Boing Boing 

Youtube ditches Flash, but it hardly matters

A year ago, the news that the world's biggest video site was abandoning proprietary software would have been incredible, but thanks to the World Wide Web Consortium's Netflix-driven DRM work, this changes very little.

Read the rest

New emoji for Unicode 8, including "TACO"


The Unicode Consortium is finalizing its plans for version 8, and 37 new emoji are among the candidates for the final release, including "ZIPPER-MOUTH FACE," "MONEY-MOUTH FACE," "SIGN OF THE HORNS" and "TACO".

Read the rest

W3C hosting a "Web We Want Magna Carta" drafting session at Internet Governance Forum


The Web I want doesn't have DRM in its standards, because the Web I want doesn't believe it's legitimate to design computers so that strangers over a network can give your computer orders that you aren't allowed to know about or override.

Read the rest

IETF declares war on surveillance


The Internet Engineering Task Force has published RFC 7258, which is a bombshell whose title is: "Pervasive Monitoring Is an Attack." It represents the outcome of a long argument about whether the Internet's technical architecture should take active countermeasures to fight mass surveillance, which Tim Bray summarizes. I especially like his rejoinder to people who argue against this because there are places where it's legitimate to monitor communications, like prisons: "We don't want an In­ter­net optimized for prisons."

Read the rest

ANSI starts to publish standards that have been made into law, in insanely crappy form

Rogue archivist Carl Malamud has been fighting to publish the building and safety codes that have been incorporated into the law, but which you have to pay to see. He's published thousands and thousands of pages' worth of safety codes, and is being sued by some of the standards bodies. Now, he writes: "An announcement from Joe Bhatia, the leader of the American National Standards Institute, says 'A standard that has been incorporated by reference does have the force of law, and it should be available.'"

Read the rest

W3C's DRM for HTML5 sets the stage for jailing programmers, gets nothing in return

An excellent editorial by Simon St. Laurent on O'Reilly Programming asks what the open Web has gained from the World Wide Web Consortium's terrible decision to add DRM to Web-standards. As St Laurent points out, the decision means that programmers are now under threat of fines or imprisonment for making and improving Web-browsers in ways that displease Hollywood -- and in return, the W3C has extracted exactly zero promises of a better Web for users or programmers.

Read the rest

Public.resource.org explains to the Mississippi Attorney General's Office that a law is only a law if it's published


Rogue archivist Carl Malamud is publishing the world's safety codes. Some governments disapprove. He writes, "Upon receipt of a Certified Letter of Takedown from the Special Assistant Attorney General of Mississippi, Public.Resource.Org prepared a 67-page response, enclosed a Trodart Professional-Grade Self-Inking Rubber Stamp inscribed with a revolutionary saying ('If it isn't public, it isn't a law.'), packed it all up with a Mississippi flag made of crinkle-pak, and dispatched the parcel back to the sender. "

Read the rest

Firefox bug: "Pledge never to implement HTML5 DRM"

Chris Sherlock has filed a bug against Firefox in Mozilla's bugzilla bug-tracker, entitled "Pledge never to implement HTML5 DRM." It's an interesting way of using the open/transparent development protest to allow Web developers to voice their opinion on the World Wide Web's terrible, awful decision to standardize DRM for browsers. As the W3C's overseer for HTML5 has written, the only reason for DRM in HTML5 is to prevent legal innovation, not to stop piracy.

Read the rest

W3C green-lights adding DRM to the Web's standards, says it's OK for your browser to say "I can't let you do that, Dave"


Here's the bad news: the World Wide Web Consortium is going ahead with its plan to add DRM to HTML5, setting the stage for browsers that are designed to disobey their owners and to keep secrets from them so they can't be forced to do as they're told. Here's the (much) worse news: the decision to go forward with the project of standardizing DRM for the Web came from Tim Berners-Lee himself, who seems to have bought into the lie that Hollywood will abandon the Web and move somewhere else (AOL?) if they don't get to redesign the open Internet to suit their latest profit-maximization scheme.

