I should have known someone would point that out. Yes, the same origin policy isn't perfect. There's a reason why I used a Wikipedia link for that: the article discusses flaws and links to info about XSS attacks. That said, I would be quite impressed if someone managed to write a p2p client in Javascript based on XSS attacks.
You misunderstood the GP. No one is denying the raid. The part that he was asserting to be false was that the Allies knew about it in advance and did nothing about it for fear of revealing that they had cracked the German codes. Wikipedia agrees that that is just a myth, although its wording is not very strong.
movie houses, btw, survived tv, the vhs, dvd, and the internet, and are stil gaining in profits, and no one is saying you should be able to sneak into a movie theatre for free. hollywood producers just lose their aftermarket dvd revenue streams. boo fucking hoo: hollywood made plenty of cash before the dvd and the vhs... the vhs of course which they fought tooth and nail... before realizing it meant MORE money, not less money for them. meatspace is a finite resource and should be doled out via economic costs, it is genuinely scarce, the number of seats in concert/ theatre.
If there is no copyright, what is stopping another movie theater from showing the same movie, but not giving any money to whoever made the movie?
Movies are rather expensive to produce. It is likely that there is plenty of waste in the budgets of modern movies, but they still involve a lot of people working together on a single project, so they are going to be expensive. Movies, like video games, seem to come out best with a creative lead and therefore a top-down organization. Basically, without copyright, I do not see a model where movies can earn millions of dollars and without incentives on that scale I cannot see movies of the quality of modern movies will get made.
Perhaps you have an idea of a better structure? Or maybe you think this is an acceptable loss? Or maybe you think that if there is a demand for movies, then a workable structure will form, although you cannot necessarily predict its form?
Actually, that said, trademark law might be able to help here: I would certainly be willing to pay more (i.e. how much a movie ticket currently costs) for a movie (or video game) knowing that the money was actually going (in part) to the creators as an incentive to create future works, so simply a sign at the theater saying "Authorized Theatre for [movie]" or something like that may be sufficient.
The main problem with online voting is the same as the problem with any other type of absentee ballot: fraud and intimidation which a secret ballot is intended to reduce. That said, Oregon does do all absentee. Perhaps the issues with a non-secret ballot are overblown. In a previous thread on this topic, another Slashdotter suggested allowing people to change their vote up until the last minute in order to make intimidation more difficult.
Secrecy once the vote has been entered is another, probably easier, problem: there are cryptographic protocols for doing secure computations. Basically if you have a function like "sum votes" and each computer has an input (a vote) then via a series of communications, all of the computers will know the output of the function and that no computer cheated but not what any of the inputs (votes) were (unless they are somehow obvious from the output, of course). How to apply those to a real life situation is non-obvious.
More importantly, the common person is not a computer or cryptography expert. Most people will have no way to verify that their vote is being properly counted. Furthermore, malware is pretty common and writing one to change someone's vote without their knowledge would likely not be too difficult, although that could be solved by running the voting system off a bootable CD/USB flash drive.
Javascript's same origin policy would prevent such a thing from happening. On the other hand, I see no reason why browsers could not support magnet: URIs for <video> sources on p2p, possibly passing them off to an external program to download.
The problems you describe cover the specific current implementation of Freenet. I do not know much about it, but it sounds like they consider the performance issues important and have improved the performance.
Of course, Freenet is an extreme example. With privacy on the internet, often increasing privacy requires some decrease in speed/efficiency.
Opportunistic encryption is essentially free and protects against passive eavesdropping. Once DNSSEC is in place, even active attacks against simple opportunistic encryption with DNS for key exchange. (This is not purely theoretical. Openswan implements such a protocol.)
For common communications, people can use self-signed HTTPS, e-mail encryption, and IM encryption -- but that requires extra work on the part of the user. None of those have particularly friendly or easy-to-use interfaces. Asking people to deal with keys/authentication is unreasonable for most people -- and I have yet to see a user-friendly solution for key exchange.
For plausible deniability, there's Tor, but it still reveals that you are doing something, it is relatively slow, and it is not encrypted at the other end (except for internal sites which are sorta like Freenet sites). Currently using Tor, as you say, will probably get the secret police to assume you have something to hide. A system that encrypted everything -- like opportunistic encryption -- would be much better for that reason.
