SubResource Integrity (SRI)

Implementation

  • Blink/Chromium → 355467Subresource Integrity; In Google Chromium Bugzilla; 2014-03-24.
  • Gecko → 992096 Implement Subresource Integrity; In Mozilla Bugzilla; 2014-09-03.
  • Subresource Integrity (SRI) Manager, a WordPress Plugin; WordPress.org; 2015-06-15.
    requires WordPress v4.1 to WordPress 4.2.5.

Tutorial

Referenced

Promotion

Usage

SRI Hash Generator

cat FILENAME.js |
openssl dgst -sha384 -binary |
openssl enc -base64 -A
<script src="https://example.com/FILENAME.js"
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>

HTTP and UDP

httpp and httpps

Who

When

  • 2010-Current.
  • 2012-10-28, announced to the ietf-http-wg@we.org

httpu and httpmu

draft-goland-http-udp-01Multicast and Unicast UDP HTTP Messages; Yaron Y. Goland (Microsoft); 1999-11-09 (expired: 2000-04).

  • New protocol names: httpu and httpmu
  • For httpmu the lack of a URI (a path) means *by some rationale (Section 5.3).
    • httpu://example.com and httpu://example.com/ are the same and have an implied path of / (slash)
    • httpmu://example.com and httpmu://example.com/ are different wherein the former has a path of * (star) and the latter has a path of / (slash), as per usual.
  • New headers (Section 11)
    • AL is like Location, but allows for multiple redirect locations
    • mx is a response-delay advisory, in integral seconds (not fractional seconds).
    • S is a unique client identifier, unique across all time; requests without an S don’t require a response.
  • Cookies are not implementable in Somethings(S, Serial Sequence, Something; that globally unique Request Identifier)
    • Cookies are:
      • sent out by servers
      • returned by clients
    • Somethingsare:
      • sent out by clients
      • returned by servers
  • SSDP Mailing List (circa 1999)

Protocols

  • TURN
  • STUN
  • STUNT

Related

Irrelevant

General UDP

at Jimi Wales’ Wiki

Specific

Proxygen by Facebook, a C++ HTTP Framework

Daniel Sommermann, Alan Frindell (Facebook); Introducing Proxygen, Facebook’s C++ HTTP Framework; In Their Blog; 2014-11-09.

Mentions

Assessment

Summary
Language LOC App LOC Test LOC
am 695 572 123
c++ 47,712 35,075 12,637
py 163 163 0
sh 84 84 0
total 48,654 35,894 12,760

Language (C++)

  • C++11
  • In-class initializers
  • Uniform Initialization
    • brace-enclosed initializers
    • in-class initializers
  • move semantics
  • namespaces
  • const
  • return value optimization (functions returning containers)
  • seems formatted for 80 character teletype screens.
  • std::unique_ptr
  • bool as single bitfield
  • range for loop
  • auto
  • std::string in lieu of char * (sometimes)
  • std::vector in lieu of arrays (sometimes)
  • attributes
    • final
    • ifunc (indirect function, per ELF)
    • noexcept
    • override
    • __attribute__((constructor))
  • static_assert
  • std::function
  • std::thread
  • std::chrono (seconds, milliseconds)

Dependencies

Runtime
Buildtime
  • Python
  • Ruby
  • gperf

Physical Design

  • (outline) function definitions separated from the function declaration (mostly)
  • roughly one class per file
  • Suffixes
    • *.hpp
    • *.cpp

