Slashdot Mirror
Google Wants To Kill the URL (wired.com)
As Chrome looks ahead to its next 10 years, the team is mulling its most controversial initiative yet: fundamentally rethinking URLs across the web. From a report: Uniform Resource Locators are the familiar web addresses you use everyday. They are listed in the web's DNS address book and direct browsers to the right Internet Protocol addresses that identify and differentiate web servers. In short, you navigate to WIRED.com to read WIRED so you don't have to manage complicated routing protocols and strings of numbers. But over time, URLs have gotten more and more difficult to read and understand. The resulting opacity has been a boon for cyber criminals who build malicious sites to exploit the confusion. They impersonate legitimate institutions, launch phishing schemes, hawk malicious downloads, and run phony web services -- all because it's difficult for web users to keep track of who they're dealing with. Now, the Chrome team says it's time for a massive change.
"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering Manager. "They're hard to read, it's hard to know which part of them is supposed to be trusted, and in general I don't think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone -- they know who they're talking to when they're using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we're figuring out the right way to convey identity."
If you're having a tough time thinking of what could possibly be used in place of URLs, you're not alone. Academics have considered options over the years, but the problem doesn't have an easy answer. Porter Felt and her colleague Justin Schuh, Chrome's principal engineer, say that even the Chrome team itself is still divided on the best solution to propose. And the group won't offer any examples at this point of the types of schemes they are considering. The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices.
"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering Manager. "They're hard to read, it's hard to know which part of them is supposed to be trusted, and in general I don't think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone -- they know who they're talking to when they're using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we're figuring out the right way to convey identity."
If you're having a tough time thinking of what could possibly be used in place of URLs, you're not alone. Academics have considered options over the years, but the problem doesn't have an easy answer. Porter Felt and her colleague Justin Schuh, Chrome's principal engineer, say that even the Chrome team itself is still divided on the best solution to propose. And the group won't offer any examples at this point of the types of schemes they are considering. The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices.
It is not acceptable for Google that some browsing bypasses Google search engine when people directly type in URLs.
Google, just doing its part in ripping the last bits of the 'web' to shreds. I guess they really do want their search engine to be the place from which all information originates.
It's about time we revert back to the future with the AOL keywords we all have been sorely missing from our lives!!!
Paul Lenhart writes words!
PRO-TIP: There's this magical thing called a bookmark that stores all those 'so-over-complicated' URL thingies under a name that you can even change yourself so your teeny little human brain can understand it! Ain't that amazing?</extreme_sarcasm>
Seriously, Google, what the actual fuck is wrong with you?
Or is it that people have become so fucking dumb that they really can't type in {website}.{top_level_domain}? Considering all the stupid shit I see in the news pretty much every single day anymore I'd be very tempted to believe that, too.
They will make the whole thing more difficult to see at a glance. Just as the switch from simple html pages to ?88858232838812288589018299-style URLs, there will be an additional layer to "convey identity", leaving people further at the mercy of the operators.
I can guess what Googles solution will be: if you want to host web content you need to purchase a virtual website on their cloud and then they will issue you a code that people can use to type or scan into Chrome. After all, think of the terrorists and/or the children.
With Google mail and voice and everything else and now this. I guess Google wants to be the 21st century AOL.
At least we won't have to worry about the endless stream of CDs in the mail.
Didn't AOL try this back in the 90s with the 'AOL Keyword'? IIRC, it failed miserably.
People have a really hard time understanding URLs
Understatement of the year. "People" don't understand URLs at all. That doesn't mean we should let Google be the arbiter of identity on the internet.
Isn't this what SSL Certs were supposed to fix?
The only important part of a URL to the vast majority of end users is the domain name. As long as that's shown and the SSL is valid just show that bit to users by default. Clicking into the address bar gives the entire address to copy/bookmark/whatever.
No longer confusing is it.
That used to be the first step in an internet protocol change. Does Google well and truly own the internet now?
