Slashdot Mirror

An anonymous reader quotes a report from Ars Technica: An update Google rolled out for its popular Chrome browser this weekend helps prevent those annoying auto-playing video ads on many websites from disturbing your day with unwanted sound as well. But that update is causing consternation for many Web-based game developers who are finding that the change completely breaks the audio in their online work. The technical details behind the problem involve the way Chrome handles WebAudio objects, which are now automatically paused when a webpage starts up, stymying auto-playing ads. To get around this, Web-based games now have to actively restart that pre-loaded audio object when the player makes an action to start the game, even if that audio wasn't autoplaying beforehand. "The standard doesn't require you to do this, so no one would have thought to do this before today," developer Andi McClure told Ars Technica. "With Chrome's new autoplay policies, developers shouldn't assume that audio can be played before a user gesture," Google told The Daily Dot in a statement. "With gaming in Chrome, this may affect Web Audio. We have shared details on what developers can do to address this, and the design for the policy was published last year."

Reader Tablizer writes (edited and condensed): The Chrome team "broke the web" to make Chrome perform better, according to Nikita Prokopov, a software engineer. So the story goes like this: there's a widely-used piece of DOM API called "addEventListener." Almost every web site or web app that does anything dynamic with JS probably depends on this method in some way. In 2016, Google came along and decided that this API was not extensible enough. But that's not the end of the story. Chrome team proposed the API change to add passive option because it allowed them to speed up scrolling on mobile websites. The gist of it: if you mark onscroll/ontouch event listener as passive, Mobile Google can scroll your page faster (let's not go into details, but that's how things are). Old websites continue to work (slow, as before), and new websites have an option to be made faster at the cost of an additional feature check and one more option. It's a win-win, right? Turned out, Google wasn't concerned about your websites at all. It was more concerned about its own product performance, Google Chrome Mobile. That's why on February 1, 2017, they made all top-level event listeners passive by default. They call it "an intervention." Now, this is a terrible thing to do. It's very, very, very bad. Basically, Chrome broke half of user websites, the ones that were relying on touch/scroll events being cancellable, at the benefit of winning some performance for websites that were not yet aware of this optional optimization. This was not backward compatible change by any means. All websites and web apps that did any sort of draggable UI (sliders, maps, reorderable lists, even slide-in panels) were affected and essentially broken by this change.

Adrianne Jeffries, a reporter at The Outline, writes on W3C's announcement from earlier this week: The trouble with DRM is that it's sort of ineffective. It tends to make things inconvenient for people who legitimately bought a song or movie while failing to stop piracy. Some rights holders, like Ubisoft, have come around to the idea that DRM is counterproductive. Steve Jobs famously wrote about the inanity of DRM in 2007. But other rights holders, like Netflix, are doubling down. The prevailing winds at the consortium concluded that DRM is now a fact of life, and so it would be be better to at least make the experience a bit smoother for users. If the consortium didn't work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps. The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it's like replacing one library with many stores that each only carry books for one publisher. "It is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient," Berners-Lee wrote, "and one which makes it a part of the interconnected discourse of humanity." Mozilla, the nonprofit that makes the browser Firefox, similarly held its nose and cooperated on the EME standard. "It doesn't strike the correct balance between protecting individual people and protecting digital content," it said in a blog post. "The content providers require that a key part of the system be closed source, something that goes against Mozilla's fundamental approach. We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point."

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

Slashdot reader Atticus Rex writes: On Monday, W3C (World Wide Web Consortium) director Tim Berners-Lee released a post defending his decision to allow Netflix, Microsoft, Apple and Google to enshrine DRM in Web standards, arguing that blocking it would be pointless. Zak Rogoff, FSF campaigns manager, writes in the response:

"As Director of the W3C (World Wide Web Consortium), Berners-Lee has the ability to block [the DRM proposal] from ratification as an official Web standard... Of course, a refusal to ratify could not immediately stop the use of DRM, but it could meaningfully weaken the position of DRM in the court of public opinion, and put EME proponents Netflix, Microsoft, Apple, and Google on notice that a very prominent figure was willing to stand up to them on behalf of users. Changes in society's technological infrastructure require political movements, not just technological arguments, and political movements benefit greatly from the support of prominent figures."
Berners-Lee takes the position that "The web has to be universal, to function at all. It has to be capable of holding crazy ideas of the moment, but also the well polished ideas of the century. It must be able to handle any language and culture. It must be able to include information of all types, and media of many genres. Included in that universality is that it must be able to support free stuff and for-pay stuff, as they are all part of this world.