Build System

  • autotools (automake, autoconf)
  • doxygen

Portability

  • Ubuntu

Promotion

Via: backfill

Actualities

CoreProxygenArchitecture.png

Inventory

LOC File
264 ./proxygen/proxygen/configure.ac
27 ./proxygen/proxygen/httpserver/Makefile.am
10 ./proxygen/proxygen/httpserver/samples/echo/Makefile.am
1 ./proxygen/proxygen/httpserver/samples/Makefile.am
1 ./proxygen/proxygen/lib/http/codec/Makefile.am
135 ./proxygen/proxygen/lib/http/Makefile.am
1 ./proxygen/proxygen/lib/http/session/Makefile.am
13 ./proxygen/proxygen/lib/Makefile.am
29 ./proxygen/proxygen/lib/services/Makefile.am
28 ./proxygen/proxygen/lib/ssl/Makefile.am
62 ./proxygen/proxygen/lib/utils/Makefile.am
1 ./proxygen/proxygen/Makefile.am
2381 ./proxygen/proxygen/external/http_parser/http_parser_cpp.cpp
319 ./proxygen/proxygen/external/http_parser/http_parser.h
3142 ./proxygen/proxygen/external/http_parser/test.c
59 ./proxygen/proxygen/httpserver/filters/DirectResponseHandler.h
125 ./proxygen/proxygen/httpserver/Filters.h
106 ./proxygen/proxygen/httpserver/filters/RejectConnectFilter.h
92 ./proxygen/proxygen/httpserver/HTTPServerAcceptor.cpp
48 ./proxygen/proxygen/httpserver/HTTPServerAcceptor.h
205 ./proxygen/proxygen/httpserver/HTTPServer.cpp
142 ./proxygen/proxygen/httpserver/HTTPServer.h
86 ./proxygen/proxygen/httpserver/HTTPServerOptions.h
78 ./proxygen/proxygen/httpserver/Mocks.h
186 ./proxygen/proxygen/httpserver/RequestHandlerAdaptor.cpp
74 ./proxygen/proxygen/httpserver/RequestHandlerAdaptor.h
76 ./proxygen/proxygen/httpserver/RequestHandlerFactory.h
99 ./proxygen/proxygen/httpserver/RequestHandler.h
198 ./proxygen/proxygen/httpserver/ResponseBuilder.h
84 ./proxygen/proxygen/httpserver/ResponseHandler.h
56 ./proxygen/proxygen/httpserver/samples/echo/EchoHandler.cpp
47 ./proxygen/proxygen/httpserver/samples/echo/EchoHandler.h
87 ./proxygen/proxygen/httpserver/samples/echo/EchoServer.cpp
41 ./proxygen/proxygen/httpserver/samples/echo/EchoStats.h
192 ./proxygen/proxygen/httpserver/ScopedHTTPServer.h
36 ./proxygen/proxygen/httpserver/SignalHandler.cpp
37 ./proxygen/proxygen/httpserver/SignalHandler.h
218 ./proxygen/proxygen/lib/http/codec/CodecDictionaries.h
92 ./proxygen/proxygen/lib/http/codec/CodecProtocol.cpp
51 ./proxygen/proxygen/lib/http/codec/CodecProtocol.h
409 ./proxygen/proxygen/lib/http/codec/compress/GzipHeaderCodec.cpp
96 ./proxygen/proxygen/lib/http/codec/compress/GzipHeaderCodec.h
128 ./proxygen/proxygen/lib/http/codec/compress/HeaderCodec.h
46 ./proxygen/proxygen/lib/http/codec/compress/Header.h
61 ./proxygen/proxygen/lib/http/codec/compress/HeaderPiece.h
210 ./proxygen/proxygen/lib/http/codec/compress/HeaderTable.cpp
221 ./proxygen/proxygen/lib/http/codec/compress/HeaderTable.h
105 ./proxygen/proxygen/lib/http/codec/compress/HPACKCodec.cpp
56 ./proxygen/proxygen/lib/http/codec/compress/HPACKCodec.h
50 ./proxygen/proxygen/lib/http/codec/compress/HPACKConstants.h
59 ./proxygen/proxygen/lib/http/codec/compress/HPACKContext.cpp
58 ./proxygen/proxygen/lib/http/codec/compress/HPACKContext.h
