Tim Berners-Lee on the Web 224
notmyopinion writes "In a wide-ranging interview with the British Computer Society, Sir Tim Berners-Lee criticizes software patents, speaks out on US and ICANN control of the Internet, proposes browser security changes, and says he got domain names backwards in web addresses all those years ago."
Sir Tim (Score:5, Insightful)
I found this amusing, along the lines of "there are those who call me.... Tim."
Seriously though, I thought he had some great things to say about professionalism in IT. We all need to absorb and remember this:
But how could you make a jingle out of ... (Score:5, Insightful)
But how could you make an advertising jingle out of
"com dot expediAAAAAAHHH!"
TLDs (Score:5, Insightful)
at least someone realises this.
If i had my way i'd redo the whole domain system; the distinctions between TLDs are totally irrelevent these days.
That or enforce the distinctions, so that only ISPs can have
2.6 months for an internet year? (Score:1, Insightful)
Re:JACK ASS (Score:5, Insightful)
Won't work (Score:5, Insightful)
at least someone realises this.
If i had my way i'd redo the whole domain system; the distinctions between TLDs are totally irrelevent these days.
That or enforce the distinctions, so that only ISPs can have
The purpose of a domain name is to make it easy for poeple. Computers don't care, they use IP addresses and the DNS is simpy a way to make easy to rememeber names that are automatically converted to IP addresses by software.
There is no taxonomy or more correctly, ontology, behind domain names. They're arbitrary strings of characters. There is no meaning whatsoever in the TLD, that's sad articfact of the way things were; they should not ideally have any meaning.
NSI under the original Internic cooperative agreement tried for many years to enforce the
TLDS should be meaningful, but arbitrary. And pretending any sort of classification system can me made out of it belies two decades of expereince with the way we name computers on the network.
Sir Tim may be a Sir but he's dead wrong about this expansion of tld space. Would you find it easier to remember (and yes, there are times you'll rememeber and type in, instead of looking something up in a search engine) company.biz or perhaps company.info because that was available when perhapes the only thing available in
Typically the internet solves problems of scarcity (.com names) by creating new resources, not by regulating old ones.
Re:Heh! (Score:3, Insightful)
Who remembers it? Just Google the movie title. If it doesn't come up in the first 5 hits, add "IMDB" or "Tomatoes" to the search string, which should get you the IMDB and Rotten Tomatoes pages on the film respectively, either of which will have the link to the "official" site. The whole reason Google is successful is that the name of the most relevant website is rarely predictable.
But the problem with the seemingly logical idea of always using a subdomain of a studio is that movies are often made by independent companies, who will start their site very early in the process, to help market and gain awareness, long before they make a distribution deal with a major. And a few years later when it's on video that could be sold to another studio or network; not to mention having different companies in different countries. Of course, if you know the studio they're likely to have links to current movies on their home page. What is more irritating is when you find an old DVD or see something on TV and would like to check out the website, to find it redirects to a porn or phishing site.
Re:'Duh' Browser security (Score:5, Insightful)
This makes it a major pain when you just want to encrypt data without claiming to be anyone in particular, since you have to jump through a lot of hoops both on server and client side to get it working. The browser gets bitchy about a certificate that isn't signed by any of its roots, even though it may very well be the case that nobody cares.
If we clearly thought about these two aspects, and separated them, it would become clear that A: we need a better way to just say "secure the damn connection" without claiming to be anybody and B: When a site is claiming to be somebody, it hardly makes sense to not show the claim clearly to the user. But since the concepts are all mushed up, you get a lock icon that sort of covers half the situation, mostly, and few people really realize there's a problem.
Re:Looking back... (Score:5, Insightful)
... which is? (Score:3, Insightful)
Re:'Duh' Browser security (Score:3, Insightful)
It is no point in having a secure connection to a person you do not know who is.
You cannot know if you are talking to a man in the middle or you are actually talking to the man you want to be communicating with.
To get the ww2 version of this:
You got an ubersecure connection with a german spy which got an ubersecure connection to the man you think you are communicating with. Then the german spy can listen in and you nor the person you want to communicate with will know about the spy. All the spy has to do is to relay all information.
Re:Looking back... (Score:5, Insightful)
Re:Looking back... (Score:4, Insightful)
I wish more apps had a "web ordering" mode for sorting directories, files, or bookmarks. I think there was a version of Firefox with that, but the current build I'm using doesn't seem to have it.
One reason is that it's easier to sort, since right now the server name goes from most detailed to least, while the directory structure behind it goes from least detailed to most. If you're a programmer, it's much easier to work with consistent ordering.
Another is that it makes organization of sites with many subdomains easier, especially sub-sub-domains. Imagine sorting through
africa.news.search.com
americas.news.search.com
art.some.edu
asia.news.search.com
cs.some.edu
europe.news.search.com
linux.cs.some.edu
linux.search.com
ms.cs.some.edu
news.search.com
news.some.edu
physics.some.edu
search.com
store.search.com
store.some.edu
As
edu.some.art
edu.some.cs
edu.some.cs.linux
edu.some.cs.ms
edu.some.store
edu.some.store
edu.some.physics
com.search
com.search.store
com.search.linux
com.search.news
com.search.news.africa
com.search.news.americas
com.search.news.asia
com.search.news.europe
Re:'Duh' Browser security (Score:5, Insightful)
That's a good explanation and it's accurate. It does have a hidden assumption though.
A lot of security analysis takes as an axiom that the threat is an intelligent and determined adversary who will crawl in through any weakness. That axiom may seem self-evident because of infosec's military heritage: if your opponent is willing to hire Alan Turing and invent the digital computer in order to read your ciphertext, you daren't leave any chink in your armor.
If you're a civilian and willing to gamble that you'll only be a random target and that your opponents will always go for the softest targets, then you might decide on a self-signed certificate. You might believe that sniffing Internet traffic is so much easier than running a man-in-the-middle attack that you could just take your chances on MiTM.
You'd be wrong in today's environment, though. Phishing means you really have to worry about who a public key really belongs to. Not that certs are helping very much.
Quite a few people are proposing a compromise trust model like ssh has, where the browser UI would change so as to warn you when you're about to encrypt to an unexpected public key.