Danny O'Brien from the Electronic Frontier Foundation explains the wrangle at the W3C and predicts that, now that it's kosher to contemplate locking up browsers against their owners, we'll see every kind of control-freakery come out of the woodwork, from flags that prevent "View Source" to restricting embedded fonts to preventing image downloading to Javascript that you can't save and run offline. Indeed, some of this stuff is already underway at W3C, spurred into existence by a huge shift in the Web from open platform to a place where DRM-hobbled browsers are "in-scope" for the WC3.

Read the rest

Public Resource kickstarting free, open publication of the world's safety standards

We've written often about Carl Malamud, the rogue archivist who has devoted his life to making the world's laws, standards, and publicly owned information into free, accessible, beautiful online documents. Now, I'm pleased to help him launch an ambitious, vital Kickstarter project aimed at raising at least $100,000 to turn the world's public safety codes into thoroughly linked, high-quality HTML documents (presently, many of the 28,040 public safety codes that Carl and public.resource.org have put online exist as scanned bitmaps that can't be searched or linked). The project involves a careful re-typing of all that scanned material and re-tracing of images and formatting them as vector-based SVG files.

Carl and his colleagues have fought in the courts for their right to publish the law that we, the people, are expected to follow. They have passed on lucrative careers in the private sector to devote themselves to public interest, public spirited work that makes the sourcecode for the world's governments available at our fingertips. The work they are doing unlocks untold billions in value -- from being able to ensure that your weekend DIY rewiring project meets code and won't burn down your house, all the way up to giving workers in deadly factories in Bangladesh access to the laws that are supposed to be honored in their workplaces.

$115 gets you a copy of their giant, amazing book of global safety standards, but there are interesting and awesome premiums at price-ranges from $10 (public acknowledgement on the Wall of Safety) to $475 (the Big Box of Propaganda!). I've put in my $115 -- not for the book, but as a way to thank Carl and co for the amazing work they do, and as a means of funding more of it. I hope you'll give, too.

Read the rest

IETF proposal to Prism-proof the Internet

A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.

Read the rest

This is the crypto standard that the NSA sabotaged

The New York Times has published further details of last week's leaked documents detailing the NSA's program of sabotage to crypto products and standards. The new report confirms that the standard that the NSA sabotaged was the widely-suspected NIST Dual EC DRBG standard. The Times reports that the NSA then pushed its backdoored standard through the International Organization for Standardization and the Canadian Communications Security Establishment.

NIST has re-opened the comments on its standard with the hope of rooting out the NSA sabotage to the random number generator and restoring trust in its work products.

Read the rest

Firsthand account of NSA sabotage of Internet security standards


On the Cryptography mailing list, John Gilmore (co-founder of pioneering ISP The Little Garden and the Electronic Frontier Foundation; early Sun employee; cypherpunk; significant contributor to GNU/Linux and its crypto suite; and all-round Internet superhero) describes his interactions with the NSA and several obvious NSA stooges on the IPSEC standardization working groups at the Internet Engineering Task Force. It's an anatomy of how the NSA worked to undermine and sabotage important security standards. For example, "NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!)."

Read the rest

All of India's public safety standards now online for free

Rogue archivist Carl Malamud writes,

For the first time, a full standards bureau is now available on the Internet for people to examine. This archive is published for the people of India and the people of the world who wish to see the technical specifications for public safety that govern our modern society. The archive includes 18,825 standards. Many of them have txt file extracts and over 600 are already available in HTML, SVG, or MATHML renditions.

Read the rest

EFF and Public Resource fight back against copyrighted, paywalled laws

Rogue archivist Carl Malamud sez, "Happy mutants may remember a post on August 8 about why standards bodies explain why access to standards should be copyrighted and paywalled. The piece explained the perspectives of Standards Development Organizations (SDOs) in their suit against Public.Resource.Org. I'm pleased to announce that in the matter of SDOs v. Internet, Team Internet has now made a first appearance. EFF has the details on their site."

Standards bodies explain why they think the law should be copyrighted and paywalled


Public Resource is being sued for publishing building standards that the public is legally required to follow. These standards were developed by private-sector industry bodies who make millions off of access fees charged to the public. In other words, a large block of American law is privately owned, secret, and accessible only for a fee. Three Standards Development Organizations (SDOs) are suing and they've released a statement to the media explaining why the law should not be free for all.

