Slashdot Mirror
Tim Berners-Lee Warns About the Web's Three Biggest Threats (webfoundation.org)
Sunday was the 28th anniversary of the day that 33-year-old Tim Berners-Lee submitted his proposal for the World Wide Web -- and the father of the web published a new letter today about "how the web has evolved, and what we must do to ensure it fulfills his vision of an equalizing platform that benefits all of humanity."
It's been an ongoing battle to maintain the web's openness, but in addition, Berners-Lee lists the following issues: 1) We've lost control of our personal data. 2) It's too easy for misinformation to spread on the web. 3) Political advertising online needs transparency and understanding. Tim Berners-Lee writes:
We must work together with web companies to strike a balance that puts a fair level of data control back in the hands of people, including the development of new technology like personal "data pods" if needed and exploring alternative revenue models like subscriptions and micropayments. We must fight against government over-reach in surveillance laws, including through the courts if necessary. We must push back against misinformation by encouraging gatekeepers such as Google and Facebook to continue their efforts to combat the problem, while avoiding the creation of any central bodies to decide what is "true" or not. We need more algorithmic transparency to understand how important decisions that affect our lives are being made, and perhaps a set of common principles to be followed. We urgently need to close the "internet blind spot" in the regulation of political campaigning.
Berners-Lee says his team at the Web Foundation "will be working on many of these issues as part of our new five year strategy," researching policy solutions and building progress-driving coalitions, as well as maintaining their massive list of digital rights organizations. "I may have invented the web, but all of you have helped to create what it is today... and now it is up to all of us to build the web we want -- for everyone." Inspired by the letter, very-long-time Slashdot reader Martin S. asks, does the web need improvements? And if so, "I'm wondering what Slashdotters would consider to be a solution?"
It's been an ongoing battle to maintain the web's openness, but in addition, Berners-Lee lists the following issues: 1) We've lost control of our personal data. 2) It's too easy for misinformation to spread on the web. 3) Political advertising online needs transparency and understanding. Tim Berners-Lee writes:
We must work together with web companies to strike a balance that puts a fair level of data control back in the hands of people, including the development of new technology like personal "data pods" if needed and exploring alternative revenue models like subscriptions and micropayments. We must fight against government over-reach in surveillance laws, including through the courts if necessary. We must push back against misinformation by encouraging gatekeepers such as Google and Facebook to continue their efforts to combat the problem, while avoiding the creation of any central bodies to decide what is "true" or not. We need more algorithmic transparency to understand how important decisions that affect our lives are being made, and perhaps a set of common principles to be followed. We urgently need to close the "internet blind spot" in the regulation of political campaigning.
Berners-Lee says his team at the Web Foundation "will be working on many of these issues as part of our new five year strategy," researching policy solutions and building progress-driving coalitions, as well as maintaining their massive list of digital rights organizations. "I may have invented the web, but all of you have helped to create what it is today... and now it is up to all of us to build the web we want -- for everyone." Inspired by the letter, very-long-time Slashdot reader Martin S. asks, does the web need improvements? And if so, "I'm wondering what Slashdotters would consider to be a solution?"
Death, taxes, and skynet. If I'm not right on all three I'm probably super close.
Free exchange or censorship. Pick one. And besides, censorship never fixed the problem of fake news. The only solution to fake news is for readers not to be gullible.
Want a second opinion? Here's one: HTTP and HTML are getting long in the tooth, and Javascript is bloat. Maybe it's time to come up with a new stack? Something with better controls for deep linking and embedding, and better support for distributed/cached store-and-forward, and mechanisms so Web 2.0 doesn't have to be such a bolt-on kluge. Maybe a decentralized reputation system so we can choose our own echo chambers more readily.
I'm disappointed that after all these years Tim speaks mainly in slogans and generalities, and still can't avoid contradicting himself. Let's show him how it's done by talking brass tacks.
1. W
2. W
3. W
I often ask myself, would the web be like it is today if Firefox had remained a viable, popular web browser?
It wasn't even all that long ago that Firefox had about 30% of the market. After a long period of time with IE running the show, Phoenix/Firebird/Firefox coming onto the scene was a welcomed change. During its early days, Firefox was a browser that people wanted to use. Each release made its users happier and happier.