The technology is there, but it is missing polish, network effects, and actually giving people a reason to use it. Security/privacy is not visible. Most people are not aware of it or just don't care until something happens (see: NSA wiretapping). I use IM encryption (OTR) with some of my friends, but most people are not going to be bothered to install it if it is not default, and I have been given the reason that people may care if people they know can read their IMs/e-mails(/Facebook messages), but the theoretical attacker in the cloud [almost certainly] doesn't know them so it doesn't matter to them if that person learns personal trivia about them.
I think It's pretty insane that people present their personal details in public via social networking. This same type of connectivity could be implemented with end to end encryption, signatures to verify everyone, and secure deletion. Social networks could be a p2p, open source, empowering service. Instead, people just upload their entire lives to the web, and use services run by some of the most extreme right wing members of the ruling class. WAKE THE FUCK UP!
Sounds wonderful. Where can I get this service so I can recommend it to my friends? Doesn't exist? Maybe there's a project working on it?
Personally, I do have a Facebook account -- with pretty much the info you could find on me if you were very bored and had a few hours to kill on Google -- but I would rather use the system you describe. Unfortunately, it will probably never exist. Facebook might get replaced by Wave, but not for privacy reasons. Privacy and security don't sell.
For more details, see PolitiFact's Obameter. They have a comprehensive list of Obama's campaign promises with links to the promise and summaries and links with news on each one.
See: externality. Basically, carbon emissions is something the free market does not handle by itself, so the government is making it part of the market.
Lol. More like they were slow-loading and designed to stick their logo and shitty "stereo component" UIs and other branding crap in the middle of your page design.
As opposed to Flash where something as simple as seeking through a video doesn't work right? Try seeking in YouTube to a specific spot: it appears to only let you seek to various somehow pre-chosen spots about 3 seconds apart. For extra fun, while a video is downloading, try to seek towards the end of the downloaded part; that often gets it to restart downloading with that place as the start. Full screen doesn't work for me either, but I suspect that is a Linux-only problem as otherwise it would be relatively high-priority. That's why I used to use a Greasemonkey script that replaced YouTube's Flash player with one of those movie playing plugins and when that stopped working I mostly switched to watching YouTube videos straight in VLC because it actually works.
Sorry, perhaps I have just had really bad luck, but I do not buy the argument that Flash is used for video for a better user experience. I'll believe the arguments about getting rid of video player branding, making it harder to download videos, and saving bandwidth by being able to assume the user has support for a modern codec, but the user experience for Flash is awful.
I currently use Linux exclusively. Such movies/audio clips open with the Totem plugin for me now. (I find it works better than the mplayer plugin which I used to use.) I agree that giving the user a choice of plugins is stupid and confusing. As I mentioned in my post, I see no reason that could not be implemented with HTML fallbacks. For example, as in the Video for Everybody script but leaving out the Flash (or putting it last).
But the flip side is you might recall back to what video was like before Flash. Every freaking web site you went to had a different video standard, video player, and you were usually forced to launch a video player which either wasn't integrated in the browser or was integrated badly. Flash only succeeded because it fixed a completely broken thing on the web where Apple, Real and Microsoft in particular were trying to acquire their own monopolies on web video.
Actually, I remember most sites usually offering a choice between at least two of Windows Media Player, Real Player, and QuickTime (not sure why they did not just use HTML fallbacks), all of which had responsive, native controls and properly used hardware acceleration (which at the time was just hardware overlay, not decoding help). Explain to me again how Flash was an improvement in usability?
What Flash did help with is that it had its own codecs which were more advanced than the ones that came with Windows or Mac OS at the time and, probably more importantly, Flash makes it significantly more difficult for users to download videos they are watching -- which is the real hurdle the <video> tag has to surpass to gain acceptance.