"This means that it is good for the web to be able to include movies, and so for that, it is better for HTML5 to have EME than to not have it."

JustAnotherOldGuy quotes a report from Boing Boing: The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled; it comes switched on and installed in every Chrome instance. Because of laws like section 1201 of the U.S. Digital Millennium Copyright Act (and Canada's Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Further reading: Boing Boing and Hacker News.

New submitter xogg writes: Battery Status API allows web sites to read the battery level of user's system. The API was found to bring privacy risks and abuse potential and a number of implementation bugs. Now with apparent no legitimate use cases, Mozilla is taking the unprecedented decision to vaporize a browser API due to privacy concerns. And apparently, WebKit, powering Apple's Safari follows. Is that the first time a browser reduces functionality following research reports warning of privacy risks?

New submitter xogg writes: Battery Status API allows web sites to read the battery level of user's system. The API was found to bring privacy risks and abuse potential and a number of implementation bugs. Now with apparent no legitimate use cases, Mozilla is taking the unprecedented decision to vaporize a browser API due to privacy concerns. And apparently, WebKit, powering Apple's Safari follows. Is that the first time a browser reduces functionality following research reports warning of privacy risks?

An anonymous reader quotes a report from Softpedia: Members of the World Wide Web Consortium (W3C) are getting ready to launch the HTML 5.1 specification and have already started work on the upcoming HTML 5.2 version since mid-August. The HTML 5.1 standard has been promoted from a "Release Candidate" to a "Proposed Recommendation," the last step before it becomes a "W3C Recommendation," and officially replaces HTML 5 as the current HTML standard. As a Proposed Recommendation, HTML 5.1 is practically locked against major changes, and outside small tweaks here and there, we are currently looking at a 99.99 percent version of the upcoming HTML 5.1 standard. The vote to promote HTML 5.1 from RC to PR was approved in unanimity, a clear sign that major browser makers have reached a general consensus on what the standard should look like, and what they should be implementing in their browsers in upcoming versions. You can read more on HTML 5.1 here, the changes and support table here, and the HTML 5.2 specification draft here.

An anonymous reader quotes a report from Softpedia: Members of the World Wide Web Consortium (W3C) are getting ready to launch the HTML 5.1 specification and have already started work on the upcoming HTML 5.2 version since mid-August. The HTML 5.1 standard has been promoted from a "Release Candidate" to a "Proposed Recommendation," the last step before it becomes a "W3C Recommendation," and officially replaces HTML 5 as the current HTML standard. As a Proposed Recommendation, HTML 5.1 is practically locked against major changes, and outside small tweaks here and there, we are currently looking at a 99.99 percent version of the upcoming HTML 5.1 standard. The vote to promote HTML 5.1 from RC to PR was approved in unanimity, a clear sign that major browser makers have reached a general consensus on what the standard should look like, and what they should be implementing in their browsers in upcoming versions. You can read more on HTML 5.1 here, the changes and support table here, and the HTML 5.2 specification draft here.

Reader Thelasko writes: The BBC has a story about people with names that break computer databases. "When Jennifer Null tries to buy a plane ticket, she gets an error message on most websites. The site will say she has left the surname field blank and ask her to try again." Thelasko compares it to the XKCD comic about Bobby Tables, though it's a real problem that's also been experienced by a Hawaiian woman named Janice Keihanaikukauakahihulihe'ekahaunaele, whose last name exceeds the 36-character limit on state ID cards. And in 2010, programmer John Graham-Cumming complained about web sites (including Yahoo) which refused to accept hyphenated last names. Programmer Patrick McKenzie pointed the BBC to a 2011 W3C post highlighting the key issues with names, along with his own list of common mistaken assumptions. "They don't necessarily test for the edge cases," McKenzie says, noting that even when filing his own income taxes in Japan, his last name exceeds the number of characters allowed.

