And without Firefox lots of things Chrome/Chromium/Opera doesn't get to be standards.
Because it's Firefox (gecko) and Chrome/Chromium/Opera (blink) are ahead of the pack. You need at least 2 browser (engine) implementations to make a standard.
I would prefer multiple open source implementations and standards and not just a single open source implementation.
Standards is the only way how we can get rid of things like Flash.
Of course you can make a technology which completely makes bad humans irrelevant. The problem is it makes all humans less free. The more strict you, the less freedom.
If murder is legal you'll have a lot less people to lock up in jail/sentence to death/whatever. So lot's of freedom, but bad actors also have a lot of freedom.
And a lot of less failure tollerant, because when you start adding all kind of extra features you need lots more and more locking. And more locking makes it much more brittle.
Maybe because I'm so aware of what is possible I've kind of given up ?
Anyway, the most likely use case for the DNS-lookup/TCP-connect and tracking would be webmail, a lot of webmail I know doesn't even have real links. They use redirects.
I already know what is possible and there is nothing you can do to prevent tracking or fingerprinting if all users don't use Tor and the same browser without any plugins and lots of features disabled in the browser.
Just look up HTML5 canvas fingerprinting and tracking or tracking, battery and HTML5. Those obviously don't work if you disable Javascript.
But you don't need Javascript, you can just use plain HTTP features. Look up evercookie, etag and kissmetrics. Al though there was a courtcase with Kissmetrics it's to bad that they settled. I would have loved to see a judge say: you did a very, very bad thing. Would have been great if they did that in 2013, maybe we would have a little less tracking now ?
So while I agree tracking is bad and I think we should do something about it, getting rid of it completely is going to impossible.
but what people forget is that *adobe already succeeded*.... what has been substituted in its place? well, sure, we can do real-time video browser-to-browser.... but the assumption is that there is "perfect conditions". perfect bandwidth. perfect connections. no drop-outs. no brown-outs. zero latency.
This makes it hard to make good working protocol which is trying to use the maximum bandwidth. Even just TCP isn't working as it's supposed to most of the time.
Your browser probably includes a WebRTC support, or soon will. And that means support for Opus, it's a state of the art free and open audio codec: https://www.youtube.com/watch?...
Yes, video still needs to improve and prioritizing audio still needs to be done too. This all takes time, Adobe started on this problem a long time ago.
Apache and Varnish for example won't log it, because they only logs HTTP-requests.
nginx logs it like this by default though: IP-address - - [timestamp] "-" 400 0 "-" "-" 0.000 - - (8000 4000 10 14480) - -
But it's very normal to have such logentries in a nginx log, so I doubt anybody will look for them.
haproxy could end up logging it as well, depending on the type of settings. But usually it will be set up the proxy HTTP requests for HTTP (port 80) or HTTPS (port 443), not TCP-connections. So similar to Apache and Varnish. The default is to log nothing.
Well, the people that build the Internet Protocols agree with you:
"Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.
We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.
The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic."
Because users where not updating their external PDF viewers, so they included a viewer which does get frequent updates because the browser gets frequent updates. Thus making it a more secure solution.
If you are using Adobe Acrobat it includes Javascript and Flash support and lots of other stuff you can't even image. Supposedly the code base of Adobe Acrobat is bigger than browsers like Firefox.
It's going to be fun to watch the 2 trends kill the IDS ?: - Multipath protocols like MPTCP - encrypted by default protocols. Like HTTP/2 (on the public Internet)
I really doubt IDS will be useful in the long run, but hey I can still be wrong. Maybe we'll just deploy them as proxies. It's possible.
Yes, the good thing about MPTCP is it works automatically when operating systems adopt it and add it to client OS and server OS.
They are using a proxy in the case of these smartphones because very little servers on the Internet support it right now.
It's offered as a premium service to their customers, so maybe these 5500 or so active customers have special need apps.
Operating system adoption: iOS has support for MPTCP but it's only enabled for Siri, for testing their implementation of MPTCP I guess.