105 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecodeBuffer.cpp
84 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecodeBuffer.h
167 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecoder.cpp
78 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecoder.h
112 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncodeBuffer.cpp
94 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncodeBuffer.h
155 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncoder.cpp
75 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncoder.h
36 ./proxygen/proxygen/lib/http/codec/compress/HPACKHeader.cpp
81 ./proxygen/proxygen/lib/http/codec/compress/HPACKHeader.h
345 ./proxygen/proxygen/lib/http/codec/compress/Huffman.cpp
138 ./proxygen/proxygen/lib/http/codec/compress/Huffman.h
158 ./proxygen/proxygen/lib/http/codec/compress/Logging.cpp
39 ./proxygen/proxygen/lib/http/codec/compress/Logging.h
111 ./proxygen/proxygen/lib/http/codec/compress/StaticHeaderTable.cpp
24 ./proxygen/proxygen/lib/http/codec/compress/StaticHeaderTable.h
39 ./proxygen/proxygen/lib/http/codec/ErrorCode.cpp
52 ./proxygen/proxygen/lib/http/codec/ErrorCode.h
124 ./proxygen/proxygen/lib/http/codec/FlowControlFilter.cpp
97 ./proxygen/proxygen/lib/http/codec/FlowControlFilter.h
1071 ./proxygen/proxygen/lib/http/codec/HTTP1xCodec.cpp
196 ./proxygen/proxygen/lib/http/codec/HTTP1xCodec.h
49 ./proxygen/proxygen/lib/http/codec/HTTPChecks.cpp
38 ./proxygen/proxygen/lib/http/codec/HTTPChecks.h
263 ./proxygen/proxygen/lib/http/codec/HTTPCodecFilter.cpp
175 ./proxygen/proxygen/lib/http/codec/HTTPCodecFilter.h
468 ./proxygen/proxygen/lib/http/codec/HTTPCodec.h
74 ./proxygen/proxygen/lib/http/codec/HTTPSettings.cpp
71 ./proxygen/proxygen/lib/http/codec/HTTPSettings.h
16 ./proxygen/proxygen/lib/http/codec/SettingsId.cpp
44 ./proxygen/proxygen/lib/http/codec/SettingsId.h
1584 ./proxygen/proxygen/lib/http/codec/SPDYCodec.cpp
378 ./proxygen/proxygen/lib/http/codec/SPDYCodec.h
163 ./proxygen/proxygen/lib/http/codec/SPDYConstants.cpp
130 ./proxygen/proxygen/lib/http/codec/SPDYConstants.h
81 ./proxygen/proxygen/lib/http/codec/SPDYUtil.cpp
144 ./proxygen/proxygen/lib/http/codec/SPDYUtil.h
16 ./proxygen/proxygen/lib/http/codec/SPDYVersion.h
47 ./proxygen/proxygen/lib/http/codec/SPDYVersionSettings.h
33 ./proxygen/proxygen/lib/http/codec/TransportDirection.cpp
28 ./proxygen/proxygen/lib/http/codec/TransportDirection.h
61 ./proxygen/proxygen/lib/http/HTTPCommonHeaders.template.h
167 ./proxygen/proxygen/lib/http/HTTPConnector.cpp
152 ./proxygen/proxygen/lib/http/HTTPConnector.h
32 ./proxygen/proxygen/lib/http/HTTPConstants.cpp
67 ./proxygen/proxygen/lib/http/HTTPConstants.h
31 ./proxygen/proxygen/lib/http/HTTPException.cpp
169 ./proxygen/proxygen/lib/http/HTTPException.h
308 ./proxygen/proxygen/lib/http/HTTPHeaders.cpp
423 ./proxygen/proxygen/lib/http/HTTPHeaders.h
34 ./proxygen/proxygen/lib/http/HTTPHeaderSize.h
831 ./proxygen/proxygen/lib/http/HTTPMessage.cpp
98 ./proxygen/proxygen/lib/http/HTTPMessageFilters.h
724 ./proxygen/proxygen/lib/http/HTTPMessage.h
