Tim Berners-Lee on the Web

notmyopinion writes "In a wide-ranging interview with the British Computer Society, Sir Tim Berners-Lee criticizes software patents, speaks out on US and ICANN control of the Internet, proposes browser security changes, and says he got domain names backwards in web addresses all those years ago."

Sir Tim

[XanC]

"Sir Tim"

I found this amusing, along the lines of "there are those who call me.... Tim."

Seriously though, I thought he had some great things to say about professionalism in IT. We all need to absorb and remember this:

Customers need to be given control of their own data - not being tied into a certain manufacturer so that when there are problems they are always obliged to go back to them. IT professionals have a responsibility to understand the use of standards and the importance of making Web applications that work with any kind of device.

But how could you make a jingle out of ...

[Ungrounded Lightning]

Sir Tim Berners-Lee ... says he got domain names backwards in web addresses all those years ago.

But how could you make an advertising jingle out of

"com dot expediAAAAAAHHH!"

TLDs

[user24]

"I don't think we've gained anything from the .biz or .info domains - only that a few companies have benefited financially"

at least someone realises this.

If i had my way i'd redo the whole domain system; the distinctions between TLDs are totally irrelevent these days.
That or enforce the distinctions, so that only ISPs can have .nets, only charities .orgs, etc etc.

2.6 months for an internet year?

[Anonymous Coward]

The article mentions that an internet year is 2.6 months but at the bottom it says that an internet year is 2.6 times shorter than a regular year. Which is the correct figure? I want to calculate my age in internet years.

Re:JACK ASS

[Anonymous Coward]

Unlike some people, Sir Tim Berners-Lee actually achieved something (you know that thing they call the World Wide Web) that paved the way for him to be knighted by the Queen. Think of that the next time someone says "Yes, sir" to a manager.

Won't work

[rs79]

""I don't think we've gained anything from the .biz or .info domains - only that a few companies have benefited financially"

at least someone realises this.

If i had my way i'd redo the whole domain system; the distinctions between TLDs are totally irrelevent these days.
That or enforce the distinctions, so that only ISPs can have .nets, only charities .orgs, etc etc."

The purpose of a domain name is to make it easy for poeple. Computers don't care, they use IP addresses and the DNS is simpy a way to make easy to rememeber names that are automatically converted to IP addresses by software.

There is no taxonomy or more correctly, ontology, behind domain names. They're arbitrary strings of characters. There is no meaning whatsoever in the TLD, that's sad articfact of the way things were; they should not ideally have any meaning.

NSI under the original Internic cooperative agreement tried for many years to enforce the .NET rule of "internet infrastructural addresses only". It was impossible. Poeple who wanted to cheat the system always found ways and the harder NSI made it the more difficult it was for legitimate users to get .NET addresses.

TLDS should be meaningful, but arbitrary. And pretending any sort of classification system can me made out of it belies two decades of expereince with the way we name computers on the network.

Sir Tim may be a Sir but he's dead wrong about this expansion of tld space. Would you find it easier to remember (and yes, there are times you'll rememeber and type in, instead of looking something up in a search engine) company.biz or perhaps company.info because that was available when perhapes the only thing available in .COM was "i-my-e-companynicheproduct.com"?

Typically the internet solves problems of scarcity (.com names) by creating new resources, not by regulating old ones.

Re:Heh!

[1u3hr]

some will use www.hedgehogthemovie.com, others will use www.hedgehog-the-movie.com. No big difference? It is if you're trying to remember it.

Who remembers it? Just Google the movie title. If it doesn't come up in the first 5 hits, add "IMDB" or "Tomatoes" to the search string, which should get you the IMDB and Rotten Tomatoes pages on the film respectively, either of which will have the link to the "official" site. The whole reason Google is successful is that the name of the most relevant website is rarely predictable.

But the problem with the seemingly logical idea of always using a subdomain of a studio is that movies are often made by independent companies, who will start their site very early in the process, to help market and gain awareness, long before they make a distribution deal with a major. And a few years later when it's on video that could be sold to another studio or network; not to mention having different companies in different countries. Of course, if you know the studio they're likely to have links to current movies on their home page. What is more irritating is when you find an old DVD or see something on TV and would like to check out the website, to find it redirects to a porn or phishing site.

