当前位置:主页 > 资料 >

The Web is still a DARPA weapon
栏目分类:资料   发布日期:2018-08-01   浏览次数:

导读:本文为去找网小编(www.7zhao.net)为您推荐的The Web is still a DARPA weapon,希望对您有所帮助,谢谢! Everybody knows that the Internet, originally, was a . , who was Deputy Director and Director of DARPA at the time,

本文为去找网小编(www.7zhao.net)为您推荐的The Web is still a DARPA weapon,希望对您有所帮助,谢谢!

内容来自www.7zhao.net



Everybody knows that the Internet, originally, was a . 去找(www.7zhao.net欢迎您

, who was Deputy Director and Director of DARPA at the time, explained in :

内容来自www.7zhao.net

The goal was to exploit new computer technologies to meet the needs of military command and control against nuclear threats , achieve survivable control of US nuclear forces, and improve military tactical and management decision making. www.7zhao.net

If you know the history of that period, with , you know that the Internet has been a great geopolitical success, beyond any hope. 去找(www.7zhao.net欢迎您

The International Network became more than a medium, it is a message in itself, a message of friendship and cultural collaboration

between Nations. copyright www.7zhao.net

A message against the that back then was fighting for the “abolition of the state”.

All this might seem weird and even incredible to young programmers born years after , but back then, if you were not from USA or URSS, it was very hard to understand who was your enemy (or your friend).

欢迎访问www.7zhao.net

Europe was vested with a huge and powerful propaganda from both sides. And we are still paying the toll of that cultural war, today.

欢迎访问www.7zhao.net

Anyway, the was so good that it was used to build stacks of higher level protocols: on top of TCP/IP and UPD/IP, we built applicative protocols to fulfit specific needs, such as DNS (a sort of hierarchical phonebook), FTP (efficient file trasfer), SMTP (mail), and so on. 内容来自www.7zhao.net

The Domain Name System

Since are numbers used to “call” computers, we created on each computer and tools to lookup such phonebooks.

欢迎访问www.7zhao.net

It might seem strange to call DNS as a hierarchical phonebook, but it becomes a pretty obvious definition once you realize it was born to help with email addressing and delivery.

本文来自去找www.7zhao.net

However, it became soon clear that manual update of such (completely decentralized ) phonebooks were clumbersome, error prone and inefficient.  内容来自www.7zhao.net

Between and the Internet decided that the Network Information Center (NIC) would have served as the official source of the master hosts file. 去找(www.7zhao.net欢迎您

Such totally centralized system seems strange these days, as we talk about single point of failures and federated protocols but SRI served well the Internet for about a decade. 内容来自www.7zhao.net

Life was easy back then: to send a mail to a user named “giacomo” working at a server named “tesio”, you just had to choose the path from your server, with addresses like

欢迎访问www.7zhao.net

aserver!anotherserver!yetanotherserver!tesio!giacomo

欢迎访问www.7zhao.net

where “aserver!anotherserver!yetanotherserver!tesio” was the ordered sequence of servers to connect to deliver the message.

本文来自去找www.7zhao.net

With the growth of the network, between and 1982, the modern was designed and it was soon deployed world wide. The hostnames we use today for email, web browsing, software updates and many other critical tasks, were born.

去找(www.7zhao.net欢迎您

Meanwhile, ARPANET was still under US military control .

www.7zhao.net

The DNS root zone

The Wikipedia page on the DNS root zone date back to .

欢迎访问www.7zhao.net

For two years, it had a section titled “ The Politics of the DNS root zone ” that .

www.7zhao.net

It was a very interesting topic, correctly identified by the original page author, but it was still waiting to be written. The matter is actually complex, hard to tackle without resorting to and thus difficult to handle with a . www.7zhao.net

As Wikipedia put it:

www.7zhao.net

The root DNS servers are essential to the function of the Internet […] 内容来自www.7zhao.net

The DNS servers are potential points of failure for the entire Internet.  欢迎访问www.7zhao.net

For this reason, multiple root servers are distributed worldwide.

copyright www.7zhao.net

The fun fact is that . The root zone itself is distributed by that directly administers and (ironically, as of today, both websites are served over HTTPS with a broken SSL certificate). copyright www.7zhao.net

Obviously, to reduce the risk of , these are not physical servers, but distributed world wide through .

www.7zhao.net

At a glance, we can see that the network should be resilient to attacks. 本文来自去找www.7zhao.net

But if we hack the same page a little to paint a small flag for each server according to the nationality of the organization that administer it, we get a pretty informative projection: 欢迎访问www.7zhao.net

Root servers administrated by organizations from Japan (left), Europe (center) and U.S.A (right).

Suddenly, the gets a completely different meaning.

copyright www.7zhao.net

810 out of 931 DNS root servers are under US control.

本文来自去找www.7zhao.net

Theoretically, USA could create the cheapest DDoS of history with perfectly plausible deniability : just mimic a successful DDoS attack, shutdown your servers in a region and all other DNS roots will collapse under legit traffic.