45 ./proxygen/proxygen/lib/http/HTTPMethod.cpp
59 ./proxygen/proxygen/lib/http/HTTPMethod.h
34 ./proxygen/proxygen/lib/http/ProxygenErrorEnum.cpp
73 ./proxygen/proxygen/lib/http/ProxygenErrorEnum.h
81 ./proxygen/proxygen/lib/http/RFC2616.cpp
73 ./proxygen/proxygen/lib/http/RFC2616.h
23 ./proxygen/proxygen/lib/http/session/AckLatencyEvent.h
33 ./proxygen/proxygen/lib/http/session/ByteEvents.cpp
105 ./proxygen/proxygen/lib/http/session/ByteEvents.h
171 ./proxygen/proxygen/lib/http/session/ByteEventTracker.cpp
85 ./proxygen/proxygen/lib/http/session/ByteEventTracker.h
67 ./proxygen/proxygen/lib/http/session/CodecErrorResponseHandler.cpp
42 ./proxygen/proxygen/lib/http/session/CodecErrorResponseHandler.h
122 ./proxygen/proxygen/lib/http/session/HTTPDirectResponseHandler.cpp
52 ./proxygen/proxygen/lib/http/session/HTTPDirectResponseHandler.h
89 ./proxygen/proxygen/lib/http/session/HTTPDownstreamSession.cpp
73 ./proxygen/proxygen/lib/http/session/HTTPDownstreamSession.h
34 ./proxygen/proxygen/lib/http/session/HTTPErrorPage.cpp
70 ./proxygen/proxygen/lib/http/session/HTTPErrorPage.h
47 ./proxygen/proxygen/lib/http/session/HTTPEvent.cpp
126 ./proxygen/proxygen/lib/http/session/HTTPEvent.h
102 ./proxygen/proxygen/lib/http/session/HTTPSessionAcceptor.cpp
141 ./proxygen/proxygen/lib/http/session/HTTPSessionAcceptor.h
71 ./proxygen/proxygen/lib/http/session/HTTPSessionController.h
2002 ./proxygen/proxygen/lib/http/session/HTTPSession.cpp
832 ./proxygen/proxygen/lib/http/session/HTTPSession.h
25 ./proxygen/proxygen/lib/http/session/HTTPSessionStats.h
933 ./proxygen/proxygen/lib/http/session/HTTPTransaction.cpp
118 ./proxygen/proxygen/lib/http/session/HTTPTransactionEgressSM.cpp
71 ./proxygen/proxygen/lib/http/session/HTTPTransactionEgressSM.h
1155 ./proxygen/proxygen/lib/http/session/HTTPTransaction.h
134 ./proxygen/proxygen/lib/http/session/HTTPTransactionIngressSM.cpp
73 ./proxygen/proxygen/lib/http/session/HTTPTransactionIngressSM.h
116 ./proxygen/proxygen/lib/http/session/HTTPUpstreamSession.cpp
95 ./proxygen/proxygen/lib/http/session/HTTPUpstreamSession.h
66 ./proxygen/proxygen/lib/http/session/SimpleController.cpp
66 ./proxygen/proxygen/lib/http/session/SimpleController.h
162 ./proxygen/proxygen/lib/http/session/TransportFilter.cpp
124 ./proxygen/proxygen/lib/http/session/TransportFilter.h
27 ./proxygen/proxygen/lib/http/session/TTLBAStats.h
96 ./proxygen/proxygen/lib/http/Window.cpp
84 ./proxygen/proxygen/lib/http/Window.h
59 ./proxygen/proxygen/lib/services/AcceptorConfiguration.h
444 ./proxygen/proxygen/lib/services/Acceptor.cpp
342 ./proxygen/proxygen/lib/services/Acceptor.h
56 ./proxygen/proxygen/lib/services/ConnectionCounter.h
54 ./proxygen/proxygen/lib/services/HTTPAcceptor.h
45 ./proxygen/proxygen/lib/services/LoadShedConfiguration.cpp
109 ./proxygen/proxygen/lib/services/LoadShedConfiguration.h
60 ./proxygen/proxygen/lib/services/NetworkAddress.h
40 ./proxygen/proxygen/lib/services/RequestWorker.cpp
89 ./proxygen/proxygen/lib/services/RequestWorker.h
126 ./proxygen/proxygen/lib/services/ServerSocketConfig.h