The SDOs underwrite the substantial costs of developing standards, in whole or in significant part, by relying on revenues from the sales and licensing of their copyrighted standards. This funding model allows SDOs to remain independent of special interests and to develop up-to-date, high quality standards.

An article in the Washington Post's Wonkblog by Lydia DePillis delves more deeply into the issue:

There are various pieces of administrative precedent and case law in different courts that support either side. Essentially, though, it’s a question of principle vs. practicality: Code is law, Malamud says, and it’s owned by the public. But good code is also expensive, the standards development groups maintain, and charging for copies is the least bad way to pay for it.

(Thanks, Carl!)

EFF and Public Resource win: public safety standards aren't copyrighted

Dave from the Electronic Frontier Foundation sez, "Remember that time an air-conditioning association tried to bully Carl Malamud into taking down safety standards from Public.Resource.Org, claiming they owned the copyright to a public law? Well, Carl and EFF fought back--and won. The Sheet Metal and Air Conditioning Contractors Association backed down and signed an agreement allowing Public.Resource.Org to publish the safety standards. It's a major win for free speech and open government." From the article: "Whether it's the Constitution or a building code, the law is part of the public domain," (EFF Intellectual Property Director Corynne McSherry).

W3C insider explains what's wrong with cramming DRM into HTML5 - and what you can do about it

I've written before here about the move to get the World Wide Web consortium (W3C) to cram digital rights management (DRM) into the next version of HTML, called HTML5. This week, EFF filed a formal objection with the group, setting out some of the risks to the open Web from standardizing DRM in the Web's core technical specs. Now, writing in the Guardian, W3C staffer Dr Harry Halpin makes an important, well-thought-through case for keeping DRM out of the HTML5 standard. Haplin's got an invaluable insider view of the "crisis of representation" that let a few giant companies shift the most open, most vital standards body involved with the Web into the position of standardizing ways to have your computer and browser take control away from you, and to set the stage for a ban on free and open source software in Web browsers and computers.

The most important part is what you can do to help shift the direction of the W3C back towards the open Web:

The Advisory Committee of the W3C is composed of companies as well as universities and non-profits. If your employer is a W3C member, now is the time to open the discussion internally with your management. Questions over whether DRM should be part of the HTML Working Group or part of another Working Group - or outside of W3C entirely! - are dealt with in the review of charters by Advisory Committee representatives. It's at this level that the EFF objected to EME in HTML. If your organisation is not a member, your organisation can join the W3C. W3C membership fees have been adapted to organisations large and small, for-profit and non-profit, start-ups, and for organisations in developing countries.

If you work for a W3C member, now is the time to join the HTML Working Group. The HTML Working Group are working through the technical details of Encrypted Media Extensions in the HTML Working Group Media Task Force. Also, the HTML WG has a very liberal Invited Expert policy to allow participation by those domain experts who don't work for W3C member organisations. Questions and objections that go beyond the technical content and charter are generally considered out of scope.

Questions that go beyond technically working on EME should be aimed at the Restricted Media Community Group, which anyone can join. Unlike Working Groups, W3C Community Groups provide a forum for discussion but do not themselves publish standards. Disappointingly, so far the discussion has been pretty weak, but this Community Group is monitored by many people deeply involved in the DRM debates.

Also, W3C Working Groups such as the HTML Working Group take technical comments from anyone on the entire web. Public comments can be made by ordinary users; the Working Group must formally address these comments if the comment is within the scope of the charter and done before the standard is complete. That means you can in public comment on EME or any other standard like the cryptographic primitives as pursued by the Web Cryptography Working Group, which can be used to exchange private messages between human rights activists as well as be part of Netflix's plan to switch to HTML5.

DRM and HTML5: it's now or never for the Open Web

EFF files formal objection against DRM's inclusion in HTML5

Regular readers will know that there's a hard press to put DRM in the next version of HTML, which is being standardized at the World Wide Web Consortium (WC3), and that this has really grave potential consequences for the open Web that the WC3 has historically fought to build.

The Electronic Frontier Foundation has joined the WC3 and filed a formal objection to this work item; EFF's Danny O'Brien has written an excellent explanation of what's at stake:

EFF is not the only group concerned here. When EME was finally ultimately declared in-scope for the HTML working group, the decision was made by W3C’s executive team, despite discontent among key standards developers and the subsequent protest of more than twenty thousand technologists and groups, including EFF. While disappointment at that decision outside the W3C has been widespread, the debate on the problems of DRM for that the web platform within the consortium has been muted. Its strategic advisory committee of W3C members has until now not spoken on the decision, despite many of that community having privately expressed concern.