Then it all changed with Firefox 4. I'm not going to speculate as to why it started happening, but the Firefox devs started making changes that the users did not want. It started with small things like the menus and the status bar being removed. Then it moved on to much bigger changes, like the UI (and the user experience) being destroyed by the Australis project. It really didn't help when things like Hello and Pocket were forced into Firefox. And many users finally had enough when "sponsored tiles" (advertisements) were added.
We all know what has happened since. Firefox's share of the market is now around 5% to 6%, across all versions and on all platforms. Firefox pretty much missed the mobile revolution completely, with Firefox for Android seeing a small fraction well below 1%. Chrome, on the other hand, now has about 50% of the market. Even Safari, despite supporting far fewer platforms than Firefox, has a greater share of the market than Firefox does.
Some people will wrongly claim that Chrome is only popular because Google promotes it, but the reality is that people use Chrome because it provides a much better experience than Firefox does. Although its UI isn't very good, it at least provides a fast, light browsing experience. It doesn't bundle a lot of useless crap that most users don't want. Radical changes that destroy the user experience tend to be avoided.
Chrome has become the dominant browser, and it determines where the web will go. Firefox just plays catch-up. After all, a browser with only 5% or 6% of the market is generally ignored by web developers, so any new functionality it introduces on its own will tend to be ignored.
Things could have turned out very differently if Firefox had remained a browser that users actually wanted to use. The web of today would look very different if there were a 35% Firefox, 25% IE/Edge, 25% Chrome, 10% Safari, 5% Other breakdown.
It really is a shame that Firefox ended up developing in the way that it did. It had so much potential, only to have it squandered. Its future isn't looking bright, either. It has taken the Firefox devs ages to get their multiprocess support even barely usable. Lately there has been talk about reworking the extension system, with extension breakage being expected. And so many resources have been wasted on Rust and Servo, with so little to show.
Perhaps someday we'll finally get a more diverse browser ecosystem, without there being one browser that holds a majority of the market. We were so close back when Firefox was a major player, but those days are long gone, I'm sad to say.
but he is certainly no subgenius.
Intel CPU Backdoor Report (Updated Mar 12, 2017)
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge.
What we know about Intel CPU backdoors so far:
TL;DR version
Your Intel CPU and Chipset is running a backdoor as we speak.
The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.
30C3 Intel ME live hack:
@21m43s, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
[Quotes] Vortrag:
"DAGGER exploits Intel's Manageability Engine (ME), that executes firmware code such as Intel's Active Management Technology (iAMT), as well as its OOB network channel."
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker. Our presentation consists of three parts. The first part addresses how to find valuable data in the main memory of the host. The second part exploits the ME's OOB network channel to exfiltrate captured data to an external platform and to inject new attack code to target other interesting data structures available in the host runtime memory. The last part deals with the implementation of a covert network channel based on JitterBug."
"We have recently improved DAGGER's capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code."
"To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."
"We can permanently monitor the keyboard buffer on both operating system targets."
Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.
Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.
If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded.
Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software
1. Introduction, what is Intel ME
Short version, from Intel staff:
Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a n
Missing from his list:
#1 threat to the web: Tim Berners-Lee endorsing DRM into web standards
It's also pretty funny that he thinks misinformation is some new problem because Trump was elected or whatever - Information on the web has always been wildly untrustworthy, it's just that the dumb shit public have been gradually brainwashed by massive corporations to accept it as some authoritative source to sell more advertising.
Much more worth talking about.
https://solid.mit.edu/
Projects go all bloat plus legacy, until it seems a project only exists for its own sake. I see only one solution: move on. Maybe split the difference by forking the code and then innovating and jettisoning cruft, or maybe start from scratch. But one way or the other, move on.
I can foresee a day when Unix style operating systems will be obsolete, when that whole paradigm will be replaced by something better. It won't happen without wailing and gnashing of teeth.
I'm not a systemd fan, Bad implementation from an arrogant culture. But let's try again, huh? And let's start from a basis of user needs and best practices this time.
I think the Four Horsemen of the Infocalypse are much bigger threats.
Think of all the bogus DMCA takedowns justified by 'combating illegal copyright infringement', or Bitcoin being shut down due to money laundering concerns, or laws requiring people to decrypt their devices for officials who ask them to (to ensure nothing illegal/incriminating/sexy is there).
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
One the biggest threats has to be pervasive DRM. Corporations won't stop until they own all of a culture's back-stories, folk lore, public domain, and history.