I use the Nvidia drivers and also have tearing issues with any full screen video. I use Xfce with the Xfwm window manager. The tearing goes away if I both disable compositing (the Gnome equivalent would be to not use Compiz, I believe) and set vsync to the monitor the video is on in nvidia-settings under "X Server XVideo Settings". (I have two monitors with slightly different vsyncs -- I have yet to find a way to play full screen video on both monitors with no tearing on either but I have also yet to figure why I would want to do so other than testing my video card.;-)
My current usage pattern involves disabling compositing (it's just a checkbox in the window manager settings for Xfwm) whenever I am watching a video with enough action for the tearing to bother me and reenabling it when I am done (as the window manager performance is significantly better with compositing enabled), which is annoying but works. Hopefully at some point to issue will be fixed -- or maybe there is already a way to get video without tearing while compositing is enabled that I am not aware of?
Yes. Is something wrong with that? A software project that has not been touched in 7 years is dead. The whole point of limited times on copyright is the old works drop into the public domain and are free for use without restrictions. I think that, at least for software, you will be hard-pressed to find someone who is not willing to call a 7 year old piece of software "old".
GPL is a legal hack to get around copyright being too strong. If copyright weakens then the GPL becomes both weaker and less important.
I am curious why you think so. It seems to me that in the vast majority of cases, non-simultaneous reviews of a document would be far more efficient and practical (as they do not require the people involved to be at their computer working on the same thing at the same time). Perhaps I am just not being creative enough in thinking up use cases. Do you have some examples of how you think it would be useful (or, I guess, of how Google Docs and similar services with real-time collaborative editing currently get used)?
Yes and no. The web as a protocol (HTTP) is decentralized. Anyone can run a server, but if you run a server, you have to provide the software (well, a lot of it is open source) and bandwidth yourself. On the other hand, with Wave, the software is gadgets/add-ons which are embeded in messages and the bandwidth is spread across the servers of the people in the Wave. Not as good as BitTorrent which distributes the bandwidth among all of the users, but it does distribute the bandwidth costs a bit.
In actual usage, a lot web traffic stays on few centralized websites like Flickr, Facebook, and Slashdot. This is more of a social than technical problem though: most likely the vast majority of Wave users will just use Google's servers. Still, it allows app development to be open to those who do not want to be burdened with running their own server.
That's not the issue at hand here. The site linked from the summary, Live Mesh (Beta), supports sharing and discussing documents. It does not do it in real-time, but, realistically, the real-time part of Google Wave's colloborative document editing is not that important.
The real issues are design and openness. I am a bit confused about where Ray Ozzie is coming from: I think he means that the problem with Google Wave is that it is too simple and web-like, not that it is too complex. That is, Google Wave has a lot of potiential, but much of that potiential depends on people writing gadgets/add-ons for it, as opposed to its features being limited to those Google/Microsoft can think up but already layed out in a structured way. The same issue is often referenced as one of the web's greatest strengths -- and weaknesses.
There is another large issue related to openness: privacy. With Google Wave, you can get all of the features running it on your own server, fully controling the software and hardware. Live Mesh is just yet another web service like Dropbox, etc. which depends on Microsoft's Live Mesh servers. Then again, Microsoft may plan on making it part of Windows Server, which gets rid of the privacy issue.
I think the web has shown quite clearly that leaving a protocol open allows for wide-ranged, unexpected innovations to be based on it. Google has shown off some of its ideas on what Wave is useful for. The Wave groups and various blogs have plenty more. Most likely, if Wave actually catches on, at least some of the common/mainstream uses 5 years from now will bare only passing resemblance to the ideas being thrown around today.
Agreed. Ironically, Google Wave might be [part of] the solution.
Having your data be portable really should not be a problem. Storing it (encrypted?) in a Wave would be one way. Really it seems like you should be able to have your data automatically get replicated (encrypted) across all of your friends' computers (somehow registered with your own) with the assumption that it is very unlikely all of them would be down when you attempt to retrieve a document. Of course, that would require that all of your friends' computers weren't NATed.
To be fair, you can "improve" your own GMail experience via GreaseMonkey scripts. There are a few Firefox extensions which are basically bundles of scripts to add various features/tweaks to GMail. On the other hand, GMail is still very much so non-free with the very major issue that you cannot use it without letting Google see all of your e-mail. As far as I know, SquirrelMail is its closest competitor.