"Eve of Destruction", it's not just for old hippies anymore...
Is this really an issue? The biggest challenge I've seen is the various browser vendors doing everything they can to obfuscate the URL in the first place. Lets not even get started on the whole tiny URL thing. I make it a point never to click on one of those since you never know where you'll end up at.
URL's, at least in the case of the World Wide Web (WWW), are very simple to read. You have your host (e.g. slashdot), domain (e.g. org), and resource path (e.g. story/18/09/04/1722244/google-wants-to-kill-the-url). How is that hard to read? Ok, some of it might not be very useful to the average person (e.g. 1722244), but its not hard to read, nor understand. Of course once you get past the host and domain the value of the resource path is entirely up to the whims of the site's logical design.
I can see Google moving to something that can individualize users, so they can track who goes where. That's how they make their cash.
This problem, like all internet problems, is not new to the internet. It's not hard to put up a tent by the side of the road, put an apple-like logo onto it, and sell fake iphones.
How do you know, when you walk into a bank, that it's a bank, and not just some guy with a storefront that looks like a bank? When was the last time that you authenticated your bank branch as actually being a bank?
How about if my browser -- that has no problem parsing a URL -- simply asked me, the first time I wind up at a new domain, if I'm sure it is who I think it is? Maybe show me some of the basic information, a few lookups, consult a trusted white-list, and obviously spread that trust from certain sites to others -- maybe allow me to say that links from cnn.com can be trusted implicitly.
Why does it need to be any more complicated than asking me to be sure?
And, of course, I'll include my go-to advice: maybe we should start arresting criminals -- you know, like in every other part of life -- instead of trying to make consumers play their own game of cops and robbers every minute of every day.
Is that most people andor yourself think this is not the actual case.
We know Google are publicly owned and therefore directed by the biggest shareholders and "regulatory oversight".
We know they have been caught censoring people and organizations that go against their agenda. Most recently they censored pro life in Ireland during an abortion referendum there.
There are claims that they generally censor anything right of center or even anything right of the mainstream left in many cases. Btw the mainstream left is really the ultra far right. That's all a ruse.
Why would you think they aren't trying to turn the internet into a dumbed down digital TV platform.
So just like always, some powerful agent seeking to invade the privacy of individuals more comprehensively uses "security" as an excuse. Meanwhile, methods that could make the existing system far more secure (while preserving anonymity for those who need it) are ignored.
If I remember correctly, Google just got caught investigating ways to help China's Big Brother regime weaponize its search engine by turning it into a government-friendly propaganda tool. Google needs to be told in no uncertain terms to shove this so far up its corporate arse the whole board gets a sore throat.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
"Uniform Resource Locators are the familiar web addresses you use everyday."
So far, so good.
"They are listed in the web's DNS address book"
Uh, NO. That's DNS, and that works with the part before slashes etc, right up to and including the TLD (.com, .edu, .info for example).
"and direct browsers to the right Internet Protocol addresses that identify and differentiate web servers"
Um, partly, that's DNS. Then the URL includes the info that web server needs to find and deliver whatever you were looking for.
Who writes this crap anyways? Can't we get this right now and then?
Other than that, I think the idea is not merely dangerous, it's unnecessary. Websites could solve this with simpler URLs, like their own individual versions of .bit/ly-type shortening. Let's encourage them and the software they depend on to make their visions publishable, instead of fixing what isn't broken, merely inconvenient...
deleting the extra space after periods so i can stay relevant, yeah.
Some people have a really hard time understanding URLs
FTFY.
Computer savvy people have been using the Internet just fine since the '90s thank-you-very-much. Just because X% of the population doesn't understand that an URL is like a phone number doesn't mean we need to replace it with a broken design.
I forget when it started but for some time now when a company like Google, Facebook or Twitter (and a few others i'm sure) and the word 'trusted' is used at the same time, I just assume they are up to something and its probably not good for free speech, individualism or personal responsibility.