That shipped sailed a long time ago. The difference is that now, instead of having hundreds of corporations with your personal data trying to monetize it under questionable, legal strategies, we also have hundreds of individuals who are trying to do so under clearly illegal strategies. Oh, and harassment. Lots of harassment.
For the former, the new normal should be to better deal with "identity theft". Thanks to centuries of legal protections built up, this is actually well covered except in the "catch the culprit" and "banks, et al recover some of the money". Those parts, though, have never been an integral part of the system except to minimize the tide of abuse. To that end, the future is mostly banks, et al having stricter standards to make it more difficult to incur losses, which is overall a good thing. So long as we don't see a shift towards punishing victims (which seems unlikely with the likes of Trump), we should be fine.
For the latter, there's no real solution. In part, we need to become more accepting of the notion that we will just have to put up with more, possibly targeted, harassment from people who likely have no ability to do real direct harm. We'll also have to become, as a society, more lenient to the indirect harm that harassers can cause upon people. No matter how you look at it, though, this is the sort of challenge which won't go away
That's not the problem. The problem is too many people trusting misinformation. Changing that, though, is basically an impossibility that's older than yellow journalism but well exemplified in it as an idea of what mass campaigns can do.
See (2). Seriously.
One objection I have is they're not well suited to binary data. This content-encoding stuff seems klugey and inefficient. But that's not a deal breaker.
Deep linking and embedding is what makes all sorts of problems possible. Cross site scripting, linked images that bog down page loads, tracker pixels and dead links.
Suppose cross site embedding and scripting were disallowed? Just don't support them in the browser - or at least not without a click to bring up an image. The infrastructure for ads would have to be overhauled, yes. A price worth paying.
Suppose there were restrictions on deep linking, so that a site could explicitly state what is or isn't exported? That way a Web developer could overhaul his logic any time without fear of breaking other sites' links into his site. I can't endorse making Referer mandatory, so a custom browser can bypass this easily, but... that's the user's responsibility.
Yes, I'm talking about limiting options. Options to do things that we've all established were bad ideas. That's why we have laws. Some laws, anyway. And RFCs. And call gates and page protection and user permissions. Make it harder to shoot yourself or someone else in the foot, and we can have (reasonable) freedom without (needless) fear. Seek the best balance by considering things on a case-by-case basis,
Maximum sustainable freedom by means of rules that make sense.
I'm disappointed that after all these years Tim speaks mainly in slogans and generalities, and still can't avoid contradicting himself. Let's show him how it's done by talking brass tacks.
This.
From the summary:
We must push back against misinformation by encouraging gatekeepers such as Google and Facebook to continue their efforts to combat the problem, while avoiding the creation of any central bodies to decide what is "true" or not.
That is literally what "gatekeeper" means, Tim.
TBL, thanks so much for helping create the internet. We've got it from here. In my opinion, the single largest threat to freedom on the internet is how most of the data is in in control of a handful of companies. This needs to be put to an end. It is much more logical and much more viable for information to be spread out and shared in a widely distributed fashion as opposed to what is currently being done. I look forward to the day when companies like Amazon and Google meet their end and become part of the past.
Fake News is the new name for the same old problem, we used to call it yellow journalism, we saw over Eternal September and the same moral panic.
Eternal September highlighted the tension between two contrasting trends. The Internet was built on the free exchange of ideas and information. While the natural consequence of this, increasing availability, actually lowered the overall quality of the content. Panic ensued.
Some of us came to recognised that what was needed was to strike a balance, not choose between two stark choices. We saw was the average quality trending toward the mean, not simply going down.
Should we panic because the average number of balls in the working population is trending toward one? No we should be looking behind the headline to identify the reality and raise the mean.
A) You can't have it both ways, you have liberty and innovation or you have authoritarianism and nothing.
B) It's not his and his vision is irrelevant. The internet was a military project designed to ensure internal communications after a nuclear war, not some new-age hippy propaganda machine.
I used to think personal data pods would be a good idea. Then I realized, almost everything on facebook is worthless. This definitely includes my stuff that I've put there. It's things that mattered for a moment, and that's it. You can tell because people rarely go back and look through their old posts (unless Facebook prompts them).
Twitter is even worse.
"First they came for the slanderers and i said nothing."