58 ./proxygen/proxygen/lib/services/ServiceConfiguration.h
33 ./proxygen/proxygen/lib/services/Service.cpp
137 ./proxygen/proxygen/lib/services/Service.h
102 ./proxygen/proxygen/lib/services/ServiceWorker.h
66 ./proxygen/proxygen/lib/services/TransportInfo.cpp
279 ./proxygen/proxygen/lib/services/TransportInfo.h
160 ./proxygen/proxygen/lib/services/WorkerThread.cpp
129 ./proxygen/proxygen/lib/services/WorkerThread.h
24 ./proxygen/proxygen/lib/ssl/ClientHelloExtStats.h
53 ./proxygen/proxygen/lib/ssl/DHParam.h
31 ./proxygen/proxygen/lib/ssl/PasswordInFile.cpp
38 ./proxygen/proxygen/lib/ssl/PasswordInFile.h
23 ./proxygen/proxygen/lib/ssl/SSLCacheOptions.h
69 ./proxygen/proxygen/lib/ssl/SSLCacheProvider.h
95 ./proxygen/proxygen/lib/ssl/SSLContextConfig.h
654 ./proxygen/proxygen/lib/ssl/SSLContextManager.cpp
186 ./proxygen/proxygen/lib/ssl/SSLContextManager.h
354 ./proxygen/proxygen/lib/ssl/SSLSessionCacheManager.cpp
293 ./proxygen/proxygen/lib/ssl/SSLSessionCacheManager.h
42 ./proxygen/proxygen/lib/ssl/SSLStats.h
76 ./proxygen/proxygen/lib/ssl/SSLUtil.cpp
102 ./proxygen/proxygen/lib/ssl/SSLUtil.h
308 ./proxygen/proxygen/lib/ssl/TLSTicketKeyManager.cpp
198 ./proxygen/proxygen/lib/ssl/TLSTicketKeyManager.h
20 ./proxygen/proxygen/lib/ssl/TLSTicketKeySeeds.h
60 ./proxygen/proxygen/lib/utils/CobHelper.h
76 ./proxygen/proxygen/lib/utils/CryptUtil.cpp
22 ./proxygen/proxygen/lib/utils/CryptUtil.h
84 ./proxygen/proxygen/lib/utils/DestructorCheck.h
71 ./proxygen/proxygen/lib/utils/DomainNameMisc.h
34 ./proxygen/proxygen/lib/utils/Exception.cpp
46 ./proxygen/proxygen/lib/utils/Exception.h
358 ./proxygen/proxygen/lib/utils/FilterChain.h
43 ./proxygen/proxygen/lib/utils/HTTPTime.cpp
20 ./proxygen/proxygen/lib/utils/HTTPTime.h
16 ./proxygen/proxygen/lib/utils/NullTraceEventObserver.cpp
23 ./proxygen/proxygen/lib/utils/NullTraceEventObserver.h
159 ./proxygen/proxygen/lib/utils/ParseURL.cpp
112 ./proxygen/proxygen/lib/utils/ParseURL.h
242 ./proxygen/proxygen/lib/utils/Result.h
38 ./proxygen/proxygen/lib/utils/SocketOptions.cpp
24 ./proxygen/proxygen/lib/utils/SocketOptions.h
46 ./proxygen/proxygen/lib/utils/StateMachine.h
37 ./proxygen/proxygen/lib/utils/TestUtils.h
128 ./proxygen/proxygen/lib/utils/Time.h
32 ./proxygen/proxygen/lib/utils/TraceEventContext.h
130 ./proxygen/proxygen/lib/utils/TraceEvent.cpp
139 ./proxygen/proxygen/lib/utils/TraceEvent.h
24 ./proxygen/proxygen/lib/utils/TraceEventObserver.h
24 ./proxygen/proxygen/lib/utils/UtilInl.h
163 ./proxygen/proxygen/lib/utils/gen_trace_event_constants.py
54 ./proxygen/proxygen/deps.sh
30 ./proxygen/proxygen/reinstall.sh
11 ./proxygen/proxygen/httpserver/tests/Makefile.am
21 ./proxygen/proxygen/lib/http/codec/test/Makefile.am
21 ./proxygen/proxygen/lib/http/session/test/Makefile.am
14 ./proxygen/proxygen/lib/http/test/Makefile.am
16 ./proxygen/proxygen/lib/ssl/test/Makefile.am
27 ./proxygen/proxygen/lib/test/Makefile.am
13 ./proxygen/proxygen/lib/utils/test/Makefile.am
97 ./proxygen/proxygen/httpserver/samples/echo/test/EchoHandlerTest.cpp
154 ./proxygen/proxygen/httpserver/tests/HTTPServerTest.cpp