Seems like yet another thin edge of the wedge towards us all 'needing to be protected' from ourselves.
Are they trying to get obsolete by creating a default home page from where you can access information they control? good luck, who is next?
SSL/certificates solves website legitimacy issue.
The recent expansion of Top Level Domains make it even more difficult. google.corn (that's GOOGLE.CORN in lower case) looks a lot like google.com in certain fonts.
Support Right To Repair Legislation.
They'll probably want a 16 hexadecimal string with a dotted 48 bit octal sub identifier. Because it's obvious.
putting the 'B' in LGBTQ+
I'm sorry, but do you think it difficult to penalize criminals? Someone registers a domain name, and pays for it with a credit card. So if someone registers appple.com, and sells fake iphones, would it be difficult to cancel their credit card? Or to bill their credit card for punitive damages? The same credit card with their home address on it?
We already have a registry, at the domain level. Isn't that already enough?
Or are you saying that it's difficult to figure out that appple.com is doing something illegal? As usual, we don't need to catch everybody. Let's start with the 90% of the low-hanging-fruit criminals.
For me, the replacements are search results and bookmarks in the browser, with URLs being strictly a machine-usable form used inside software. Whose site I can reach through a given bookmark (or what content is at that page) and whether it's owned by who I think it is (via SSL certificate match usually, although DANE would be better) is everything most users want, the rest should be the equivalent of an IP address.
No. Just no.
maybe we should start arresting criminals -- you know, like in every other part of life -- instead of trying to make consumers play their own game of cops and robbers every minute of every day.
I live in the inner city of a high crime city. Anytime I walk outside, I have to pay attention, since there are dangers lurking nearby. I don't expect the police to make everything totally safe, nor would I want to live in the kind of absolute police state environment that it would require. Similarly, I don't want a "totally safe" internet, where all content is curated and carefully vetted.
Seriously. Don't fix things that are not broken.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I agree that there are problems with URLs the way they have been used. I think google is addressing a real problem. But I think the article is confusing and mixes and confuses several problems
- domain name handling in general "They (URLs?) are listed in the web's DNS address book..."
- domain name spoofing (i.e. goog1e instead of google)
- url-rewriting, shortening, and redirection
- encoding cryptic data in URLs
- tracking links
- etc.
At one point in time, the "path" component (after the first single slash) was intended to have human-readable content, maybe reflecting a tree-structured file system, or something else a person could understand. These days you get an alphanumeric secret data blob as often as not.
For people who think the current URL/linking system is sufficiently safe, they haven't watched my elderly mom (whom I remind frequently about the perils of the web) while she reads facebook and clicks on quizzes and kitten videos.
People have a hard time understanding street addresses. Lets just assign every address a single 12 digit number and pay a private corporation a zillion dollars to provide a lookup service.
I'm not suggesting either one.
I'm suggesting that after a crime has been committed, reported, and identified, that police then arrest those responsible.
It's not about making crime difficult, and it's not even about deterring future criminals. It's simply about making the price of crime much much higher than it is today.
Would copy-and-paste be available commands across browsers, or do I have to type everything across every browser window? Cuz if it's the latter, it is a solution that improves security but dramatically impedes user friendliness (and thus adoption).
No need for that, just go after the obvious frauds. We can find them by actually doing something about it when people tell police "This site is a fraud".
Yeah, damn! I see what you mean. So unnecessarily difficult.
sig: sauer
This will just turn out like so many other "improvements" - so many modern UI's try to get around user incompetence by trying to get things into people's faces so blatantly that there's often little rhyme or reason to how things work.
All this has an actual negative impact on people who know how to use computers well though. It used to be that if you understood the general paradigm of UI design for a given platform you could pickup just about any program and figure it out within a short period of time. All that has been sacrificed for a bunch of cobbled together nonsense in the name of making it "easy".