If DNS is trusted -- that is, all data a client receives upon querying a domain's DNS record is trusted to be fully controlled by the owner of that domain -- then, theoretically, public keys could be stored there. That means that instead of getting an untrusted certificate from an HTTPS server which the user's browser has to examine for a signature from a trusted authority, the HTTPS server can simply say, "Hey, of course it's real: the fingerprint matches the one in my DNS record." without any external authority required (other than the one implementing DNSSEC, of course). That means once DNSSEC is implemented for the root and a site's top-level domain, the only part that needs to be trusted is the
public keys of DNS root.
That said, I have yet to see an implementation -- or even protocol specification -- of such a protocol. Does one exist or is this purely theoretical at this point?
Slashdot appears to still work fine on lynx despite having a good amount of AJAX around. Well, I wish the sidebar appeared at the bottom of the page instead of the top, but that is the only noticeable issue.
Interesting links, thanks. Good to know I'm not the only one that thinks that is needed. I especially like the named profiles idea.
It's only not easy because giving a program less rights than the user running it is not a concept native to Unix (I suppose that could be hacked around by creating a user and separate chroot jail for each unknown program...). On the other hand, on a system like, say, Plan 9 where each program has its own namespace -- and everything is a file -- it is easy to simply either not put stuff in the namespace or put a fake "tcp" folder in the namespace which actually acts as an application-level firewall.
Hopefully the Google Wave protocol developers are taking at serious look at what the PSYC people have to say about Jabber and XML. (Among other things PSYC can currently be used as a more efficient server-to-server protocol for XMPP servers. Those pages discuss what they see as flaws in XMPP's design which make PSYC more suited than XMPP for that use.)
Google Wave is an XMPP (Jabber) extension. Like XMPP, servers choose which other servers to federate with. Also, communications will only touch servers which the wave's participants are connected to. Therefore, it is perfectly possible for a company to run its own Wave server(s) and keep internal communications within their control while allowing external communications through the same server.
In short, unlike someone using a Google account is invited to a wave or it is made public, Google can't see it.
Slashdot Mirror
I should have known someone would point that out. Yes, the same origin policy isn't perfect. There's a reason why I used a Wikipedia link for that: the article discusses flaws and links to info about XSS attacks. That said, I would be quite impressed if someone managed to write a p2p client in Javascript based on XSS attacks.
You misunderstood the GP. No one is denying the raid. The part that he was asserting to be false was that the Allies knew about it in advance and did nothing about it for fear of revealing that they had cracked the German codes. Wikipedia agrees that that is just a myth, although its wording is not very strong.
movie houses, btw, survived tv, the vhs, dvd, and the internet, and are stil gaining in profits, and no one is saying you should be able to sneak into a movie theatre for free. hollywood producers just lose their aftermarket dvd revenue streams. boo fucking hoo: hollywood made plenty of cash before the dvd and the vhs... the vhs of course which they fought tooth and nail... before realizing it meant MORE money, not less money for them. meatspace is a finite resource and should be doled out via economic costs, it is genuinely scarce, the number of seats in concert/ theatre.
If there is no copyright, what is stopping another movie theater from showing the same movie, but not giving any money to whoever made the movie?
Movies are rather expensive to produce. It is likely that there is plenty of waste in the budgets of modern movies, but they still involve a lot of people working together on a single project, so they are going to be expensive. Movies, like video games, seem to come out best with a creative lead and therefore a top-down organization. Basically, without copyright, I do not see a model where movies can earn millions of dollars and without incentives on that scale I cannot see movies of the quality of modern movies will get made.
Perhaps you have an idea of a better structure? Or maybe you think this is an acceptable loss? Or maybe you think that if there is a demand for movies, then a workable structure will form, although you cannot necessarily predict its form?
Actually, that said, trademark law might be able to help here: I would certainly be willing to pay more (i.e. how much a movie ticket currently costs) for a movie (or video game) knowing that the money was actually going (in part) to the creators as an incentive to create future works, so simply a sign at the theater saying "Authorized Theatre for [movie]" or something like that may be sufficient.
