Weekly Edition
Return to the Announcements page
| |||||||||||||
Predictions for 2011 (Freedom to Tinker)
A little belated, perhaps, but the Freedom to Tinker blog (from Princeton University's Center for Information Technology Policy, which is directed by Ed Felten) has put out its predictions for the year. It's always an interesting read; this year there are 25 separate predictions, including: "2011 will see the outbreak of the first massive botnet/malware that attacks smartphones, most likely iPhone or Android models running older software than the latest and greatest. If Android is the target, it will lead to aggressive finger-pointing, particularly given how many users are presently running Android software that's a year or more behind Google's latest—a trend that will continue in 2011."
(Log in to post comments)
Predictions for 2011 (Freedom to Tinker) Posted Jan 27, 2011 23:56 UTC (Thu) by cesarb (subscriber, #6266) [Link]
See also the review of last year's predictions: http://www.freedom-to-tinker.com/blog/tblee/2010-predicti...
Predictions for 2011 (Freedom to Tinker) Posted Jan 28, 2011 6:37 UTC (Fri) by BackSeat (subscriber, #1886) [Link] They seem to be largely predictions for the United States for 2011.One would hope that a university would be able to see beyond LA and Florida, especially in 2011.
Predictions for 2011 (Freedom to Tinker) Posted Jan 28, 2011 11:34 UTC (Fri) by njwhite (subscriber, #51848) [Link]
I think the Freedom to Tinker website is focused on USA legal and policy issues, so the USA centrism is neither suprising or inappropriate.
Predictions for 2011 (Freedom to Tinker) Posted Jan 28, 2011 13:23 UTC (Fri) by salimma (subscriber, #34460) [Link]
Plus when it comes to DMCA, copyright extension etc. the USA has tended to push their laws onto other countries as part of free trade agreements. So what happens in the US affects a lot of people outside their borders.
Predictions for 2011 (Freedom to Tinker) Posted Jan 28, 2011 20:36 UTC (Fri) by iabervon (subscriber, #722) [Link]
I wonder if 2011 will be the year of HTTP getting TLS, allowing the server to present its certificate only after it sees the Host header. There's a bit of a nasty mess for sites that want to host untrusted content from a large number of sources and encrypt the traffic (e.g., livejournal). In order to allow journals to use cookies but prevent different journals from being able to snoop each other's cookies, you need to give each one a different hostname. But when you get a HTTPS connection, you need to present the certificate that matches the hostname the browser is trying to access, which you don't find out until after you've presented the certificate.
Of course, the protocol was specified a decade ago, but major browsers haven't bothered to implement it because nobody seemed to care much. If, however, the "https everywhere" movement gets people interested, it could certainly happen. (Particularly if there are sites that only provide encrypted access to private content via the RFC 2817 method.)
Predictions for 2011 (Freedom to Tinker) Posted Jan 28, 2011 20:56 UTC (Fri) by foom (subscriber, #14868) [Link]
This problem has already been solved. All (current versions of) major browsers, OSes, and servers have been upgraded already. The solution is called SNI, "Server Name Indicator". With that, the client tells the server what hostname it's looking for in the TLS negotiation. Works great.
Predictions for 2011 (Freedom to Tinker) Posted Jan 28, 2011 21:51 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]
except that not every user has upgraded to a current version of a major browser, and companies (i.e. banks) are not willing to tell their customers that they can't use their services because they haven't upgraded.
for that matter, I don't know that I want this to happen, if they did this they would also have the effect of blocking small browsers (remember when so many sites claimed to be IE only and would boot you out if you used firefox or Opera?)
Predictions for 2011 (Freedom to Tinker) Posted Jan 28, 2011 23:10 UTC (Fri) by foom (subscriber, #14868) [Link]
Sure. But unlike the parent comment's proposal, which is completely unimplemented, this is *already implemented everywhere*. It's done. Every important client and server supports it. Now it's just a waiting game until it's no longer a requirement for your website to support IE on Windows XP. If you're okay with IE-on-XP users getting invalid certificate warnings, you can start using SNI today. For smaller websites, that may already be the case.
And there's no reason why the smaller/non-mainstream browsers couldn't add SNI support if they haven't already...
Predictions for 2011 (Freedom to Tinker) Posted Jan 28, 2011 21:48 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]
if this actually happens it would actually free up significant chunks of IPv4 addresses (my company would go from needing /19 or so of address space networks to needing /23 or so for example)
Predictions for 2011 (Freedom to Tinker) Posted Feb 11, 2011 0:55 UTC (Fri) by vonbrand (subscriber, #4458) [Link] ... and the IP addresses so "freed" will just be kept "just in case".
|
|||||||||||||