"People who think they know everything are very annoying to those of us who do."-Mark Twain
"People have a really hard time understanding URLs"
Well, no, not really- not in the infinitive sense. URLs can be ugly and thus hard to decipher unless you have a little bit of education or experience on the matter.
It's hard as in "People have a really hard time doing long division" (until they're taught it) and not ""People have a really hard time understanding hypercubes" (because thinking beyond 3-dimensional space is foreign to the human experience).
If we simply teach people the standards ins and outs of file paths (C:\ ... ; very easy to understand) and tell them that they're directly correlated in pattern to URLs, then the job is done. Engineering around ignorance does nothing to help people.
*throws chair*
Escher was the first MC and Giger invented the HR department.
I knew my utm* -stripping extension would piss them off one day haha. On a serious note, it's not going to work. They don't own the Internet even though they think they do.
... in charge of the Internet?
Has anyone at Google bothered to propose an RFC so that this can be discussed? Or are they just going to make these pronouncements and push this into practice through their size?
CUR ALLOC 20195.....5804M
1. Ted Neilson's Xanadu. Never got off the ground.
2. IPv6. The original spec required all Internet traffic to be over IPSec, with server networks using digital certificates to prove their identity.
3. Class 3 SSL certificates. These were certificates released if the person could prove their identity and could prove they had the right to the certificate. Nothing more for user certificates, proof of ownership of domain name and business for server certificates.
4. Smart web pages. If you're using AJAX and servlets, everything can be done in data, you don't need to mess with the URL.
The result? A few of these are utilized, but most webmasters either don't understand the technology, won't use it or have been ordered not to by their boss.
Hacking the URI bar won't change that.
If Google wanted a better system, they'd start by looking at TUBA, one of the IPng/IP6 candidates. If you can uniquely express a resource with an address, you can give it a name. TUBA has infinitely variable length addresses, so it's easy to code a directory path into the physical address. It's an address so it can be given a unique name.
Your webserver is now a virtual network rather than a filesystem.
That doesn't sound like what they're doing.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
From "do no evil" to adopting MicroSoft's Embrace, Extend, Extinguish strategy.
They proved it works with their handling of RSS and now they're moving on to "extending" the web where people can either comply with Google insinuating itself as the main (or sole) arbiter of identity or else get de-ranked in search results.
It's the end of the web as we know it.
Google wants you to SEARCH for your URLs, because you're too stupid to use bookmarks, which happen to be right in front of your face.
You have heard of yellow pages, right?
You joke but...
https://what3words.com/
"When information is power, privacy is freedom" - Jah-Wren Ryel
On a similar note, I recall a lot of hubbub a few years ago about us being about to run out of IP4 addresses... Have we all switched over to IP6 quietly..? Or is there still a disaster about to befall us? Inquiring minds want to know (but are too lazy to search for it..haw haw..let's be social and converse instead!)
Any changes to the URL system should be arrived at in an open, participatory, voluntary manner, not by a 800 pound gorilla with massive commercial self-interest and a history of censorship throwing around its weight. That is, if there is one team I don't want to design this, it's a Google team.
Furthermore, it's not like users or providers don't have plenty of options to choose from already to simplify URLs.
TLD protection won't help you when a scammer buys "BankOfARNERICA.COM", or when a lot of legitimate businesses outside Colombia are setting up their online presence with a Colombian (.CO) domain anyway. Or would you prefer to contribute to Internet balkanization by blocking Irish sites like MODERN.IE (web dev resource by Microsoft) and British Indian Ocean Territory sites like GITHUB.IO by default if the device happened to geolocate to a different country at first browser launch? In particular, British Indian Ocean Territory is uninhabited.
Whatever steaming pile is on offer from Google, it would be nice if we could at least do away with little-endian hostnames.
That would be an easy fix and probably stop most of the phony sites right there. So it's not going to happen.