35 ./proxygen/proxygen/lib/http/codec/compress/test/HeaderPieceTests.cpp
134 ./proxygen/proxygen/lib/http/codec/compress/test/HeaderTableTests.cpp
345 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKBufferTests.cpp
283 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKCodecTests.cpp
202 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKContextTests.cpp
65 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKHeaderTests.cpp
96 ./proxygen/proxygen/lib/http/codec/compress/test/HTTPArchive.cpp
37 ./proxygen/proxygen/lib/http/codec/compress/test/HTTPArchive.h
312 ./proxygen/proxygen/lib/http/codec/compress/test/HuffmanTests.cpp
146 ./proxygen/proxygen/lib/http/codec/compress/test/LoggingTests.cpp
212 ./proxygen/proxygen/lib/http/codec/compress/test/RFCExamplesTests.cpp
61 ./proxygen/proxygen/lib/http/codec/compress/test/TestUtil.cpp
28 ./proxygen/proxygen/lib/http/codec/compress/test/TestUtil.h
222 ./proxygen/proxygen/lib/http/codec/test/FilterTests.cpp
130 ./proxygen/proxygen/lib/http/codec/test/HTTP1xCodecTest.cpp
130 ./proxygen/proxygen/lib/http/codec/test/MockHTTPCodec.h
1228 ./proxygen/proxygen/lib/http/codec/test/SPDYCodecTest.cpp
207 ./proxygen/proxygen/lib/http/codec/test/TestUtils.cpp
237 ./proxygen/proxygen/lib/http/codec/test/TestUtils.h
226 ./proxygen/proxygen/lib/http/session/test/DownstreamTransactionTest.cpp
1367 ./proxygen/proxygen/lib/http/session/test/HTTPDownstreamSessionTest.cpp
154 ./proxygen/proxygen/lib/http/session/test/HTTPSessionAcceptorTest.cpp
226 ./proxygen/proxygen/lib/http/session/test/HTTPSessionMocks.h
71 ./proxygen/proxygen/lib/http/session/test/HTTPSessionTest.h
153 ./proxygen/proxygen/lib/http/session/test/HTTPTransactionMocks.h
169 ./proxygen/proxygen/lib/http/session/test/HTTPTransactionSMTest.cpp
1411 ./proxygen/proxygen/lib/http/session/test/HTTPUpstreamSessionTest.cpp
1368 ./proxygen/proxygen/lib/http/session/test/MockCodecDownstreamTest.cpp
41 ./proxygen/proxygen/lib/http/session/test/TestUtils.cpp
34 ./proxygen/proxygen/lib/http/session/test/TestUtils.h
463 ./proxygen/proxygen/lib/http/test/HTTPMessageTest.cpp
49 ./proxygen/proxygen/lib/http/test/MockHTTPMessageFilter.h
128 ./proxygen/proxygen/lib/http/test/RFC2616Test.cpp
124 ./proxygen/proxygen/lib/http/test/WindowTest.cpp
83 ./proxygen/proxygen/lib/services/test/AcceptorTest.cpp
278 ./proxygen/proxygen/lib/ssl/test/SSLCacheTest.cpp
88 ./proxygen/proxygen/lib/ssl/test/SSLContextManagerTest.cpp
635 ./proxygen/proxygen/lib/test/TestAsyncTransport.cpp
158 ./proxygen/proxygen/lib/test/TestAsyncTransport.h
23 ./proxygen/proxygen/lib/test/TestMain.cpp
49 ./proxygen/proxygen/lib/utils/test/CryptUtilTest.cpp
538 ./proxygen/proxygen/lib/utils/test/GenericFilterTest.cpp
54 ./proxygen/proxygen/lib/utils/test/HTTPTimeTest.cpp
42 ./proxygen/proxygen/lib/utils/test/MockTime.h
137 ./proxygen/proxygen/lib/utils/test/ParseURLTest.cpp
73 ./proxygen/proxygen/lib/utils/test/ResultBenchmark.cpp
112 ./proxygen/proxygen/lib/utils/test/ResultTest.cpp
22 ./proxygen/proxygen/lib/utils/test/UtilTest.cpp