New submitter leonstr writes: I'm a sysadmin and I like to record my daily work in a logbook: technical notes, work progress, actions from meetings, etc. I started with the word processor on the venerable Psion Series 3a but for about 10 years I've been using Amaya. It's FLOSS, cross-platform and uses an open file format (XHTML). Amaya has its quirks but I really like it; unfortunately it's no longer being updated and I feel it's time to change. So I wonder: what do other people use for recording their work? What works well and meets your requirements?

campuscodi writes to note that the World Wide Web Consortium has launched a Working Group to help streamline the online "check-out" process and make payment by internet easier and more secure. The proposed standards will support a wide array of existing and future payment methods, including debit, credit, mobile payment systems, escrow, and Bitcoin and other distributed ledger technologies. The group estimates that the new payments API will reach browsers by the end of 2017. For more details, you can consult the Web Payments Working Group Charter, and the group's wiki FAQ page.

campuscodi writes to note that the World Wide Web Consortium has launched a Working Group to help streamline the online "check-out" process and make payment by internet easier and more secure. The proposed standards will support a wide array of existing and future payment methods, including debit, credit, mobile payment systems, escrow, and Bitcoin and other distributed ledger technologies. The group estimates that the new payments API will reach browsers by the end of 2017. For more details, you can consult the Web Payments Working Group Charter, and the group's wiki FAQ page.

campuscodi writes to note that the World Wide Web Consortium has launched a Working Group to help streamline the online "check-out" process and make payment by internet easier and more secure. The proposed standards will support a wide array of existing and future payment methods, including debit, credit, mobile payment systems, escrow, and Bitcoin and other distributed ledger technologies. The group estimates that the new payments API will reach browsers by the end of 2017. For more details, you can consult the Web Payments Working Group Charter, and the group's wiki FAQ page.

paroneayea writes: GNU MediaGoblin has released version 0.8.0 dubbed "A Gallery of Fine Creatures". This release includes a number of improvements including an upgrade to GStreamer 1.0, improved video thumbnailing, and preliminary Python 3 support. Additionally, an improved Social API support making use of the Pump API means that existing pump.io clients like Pumpa and Dianara are now compatible with MediaGoblin. This coincides with work underway by MediaGoblin developers working with the W3C Social Working Group to build a general federation standard, of which a draft submission to the group is already in progress.

jones_supa writes: Mozilla is officially beginning to phase out non-secure HTTP to prefer HTTPS instead. After a robust discussion on the mailing list, the company will boldly start removing capabilities of the non-secure web. There are two broad elements of this plan: setting a date after which all new features will be available only to secure websites, and gradually phasing out access to browser features for non-secure websites, especially regarding features that pose risks to users' security and privacy. This plan still allows for usage of the "http" URI scheme for legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the "http" scheme can be automatically translated to "https" by the browser, and thus run securely. The goal of this effort is also to send a message to the web developer community that they need to be secure. Mozilla expects to make some proposals to the W3C WebAppSec Working Group soon.

An anonymous reader writes: The history of the do-not-track setting for web browsers has been rife with debate. It took a long time for web experts to come to anything resembling a consensus on how it should be implemented, and the process isn't over yet. Microsoft took criticism for enabling the do-not-track setting by default in Internet Explorer. While it sounds good in theory, many worried it would just spur websites to completely disregard the setting (and some, like Yahoo, did just that). Now, Microsoft has reversed their stance. The do-not-track setting will not be enabled by default in the company's future browsers. They say, "Put simply, we are updating our approach to DNT to eliminate any misunderstanding about whether our chosen implementation will comply with the W3C standard. ... As a result, DNT will not be the default state in Windows Express Settings moving forward, but we will provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so."

An anonymous reader writes HTTP/2 is back in the spotlight again. After drawing significant ire over a proposal for officially sanctioned snooping, the IETF is drawing criticism for plowing ahead with its plans for HTTP/2 on an unrealistically short schedule and with an insufficiently clear charter. A few days ago the IETF announced Last Call for comments on the HTTP/2 protocol.