Solaris are adding it, an implementation for FreeBSD and (even multiple I believe for) Linux exist. There seems to be some customer pressure now from Linux customers to have it in mainline (financial, like Solaris). So my guess is it's going to happen this or next year ? Well I hope so anyway. The Linux best known implementation has already existed for a couple of years now.
You are probably not serious anyway, but I'm going to give you a serious comment anyway.
Quota's are measured in bytes received/sent.
Bandwidth just means how fast you are sending/receiving.
If you are trying to download something large, do you want to download it fast and run out of quota fast. Or do you want to wait a long time before receiving all of it and then run out of quota ?
I know what I would choose: a country where you don't have quota on wired at least.
Slashdot Mirror
And without Firefox lots of things Chrome/Chromium/Opera doesn't get to be standards.
Because it's Firefox (gecko) and Chrome/Chromium/Opera (blink) are ahead of the pack. You need at least 2 browser (engine) implementations to make a standard.
I would prefer multiple open source implementations and standards and not just a single open source implementation.
Standards is the only way how we can get rid of things like Flash.
Of course you can make a technology which completely makes bad humans irrelevant. The problem is it makes all humans less free. The more strict you, the less freedom.
If murder is legal you'll have a lot less people to lock up in jail/sentence to death/whatever. So lot's of freedom, but bad actors also have a lot of freedom.
Because of silly copyright that is why.
Supposedly Chromebooks are starting to win over Windows on laptop-like devices:
"Yes, you read it right, Chromebooks have overtaken sales of Windows notebooks. "
http://www.itworld.com/article...
This why the Internet Of Things people keep talking about is going to be so awesome ! ;-)
Lot's of products are failing and it's going to get a whole lot worse soon:
https://www.youtube.com/watch?...
Cars are my 'favorite' topic right now:
http://www.wired.com/2015/07/g...
http://www.wired.com/2015/07/h...
http://www.bbc.com/news/techno...
https://www.youtube.com/watch?...
etc.
They were already warned about the problems in 2011, there was a talk at Usenix conference about it:
https://www.youtube.com/watch?...
They did say: business models are a problem.
So maybe that's the cause.
And a lot of less failure tollerant, because when you start adding all kind of extra features you need lots more and more locking. And more locking makes it much more brittle.
I think the author should just try using Fuse.
Bruce Scheier said it best:
Metadata Equals Surveillance
https://www.schneier.com/blog/...
This was also a 'good' one:
http://arxiv.org/abs/1502.0737...
http://www.forbes.com/sites/br...
Maybe because I'm so aware of what is possible I've kind of given up ?
Anyway, the most likely use case for the DNS-lookup/TCP-connect and tracking would be webmail, a lot of webmail I know doesn't even have real links. They use redirects.
I already know what is possible and there is nothing you can do to prevent tracking or fingerprinting if all users don't use Tor and the same browser without any plugins and lots of features disabled in the browser.
Just look up HTML5 canvas fingerprinting and tracking or tracking, battery and HTML5. Those obviously don't work if you disable Javascript.
But you don't need Javascript, you can just use plain HTTP features. Look up evercookie, etag and kissmetrics. Al though there was a courtcase with Kissmetrics it's to bad that they settled. I would have loved to see a judge say: you did a very, very bad thing. Would have been great if they did that in 2013, maybe we would have a little less tracking now ?
So while I agree tracking is bad and I think we should do something about it, getting rid of it completely is going to impossible.
but what people forget is that *adobe already succeeded*. ... what has been substituted in its place? well, sure, we can do real-time video browser-to-browser.... but the assumption is that there is "perfect conditions". perfect bandwidth. perfect connections. no drop-outs. no brown-outs. zero latency.
While bandwidth has gotten better, latency has actually gotten worse:
https://en.wikipedia.org/wiki/...
This makes it hard to make good working protocol which is trying to use the maximum bandwidth. Even just TCP isn't working as it's supposed to most of the time.