I don't see how TLS PKI solves the problem of someone registering "WE11SFARGO.COM", obtaining a domain-validated certificate for "WE11SFARGO.COM", and using that domain name and certificate to impersonate Wells Fargo Bank.
Step 1: If the URL is from one of the new domains just block it. They are all shit. If the URL is in PUNY code (non-ASCII display) and it isn't mostly characters that are not significantly different from the Roman letters block it, otherwise display the name of the language set and mark it with a warning. Sorry rest of the world but having a few thousand character sets that often overlap is a security nightmare.
.co.uk.
Step 2: If the URL has multiple sub domains in it, list the top domain first. Make an exception for the UK and
Step 3: Hard part, make companies clean up their confusing query strings. I want to clearly see a ticket number, userId or a short id of what I'm looking at. When doing a search I want to see the query parameters so I can hand manipulate them or save the search. If the user can't edit it then it's not a query string its some websites stupid data passing mechanism and it should trigger a warning.
Step 4: Start banning more CAs for issuing certs to confusing URLs. Most CAs are crap. Do some PEN testing or even social engineering and see how many will issue you a cert for something they shouldn't. (hint - most)
That logic tends to fail for RTL languages where Right side is more important.
And ambiguous (Vertical), for which I do not know of any research about which direction gets meaning priority. As writing is vertical RTL; but horizontal LTR Chinese/Japanese.
In practice, police tend to look the other way on the grounds of being overstretched in an era of property tax caps.
I have experimented with the idea of Reputational Identities for sought and offered things over a mesh network (calling it, BigMesh). I think it works really well. The gist of it is:
Every entity has an ID through which it/they can post things offered and/or things sought to the mesh. These may be blog articles, tutorials, products, services, or whatever. Each are descripted by a tree of details, such as: Sought: article( topic:"robots" or "artificial intelligence"; price: $0 ); quality > 15
The mesh will return the matches or number of matches and you may either narrow down your criteria or opt to transact (such as, getting the article or buying something or selling something or whatever it is). After the transaction has completed and from that time onward, each party to it may complement each other.
A complement is made by assigning a percentage of one's General Reputation (GR) to a Specific Reputation (SR) of the other. One's GR is the sum of acquired SRs. So, your complements to others are worth more based on the complements you've received from others. It's that simple, really. So you may, for example, reduce the number of matching articles you want to find by increasing the required quality reputation of its offerer.. Or find more unique ideas by requiring a higher reputation for uniqueness. An SR (Specific Reputation) may be any single word.
A few notes:
1. Making a large number of IDs and having them transact with each other to artificially inflate their reputations will not work, as until each received reputation from another that actually has some, it can only complement a percentage of zero GR.
2. As one performs increasingly more transactions and one's GR grows, the number of others one has complemented also grows, thereby dividing up the large GR such that a single complement isn't going to offer too much, unless it really is believed to be deserved by the complementer. If one has earned it, it is proper that one may also give it. If everything thinks great of Joey and Joey thinks great of Sally then Sally is likely to be a great person.
3. If one's later assessment of a transaction changes, he/she may revised the complement. This is important because sometimes things appear to be more or less than you realize they are, later in time. Being able to revise one's past complements incentivised being true to each other.
I have a whole technical design for this BigMesh network and some crude code. It uses UDP sockets and most is managed by "Agencies" that float between Hosting Nodes (Node.js VMs), establishing encryption passwords between every two, individually. A Hosting Node is actually a class of Agency that provides outside resources, including network, memory, and processing time -- at a minimum. Agents are specifically coded services that are employed within Agencies or may be called remotely. So it acts like a microservices framework except that the microservices (Agents) may move closer to where needed for reasons, such as better performance. Every Agency and Agent will have its own reputational ID, to protect from bad actors. A Host Node is repayed for providing its resources to the mesh in exchange for "promises" of resources from the mesh, later. These promises are also kept with a ledger assigned to each identity and act like a kind of currency..... but with real useful value.