Poul-Henning Kamp writes, "Some will expect a major update to the world's most popular protocol to be a technical masterpiece and textbook example for future students of protocol design. Some will expect that a protocol designed during the Snowden revelations will improve their privacy. Others will more cynically suspect the opposite. There may be a general assumption of 'faster.' Many will probably also assume it is 'greener.' And some of us are jaded enough to see the "2.0" and mutter 'Uh-oh, Second Systems Syndrome.' The cheat sheet answers are: no, no, probably not, maybe, no and yes."

"Given this rather mediocre grade-sheet, you may be wondering why HTTP/2.0 is even being considered as a standard in the first place. The Answer is Politics. Google came up with the SPDY protocol, and since they have their own browser, they could play around as they choose to, optimizing the protocol for their particular needs. SPDY was a very good prototype which showed clearly that there was potential for improvement in a new version of the HTTP protocol. Kudos to Google for that. But SPDY also started to smell a lot like a 'walled garden'."

"The IETF, obviously fearing irrelevance, hastily 'discovered' that the HTTP/1.1 protocol needed an update, and tasked a working group with preparing it on an unrealistically short schedule. This ruled out any basis for the new HTTP/2.0 other than the SPDY protocol. With only the most hideous of SPDY's warts removed, and all other attempts at improvement rejected as 'not in scope,' 'too late,' or 'no consensus,' the IETF can now claim relevance and victory by conceding practically every principle ever held dear in return for the privilege of rubber-stamping Google's initiative."

An anonymous reader writes HTTP/2 is back in the spotlight again. After drawing significant ire over a proposal for officially sanctioned snooping, the IETF is drawing criticism for plowing ahead with its plans for HTTP/2 on an unrealistically short schedule and with an insufficiently clear charter. A few days ago the IETF announced Last Call for comments on the HTTP/2 protocol.

Poul-Henning Kamp writes, "Some will expect a major update to the world's most popular protocol to be a technical masterpiece and textbook example for future students of protocol design. Some will expect that a protocol designed during the Snowden revelations will improve their privacy. Others will more cynically suspect the opposite. There may be a general assumption of 'faster.' Many will probably also assume it is 'greener.' And some of us are jaded enough to see the "2.0" and mutter 'Uh-oh, Second Systems Syndrome.' The cheat sheet answers are: no, no, probably not, maybe, no and yes."

"Given this rather mediocre grade-sheet, you may be wondering why HTTP/2.0 is even being considered as a standard in the first place. The Answer is Politics. Google came up with the SPDY protocol, and since they have their own browser, they could play around as they choose to, optimizing the protocol for their particular needs. SPDY was a very good prototype which showed clearly that there was potential for improvement in a new version of the HTTP protocol. Kudos to Google for that. But SPDY also started to smell a lot like a 'walled garden'."

"The IETF, obviously fearing irrelevance, hastily 'discovered' that the HTTP/1.1 protocol needed an update, and tasked a working group with preparing it on an unrealistically short schedule. This ruled out any basis for the new HTTP/2.0 other than the SPDY protocol. With only the most hideous of SPDY's warts removed, and all other attempts at improvement rejected as 'not in scope,' 'too late,' or 'no consensus,' the IETF can now claim relevance and victory by conceding practically every principle ever held dear in return for the privilege of rubber-stamping Google's initiative."

An anonymous reader writes: On 10 October 1994, Opera CTO Hakon Lie posted a proposal for Cascading HTML style sheets. Now, two decades on, CSS has become one of the modern web's most important building blocks. The Opera dev blog just posted an interview with Lie about how CSS came to be, and what he thinks of it now. He says that if these standards were not made, "the web would have become a giant fax machine where pictures of text would be passed along." He also talks about competing proposals around the same time period, and mentions his biggest mistake: not producing a test suite along with the CSS1 spec. He thinks this would have gotten the early browsers to support it more quickly and more accurately. Lie also thinks CSS has a strong future: "New ideas will come along, but they will extend CSS rather than replace it. I believe that the CSS code we write today will be readable by computers 500 years from now."