Re:'Duh' Browser security

[Jerf]

We made a mistake back in the day. Certificates are serving two purposes: One is to encrypt the data, one is to verify identity.

This makes it a major pain when you just want to encrypt data without claiming to be anyone in particular, since you have to jump through a lot of hoops both on server and client side to get it working. The browser gets bitchy about a certificate that isn't signed by any of its roots, even though it may very well be the case that nobody cares.

If we clearly thought about these two aspects, and separated them, it would become clear that A: we need a better way to just say "secure the damn connection" without claiming to be anybody and B: When a site is claiming to be somebody, it hardly makes sense to not show the claim clearly to the user. But since the concepts are all mushed up, you get a lock icon that sort of covers half the situation, mostly, and few people really realize there's a problem.

Re:Looking back...

[timeOday]

Left or right isn't the problem; the problem with URLs is that they're inconsistent. Reading from left to right, the hostname goes from most specific to most general, while the rest of the path is just the opposite.

... which is?

[Chris Pimlott]

You might want to mention how tinyweb does it.

Re:'Duh' Browser security

[agurk]

You must need to know WHO your talking with to create a secure connection.

It is no point in having a secure connection to a person you do not know who is.

You cannot know if you are talking to a man in the middle or you are actually talking to the man you want to be communicating with.

To get the ww2 version of this:

You got an ubersecure connection with a german spy which got an ubersecure connection to the man you think you are communicating with. Then the german spy can listen in and you nor the person you want to communicate with will know about the spy. All the spy has to do is to relay all information.

Re:Looking back...

[mattkinabrewmindspri]

-like the way most Americans write dates. Most Americans write in this order: March 25, 2006 or: 03-25-2006 The second one is more specific, while the third is less specific. It would make more sense to write 2006-03-26, so the numbers get more specific, or 26-03-2006, like other countries, so the numbers get less specific.

Re:Looking back...

[identity0]

Well, Usenet has had root-to-subdomain left to right ordering for some time, and it's done fine. In fact, it's a lot easier to browse newsgroups than websites by type.

I wish more apps had a "web ordering" mode for sorting directories, files, or bookmarks. I think there was a version of Firefox with that, but the current build I'm using doesn't seem to have it.

One reason is that it's easier to sort, since right now the server name goes from most detailed to least, while the directory structure behind it goes from least detailed to most. If you're a programmer, it's much easier to work with consistent ordering.

Another is that it makes organization of sites with many subdomains easier, especially sub-sub-domains. Imagine sorting through

africa.news.search.com
americas.news.search.com
art.some.edu
asia.news.search.com
cs.some.edu
europe.news.search.com
linux.cs.some.edu
linux.search.com
ms.cs.some.edu
news.search.com
news.some.edu
physics.some.edu
search.com
store.search.com
store.some.edu

As

edu.some.art
edu.some.cs
edu.some.cs.linux
edu.some.cs.ms
edu.some.store
edu.some.store
edu.some.physics
com.search
com.search.store
com.search.linux
com.search.news
com.search.news.africa
com.search.news.americas
com.search.news.asia
com.search.news.europe

Re:'Duh' Browser security

[Beryllium Sphere(tm)]

>why would you send it to a random stranger? Verification of the recipient's identity is crucial.

That's a good explanation and it's accurate. It does have a hidden assumption though.

A lot of security analysis takes as an axiom that the threat is an intelligent and determined adversary who will crawl in through any weakness. That axiom may seem self-evident because of infosec's military heritage: if your opponent is willing to hire Alan Turing and invent the digital computer in order to read your ciphertext, you daren't leave any chink in your armor.

If you're a civilian and willing to gamble that you'll only be a random target and that your opponents will always go for the softest targets, then you might decide on a self-signed certificate. You might believe that sniffing Internet traffic is so much easier than running a man-in-the-middle attack that you could just take your chances on MiTM.

You'd be wrong in today's environment, though. Phishing means you really have to worry about who a public key really belongs to. Not that certs are helping very much.

Quite a few people are proposing a compromise trust model like ssh has, where the browser UI would change so as to warn you when you're about to encrypt to an unexpected public key.