Google does not want to "kill" URLs.
The Wired story quotes plans to attempt changing how URLs are displayed:
But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity.
They cite previous experience when they attempted an "origin chip," later removed. Again, this was only an attempt to render things in a simpler manner. At no point in the story does any Google representative propose replacing URLs; all that language comes from the Wired writer. Maybe one could illegitimately surmise that some constraint on URLs might be implied in all this but there is no conceivable way to reach "KILL!" That's just fake.
This is Wired clickbait parroted by Slashdot.
Maw! Fire up the karma burner!
Didn't Dilbert suggest this back in 1998.
You find me a police force that lets me report a fake web-site, and have them go arrest someone in a realistic time-frame, and you can be right.
Until then, that's just how police ought to work. In reality, there is way more crime than any policing force can investigate.
The annoying thing this time is that police can investigate a web-site faster than they can investigate a building. So one would think that a new police department would need very little relative funding in order to start investigating and blocking criminal activity on-line.
I cannot agree more. Qubes is a very good solution. Next to that is using VMs for everything. Web browsing is done in one VM, banking and stuff in another, etc. Plus, some VM programs support encryption, further ensuring that data doesn't get lost. With decent backups and something like VMWare Workstation's AutoProtect [1], you have decent recoverability as well.
[1]: Snapshots are not backups. This is why having some form of backup, even just suspending the VM, and throwing the encrypted thing onto some secure media is critical.
Their argument is user security. For the nominal cost and slight headache of setting up an EV certificate, businesses could just do that instead, and Google search, chrome and other browsers could highlight websites as ID Verified. Since EV certificates require a URL to be cross checked against a physical business with government registration, its less likely someone will register a website pretending to be "Facebook" or "Mastercard" if browsers enforced EV for high profile targets.
You know how U.S. mail works, right?
The URL is often the only way to recognize phishing sites. If the URL disappears, how do we then recognize them?
-- Cheers!
A proposition that is a tad awkward, since they've already basically taken over the web. ... Whatever.
If you want to replace URLs, your basically replacing the web. If you want to do that, good luck. It better be a really good replacement, with open standards and premium reference implementations and some really awesome stuff like meshing, state and offline built right in. Plus some amazing programming language to build and run things on it.
In short: Good luck with that.
Google could do it, but I doubt even they can muster the discipline it takes to undergo such a massive project without having others jumping ship to stay on the old web.
My 2 cents.
We suffer more in our imagination than in reality. - Seneca
But you'd still have URLs under the covers. Or you'd end up re-inventing them.
Some years ago I spent time pondering all the possible ways things could be identified in a system. I came up with three broad, non-mutually exclusive strategies:
(1) Analytically: identify a thing by a set of properties which are unique to it (e.g. relational primary keys);
(2) Algorithmically: use an algorithm that is guaranteed to issue identifiers that are unique in the required scope (e.g. UUIDs for global scope, or within restricted, local contexts simple serial numbers);
and,
(3) By authority: put somebody in charge of naming things; they can use any method they like (e.g. scientific journal editors control species taxonomies).
All of these approaches have drawbacks. For example relational primary keys are not robust when data is shared across applications, because different applications obey different rules. Algorithmically assigned identifiers are either not globally unique (serial numbers) or are long and arbitrary therefore hard to key in accurately (UUIDs).
URLs are identifiers by authority. Somebody says that "https://tech.slashdot.org/story/18/09/04/1722244/google-wants-to-kill-the-url" identifies this discussion, and so it does. But you can see two very useful features of URLs in operation here. First, they allow whoever runs the tech.slashdot.org to delegate authority for stories to whomever is in charge of the "../stories" URLs. Second, it allows whomever is in charge of stories to transform his local unique identifier ("18/09/04/1722244/google-wants-to-kill-the-url") into a globally unique address.
