I agree that most platforms die due to lack of adoption. However isn't this stating the obvious? All new platforms start out with no users. Some clearly gain adoption and don't die. That's not a reason to not think about new designs.
I disagree about marketing budget. The web came from CERN as an academic project. It didn't have a marketing budget. Its primary competitor at the time (AOL) had an enormous marketing budget. In the end it didn't matter.
I also agree that security doesn't motivate developers much right now. I'm thinking about this in terms of both security and productivity for that reason.
However, I think it's possible and likely for people to care more about security in future for three reasons:
1) The consequences of breaches seem to be getting worse. The Equifax C-Suite was just completely cleaned out due to, apparently, a fairly pedestrian XML deserialisation exploit in Apache Struts (which has had lots of them). Corporate America will be sitting up and taking notice of that. When top people start losing their jobs because of mistakes of programmers at the bottom, they'll start to care about security more.
2) The ultimate consequence will be the first major conflict in which 'cyber warfare' plays a part. I hate that term personally, but it's the one governments understand. The day a major industrial nation's power grid is shut down by a much smaller and weaker country is the day that everything will change with respect to computer security. If you have never considered what happens in such a scenario, google the term "Black Start" and learn just how difficult and complex it would be to bring a country back from the brink if its entire national grid had tripped out.
3) Part of the reason nobody seems to care about security is the sheer hopelessness of it. It's impossible to care about security when you know you're going to fail. All developers who aren't delusional know that sooner or later they will fail (and probably they'll never find out). The tools are so bad that it's pointless even trying to keep up with new exploit types. I hadn't even heard of SSRF exploits before last weekend and I read tech news obsessively. If I can't keep up, I don't trust anyone who isn't a full time security specialist to keep up, but unfortunately security isn't something neatly compartmentalised into a single person.
So what can we do?
• Prepare for the worst. There will be more major breaches and eventually some sort of water or grid collapse; it seems inevitable to me. Make sure you have plenty of paper cash at home in case of a breach of payment networks.
• Prepare for the day after the worst. Figure out tools and approaches we can start to use if/when security does become a more important issue.
Consider the other big software platforms from the last few decades: Android, iOS, Java, Windows. The trend is adequate-but-not-exceptional tech with rich companies pouring cash into their success. (iPhones have better than average tech in the hardware, so maybe there's hope that great tech will make up for lack of cash, but iPhone tech also required massive amounts of cash to develop and the software is also middling.) You can highlight any number of parallel attempts at platforms that arguably had better tech but failed.
I guess another way of phrasing my point is that good tech doesn't seem to be much of a factor in succeeding; ok tech with money succeeds, good tech without money fails. (Where "money" here maybe stands in for a bunch of related things, including "marketing", "building a market for developers", "attracting paying users", etc.)
I am sorry for the random sniping. I wish you luck and I will read your subsequent posts with interest. I write my comment because I would like to read some higher-level analysis (e.g. why will your project succeed when similar attempts X,Y,Z failed, what is different about the state of the market today vs last time).
First of all, great article, regardless of outcomes I've never considered an alternative web would be a possibility.
At first I was skeptic like most here, but it doesn't sound impossible at all. If you fix the most pressing issues regarding security, improve productivity by orders of magnitude (with great UX by default, even at the expense of some customizability), and can make it run on an iPhone, it might be a path worth exploring, yes.
Have you heard about Urbit? It seem to be also a "new internet" kind of project, but more focused on decentralization, which is very important too. I'd be interested to know your thoughts about it, as well as any progress about the "NewWeb" in case it becomes an actual project.
The name Urbit rings a bell, I think I read about it many years ago. But I just checked the website and it seems totally different, so I guess I need to refresh my knowledge of it.
edit: oh, they're doing an ICO. first impressions: not good
I don't know enough about Urbit's implementation or team to vouch for it, but I do find the basic idea promising: that we should have control over our own data, and should be able to do whatever we want with it.
I'm not sure why you though an ICO is a bad first impression. Yes, there were several scams but the blockchain space is full of very exciting opportunities. Some other commenter mentioned that a "new web" would have to provide sufficient value to the end user that the current version does not/can not. These experiments in decentralization are worth watching and probably where the "sufficient value" will come from to justify the use of new tech.
I agree that most platforms die due to lack of adoption. However isn't this stating the obvious? All new platforms start out with no users. Some clearly gain adoption and don't die. That's not a reason to not think about new designs.
I disagree about marketing budget. The web came from CERN as an academic project. It didn't have a marketing budget. Its primary competitor at the time (AOL) had an enormous marketing budget. In the end it didn't matter.
I also agree that security doesn't motivate developers much right now. I'm thinking about this in terms of both security and productivity for that reason.
However, I think it's possible and likely for people to care more about security in future for three reasons:
1) The consequences of breaches seem to be getting worse. The Equifax C-Suite was just completely cleaned out due to, apparently, a fairly pedestrian XML deserialisation exploit in Apache Struts (which has had lots of them). Corporate America will be sitting up and taking notice of that. When top people start losing their jobs because of mistakes of programmers at the bottom, they'll start to care about security more.
2) The ultimate consequence will be the first major conflict in which 'cyber warfare' plays a part. I hate that term personally, but it's the one governments understand. The day a major industrial nation's power grid is shut down by a much smaller and weaker country is the day that everything will change with respect to computer security. If you have never considered what happens in such a scenario, google the term "Black Start" and learn just how difficult and complex it would be to bring a country back from the brink if its entire national grid had tripped out.
3) Part of the reason nobody seems to care about security is the sheer hopelessness of it. It's impossible to care about security when you know you're going to fail. All developers who aren't delusional know that sooner or later they will fail (and probably they'll never find out). The tools are so bad that it's pointless even trying to keep up with new exploit types. I hadn't even heard of SSRF exploits before last weekend and I read tech news obsessively. If I can't keep up, I don't trust anyone who isn't a full time security specialist to keep up, but unfortunately security isn't something neatly compartmentalised into a single person.
So what can we do?
• Prepare for the worst. There will be more major breaches and eventually some sort of water or grid collapse; it seems inevitable to me. Make sure you have plenty of paper cash at home in case of a breach of payment networks.
• Prepare for the day after the worst. Figure out tools and approaches we can start to use if/when security does become a more important issue.