Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

What Should Elon Musk Do? | Passwordless Future: Tense | WebKit iOS Monopoly Ends?

By: on Leave a Comment

Welcome to The Long View—where we peruse the news of the week and strip it to the essentials. Let’s work out what really matters.

This week: Everyone has Twitter advice for Elon, passwordless vision is vacuous, and Apple prevented from forcing Safari.

1. ‘Free Speech Is Not A Slogan,’ EFF Tells Musk

First up this week: Elon Musk is buying Twitter (in case you’ve been living under a rock). He says he wants to make speech on the platform more free. But how? And what are the priorities?.

Analysis: Focus on Intent, not Content

Ignore the frothy, political blather about left vs. right or woke vs. red-pilled. Mister Musk should target the bots, astroturfers and sockpuppets—particularly the ones controlled by nation-states that aim to sow societal disharmony.

The EFF’s Jillian C. York, Gennie Gebhart, Jason Kelley, and David Greene: Twitter Has a New Owner; Here’s What He Should Do

Elon Musk’s purchase of Twitter highlights the risks to human rights and personal safety when any single person has complete control over policies affecting almost 400 million users. [It has] an increasingly important role in social and political discourse, and [so a] responsibility to ensure … decision-making is both transparent and accountable.

Free speech is not a slogan. … It has long struggled to deal with bots and troubling tweets by major figures … allowing mis- or disinformation to rapidly spread. At the same time … Twitter’s community standards restrict legally protected speech [and it] routinely removes content that does not violate its standards.

Better content moderation is sorely needed: Less automation, more expert input into policies, and more transparency and accountability overall. Unfortunately, [discussion of] content moderation is frustratingly binary, with commentators either calling for more … or, as in Musk’s case, far less.


It’s the ultimate in vertical integration, thinks Erik Beall:

[Twitter] has proven to be the most impactful “attention-director,” forcing all news outlets to repeat whatever a few power users want them to repeat, at very low cost. He’s been practicing how to get his tweets amplified through his followers, a method he’s been pretty effective at.

And if he can’t be canceled by the platform, who knows what crazy tweets we’ll all be polarized/freaking out about in a years time.


With a radical suggestion, here’s robbedpeter:

Hire private mercenaries to firebomb bot farms. He’s got the money. Hire those YouTube hackers who pwn scam call centers to find the bad guys, run all the people out and torch the servers and phones and buildings. Modern society is too polite and civil.

2. Will We Ever See a Passwordless Future?

It’s an enticing vision—no more will users need to remember unique credentials. No more inconsistent password construction rules. No more single-point-of-attack password managers. And no more well-meaning suggestions such as correct horse battery staple.

Analysis: Devil in details—ask again later

My Magic 8 Ball has failed me (ask your parents), but it’s not looking great. Smartphones are an imperfect way of proving your identity, and standards such as FIDO seem to have been hijacked by megacorps.

Tom Huddleston Jr: Some of tech’s biggest names want a future without passwords — here’s what that would look like

It’s so enticing to dream about a future where nobody has to constantly update and change online passwords to stay ahead of hackers and keep data secure. Here’s the good news: Some of the biggest names in tech are already saying that the dream of a password-less internet is close to becoming a reality.

More than 80% of data breaches are a result of weak or compromised passwords. [But] doing away with passwords altogether is not without risks. First, verification codes sent via email or text message can be intercepted. … Second, some of today’s password-less options still ask you to create a PIN or security questions to back up your account. That’s not much different from having a password. … And third, there’s an issue of widespread adoption … while the vast majority of Americans do own a smartphone, those devices range dramatically in terms of age and internal hardware.

In other words, it will likely still be some time before passwords are completely extinct. Enjoy typing your long, complex strings of characters into login boxes while you can.


It’s the smartphone angle that worries people. Zitchas:

And when we lose our phone? … Increased digital security is good, but basing all that on mere possession of a specific phone seems dangerous. For everyone I know, their relationship to their smartphone has been a case of, “It’s not a matter of ‘if’ it ever breaks, but rather a case of ‘how long until it does?’”

Lots of stuff happens to cellphones, and I’d rather not risk losing my entire digital existence because something happened to it. I’ve heard more than one security expert state that they flat out consider their phone to be compromised at any point in time, no matter how new or how recently reset … and treat it accordingly.


But what about FIDO? When I compiled this article last month for our sister publication, I got a bit depressed:

Scratch the surface and FIDO2-WebAuthn seems to let “privacy invading megacorps” profit from your private data. The usual suspects … have taken over. And they’re trying to lock you into their ecosystems, with their regular brand of “hot corporate garbage.” Usually in SB Blogwatch, I try to tell both sides of the story. But today, I couldn’t find anyone who thinks FIDO is a good thing.

3. EU Will Force Apple to Allow Other Browsers on iOS

Today, Apple disallows other browsers on iPhones and iPads. Sure, you can install something called Chrome or Firefox, but under the hood, they’re all wrappers ’round WebKit. Same is true if your app is a PWA, renders web pages, runs JavaScript or calls renderer APIs for any purpose. And it’s not even the up-to-date version of WebKit that Safari uses—critics say Apple’s being anti-competitive.

Analysis: European Union to the rescue?

Here comes the Digital Markets Act (DMA)—a draft EU regulation aiming to fix many of big-tech’s injustices. The latest draft includes a provision that would stop Apple from pulling this stunt.

Thomas Claburn: Apple’s grip on iOS browser engines disallowed under latest draft EU rules

Europe’s [DMA] contains language squarely aimed at ending Apple’s iOS browser restrictions. … Apple requires that competing mobile browsers … use its own WebKit rendering engine, which is the basis of its Safari browser. The result is that Chrome, Edge, and Firefox on iOS are all, more or less, Safari.

The extent to which Apple profits from the status quo has prompted regulatory scrutiny in Europe, the UK, the US, and elsewhere. … Now those efforts have been translated into the text of the DMA, which, alongside the Digital Services Act … defines how large technology gatekeepers will be governed in Europe.

[We] asked Apple for comment. We did not expect a reply, nor have we received one. And yet Apple clearly recognizes that it cannot simultaneously avoid antitrust regulation by pointing to web apps as competition to native iOS apps while requiring the use of a browser engine that outsiders believe is holding back the web.


Cause for celebration, thinks garyclarke27:

Great News if it happens. Apple obviously has a little incentive to advance Web Apps capability on Mobile.

This will make a huge difference in the long run, making genuine cross platform development much easier.


Should DevOps’ers care? Yes, argues ttlanhil:

It’s not (just) that you have to use WebKit, it’s that the version of WebKit available to use in apps (or competing browsers) … is not as up to date. … The APIs we needed were (recently) supported by Safari [but] they weren’t available on the older WebKit engine used by anything other than Safari.

The Moral of the Story:
Such as we are made of, such we be


You have been reading The Long View by Richi Jennings. You can contact him at @RiCHi or tlv@richi.uk.

Image: Annie Spratt (via Unsplash; leveled and cropped)