a good explanation and it's accurate. It does have a hidden assumption though.
A lot of security analysis takes as an axiom that the threat is an intelligent and determined adversary who will crawl in through any weakness. That axiom may seem self-evident because of infosec's military heritage: if your opponent is willing to hire Alan Turing and invent the digital computer in order to read your ciphertext, you daren't leave any chink in your armor.
If you're a civilian and willing to gamble that you'll only be a random target and that your opponents will always go for the softest targets, then you might decide on a self-signed certificate. You might believe that sniffing Internet traffic is so much easier than running a man-in-the-middle attack that you could just take your chances on MiTM.
You'd be wrong in today's environment, though. Phishing means you really have to worry about who a public key really belongs to. Not that certs are helping very much.
Quite a few people are proposing a compromise trust model like ssh has, where the browser UI would change so as to warn you when you're about to encrypt to an unexpected public key.
Re:'Duh' Browser security (Score:2)
Quite a few people are proposing a compromise trust model like ssh has, where the browser UI would change so as to warn you when you're about to encrypt to an unexpected public key.
This model has some good things going for it, but I don't see it as very useful for stopping phishing.
Phishers don't use the same domain name as the legitimate site. So the browser won't warn you "the key for paypal.com has changed! danger!" If the phisher bothers to self-sign at all, at most the browser will say "you're talki
Re:'Duh' Browser security (Score:2)
Re:'Duh' Browser security (Score:2)
mod down -1 wrong (Score:2)
right so you've got yourself a nice encrypted connection to the man in the middle. You need some mechanism to tell you that the person you think you are linked with is
Re:'Duh' Browser security (Score:2)
Yeah, but that's the job of the CA: to filter out bogus domain names and entity names. Granted, the CAs don't do their jobs too too well, but I think they would refuse such a blatant fraud.
Re:'Duh' Browser security (Score:2)
Bloody spreadsheets (Score:2)
Tell me about it.
well, he got it wrong again (Score:5, Interesting)
if the server name isn't going to be the name of a server, then you can do this:
http://uk/org/bcs/members
and now everything is a hierarchical pathname that is resolved to a fqdn internally and nobody needs to worry that bcs.org.uk is a node on the network and members is a service on that node...
add it to the pile of big-woops! ideas along with ken thompson's anally elided 'e' in "creat()"...
Re:well, he got it wrong again (Score:2)
And now the browser can't figure out which server to contact to get the content without recursing down the tree asking stupid questions. And you can't contact the subsidiary sites if the top-level site is down.
-scott
Re:well, he got it wrong again (Score:2)
Basically that proposal means you're not sure whether
http://com/a/b/c/d
means you're looking for
Or
So what do you query the DNS server for? Or do you make multiple queries to the DNS servers?
You can disambiguate things by adding some stuff, but really its a waste of time.
As for Tim's proposal, while that could work, I like being able to copy part of a hostname, modifying it a bit and then using ping, ssh etc on the res
Re:well, he got it wrong again (Score:2)
And it would be extremely useful. You could add a new server for each directory with very little effort.
With Slashes we could drill down... (Score:2)
(p.s. please ignore that slashdot finds links for these
examples)
http://co/tld [co]
http://tld/co [tld]
for example, calcula might be found at:
http://us/org/pentamino/home/pentalive/calcula/ind ex.html [us]
(and as it is currently "/index.html" is the default and might be omitted)
Mix of Complex and overly simple (Score:2)
... which is? (Score:3, Insightful)
Re: (Score:2)
Re:Just think - there would be no "Dotcom Industry (Score:2)
Re:JACK ASS (Score:5, Funny)
Re:JACK ASS (Score:5, Funny)
Doesn't make Henry Ford a good driver...
Re:JACK ASS (Score:2)
Re:JACK ASS (Score:2)
Ya know, I just had this discussion with someone. The person was basically trying to justify something an elementary school teacher said to the students that she knew was incorrect. I was really offended by the fact that a teacher knowingly misled her
Re:JACK ASS (Score:5, Insightful)
Re: (Score:2, Funny)
Re:JACK ASS (Score:2)
Re:Finally! (Score:2)
Sorry, for that address, I'm either thinking of walmart or electronics first, and com is definitely last.
Search is a better match for how we think. Which is to say that we don't think in an hierarchy like "Hmm, a company
Re:Finally! (Score:2)
Good example, and that is why I disagree (Score:2)
Then http://electronics.walmart.com/ [walmart.com] makes a lot more sense, because you see that you are where you are looking for.
Now:
http://com.walmart.electronics/ [com.walmart.electronics]
Most people don't really care whether it is com or org. It also doesn't play nice with autocompletion
Moreover,