
The Curse of the Internet - Irene
http://aurametrix.blogspot.com/2014/04/the-curse-of-internet.html
======
vezzy-fnord
The Internet simply ended up having to swallow far more than it was designed
to handle. The dot-com boom paved the way for it becoming essential and
inseparable to our livelihoods.

Michal Zalewski's _The Tangled Web_ is an excellent technical book on how the
technologies that power the web are interconnected, and how they're all a
vulnerable mess of hacks. On the surface, it looks like everything is running
smoothly, but on the inside, everything we've architected is subpar for our
current needs. It's amazing that the web is hanging by its nooks and crannies,
but the constant series of gaffes that is infosec and most people's refusal to
accept it, speaks for itself.

Who knew that one day, a handful of nerds and social outcasts would end up
maintaining core infrastructure that the entire Western economy depends on so
dearly?

Of course, people have realized this and have been hard at work building new
protocols, abstractions and mechanisms on top of current cruft. It's still a
mad, mad, mad, mad ecosystem out there, though.

The author's sentiments go completely off rails by the end of this, however.
It's almost eery. What is there to possibly trust?

~~~
zenbowman
Alan Kay made an excellent point. In order not to dilute it, I quote him
verbatim.

"The Internet was done so well that most people think of it as a natural
resource like the Pacific Ocean, rather than something that was man-made. When
was the last time a technology with a scale like that was so error-free? The
Web, in comparison, is a joke. The Web was done by amateurs."\-- Alan Kay.

Tim Berners Lee was trained to be a physicist. He wasn't aware of the things
computer scientists had learned in the last few decades. He was a clever man
who came up with a clever idea, but it wasn't engineered to scale.

I think Kay is right, and more ambitious tech firms are definitely running up
against this wall. The fact that Google wrote a new Javascript engine tells me
that Kay's proposal, where the web should have been like an operating system
on which you could run programs in a separate address space and with limited
access to underlying system calls - is coming to pass, except in this OS the
assembly is Javascript.

~~~
DanBC
The www is fine. TBL shouldn't be blamed for the horrible mess that it turned
into as people kludged it to do things stupidly and inelegantly.

Yenc binaries on Usenet are stupid an inelegant yet petabytes of stuff have
been shifted around on Usenet servers.

Humans are creative and capable of trashing almost any RFC no matter how well
written it was.

------
spacelizard
It's alarming to me just how many supposedly "secure" websites follow such
awful practices, such as:

\- Using HTTPS only for the login or purchase page, and sending the user to
plain-old HTTP for everything else

\- And to make the above even worse, storing passwords in plain text in a
cookie

\- Disallowing certain characters in passwords, or forcing passwords to be
under a certain length

\- Allowing people to reset passwords from the browser with just one answer to
a security question, i.e. not even sending a confirmation email

\- Not supporting any form of two-factor authentication

The question I keep asking myself lately is, is there a better method to
authentication than just plain ole' passwords? There are other systems that
we're starting to see now being used more often in consumer devices, such as
RFID and fingerprint/face scanners, but those have some obvious weaknesses as
well.

~~~
kachnuv_ocasek
OpenID?

~~~
GrinningFool
Let's not get started on those who implement _that_ poorly.

I was signing up for a site that took openid the other day- and then after
confirming access - I was returned to the site. There, I was prompted for
email, first/last name, and 2x password to use on the site, in order to
complete my registration. (This email and password would be my future login.)

Nothing quite like implementing a buzzword while missing the point
completely...

------
dan_bk
Ultimately, we'll probably have to adjust our culture to the fact that the
combination of technology and capitalism sooner or later leads to the end of
privacy. It's going to be a long, difficult and certainly painful path and
there will be victims. But if the current trend continues, there will be a
time where everybody will be able to know almost anything about anybody,
anytime.

Edit: And if we really have a problem with this, we better start our engines.

~~~
sliverstorm
It doesn't have to mean that. Think of war. Defense is often developed in
response to offense. Medicine is developed in response to injury. Sometimes in
history, defense & medicine lag far behind weapons. Sometimes the gap is much
smaller.

Privacy is impacted because we are rushing ahead, advancing our sharing &
social & etc technologies. We aren't developing privacy & security fast enough
to keep pace. So while it _is_ that way right now, must it be?

~~~
jiggy2011
The problem is that sharing and social technologies attract more resources
than privacy technologies because it's easier to make money when you know as
much as possible about your users.

