Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
0xbadcafebee 5 days ago

Did anyone else notice that the HTTP protocol embeds within it ten-thousand different protocols? Browsers and web servers both "add-on" a ton of functionality, which all have specifications and de-facto specifications, and all of it is delivered through the umbrella of basically one generic "HTTP" protocol. You can't have the client specify what version of these ten-thousand non-specifications it is compatible with, and the server can't either. We can't upgrade the "specs" because none of the rest of the clients will understand, and there won't be backwards-compatibility. So we just have this morass of random shit that nobody can agree on and can't fix. And there is no planned obsolescence, so we have to carry forward whatever bad decisions we made in the past.

Analemma_ 5 days ago | parent | next [-]

This is also the fault of shit-tastic middleware boxes which block any protocol they don't understand-- because, hey, it's "more secure" to default-fail, right?-- so every new type of application traffic until the end of time has to be tunneled over HTTP if it wants to work over the real Internet.

dumpsterdiver 4 days ago | parent | next [-]

> middleware boxes which block any protocol they don't understand-- because, hey, it's "more secure" to default-fail, right?

If the intent is to secure something then failing-open will indeed be at odds with that goal. I suspect you’re not implying otherwise, but rather expressing frustration that such providers simply can’t be bothered to put in the work and use security as an excuse.

5 days ago | parent | prev [-]
[deleted]
tyleo 5 days ago | parent | prev | next [-]

Tbh I’ve made peace with this world and I might even enjoy it more than the planned obsolescence one.

eru 5 days ago | parent [-]

That was the model that Microsoft used at the height of their power and dominance in the 1990s and 2000s.

pjc50 4 days ago | parent | prev [-]

Anarchy is the price to pay for not having a monopoly dictate a nice clean spec which they can force-deprecate whenever they want.

0xbadcafebee 3 days ago | parent | next [-]

> a monopoly dictate a nice clean spec which they can force-deprecate whenever they want

We already have that at times. Apple forced a change to cert expiration that nobody else wanted, but everyone had to pick up as a result. Google regularly forces new specs, and then decides "actually we don't like it now" and deprecates them, which others then have to do as well. Virtually all of the web today is defined by the 3 major browser vendors.

If all these "specs" actually had versions, and our clients and servers had ways to just serve features as requested, then we could have 20 million features and versions, but nothing would break.

Example with cookies: if the cookie spec itself was versioned, then the server could advertise the old version spec, clients could ask for it, and the server could serve it. Then later if there's a new version of the spec, again, new clients could ask for it, and the server could serve it. So both old and new clients get the latest feature they support. You don't have to worry about backwards compatibility because both client and server can pin versions of specs and pick and choose. You can make radical changes to specs to fix persistent issues (without worrying about backwards compatibility) while simultaneously not breaking old stuff.

But we can't do that, because "cookies" aren't their own spec with their own versions, and clients and servers have no way of requesting or advertising versions of specs/sub-specs.

You could actually implement this on top of HTTP/1.1:

  1. Make cookies their own spec, and version it
  2. Add a new request header: "Cookie-Spec-Ver-Req: [range]"
  3. If there's no request header, the spec is version 1.0
  4. If Server sees a request header, it determines if it supports it
  5. Server replies with "Cookie-Spec-Ver: <version>" of what it supports, based on the request
  6. Client receives the spec it requested and handles it accordingly
Do that for every weird "feature" delivered over HTTP, and suddenly we can both have backwards-compatibility and new features, and everything is supported, and we can move forward without breaking or obsoleting things.

This actually makes sense from a programmatic standpoint, because "Cookies" are implemented as their own "Spec" in a program anyway, as a class that has to handle every version of how cookies work. So you might as well make it explicit, and have 5 different classes (one per version), and make a new object from the class matching the version you want. This way you have less convoluted logic and don't have regressions when you change things for a new version.

bloppe 4 days ago | parent | prev [-]

There's no differences between a monopoly and an open standard when it comes to breaking users. They both would rather not for the same reasons