The main problem with online voting is the same as the problem with any other type of absentee ballot: fraud and intimidation which a secret ballot is intended to reduce. That said, Oregon does do all absentee. Perhaps the issues with a non-secret ballot are overblown. In a previous thread on this topic, another Slashdotter suggested allowing people to change their vote up until the last minute in order to make intimidation more difficult.
Secrecy once the vote has been entered is another, probably easier, problem: there are cryptographic protocols for doing secure computations. Basically if you have a function like "sum votes" and each computer has an input (a vote) then via a series of communications, all of the computers will know the output of the function and that no computer cheated but not what any of the inputs (votes) were (unless they are somehow obvious from the output, of course). How to apply those to a real life situation is non-obvious.
More importantly, the common person is not a computer or cryptography expert. Most people will have no way to verify that their vote is being properly counted. Furthermore, malware is pretty common and writing one to change someone's vote without their knowledge would likely not be too difficult, although that could be solved by running the voting system off a bootable CD/USB flash drive.
Javascript's same origin policy would prevent such a thing from happening. On the other hand, I see no reason why browsers could not support magnet: URIs for <video> sources on p2p, possibly passing them off to an external program to download.
The problems you describe cover the specific current implementation of Freenet. I do not know much about it, but it sounds like they consider the performance issues important and have improved the performance.
Of course, Freenet is an extreme example. With privacy on the internet, often increasing privacy requires some decrease in speed/efficiency.
Opportunistic encryption is essentially free and protects against passive eavesdropping. Once DNSSEC is in place, even active attacks against simple opportunistic encryption with DNS for key exchange. (This is not purely theoretical. Openswan implements such a protocol.)
For common communications, people can use self-signed HTTPS, e-mail encryption, and IM encryption -- but that requires extra work on the part of the user. None of those have particularly friendly or easy-to-use interfaces. Asking people to deal with keys/authentication is unreasonable for most people -- and I have yet to see a user-friendly solution for key exchange.
For plausible deniability, there's Tor, but it still reveals that you are doing something, it is relatively slow, and it is not encrypted at the other end (except for internal sites which are sorta like Freenet sites). Currently using Tor, as you say, will probably get the secret police to assume you have something to hide. A system that encrypted everything -- like opportunistic encryption -- would be much better for that reason.
The technology is there, but it is missing polish, network effects, and actually giving people a reason to use it. Security/privacy is not visible. Most people are not aware of it or just don't care until something happens (see: NSA wiretapping). I use IM encryption (OTR) with some of my friends, but most people are not going to be bothered to install it if it is not default, and I have been given the reason that people may care if people they know can read their IMs/e-mails(/Facebook messages), but the theoretical attacker in the cloud [almost certainly] doesn't know them so it doesn't matter to them if that person learns personal trivia about them.
I think It's pretty insane that people present their personal details in public via social networking. This same type of connectivity could be implemented with end to end encryption, signatures to verify everyone, and secure deletion. Social networks could be a p2p, open source, empowering service. Instead, people just upload their entire lives to the web, and use services run by some of the most extreme right wing members of the ruling class. WAKE THE FUCK UP!
Sounds wonderful. Where can I get this service so I can recommend it to my friends? Doesn't exist? Maybe there's a project working on it?
Personally, I do have a Facebook account -- with pretty much the info you could find on me if you were very bored and had a few hours to kill on Google -- but I would rather use the system you describe. Unfortunately, it will probably never exist. Facebook might get replaced by Wave, but not for privacy reasons. Privacy and security don't sell.
For more details, see PolitiFact's Obameter. They have a comprehensive list of Obama's campaign promises with links to the promise and summaries and links with news on each one.
See: externality. Basically, carbon emissions is something the free market does not handle by itself, so the government is making it part of the market.
Lol. More like they were slow-loading and designed to stick their logo and shitty "stereo component" UIs and other branding crap in the middle of your page design.
As opposed to Flash where something as simple as seeking through a video doesn't work right? Try seeking in YouTube to a specific spot: it appears to only let you seek to various somehow pre-chosen spots about 3 seconds apart. For extra fun, while a video is downloading, try to seek towards the end of the downloaded part; that often gets it to restart downloading with that place as the start. Full screen doesn't work for me either, but I suspect that is a Linux-only problem as otherwise it would be relatively high-priority. That's why I used to use a Greasemonkey script that replaced YouTube's Flash player with one of those movie playing plugins and when that stopped working I mostly switched to watching YouTube videos straight in VLC because it actually works.