Your browser probably includes a WebRTC support, or soon will. And that means support for Opus, it's a state of the art free and open audio codec:
https://www.youtube.com/watch?...
Yes, video still needs to improve and prioritizing audio still needs to be done too. This all takes time, Adobe started on this problem a long time ago.
Give it time.
Apache and Varnish for example won't log it, because they only logs HTTP-requests.
nginx logs it like this by default though:
IP-address - - [timestamp] "-" 400 0 "-" "-" 0.000 - - (8000 4000 10 14480) - -
But it's very normal to have such logentries in a nginx log, so I doubt anybody will look for them.
haproxy could end up logging it as well, depending on the type of settings. But usually it will be set up the proxy HTTP requests for HTTP (port 80) or HTTPS (port 443), not TCP-connections. So similar to Apache and Varnish. The default is to log nothing.
Well, the people that build the Internet Protocols agree with you:
"Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.
We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.
The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic."
https://www.iab.org/2014/11/14...
W3C also had a similar statement I can't seem to find right now.
W3C for example is developing policy certain features will only be available when the website uses HTTPS:
https://w3c.github.io/webappse...
Or you want attackers to inject extra code in a webpage where you enable your webcam ? I would think not.
They were hacking cars in 2011 through the infotainment system by just inserting a CD in the drive.
See the Usenix talk:
https://www.youtube.com/watch?...
Nothing has changed, they are still worthless at building secure systems.
In the talk they said: it's the wrong business model.
No large car company builds their own systems, they just buy parts from other vendors as cheap as they can.
To bad that it's misleading.
It doesn't send any requests. It just opens a connection.
Which means it will do a DNS-lookup, open a TCP-connections and maybe set up a SSL/TLS-connection.
There are no HTTP-requests being send.
But you are Americans and you keep doing those things. ;-)
They were already allowed these freedoms.
Travel/transport was just very unreliable.
If you think the exchange protocols are better, why not use OpenChange ?:
http://www.openchange.org/
Because users where not updating their external PDF viewers, so they included a viewer which does get frequent updates because the browser gets frequent updates. Thus making it a more secure solution.
If you are using Adobe Acrobat it includes Javascript and Flash support and lots of other stuff you can't even image. Supposedly the code base of Adobe Acrobat is bigger than browsers like Firefox.
CoffeeScript is the best known and most popular, yes TypeScript probably comes second in these catagories.
It's going to be fun to watch the 2 trends kill the IDS ?:
- Multipath protocols like MPTCP
- encrypted by default protocols. Like HTTP/2 (on the public Internet)
I really doubt IDS will be useful in the long run, but hey I can still be wrong. Maybe we'll just deploy them as proxies. It's possible.
Lots of countries in Europe.
There was a talk about the security aspects of Multipath-TCP at Blackhat 2014:
https://www.youtube.com/watch?...
Yes, the good thing about MPTCP is it works automatically when operating systems adopt it and add it to client OS and server OS.
They are using a proxy in the case of these smartphones because very little servers on the Internet support it right now.
It's offered as a premium service to their customers, so maybe these 5500 or so active customers have special need apps.
Operating system adoption:
iOS has support for MPTCP but it's only enabled for Siri, for testing their implementation of MPTCP I guess.
Solaris are adding it, an implementation for FreeBSD and (even multiple I believe for) Linux exist. There seems to be some customer pressure now from Linux customers to have it in mainline (financial, like Solaris). So my guess is it's going to happen this or next year ? Well I hope so anyway. The Linux best known implementation has already existed for a couple of years now.
You are probably not serious anyway, but I'm going to give you a serious comment anyway.
Quota's are measured in bytes received/sent.
Bandwidth just means how fast you are sending/receiving.
If you are trying to download something large, do you want to download it fast and run out of quota fast. Or do you want to wait a long time before receiving all of it and then run out of quota ?
I know what I would choose: a country where you don't have quota on wired at least.
The advantage of MPTCP is you can keep your existing TCP-connection alive when you are roaming.
The people working on this have captured a single TCP-connection being kept running for longer than a day on a roaming device.