去找(www.7zhao.net欢迎您

Enter the Web.

In March 1989, a young Tim Berners-Lee submitted for an information management system to his boss, Mike Sendall. ‘Vague, but exciting’, were the words that Sendall wrote on the proposal, allowing Berners-Lee to continue. 内容来自www.7zhao.net

Two years later, and were ready. 欢迎访问www.7zhao.net

URI (Universal Resource Identifier), HTML (HyperText Markup Language) and HTTP (HyperText Transfer Protocol) into that problem space, but somehow they win the race and became widely adopted. 内容来自www.7zhao.net

Despite some technical shortcomings, the protocol and the language was simple and the success was so wide that several browser were developed.

欢迎访问www.7zhao.net

Timeline of web browsers

And yet, you are unlikely to know most of them. Why?

本文来自去找www.7zhao.net

The browsers wars

In line with the military origins of the Internet, even the Web begun with its own wars: . It was a set of complex commercial competition that would worth books for itself, with twists, plots, , cleaver hacks and so on…

去找(www.7zhao.net欢迎您

For our reasoning however, it’s enough to note that in late 2004 one single browser was winning hands down .

www.7zhao.net

It was , serving 92% of the people of the Web. 欢迎访问www.7zhao.net

I was young back then, and a strong supporter of cool technologies such as XHTML, CSS, XLST, XSD, Atom and RSS that I used daily in my job as a web developer (one would say a full-stack developer, these days). 内容来自www.7zhao.net

The great idea behind XHTML was to make the web contents easy to parse from the machines while keeping them easy to write by humans. www.7zhao.net

With CSS and XLS we were half-way towards a full separation of concerns between presentation and contents. With XLS-FO I was even able to extract contents from well designed web pages and produce nice PDF reports. 去找(www.7zhao.net欢迎您

The stack had its issues, but overall it was a godsend.

www.7zhao.net

Back then, few lines of XSLT were able to extract contents from web pages. copyright www.7zhao.net

Or to remove annoying contents . Such as Ads.

欢迎访问www.7zhao.net

I was also quite good at JavaScript, a language that was useful when you had to handle the differences between browsers without overloading the server.

www.7zhao.net

Or when you wanted a faster validation feedback on a form. copyright www.7zhao.net

In this context, IE6 was a pain.

copyright www.7zhao.net

But I couldn’t imagine what was going to come. www.7zhao.net

HTML5

We aimed to provide a “glue language” for the Web designers and part time programmers who were building Web content from components such as images, plugins, and Java applets. We saw Java as the “component language” used by higher-priced programmers, where the glue programmers — the Web page designers — would assemble components and automate their interactions using JavaScript.

欢迎访问www.7zhao.net

The starts with a from . copyright www.7zhao.net

It was 1995. 欢迎访问www.7zhao.net

It served its purpose pretty well for almost 10 years. 去找(www.7zhao.net欢迎您

It was a small little language, a tool to move images on web pages, to do some early form validation, and few other DOM-related little stuffs. 去找(www.7zhao.net欢迎您

It was also common to browse the web without JavaScript enabled , and every professional web developer used to test web sites for such use case. 去找(www.7zhao.net欢迎您

After all, there was a huge effort ongoing to make the Web accessible. 内容来自www.7zhao.net

But suddenly, in 2004, Apple, Mozilla and Opera became “increasingly concerned about the W3C’s direction with XHTML, lack of interest in HTML, and apparent disregard for the needs of real-world web developers”.

欢迎访问www.7zhao.net

I was a real-world web developer back then (I still am…) but I couldn’t see the problem. Nevertheless, they created the to fix the issue.

去找(www.7zhao.net欢迎您

They introduced the concept of , that are always evolving documents, unstable by design, that no one can really implement fully.

欢迎访问www.7zhao.net

Some how, in 2007 they convinced W3C to market the existing version of such unstable drafts as what we now know as HTML5.

copyright www.7zhao.net

HTML5 was not really about HTML. It was just about JavaScript.

copyright www.7zhao.net

Up to HTML4, the web was an . 内容来自www.7zhao.net

Both the protocol and the markup language were very clear about that. 欢迎访问www.7zhao.net

Its purpose was to serve interconnected texts to the people.

copyright www.7zhao.net

It was like a public library with great cross-references.

内容来自www.7zhao.net

With HTML5, the web became a software deploy platform. 本文来自去找www.7zhao.net

The useful changes to the markup language were minimal. The only change worth noticing was the abandon of XHTML.

copyright www.7zhao.net

But with HTML5 a whole new set of browser services became available through various JavaScript API. These API created an huge entry barrier to anyone that wanted to create a browser: most browsers were unable to met such ever-changing over complicated requirements, and never implemented the WHATWG’s living standards. 本文来自去找www.7zhao.net

So, HTML5 was a game changer.