EFF has a lot of experience working within these kinds of standards processes in an attempt to combat the effects of DRM. In 2002, we joined the activities of Broadcast Protection Discussion Group to highlight the dangers of its proposed digital TV DRM standard, which briefly became the government-mandated Broadcast Flag before being struck down in the courts. Subsequently we participated in Europe’s Digital Video Broadcasting (DVB) project, as they considered implementing imposing similar controls on European consumers. This new W3C standard comes from exactly same roots: Hollywood's desire to supress innovation and quash othe wishes of individual computer owners.

The entertainment industry's threats to impose control remain the same: if you don’t do as we say, you won’t get our premium content, and your technology will be rendered irrelevant. As we’ve seen with both music, and digital TV, the threat is empty. Commercial content goes where the users are. And users go where their rights and desires are best respected. We think that the guardian of those rights on the Web should be the W3C, and we’re happy to be help it ensure that remains the case.

EFF blasts plans to build DRM into HTML5

The Electronic Frontier Foundation has weighed in on the growing controversy over the proposal to build DRM into HTML5, the next version of the standard language for building Web pages and applications. Staff technologists Seth Schoen and Peter Eckersley have written a great essay explaining how this kind of work is totally incompatible with the mission of the W3C and how its proponents' insistence that this isn't really DRM are just hollow jokes:

The EME proposal suffers from many of these problems because it explicitly abdicates responsibilty on compatibility issues and let web sites require specific proprietary third-party software or even special hardware and particular operating systems (all referred to under the generic name "content decryption modules", or CDMs, and none of them specified by EME). EME's authors keep saying that what CDMs are, and do, and where they come from is totally outside of the scope of EME, and that EME itself can't be thought of as DRM because not all CDMs are DRM systems. Yet if the client can't prove it's running the particular proprietary thing the site demands, and hence doesn't have an approved CDM, it can't render the site's content. Perversely, this is exactly the reverse of the reason that the World Wide Web Consortium exists in the first place. W3C is there to create comprehensible, publicly-implementable standards that will guarantee interoperability, not to facilitate an explosion of new mutually-incompatible software and of sites and services that can only be accessed by particular devices or applications. But EME is a proposal to bring exactly that dysfunctional dynamic into HTML5, even risking a return to the "bad old days, before the Web" of deliberately limited interoperability.

Because it's clear that the open standards community is extremely suspicious of DRM and its interoperability consequences, the proposal from Google, Microsoft and Netflix claims that "[n]o 'DRM' is added to the HTML5 specification" by EME. This is like saying, "we're not vampires, but we are going to invite them into your house".

Proponents also seem to claim that EME is not itself a DRM scheme. But specification author Mark Watson admitted that "Certainly, our interest is in [use] cases that most people would call DRM" and that implementations would inherently require secrets outside the specification's scope. It's hard to maintain a pretense that EME is about anything but DRM.

Defend the Open Web: Keep DRM Out of W3C Standards (via /.)

See also:

* HTML5's overseer says DRM's true purpose is to prevent legal forms of innovation

* Why Tim Berners-Lee is wrong about DRM in HTML5

Why Tim Berners-Lee is wrong about DRM in HTML5

My latest Guardian column is "What I wish Tim Berners-Lee understood about DRM," a response to the Web inventor's remarks about DRM during the Q&A at his SXSW talk last week.

Additionally, all DRM licence agreements come with a set of "robustness" rules that require manufacturers to design their equipment so that owners can't see what they're doing or modify them. That's to prevent device owners from reconfiguring their property to do forbidden things ("save to disk"), or ignore mandatory things ("check for regions").

Adding DRM to the HTML standard will have far-reaching effects that are incompatible with the W3C's most important policies, and with Berners-Lee's deeply held principles.

For example, the W3C has led the world's standards bodies in insisting that its standards are not encumbered by patents. Where W3C members hold patents that cover some part of a standard, they must promise to license them to all comers without burdensome conditions. But DRM requires patents or other licensable elements, for the sole purpose of adding burdensome conditions to browsers.