There are very few Gods in the Pantheon of IT. TBL is one of them and we should not only listen but remember.
fair level of data control
Unfortunately, Tim Burners-Lee has come out in favor of DRM in the HTML standard recently. As such, any "fair level of control" strikes me to essentially be "the corporation gets everything except for what they deign fit for us peons." Ultimately, that's what DRM is in practice.
At this point, I can't help but wonder if he's being paid off somehow. Very, very few people who advocate a "free and open web" would put DRM anywhere near it, because they're aware that it's pretty much a contradiction. This only furthers the perpetuation of the copyright laws that are already grossly biased in favor of large corporations at the great expense of just about everyone else. One of those expenses is the "free and open web" itself, if they get their way.
And get rid of zero-delimited strings in all APIs. Horribly dangerous.
/tmp file system that is never written to disk at all unless necessary. Kind of a cache in reverse.
bash is not all that great a scripting language. We have many better options to choose from. Demote it from its position at the heart of everything put.. oh, maybe Python 3 in its place.
VFS... it's useful to have the notion of a volume root for backups and mirroring and mounting and such. I'll give Windows this, except I'd prefer volume names to drive letters. Like old school DEC stuff.
Trash/recycle implemented at system level. Automatic deleting of the oldest trashed files when disk space is needed.
I'd also like to see all configuration done via sqlite. Use a sqlite editor instead of a text editor. It'll be easier to search and to figure things out. XML would be my second choice.
Better handling of thrash conditions and working sets, so the system will be more responsive. It's irritating when you get no prompt feedback to acknowledge your user action and you're wondering if the key stuck or if you mis-typed, or you forget what you typed because it isn't on the screen yet. Things that take a while should be low priority background threads. But acknowledging user keypresses and clicks should be more like a software interrupt, and the required code only swapped out in extreme situations. (Sorry, but mlock is too simplistic.)
Acknowledge to the user that an app is being loaded.... before the window comes up. Plus an option to cancel the load if you change your mind.
A
Set user and group on folders instead of files, so you can more easily be assured of what has access to what based on path spec?
Just examples of what I think might work. Maybe a thread to brainstorm this?
The biggest problem is the black-box mandatory DRM handling for HTTP. He clearly "thinks" that such DRM would be what we would write so that we could "protect" our data, but he completely ignores or doesn't even manage to work it out that we won't be able to write our own DRM system that could not be cracked, so his insistence on a DRM handler is nothing to do with that. IF he'd said "Only if the DRM scheme to apply is in the open and implementable everywhere", THEN it would have been possible.
So I think I know where he "thinks" that DRM is required.
But he's just half-assed the thinking.
Seeing this shit is like seeing popunder spamads for a company. If someone is trying to sell me something and trying so hard to avoid legitimate channels to do so, they are not going to restrain themselves to legitimate means of commerce with my cash either. Nor would I trust you with a free service to "help" me, since you clearly help yourself to others' computing resources and have no respect for anyone else.
All I can glean is that this is some sort of asshat way to get a google ad click working or some retarded moron still trying the old ways of getting customers because the "problem" with their collapsed market is clearly to you not because you're a fuckwit, but because you aren't advertising enough.
And if you're THAT dumb, you can clearly not be producing a product that actually works.
That is all I can get from your spamposting.
See my subject & your downmods? LMAO - /.ers put you in your place:
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
APK is kinda right. I've tried his hosts file generating software. It works by bmo
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa
* Recommended & hosted by Malwarebytes' hpHosts!
APK
P.S.=> Eat your words... apk
We must push back against misinformation by encouraging gatekeepers such as Google and Facebook to continue their efforts to combat the problem,
Notice the plural (emphasis mine)
while avoiding the creation of any central bodies to decide what is "true" or not.
That is literally what "gatekeeper" means, Tim.
There's a subtle difference :
- Tim wants the companies (plural) spreading informations/news to do a little bit of work to help assess the reliability of facts in the links that people pass around.
- Tim does not want a single central entity becoming the official authority on all truth (he doesn't want a central "Ministry of Truth").
They aren't contradictory.
But without paying attention, there's a risk that one devolves into the other.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
You can't solve "fake news" by any other means than encouraging people to be sceptical of what they read. Creating centralised systems (which Tim seems to be supporting with weasel words) only leads to more fake news, but fake news which benefits the organisation controlling the news.