内容来自www.7zhao.net

The Web stopped to be an HyperText medium serving people.

内容来自www.7zhao.net

It became a marketing platform serving personal data collection .

www.7zhao.net

Suddenly, removing annoying contents became harder.

www.7zhao.net

Suddenly, each click, each scroll down, each zoom on a text or a image became an observable event that can be recorded to profile a user. 本文来自去找www.7zhao.net

HTML5 turned JavaScript to a weapon

In 2007, I was really surprised by the W3C abandon of XHTML.

内容来自www.7zhao.net

I was annoyed by this, as we had a pretty good infrastructure built upon the XML/XHTML stack. And why I did like JavaScript back then, I didn’t really understand the move.

copyright www.7zhao.net

My boss told me: “You shouldn’t ask why, but who!”. He was right.

内容来自www.7zhao.net

In HTML4, JavaScript was a toy. It had his issues, but it was a toy. 本文来自去找www.7zhao.net

With the HTML5 usage, a huge number of security issues became evident. copyright www.7zhao.net

But with I realized that the worse security issue is inherent to JavaScript design itself.

本文来自去找www.7zhao.net

You execute a custom program controlled by someone else.

内容来自www.7zhao.net

Someone else that knows you very well. That can read your mails.

www.7zhao.net

That knows what you read. That knows what you look for. copyright www.7zhao.net

That knows where you live. That knows your opinions. 本文来自去找www.7zhao.net

Someone else that can serve to you, specifically to you, a custom JavaScript that you will run under the laws of your country, without responding to such laws.

copyright www.7zhao.net

A very precise weapon

Today, most people cannot really browse the web without JavaScript enabled. 本文来自去找www.7zhao.net

But, just like Ads target your specific desires, a web site can send you JavaScript that fills your disk with illegal contents. In the cache. www.7zhao.net

But NOTE! Not to every visitor, it would be to easy to catch: it’s just for you, because you are an annoying guy that do not conform with the masses.

copyright www.7zhao.net

Unlike the DNS system that is a coarse weapon, only for the USA use, and can only target large regions, JavaScript is a weapon to target specific persons with .

copyright www.7zhao.net

The server knows you.Very well. Very very well. ;-)

本文来自去找www.7zhao.net

And it serves you JavaScript programs that you execute blindly.

欢迎访问www.7zhao.net

What can go wrong?

去找(www.7zhao.net欢迎您

Enter WebAssembly!

JavaScript is a poor language. 欢迎访问www.7zhao.net

Dumb developers obfuscate it and smart hackers deobfuscate it. 去找(www.7zhao.net欢迎您

And even in obfuscated form, a motivated JavaScript programmer can read and debug it anyway. Worse, as a reminiscence of old times, when the Web was a library instead of a market place, all browsers have that annoying View Source button that let you inspect the actual code executed by the browser, not just what such code want you to see.

www.7zhao.net

Even as a weapon… it’s a pain in the ass!

欢迎访问www.7zhao.net

If you serve malicious JavaScript to a single user, the probability to get catched is low, but it increase incredibly fast with hackers and web developers. 欢迎访问www.7zhao.net

We really need ! 欢迎访问www.7zhao.net

And we really need to !

本文来自去找www.7zhao.net

Houston, we’ve had a problem here...

WebAssembly is the worst idea since Javascriptin browsers. 

copyright www.7zhao.net

Not only because it’s a binary blob served by foreign companies but run on your PC, under the law of your country, but because they know you , your relations, your interests, and will “customize” that blob.

本文来自去找www.7zhao.net

Even if implemented perfectly, without a single security issue, it’s a weapon.

内容来自www.7zhao.net

You might object that JavaScript is already a weapon ready to fire on every PC and every smart-phone out there. A weapon that constitutes a threat to free speech even if we ignore the power of Google and friends. 欢迎访问www.7zhao.net

And you would be right.

www.7zhao.net

JavaScript is a dangerous weapon that should be disarmed. 欢迎访问www.7zhao.net

I cannot really understand how European states let this happen. www.7zhao.net

I’d like to think of bribes, but the sad truth is that they do not understand the matter. Not even a little bit. 内容来自www.7zhao.net

But developers do! 去找(www.7zhao.net欢迎您

It’s time for developers to fix this mess.

copyright www.7zhao.net

Let’s start from the client side. 欢迎访问www.7zhao.net

Mozilla, I’m looking at you. 欢迎访问www.7zhao.net

本文来自去找www.7zhao.net


本文原文地址:https://medium.com/@giacomo_59737/the-web-is-still-a-darpa-weapon-31e3c3b032b8

以上为The Web is still a DARPA weapon文章的全部内容,若您也有好的文章,欢迎与我们分享!

欢迎访问www.7zhao.net

Copyright ©2008-2017去找网版权所有   皖ICP备12002049号-2 皖公网安备 34088102000435号   关于我们|联系我们| 免责声明|友情链接|网站地图|手机版