The first of these conditions – "robustness" against end-user modification – is a blanket ban on all free/open source software (free/open source software, by definition, can be modified by its users). That means that the two most popular browser technologies on the Web – WebKit (used in Chrome and Safari) and Gecko (used in Firefox and related browsers) – would be legally prohibited from implementing whatever "standard" the W3C emerges.

What I wish Tim Berners-Lee understood about DRM

BBC betrays the public, demands DRM for HTML5

You may have heard that a group of batshit insane entertainment shills have asked the W3C (the standards body responsible for Web standards) to put "DRM" -- magic beans anti-copying stuff -- into HTML5. Shamefully, the BBC -- a publicly funded organisation, chartered to act in the public interest -- is one of the forces pushing for adding stuff to HTML that will make your browser hide things from you, disobey you, and say "I can't let you do that, Dave." Naturally, also requires a ban on free/open source software, because if your browser is open, you could just disable the "I can't let you do that, Dave," program.

The Library of Congress welcomes our new galactic overlords

The Library of Congress has an official standard for abbreviations of different languages. It's a long list, because, well, there are lots and lots of languages that might be mentioned in the Library of Congress. In fact, the standard is so thorough that it includes Klingon. (Via Hilary Mason)

Microsoft, Google and Netflix want to add DRM-hooks to W3C HTML5 standard


A proposed anti-copying extension for the W3C's standard for HTML5 has been submitted by representatives of Google, Microsoft and Netflix. The authors take pains to note that this isn't "DRM" -- because it doesn't attempt to hide keys and other secrets from the user -- but in a mailing list post, they later admitted that this could be "addressed" by running the browser inside a proprietary hardware system that hid everything from the user.

Other WC3 members -- including another prominent Googler, Ian Hickson -- have called for the withdrawal of the proposal. Hickson called it "unethical." I agree, and would add "disingenuous," too, since the proposal disclaims DRM while clearly being intended to form a critical part of a DRM system.

In an era where browsers are increasingly the system of choice for compromising users' security and privacy, it is nothing short of madness to contemplate adding extensions to HTML standards that contemplate designing devices and software to deliberately hide their workings from users, and to prevent users from seeing what they're doing and changing that behavior if it isn't in their interests.

Writing on Ars Technica, Ryan Paul gives a good blow-by-blow look at the way that this extension is being treated in the W3C:

Mozilla's Robert O'Callahan warned that the pressure to provide DRM in browsers might lead to a situation where major browser vendors and content providers attempt to push forward a suboptimal solution without considering the implications for other major stakeholders.

Some of the discussion surrounding the Encrypted Media proposal seem to validate his concerns. Mozilla's Chris Pearce commented on the issue in a message on the W3C HTML mailing list and asked for additional details to shed light on whether the intended content protection scheme could be supported in an open source application.

"Can you highlight how robust content protection can be implemented in an open source webrowser?" he asked. "How do you guard against an open source web browser simply being patched to write the frames/samples to disk to enable (presumably illegal) redistribution of the protected content?"

Netflix's Mark Watson responded to the message and acknowledged that strong copy protection can't be implemented in an open source Web browser. He deflected the issue by saying that copy protection mechanisms can be implemented in hardware, and that such hardware can be used by open source browsers.

"Unethical" HTML video copy protection proposal draws criticism from W3C reps (Thanks, Rob!)

Unicode's "Pile of Poo" character

For many years, most of the Internet ran on ASCII, a character set that had a limited number of accents and diacriticals, and which didn't support non-Roman script at all. Unicode, a massive, sprawling replacement, has room for all sorts of characters and alphabets, and can be extended with "private use areas" that include support for Klingon.

But for all that, I never dreamt that Unicode was so vast as to contain a special character for a "pile of poo."

Name: PILE OF POO
Block: Miscellaneous Symbols And Pictographs
Category: Symbol, Other [So]
Index entries: POO, PILE OF
Comments: dog dirt
Version: Unicode 6.0.0 (October 2010)
HTML Entity: 💩

Here is "Pile of Poo" in whatever font your browser renders this page in: 💩

Unicode Character 'PILE OF POO' (U+1F4A9)