Via the HTTP working group list comes a post from Poul-Henning Kamp proposing that HTTP 2.0 (as it exists now) never be released after the plan of adopting Google's SPDY protocol with minor changes revealed flaws that SPDY/HTTP 2.0 will not address. Quoting: "The WG took the prototype SPDY was, before even completing its previous assignment, and wasted a lot of time and effort trying to goldplate over the warts and mistakes in it. And rather than 'ohh, we get HTTP/2.0 almost for free', we found out that there are numerous hard problems that SPDY doesn't even get close to solving, and that we will need to make some simplifications in the evolved HTTP concept if we ever want to solve them. ... Wouldn't we get a better result from taking a much deeper look at the current cryptographic and privacy situation, rather than publish a protocol with a cryptographic band-aid which doesn't solve the problems and gets in the way in many applications ? ... Isn't publishing HTTP/2.0 as a 'place-holder' is just a waste of everybody's time, and a needless code churn, leading to increased risk of security exposures and failure for no significant gains ?"

An anonymous reader writes "Last year the W3C approved the inclusion of DRM in future HTML revisions. It's called Encrypted Media Extensions, and it was not well received by the web community. Nevertheless, it had the support of several major browser makers, and now Mozilla CTO Andreas Gal has a post explaining how Firefox will be implementing EME. He says, 'This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate. ... From the security perspective, for Mozilla it is essential that all code in the browser is open so that users and security researchers can see and audit the code. DRM systems explicitly rely on the source code not being available. In addition, DRM systems also often have unfavorable privacy properties. ... Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user's hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.'"

An anonymous reader writes "Following the release of Firefox 28 just two days ago, Mozilla today updated its Firefox Beta channel to version 29 for Windows, Mac, Linux, and Android. This is a massive release: Firefox Sync has been revamped and is now powered by Firefox Accounts, there's a new customization mode, and the major user interface overhaul Australis has finally arrived. Release notes are here: Desktop and Android." Of interest to developers: Firefox 29 will feature the first implementation of CSS3 variables. Yes, variables for CSS (15 years later).

Today marks the 25th anniversary of Tim Berners-Lee's "Information Management: A Proposal," containing the ideas that led to the World Wide Web. From its humble beginnings as a way to store linked documents at CERN to... well, you're reading this now. To celebrate, the W3C is encouraging people to post their birthday greetings. Quoting Tim Berners-Lee: "In the following quarter-century, the Web has changed the world in ways that I never could have imagined. There have been many exciting advances. It has generated billions of dollars in economic growth, turned data into the gold of the 21st century, unleashed innovation in education and healthcare, whittled away geographic and social boundaries, revolutionised the media, and forced a reinvention of politics in many countries by enabling constant two-way dialogue between the rulers and the ruled." Martin S. and JestersGrind both wrote in to note that Tim Berners-Lee is calling for the creation of a Web Magna Carta. Again Quoting Tim Berners-Lee "It's time for us to make a big communal decision," he said. "In front of us are two roads - which way are we going to go? Are we going to continue on the road and just allow the governments to do more and more and more control - more and more surveillance? Or are we going to set up a bunch of values? Are we going to set up something like a Magna Carta for the world wide web and say, actually, now it's so important, so much part of our lives, that it becomes on a level with human rights?" How has the rise of the web affected your life? Also check out the CERN line mode browser simulation of the first web site.

mikejuk writes "Google and Opera split from WebKit to create Blink, their own HTML rendering engine, and everyone was worried about the effect on standards. Now we have the first big example of a split in the form of CSS Regions support. Essentially Regions are used to provide the web equivalent of text flow, a concept very familiar to anyone who has used a desktop publishing program. The basic idea is that you define containers for a text stream which is then flowed from one container to another to provide a complex multicolumn layout. The W3C standard for Regions has mostly been created by Adobe — a long time DTP company. Now the Blink team has proposed removing Regions support to save 10,000 lines of code in 350,000 in the name of efficiency. If Google does remove the Regions code, which looks highly likely, this would leave Safari and IE 10/11 as the only two major browsers to support Regions. Both Apple and Microsoft have an interest in ensuring that their hardware can be used to create high quality magazine style layouts — Google and Opera aren't so concerned. I thought standards were there to implement not argue with." Although mikejuk thinks this is a bad thing, a lot of people think CSS Regions are awful. Mozilla has never intended to implement them, instead offering the CSS Fragmentation proposal as an alternative. One major flaw of CSS Regions is its reliance upon markup that is used solely for layout, violating the separation of content and style that CSS is intended to enforce.