... are not comptabile when the public is stupid, irrational and tech illiterate. The vast majority of hte people don't know what DRM is or how tech works which is why software and entertainment companies are getting away with re-engineering Windows and software generally to live in the "cloud" (aka walled garden).
Apple, Google, Valve, and other corporations saw phone and videogame companies getting away with basically stealing the peoples right to own their own software and never have it entirely run the users machine, that ended because 1) the average videogame playing person/kid is a grade A moron. 2) Adults who use windows speak a good game about rights but are ultimately also as illiterate as the average videogame playing kid.
Basically human beings minds did not evolve to make rational decisions in a high technology capitalist society so they act like they normally would - like irrational dumb animals.
Fundamentally corporations desire for profits and power means taking away users rights to software on their machines. Phones and videogames have shown corporations the way, so much so that even big physical machine making companies like John Deere are trying to prevent farmers from repairing their tractors due to "software licensing" nonsense, aka claiming farmers never own their own tractors. You can google it.
Software licensing in the context things we should own like human culture and apps that aren't taken hostage inside the "cloud" are what we need but the average person simply is too irrational, too impulsive and too illiterate. You'd pretty much have to challenge the very architecture of capitalist society to get your rights and freedoms back - aka paying citizens a way to buy them the time to clean up corporations and government, good luck getting the average citizen to come to that point of view though.
DRM, in any way, shape or form is a direct threat to the open, and archival nature of the web.
Seriously. Go back to any of these services that used any sort of DRM and later closed.
Now go ahead and access their content....
Oh wait!
Chas - The one, the only.
THANK GOD!!!
Look at the goddamn title of the chart on the page that you linked to, with emphasis added:
See the bold part? "Desktop"? See it?
You're ignoring 40% to 50% of web users by not including mobile users!
Firefox has almost no mobile users. IE, on the other hand, has almost 10 times the number of mobile users that Firefox has! If you look at the full desktop+mobile picture, IE is still ahead of Firefox.
The desktop is literally the only place that Firefox is used. Meanwhile, Chrome has very strong usage for both, while Safari has more usage on mobile, and IE/Edge still see some usage for both.
Face it, Firefox is a dying browser that's no longer in the Top 3. It's behind at least Chrome, Safari, UC Browser for Android, and IE. Even Opera Mini almost has more users than Firefox does now!
Prevention = best medicine (& what u can't touch can't hurt u) via NEW APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script & malware rob speed/security/privacy
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!
* Via what u NATIVELY have built into the IP stack in FASTER kernelmode!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
The three biggest threats to the Internet are, in no particular order: NAWBO (https://www.nawbo.org/), AWBO (http://www.awbo.org/), and CenturyLink (http://www.centurylink.com/).
what browser is he using?
Tim appears to suffer from 'Nobel disease'. Those problems are North-american, and stem from North american societal problems. Privacy laws exist in the rest of the civilized world. 2) and 3) stem from general ignorance. It's easy to spread FUD? People will believe sound bytes rather than enjoy long, well argumented discussions and think critically? Solve your own problems, USA.
All these things are threats and have already undermined the free web. Even standards have undermined the web no thanks to Time Berner Lee! The cloud centralizes everything instead of decentralizes it. Proprietary JavaScript takes away control of our devices- with it many can't even access online banking. DRM hinders access to content on many commercial web sites. And other proprietary plug-ins like Adobe Flash, Real Player (back in the day), QuickTime, Silverlight, Sun's Java, and Active X hinder the web from working on all sorts of devices.
"Ever tried to stream a video over X11's network connection? Doesn't work."
Yes it does. Same with RDP and similar processes. Sure, X11 is chatty, but there are changes to the server to collate multiple redundant "move window" commands into one to get the information from, but the protocol was designed when 1 mbit LANs were FAST, and many Xterms were dialup.
It works fine.
Not entirely sure what you think is bad about it.
For a start, there's no DRM defined in the standard, so it's STILL a "Flash/Silverlight" but instead of being a single program to fix, every single producer will have their own, and without them all installed (making every computer vulnerable by the monoculture, and increasing the number of vectors by their redundant multiplicity), you can't view the content.
So this is WORSE than Flash. At least that was a single program you either installed or did not, and only one to fix.
But why must there be DRM in the browser AT ALL? Just use Media Player or whatever "movie player" your OS comes with. No need to mandate it be included in every web browser.