If you include these two features, delegation of authority and transformation of locally unique IDs to globally unique locators, you pretty much end creating something like a URL. Since the idea of mixing protocols like http and ftp isn't really a big thing anymore, you could ditch the protocol identifier and make it a URI, e.g. ("web:tech.slashdot.org/story/18/09/04/1722244/google-wants-to-kill-the-url") and the browser would automatically request the resource using https, which is what everyone should be using now.
Another possibility is to use universal resource names (e.g., "urn:isbn:978-0471117094") with some kind of global directory. But that directory would have to return to the browser something that is an awful lot like a URL, even though the user doesn't see it.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I, for one, welcome our new AOL keywords.
bickerdyke
How about if my browser -- that has no problem parsing a URL -- simply asked me, the first time I wind up at a new domain, if I'm sure it is who I think it is?
That might be fine for you, but most people would see something with an OK button preventing them from doing what they want to do, and click OK without reading it.
Leaving aside the thousands of military personnel
I was confused as to whether deployment to the Diego Garcia military base counts as legal residence.
thousands of Chagossians who continue their fight over the legality of their expulsion
Yet they remain expelled until they win said fight.
No, I'm pretty sure that's just you.
Agreed-upon convention alone can reduce the vast majority of problems without throwing away the baby with the bathwater. Public URL's should be in a form similar to: "theCompany.com/12345"
The number after the slash is a page ID (real or virtual). Maybe permit optional slugs such as: "theCompany.com/12345/slug-title-goes-here". But the slug is not required: to outsiders it's like a code comment. Misspelling the slug, if given, will not stop your results (although could provide suggestions if the numbered page is not found).
And, no sub-domains. (Back-end org URL translation can remap to physical servers.)
The convention would allow someone to go to "theCompany.com" and type "12345" in the site's search box to go directly to the target page. That way, you can type the company's name into the address bar to make sure you are not being tricked (such as with "s1ashdot.org"), and then enter or paste the page number at the site itself.
Table-ized A.I.
So basically Google wants to steal Twitter's blue checkmark idea, and use it for the entire web.
Troll is not a replacement for I disagree.
First, it doesn't matter. We've already taken down appple.com for its criminal acts.
Second, it doesn't matter. We've already disabled the stolen credit card.
Third, it's not difficult to argue/prove that it wasn't me, someone stole my card.
Fourth, and this is important, when it comes to arresting people, we're never talking about the first time, and we're never talking about the maybe-by-accident time. We're talking about the repeated, intentional, and malicious times.
Fifth, I'll say it again, your made-up intelligent criminal (who's now committed three crimes, by the way, instead of just one, and the two new ones are actually high crimes, whereas the original one was actually a low crime) can be a part of the 10% that we don't catch. Let's catch the stupid criminals. There are plenty of them.
Yeah "OK" buttons have been stupid since the start. How many times have I clicked an OK button on a dialog button that popped up less than 100ms ago. I tried to click on something, but the dialog box popped up in my way somewhere after I saw what I wanted, and before my mouse button clicked.
Dialog boxes should always have stalled long enough to ensure that human reaction times could have possibly seen them.
Back to the conversation at-hand, I don't suggest an OK button. That's like asking if the chicken is white meat at a chinese restaurant. The answer is always "yes". You don't ask yes/no questions when language barriers are an issue. You ask "what kind of meat is it". That way, when the answer is "yes", you understand what happened.
Instead of an OK button, how about: "which site do you want to visit? the one registered in 1990 by jeff bezos in seattle, or the one registered by halib mohammed in 2018 from nigeria?"
Tell me how many consumer would get that wrong today? And, by all means, make them select each of the three (date, registrant, city) independently, and if they aren't a matching tuple, make them try again.
That would probably work, but it would be such a pain that, again, I'd guess most people would avoid it. Either by turning the feature off, or looking for a browser that doesn't do it. I might even turn off such a feature.
Of course, I don't have a better suggestion.
Oh, absolutely and without a doubt, I'd turn it off myself. But really, I don't have the problem being described.