mikejuk writes "Google and Opera split from WebKit to create Blink, their own HTML rendering engine, and everyone was worried about the effect on standards. Now we have the first big example of a split in the form of CSS Regions support. Essentially Regions are used to provide the web equivalent of text flow, a concept very familiar to anyone who has used a desktop publishing program. The basic idea is that you define containers for a text stream which is then flowed from one container to another to provide a complex multicolumn layout. The W3C standard for Regions has mostly been created by Adobe — a long time DTP company. Now the Blink team has proposed removing Regions support to save 10,000 lines of code in 350,000 in the name of efficiency. If Google does remove the Regions code, which looks highly likely, this would leave Safari and IE 10/11 as the only two major browsers to support Regions. Both Apple and Microsoft have an interest in ensuring that their hardware can be used to create high quality magazine style layouts — Google and Opera aren't so concerned. I thought standards were there to implement not argue with." Although mikejuk thinks this is a bad thing, a lot of people think CSS Regions are awful. Mozilla has never intended to implement them, instead offering the CSS Fragmentation proposal as an alternative. One major flaw of CSS Regions is its reliance upon markup that is used solely for layout, violating the separation of content and style that CSS is intended to enforce.

An anonymous reader writes "In an email to the HTTP working group, Mark Nottingham laid out the three top proposals about how HTTP 2.0 will handle encryption. The frontrunner right now is this: 'HTTP/2 to only be used with https:// URIs on the "open" Internet. http:// URIs would continue to use HTTP/1.' This isn't set in stone yet, but Nottingham said they will 'discuss formalising this with suitable requirements to encourage interoperability.' There appears to be support from browser vendors; he says they have been 'among those most strongly advocating more use of encryption.' The big goal here is to increase the use of encryption on the open web. One big point in favor of this plan is that if it doesn't work well (i.e., if adoption is poor), then they can add support for opportunistic encryption later. Going from opportunistic to mandatory encryption would be a much harder task. Nottingham adds, 'To be clear — we will still define how to use HTTP/2.0 with http:// URIs, because in some use cases, an implementer may make an informed choice to use the protocol without encryption. However, for the common case — browsing the open Web — you'll need to use https:// URIs and if you want to use the newest version of HTTP.'"

An anonymous reader writes "Mozilla today officially launched Firefox 25 for Windows, Mac, Linux, and Android. Additions include Web Audio API support, as well as guest browsing and mixed content blocking on Android. Firefox 25 can be downloaded from Firefox.com and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. The release notes are here: desktop, mobile."

An anonymous reader writes "Danny O'Brien from the EFF has a weblog post about how the Encrypted Media Extension (EME) proposal will continue to be part of HTML Work Group's bailiwick and may make it into a future HTML revision." From O'Brien's post: "A Web where you cannot cut and paste text; where your browser can't 'Save As...' an image; where the 'allowed' uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively 'View Source' on some sites, is a very different Web from the one we have today. It's a Web where user agents—browsers—must navigate a nest of enforced duties every time they visit a page. It's a place where the next Tim Berners-Lee or Mozilla, if they were building a new browser from scratch, couldn't just look up the details of all the 'Web' technologies. They'd have to negotiate and sign compliance agreements with a raft of DRM providers just to be fully standards-compliant and interoperable."

itwbennett writes "The W3C's Tracking Protection Working Group, which is mainly concerned with standardizing the mechanisms for server-side compliance with do-not-track requests, has rejected a proposal by from the Digital Advertising Alliance (DAA) that would have allowed advertisers to continue profiling users who had asked not to be tracked. The proposal would also have allowed them to 'retarget' ads to those users by showing ads relevant to one site or transaction on all subsequent sites they visited, according to the co-chairs of the W3C's Tracking Protection Working Group. The working group co-chairs also said that they planned to reject proposals similar to those made by the DAA."

itwbennett writes "The W3C's Tracking Protection Working Group, which is mainly concerned with standardizing the mechanisms for server-side compliance with do-not-track requests, has rejected a proposal by from the Digital Advertising Alliance (DAA) that would have allowed advertisers to continue profiling users who had asked not to be tracked. The proposal would also have allowed them to 'retarget' ads to those users by showing ads relevant to one site or transaction on all subsequent sites they visited, according to the co-chairs of the W3C's Tracking Protection Working Group. The working group co-chairs also said that they planned to reject proposals similar to those made by the DAA."

