Linked by Thom Holwerda on Thu 6th Sep 2018 23:34 UTC
Google

"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering manager. "They're hard to read, it's hard to know which part of them is supposed to be trusted, and in general I don't think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone - they know who they're talking to when they're using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we're figuring out the right way to convey identity."

Judging by the reactions across the web to this news, I'm going to have the minority opinion by saying that I'm actually a proponent of looking at what's wrong with the status quo so we can try to improve it. Computing is actually an incredibly conservative industry, and far too often the reaction to "can we do this better?" is "no, because it's always been that way".

That being said, I'm not a fan of such an undertaking in this specific case being done by a for-profit, closed entity such as Google. I know the Chromium project is open source, but it's effectively a Google project and what they decide goes - an important effort such as modernizing the URL scheme should be an industry-wide effort.

Thread beginning with comment 662066
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Conservative
by Serafean on Fri 7th Sep 2018 08:48 UTC in reply to "Conservative"
Serafean
Member since:
2013-01-08

Pretty much this.
Where many people wanting to change something fail is by not understanding the reason it is that way in the first place.

Take email. Some people hate the way email is designed. But expose all the problems it has to solve, and suddenly you find out that you'd end up with something similarly complex.

The "because it has always been done that way" is a first line of defense when you don't understand something, and see that there is more to it than meets the eye.

Reply Parent Score: 3

RE[2]: Conservative
by Alfman on Fri 7th Sep 2018 14:41 in reply to "RE: Conservative"
Alfman Member since:
2011-01-28

Serafean,

Take email. Some people hate the way email is designed. But expose all the problems it has to solve, and suddenly you find out that you'd end up with something similarly complex.

The "because it has always been done that way" is a first line of defense when you don't understand something, and see that there is more to it than meets the eye.


Disagree very much. Email really is too complex and it wouldn't have to be if we could re-engineer it. The hodgepodge of protocols and extensions which are IMAP/POP/SMTP/DKIM/SPF/TXT/DMARC/MX/PGP/etc are in a real mess. If we had the opportunity to redesign email from scratch, we really could get rid of tons of complexity while simultaneously making email more consistent.


Just take unicode as one example to illustrate my point. Here's an email header I got from a recent purchase:

Subject: =?UTF-8?Q?=E2=9C=85_ORDER_CONFIRMED:_Sopoby_100pcs_Assort...?=


The obvious & trivial way to use unicode is just to encode the entire protocol (which is text based) using UTF-8 as follows such that unicode works everywhere with no tricks:
Subject: ✅ ORDER CONFIRMED: Sopoby 100pcs Assort...


However, because SMTP standard predates UTF-8 and expects 7bit ASCII, they had to find a way to "hack it in" by adding new lexical preprocessor that simultaneously adds complexity and removes clarity. This is just one of many quirks that caught me off guard when I was writing scripts to parse emails. So can you honestly say email's complexity is intrinsic? No, I don't think so, it's the consequence of hammering new features into an old protocol while maintaining backwards compatibility. We can't ignore backwards compatibility, but the truth of the matter is that email is far more complex and security is less effective as a result.

Edited 2018-09-07 14:47 UTC

Reply Parent Score: 4

RE[3]: Conservative
by darknexus on Fri 7th Sep 2018 15:19 in reply to "RE[2]: Conservative"
darknexus Member since:
2008-07-15

If we had the opportunity to redesign email from scratch, we really could get rid of tons of complexity while simultaneously making email more consistent.

Agreed, but the OP also makes a valid point. Yes, if we redesigned email right now, we could eliminate much of the complexity we see while meeting today's requirements. But that word, today, is the key. Decades down the line as we are with email right now, you would find a similar hodgepodge of complexity as new requirements that were not foreseen at the start come to be necessary. After all, email started out simple, too.

Reply Parent Score: 3

RE[3]: Conservative
by shogun56 on Fri 7th Sep 2018 15:31 in reply to "RE[2]: Conservative"
shogun56 Member since:
2018-09-07

> Here's an email header I got from a recent purchase:

No, the problem is not unicode or utf-8 support or lack thereof. The problem is the RETARD who thought it was a good idea to put non-plain-text in the Subject of an email or anywhere in the body!

YOU DON"T DO THAT! Period. People who are too stupid to understand plain text is the ONLY correct way to do things do not belong in the chain of decision-making or programming.

If you want to get "fancy" then embed a link to a silly web page with pointless checkmark graphics and other such crap. Email body is not a web page. If you are sending out HTML in an email body you need to be shot.

It because people (marketing, artsy fartsy, young programmers with no concept of history) VIOLATE the rules that you have this problem with phishing and JS tricks to lie about the actual link in the "click me" emails.

URLs are just fine. That people cut/paste with the entirety of the query string still attached just shows they are STUPID. It's the same deal with people complaining about a wrapped line breaking a URL and they can't figure out how to put the pieces back together again.

Much software has been written to coddle stupid people by deliberately hiding all the "ugly" underpinnings. Not only does it deprive the ignorant of an opportunity to learn, it DIRECTLY leads to the success of phishing and related problems. When you're doing something wrong, you STOP and UNDO the mess you created, not propose some different technology or "smarter" defense.

Reply Parent Score: -1