You know what, I take that back. I wouldn't turn it off. If it only came up once for a given domain as-typed, I'd feel incredibly stupid turning it off. I'd consider it a safety-feature, like a seatbelt -- very annoying to use, a little bit uncomfortable, rarely if ever necessary, and absolutely vital if needed.
Would you go to WIRED,com or WlRED.com? Look carefully, they are not the same. And not even unicode.
But aint. And not even Unicode. The idiocy of our font designers.
A monitoring tool. If you know what people search for you know a lot about them.
... is the ability to sanitize them easily. I don't think ANY less transparent, less-editable substitute will allow getting rid of, say, my Amazon search history from the URL I'm looking at before passing it on to a friend. We don't need 'better URL's', we need better education about the current URL structure and uses.
I parse URL's, probably on a daily basis, as a security / privacy measure. I'm sure I'm in the minority even here on Slashdot - but I damned well shouldn't be.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
Another possibility is to use universal resource names (e.g., "urn:isbn:978-0471117094") with some kind of global directory. But that directory would have to return to the browser something that is an awful lot like a URL, even though the user doesn't see it.
For me, that part that I've bolded is the entire problem with URL alternatives. I don't WANT the damned thing hidden from my sight, and I want it to be MORE explicit and transparent than it is, not less. I want to be able to view and edit it, so I can see and eliminate the bits that encode my recent history on that particular site, and so I can do things like alter a YouTube URL for an age-restricted video, to a URL that allows me to view that content without logging in to Google.
Killing or hiding the URL, is like substituting a promotional tourist placemat map for a cartographer's map, then making the latter totally unavailable. It puts power and information out of the reach of ALL Internet users, at a time when what we need is exactly the opposite.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
I probably use Google traffic and translate daily. Who else offers this? Google traffic itself was something NO ONE thought of (same with street view ) and these were game changers.
The answer must be blockchains, emojis, or both.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Google traffic itself was something NO ONE thought of
You must be joking. Dozens of GPS manufacturers (software and hardware) were providing traffic reporting services before google got in the game. Google just has an advantage because they can harvest location data from every phone on the road.
Too hard to educate people on how to understand URL's. Instead let's dumb down the URL's and let's set the standard so we can have control and competitive advantage. Profit!
Who needs smarter people? Education just makes them harder to track and fool.
"Consensus" in science is _always_ a political construct.
(My emphasis).
"how and when Chrome displays URLs." Well there are probably browsers that do that already. Certainly my phone's version of Firefox only displays a URL some of the time. Already. That's just going to get more complex.
"as we're figuring out the right way to convey identity [of the website being accessed]." That is certainly one of the useful things for displaying the URL to an end user. Different people, with different knowledge bases, will have different requirements down this aspect of customisation. But all the display options in the world isn't going to stop Uncle Alf from giving away the family silver to Very.Bad.Bank.COM if he thinks it's a good thing to do.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Google doesn't need W3C's blessing, they can just throw their weight around. They can just implement it in Chrome, and tell websites to either use it or get ranked lower in Google search. The other browsers will either have to implement it or lose more marketshare when significant portions of the web no longer work with them.
Don't believe me? Look at AMP. That's not a W3C standard either.
By the "Most" portion, I underestimated the world population, and incorrectly assumed that the 2billion+ speakers of non LTR languages were not the minority.
What exactly is the problem with the URL?
URLs are functional.
URLs serve a purpose.
URLs are transparent as to the information being sent.
I would say that the query and hash portion are being over-worked, but to hide those would simply create a new vector of attacks by shoving everything into that portion and completely bypassing subdomains and paths.
Weight of the importance centrally, rather than left is not confusing. It is a valid tactic that has it's uses.
e d c b a | 1 2 3 4 5 (where 1 and a are most important)
You look at the "/" and see immediately the country, the domain, and the root of the path.
It's easily accessible.