An anonymous reader writes "Web technologies need to support DRM-protected media to reduce the risk of parts of the web being walled off, the chief executive of the web standards body W3C has told ZDNet. Dr Jeff Jaffe, CEO of the World Wide Web Consortium, says proposals to provide a hook for DRM-protected media within HTML, via Encrypted Media Extensions, are necessary to help prevent scenarios such as movie studios removing films from the web in a bid to protect them from piracy."

Underholdning writes "DRM is coming to HTML5. The W3C published a working draft yesterday of the framework that will support the use of DRM-protected media. Ars Technica's Peter Bright reports on it with an article claiming that DRM in HTML5 is a victory for the open web, not a defeat. Bright argues that if HTML5 does not support DRM, then content providers will move their content away from open standards and implement it with native apps — abandoning the web in the process. Quoting: 'Keeping it out of W3C might have been a moral victory, but its practical implications would sit between slim and none. It doesn't matter if browsers implement "W3C EME" or "non-W3C EME" if the technology and its capabilities are identical. ... Deprived of the ability to use browser plugins, protected content distributors are not, in general, switching to unprotected media. Instead, they're switching away from the Web entirely. Want to send DRM-protected video to an iPhone? "There's an app for that." Native applications on iOS, Android, Windows Phone, and Windows 8 can all implement DRM, with some platforms, such as Android and Windows 8, even offering various APIs and features to assist this.'"

gnujoshua writes "In a new article, GNU Project founder Richard M. Stallman speaks out against the proposal to include hooks for DRM in HTML5. While others have been making similar arguments, RMS strikes home the point that while companies can still push Web DRM themselves, the stance taken by the W3C is still — both practically and politically — vitally important: '[...] the W3C cannot prevent companies from grafting DRM onto HTML. They do this through nonfree plug-ins such as Flash, and with nonfree Javascript code, thus showing that we need control over the Javascript code we run and over the C code we run. However, where the W3C stands is tremendously important for the battle to eliminate DRM. On a practical level, standardizing DRM would make it more convenient, in a very shallow sense. This could influence people who think only of short-term convenience to think of DRM as acceptable, which could in turn encourage more sites to use DRM. On the political level, making room for DRM in the specifications of the World Wide Web would constitute an endorsement in principle of DRM by the W3C. Standardization by the W3C could facilitate DRM that is harder for users to break than DRM implemented in Javascript code. If the DRM is implemented in the operating system, this could result in distribution of works that can't be played at all on a free operating system such as GNU/Linux.'"

pfignaux writes with an interesting view on the place of centralized standardization in modern browsers. From the article: "When HTML first appeared, it offered a coherent if limited vocabulary for sharing content on the newly created World Wide Web. Today, after HTML has handed off most of its actual work to other specifications, it's time to stop worrying about this central core and let developers choose their own markup vocabularies and processing." Instead, the author proposes that CSS, Javascript+DOM, the W3C's accessibility framework, and Web Components are sufficient to implement the rendering of smaller, domain-specific markups.

pfignaux writes with an interesting view on the place of centralized standardization in modern browsers. From the article: "When HTML first appeared, it offered a coherent if limited vocabulary for sharing content on the newly created World Wide Web. Today, after HTML has handed off most of its actual work to other specifications, it's time to stop worrying about this central core and let developers choose their own markup vocabularies and processing." Instead, the author proposes that CSS, Javascript+DOM, the W3C's accessibility framework, and Web Components are sufficient to implement the rendering of smaller, domain-specific markups.