HTTP/2 all the things! | Ilya Grigorik (Google)

Ilya Grigorik (Google); HTTP/2 all the things!; At VENUE; WHEN? (2014-10?); 47 slides <- bit.ly/1rOWzXj
Teaser: challenges, opportunities, and the exciting world ahead of us…

Mentions

Via: backfill

Making the Web Faster with HTTP 2.0 | Ilya Grigorik

Ilya Grigorik; Making the Web Faster with HTTP 2.0; In ACM Queue; 2013-12-03.

References

Via: backfill

Dynamic Adaptive Streaming over HTTP (DASH)

MPEG DASh Scope

Concepts

  • MPEG-DASH Media Presentation Description (MPD)

Origin

  • Adaptive HTTP streaming (AHS) in 3GPP Release 9
  • HTTP Adaptive Streaming (HAS) in Open IPTV Forum Release 2.

Related

  • Adobe Systems, HTTP Dynamic Streaming,
  • Apple, HTTP Live Streaming (HLS)
  • Microsoft Smooth Streaming.

Standard

Highlights

  • Use Cases
    • On-Demand
    • Live
  • Ad insertion. Advertisements can be inserted as a period between periods or segment between segments in both on-demand and live cases.
  • CDN
    • Multiple URL
    • CCN (CCNx)
  • Codec
    • Agnostic
    • Common Encryption
    • Multiple DRM
  • Coding
    • Scalable Video Coding (SVC)
    • Multiview Video Coding (MVC)

Implementations

Via: backfill

High Performance Browser Networking | Ilya Grigorik

Ilya Grigorik (Google); High Performance Browser Networking; O’Reilly; 2013-08-23; O’Reilly: $35 (available 2013-01), online $0 (available now), Amazon: $27 (available 2013-08-23); 200 pages.

Online Availability (ungated), dated 2012.

Via: backfill

Quick UDP Internet Connections (QUIC)

Documents

Mentions

  • about:flags (in Chrome)
  • Alexa Top 5000 (source of published dictionary of “trusted” or “known” root certs).
  • WebRTC
  • draft-tuexen-tsvwg-sctp-dtls-encaps-00 DTLS Encapsulation of SCTP Packets for RTCWEB; IETF Draft; R. Jessup (WorldGate), S. Oreto (Ericsson), R. Stewart (Adara), M. Tuexen (Muenster University); 2012-03-04, expires: 2012-09-05.

Glossary

  • AEAD => Authenticated Encryption with Associated Data
  • AES-GCM
  • ASCII
  • CA => Certificate Authority
  • DNS
  • DNSSEC
  • DTLS
  • ECDSA
  • FEC => Forward Error Correction
  • FNV-1a
  • GUID
  • HKDF
  • HMAC
  • HTTP
  • UIKM => Input Key Material
  • IV => Initialization Vector
  • MTU
  • NACK
  • NAT
  • RSA
  • RST
  • RTT
    • 0-RTT
    • 1-RTT
    • 2-RTT
  • SCTP
  • SHA-256
  • SPDY
  • SYN
  • TCP
  • TCP Cubic
  • TLS
  • UDP

Statements

(quoted, or not) From any of the documents.

  • SCTP (alone) appears to require 1 full round trip in connection establishment prior to any data transfer.  See section 5 of the SCTP RFC 4960 for a discussion of this requirement.
  • DTLS appears to routinely require 3 round trips in its connection establishment.  DTLS is modeled after TLS, which defaults to a 2 RTT HELLO exchange at connection establishment.  As noted in section 8.1 of DTLS’s description<snip/>
  • There are some efforts to add FEC beneath SCTP,<snip/>
  • Recent work to extend TCP with TCP Fast Open offers promising strategies for evolving TCP to include data in the initial SYN packet, with plausibly acceptable controls on DOS attacks.
  • Techniques used in SSL Snap Start will be used for this construction, so as to mitigate replay attacks.
  • One known attack on TCP that could potentially be worse for QUIC is the Optimistic ACK Attack.
  • This “self DOS” attack can be used to DOS other users on the same downstream links. This is also possible in TCP; c.f. UMD-CS-TR-4737
  • Within SPDY
    • to specify always-use-QUIC
      Alternate-Protocol: 123:quic
    • to specify never-use-QUIC
      Alternate-Protocol-Required: 443:https

Tags

From the Crypto Specification

  • SCID => Server Config ID
  • KEXS => Key Exchange Algorithms
    • C255 => Curve25519
    • P256 => P-256
  • AEAD => Authenticated encryption Algorithms
    • AESG=> AES-GCM
    • S20P => Salsa20
  • PUBS => Public Values
  • ORBT => Orbit
  • EXPY => Expiry (time)
  • VERS => Versions
  • CETV => Client Encrypted Tag Values
    • CIDK => ChannelID Key
    • CIDS => ChannelID Signature

Referenced

Via: backfill

Browser Security & Web Security in ACM Queue circa 2012-11

  • Jeremiah Grossman, Ben Livshits, Rebecca Bace, George Neville-Neil; Browser Security Case Study: Appearances Can Be Deceiving; In ACM Queue; 2012-11-20.
    Mentions