Sorry, perhaps I have just had really bad luck, but I do not buy the argument that Flash is used for video for a better user experience. I'll believe the arguments about getting rid of video player branding, making it harder to download videos, and saving bandwidth by being able to assume the user has support for a modern codec, but the user experience for Flash is awful.
I currently use Linux exclusively. Such movies/audio clips open with the Totem plugin for me now. (I find it works better than the mplayer plugin which I used to use.) I agree that giving the user a choice of plugins is stupid and confusing. As I mentioned in my post, I see no reason that could not be implemented with HTML fallbacks. For example, as in the Video for Everybody script but leaving out the Flash (or putting it last).
But the flip side is you might recall back to what video was like before Flash. Every freaking web site you went to had a different video standard, video player, and you were usually forced to launch a video player which either wasn't integrated in the browser or was integrated badly. Flash only succeeded because it fixed a completely broken thing on the web where Apple, Real and Microsoft in particular were trying to acquire their own monopolies on web video.
Actually, I remember most sites usually offering a choice between at least two of Windows Media Player, Real Player, and QuickTime (not sure why they did not just use HTML fallbacks), all of which had responsive, native controls and properly used hardware acceleration (which at the time was just hardware overlay, not decoding help). Explain to me again how Flash was an improvement in usability?
What Flash did help with is that it had its own codecs which were more advanced than the ones that came with Windows or Mac OS at the time and, probably more importantly, Flash makes it significantly more difficult for users to download videos they are watching -- which is the real hurdle the <video> tag has to surpass to gain acceptance.
I use the Nvidia drivers and also have tearing issues with any full screen video. I use Xfce with the Xfwm window manager. The tearing goes away if I both disable compositing (the Gnome equivalent would be to not use Compiz, I believe) and set vsync to the monitor the video is on in nvidia-settings under "X Server XVideo Settings". (I have two monitors with slightly different vsyncs -- I have yet to find a way to play full screen video on both monitors with no tearing on either but I have also yet to figure why I would want to do so other than testing my video card. ;-)
My current usage pattern involves disabling compositing (it's just a checkbox in the window manager settings for Xfwm) whenever I am watching a video with enough action for the tearing to bother me and reenabling it when I am done (as the window manager performance is significantly better with compositing enabled), which is annoying but works. Hopefully at some point to issue will be fixed -- or maybe there is already a way to get video without tearing while compositing is enabled that I am not aware of?
Yes. Is something wrong with that? A software project that has not been touched in 7 years is dead. The whole point of limited times on copyright is the old works drop into the public domain and are free for use without restrictions. I think that, at least for software, you will be hard-pressed to find someone who is not willing to call a 7 year old piece of software "old".
GPL is a legal hack to get around copyright being too strong. If copyright weakens then the GPL becomes both weaker and less important.
Well, I don't know if you agree with Eugenia's (of Gnomefiles/OSNews) taste in music, but here's her list.
I am curious why you think so. It seems to me that in the vast majority of cases, non-simultaneous reviews of a document would be far more efficient and practical (as they do not require the people involved to be at their computer working on the same thing at the same time). Perhaps I am just not being creative enough in thinking up use cases. Do you have some examples of how you think it would be useful (or, I guess, of how Google Docs and similar services with real-time collaborative editing currently get used)?
Yes and no. The web as a protocol (HTTP) is decentralized. Anyone can run a server, but if you run a server, you have to provide the software (well, a lot of it is open source) and bandwidth yourself. On the other hand, with Wave, the software is gadgets/add-ons which are embeded in messages and the bandwidth is spread across the servers of the people in the Wave. Not as good as BitTorrent which distributes the bandwidth among all of the users, but it does distribute the bandwidth costs a bit.
In actual usage, a lot web traffic stays on few centralized websites like Flickr, Facebook, and Slashdot. This is more of a social than technical problem though: most likely the vast majority of Wave users will just use Google's servers. Still, it allows app development to be open to those who do not want to be burdened with running their own server.