FuzzNugget writes "In a recent blog post, Netflix details their plans to transition from Silverlight to HTML5, but with one caveat: HTML5 needs to include a built-in DRM scheme. With the W3C's proposed Encrypted Media Extensions, this may come to fruition. But what would we sacrificing in openness and the web as we know it? How will developers of open source browsers like Firefox respond to this?"

tvlinux writes "The web is becoming more than just a media display; there is more interaction and more special things that need to be done. Right now, jQuery is the preferred method of a very dynamic user interface. There is a W3 standard called XBL2.0. It is the macro language of HTML. To me it seems like a great idea — reusable HTML widgets, where each one is a separate object contained with in itself. You can define properties, methods, and events, each of which is self-contained. If the browsers supported XBL2, I can envision a whole ecosystem of new widgets, charts, grids and inputs that people could add to web pages just like any other HTML element. I see less experienced developers being able to create fancy websites by just using DOM and not having to learn jquery. My question: why is XBL dead? I think a macro-language for HTML is a good idea." XBL is alive and well, but only for XUL. Looks like another casualty of HTML5's rejection of XML.

tvlinux writes "The web is becoming more than just a media display; there is more interaction and more special things that need to be done. Right now, jQuery is the preferred method of a very dynamic user interface. There is a W3 standard called XBL2.0. It is the macro language of HTML. To me it seems like a great idea — reusable HTML widgets, where each one is a separate object contained with in itself. You can define properties, methods, and events, each of which is self-contained. If the browsers supported XBL2, I can envision a whole ecosystem of new widgets, charts, grids and inputs that people could add to web pages just like any other HTML element. I see less experienced developers being able to create fancy websites by just using DOM and not having to learn jquery. My question: why is XBL dead? I think a macro-language for HTML is a good idea." XBL is alive and well, but only for XUL. Looks like another casualty of HTML5's rejection of XML.

FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.

FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.

FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.

FredAndrews writes "The W3C has ruled DRM in-scope for their HTML standard. A lot of big businesses have supported advancing the Encrypted Media Extension, including Google, Microsoft, and Netfix. The BBC calls for a solution with legal sanctions. The EME could well be used to implement a DRM HTML engine. A DRM-enabled web would break a long tradition of the web browser being the User's Agent, and would restrict user choice and control over their security and privacy. There are other applications that can serve the purpose of viewing DRM video content, and I appeal to people to not taint the web standards with DRM but to please use other applications when necessary." Looks like the web is becoming more like Xanadu, but not in a good way.

hypnosec writes "The Worldwide Web Consortium (W3C) has announced that it has finalized the definition of HTML5 and that it is ready for interoperability testing. HTML5 hasn't been given the status of standard yet but it is feature complete now, giving developers a stable target to develop their web applications. The W3C said in the announcement 'HTML5 is the cornerstone of the Open Web Platform" and that it provides an environment which can utilize all of a device's capabilities like videos, animations, graphics and typography. The HTML5 specifications still have a long way to go before they hit the Recommendation status. HTML5 will have to go through a round of testing that looks specifically into interoperability and performance after which time it will be given a Candidate Recommendation title."

First time accepted submitter FredAndrews writes "A Private User Agent W3C Community Group has been proposed to tackle the privacy of the web browser by developing technical solutions to close the leaks. Current Javascript APIs are capable of leaking a lot of information as we browse the Internet, such as details of our browser that can be used to identify and track our online presence, and the content on the page (including any private customizations and the effects of extensions), and can monitor and leak our usage on the page such a mouse movements and interactions on the page. This problem is compounded by the increased use of the web browser as a platform for delivering software. While the community ignores the issue, solutions are being developed commercially and patented — we run the risk of ending up unable to have privacy because the solutions are patented. The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality. Note, this work cannot address the privacy of information that we overtly share, and there are other current W3C initiatives working on this, such as DNT."

The World Wide Web Consortium has proposed "a new plan that would see the HTML 5 spec positioned as a Recommendation—which in W3C's lingo represents a complete, finished standard—by the end of 2014. The group plans a follow-up, HTML 5.1, for the end of 2016." Instead of working toward one-specification-to-rule-them-all in 2022, features that are stable and implemented in multiple browsers now will be finalized as HTML 5.0 by 2014 with unstable features moved into HTML 5.1 (developed in parallel). In 2014, the commonly implemented parts of HTML 5.1 will begin finalization for 2016, with the unstable parts moved into HTML 5.2 (wash, rinse, repeat). Additionally, things like Web Sockets are being moved into their own modular standards (sound familiar?) for "...the social benefits that accrue from such an approach. Splitting out separate specifications allows those technologies to be advanced by their respective communities of interest, allowing more productive development of approaches that may eventually be able reach broader consensus."