That's not the issue at hand here. The site linked from the summary, Live Mesh (Beta), supports sharing and discussing documents. It does not do it in real-time, but, realistically, the real-time part of Google Wave's colloborative document editing is not that important.
The real issues are design and openness. I am a bit confused about where Ray Ozzie is coming from: I think he means that the problem with Google Wave is that it is too simple and web-like, not that it is too complex. That is, Google Wave has a lot of potiential, but much of that potiential depends on people writing gadgets/add-ons for it, as opposed to its features being limited to those Google/Microsoft can think up but already layed out in a structured way. The same issue is often referenced as one of the web's greatest strengths -- and weaknesses.
There is another large issue related to openness: privacy. With Google Wave, you can get all of the features running it on your own server, fully controling the software and hardware. Live Mesh is just yet another web service like Dropbox, etc. which depends on Microsoft's Live Mesh servers. Then again, Microsoft may plan on making it part of Windows Server, which gets rid of the privacy issue.
I think the web has shown quite clearly that leaving a protocol open allows for wide-ranged, unexpected innovations to be based on it. Google has shown off some of its ideas on what Wave is useful for. The Wave groups and various blogs have plenty more. Most likely, if Wave actually catches on, at least some of the common/mainstream uses 5 years from now will bare only passing resemblance to the ideas being thrown around today.
Agreed. Ironically, Google Wave might be [part of] the solution.
Having your data be portable really should not be a problem. Storing it (encrypted?) in a Wave would be one way. Really it seems like you should be able to have your data automatically get replicated (encrypted) across all of your friends' computers (somehow registered with your own) with the assumption that it is very unlikely all of them would be down when you attempt to retrieve a document. Of course, that would require that all of your friends' computers weren't NATed.
To be fair, you can "improve" your own GMail experience via GreaseMonkey scripts. There are a few Firefox extensions which are basically bundles of scripts to add various features/tweaks to GMail. On the other hand, GMail is still very much so non-free with the very major issue that you cannot use it without letting Google see all of your e-mail. As far as I know, SquirrelMail is its closest competitor.
If DNS is trusted -- that is, all data a client receives upon querying a domain's DNS record is trusted to be fully controlled by the owner of that domain -- then, theoretically, public keys could be stored there. That means that instead of getting an untrusted certificate from an HTTPS server which the user's browser has to examine for a signature from a trusted authority, the HTTPS server can simply say, "Hey, of course it's real: the fingerprint matches the one in my DNS record." without any external authority required (other than the one implementing DNSSEC, of course). That means once DNSSEC is implemented for the root and a site's top-level domain, the only part that needs to be trusted is the public keys of DNS root.
That said, I have yet to see an implementation -- or even protocol specification -- of such a protocol. Does one exist or is this purely theoretical at this point?
Slashdot appears to still work fine on lynx despite having a good amount of AJAX around. Well, I wish the sidebar appeared at the bottom of the page instead of the top, but that is the only noticeable issue.
Interesting links, thanks. Good to know I'm not the only one that thinks that is needed. I especially like the named profiles idea.
It's only not easy because giving a program less rights than the user running it is not a concept native to Unix (I suppose that could be hacked around by creating a user and separate chroot jail for each unknown program...). On the other hand, on a system like, say, Plan 9 where each program has its own namespace -- and everything is a file -- it is easy to simply either not put stuff in the namespace or put a fake "tcp" folder in the namespace which actually acts as an application-level firewall.
Hopefully the Google Wave protocol developers are taking at serious look at what the PSYC people have to say about Jabber and XML. (Among other things PSYC can currently be used as a more efficient server-to-server protocol for XMPP servers. Those pages discuss what they see as flaws in XMPP's design which make PSYC more suited than XMPP for that use.)
*unless
Google Wave is an XMPP (Jabber) extension. Like XMPP, servers choose which other servers to federate with. Also, communications will only touch servers which the wave's participants are connected to. Therefore, it is perfectly possible for a company to run its own Wave server(s) and keep internal communications within their control while allowing external communications through the same server.
In short, unlike someone using a Google account is invited to a wave or it is made public, Google can't see it.