    • Participants
      • Jeremiah Grossman
        is founder and CTO at WhiteHat Security, founder WASC (Web Application Security Consortium)
      • Ben Livshits
        is a researcher at Microsoft Research and an affiliate professor at the University of Washington.
      • Rebecca Gurley Bace
        is president/CEO of Infidel, a network security consulting practice, and chief strategist for the Center for Forensics, Information Technology, and Security at the University of South Alabama.
      • George Neville-Neil
        is a software engineer, previously with Yahoo! Paranoids
    • Concepts
      • HTML5
      • The SSL CA Model (Certificate Authority); i.e. PKI
      • Convergence, the notary method of CA assessment
      • The DoD model (of security, undefined)
      • CSRF
      • RFC-1918
      • FTC
      • DNT (Do Not Track)
      • robots.txt
      • Allow
      • Facebook button
      • Cross-Site Referral Hijacking
      • Local Storage
      • CSP (Content Security Policy)
      • SQL Injection via parameterized SQL statements
    • Quips, Citations
      • Moxie Marlinspike
      • Robert Hampton & Jeremiah Grossman on CSRF into RFC 1918 space circa 2006.
      • Dan Greer, a risk management domain expert
    • Quotes (two)
      • [Stanza]Only when users begin to see the value of their data and demand more protection for it will privacy measures get their due. If the market shifts in this direction and vendors see that adding better protection to their browsers could actually increase market share, then and only then will those measures become standard operating practice.

        GN-N We talked a little earlier about how it’s the browser users, rather than the browsers themselves, that are the real products here. Anyone care to expand on that?

        RB Well, that is the case, and it’s fundamental to this whole space. I would argue that every last conundrum in the area of browser security is rooted in the fact that we’re not dealing with a classic commercial model. That is, at present users don’t pay browser makers for software or, for that matter, the maintenance and upkeep of that software.

        JG The browser makers are monetizing your data, directly or indirectly, and therefore cannot see a way to protect that data without losing money. That makes for a really difficult situation.

        BL I’m not sure you can actually say it’s the browser makers who are “monetizing your data.” If anything, it’s the sites that are monetizing your data.

        JG Actually, there’s a clear interplay there. Just look at Google Chrome; it’s pretty obviously monetizing your data. The Mozilla guys derive 98 percent of their revenue directly from Google. Then you’ve got Microsoft, which you could argue is also desperate now to get into the advertising business. So that raises the question: How can you work to institute healthier business incentives when those efforts are so obviously at odds with the foundation the whole business sits upon?

        BL I don’t know. One of the problems with privacy is that it’s difficult to put a value on it. It’s difficult even to convince the users that their own privacy is actually worth all that much.

        JG Maybe users just aren’t all that aware of what they’re giving up with every single mouse click.

      • JG I can share how I try to protect myself and how I’ve instructed my mom to do it. Take two browsers—any modern browsers that have been updated will do. The important thing is to have two of them so you can compartmentalize risk. The first of these will be the primary browser, the one you use for all your promiscuous browsing—read the news, visit your favorite Web sites, click on the links in your Twitter feed, and whatever else you feel tempted to do. But don’t ever use the primary browser to do anything with online accounts you consider sensitive or important.

        If you’re using Chrome or Firefox, you should also turn on ad blocking and tracker blocking as extensions in the browser. That’s not just for sanity purposes, but also to prevent a whole lot of malware, which often ends up getting propagated over advertising networks. Bonus points if you run in incognito or private mode. That might save you a little bit of privacy as well. Another thing you should do is to block plugins from playing by default. You can run them whenever you want to with a right click, but don’t let them automatically run. Generally, when you get infected with a virus or a piece of malware, it’s because of some invisible plugin that runs automatically.

        Your secondary browser is the one you want to fire up only when it’s time to do online banking or online shopping or anything involving a credit card number, an account number, or anything else you want to protect. Once you’ve fired up that browser, get in and do what you need to do quickly, and then close that thing down.

        If you can manage to keep those two worlds separate, when you’re out surfing the Web with your primary browser, it won’t even be possible to hack your bank with a cross-site request forgery request because it will be like you’ve never logged in at that bank. So clickjacking, cross-site request forgery, and cross-site scripting pose almost no threat, since there effectively is no cross site.

  • Jeremiah Grossman (Whitehat Security); The Web Won’t Be Safe or Secure until We Break It; In ACM Queue; 2012-11-06.
    Mentions

    • Scope
      • HTML
      • CSS
      • JavaScript
    • Classifications
      • XSS => Cross Site Scripting
      • CSRF => Cross-Site Request Forgery
      • Clickjacking
      • Browser intranet hacking
      • “Drive-by” Downloads
      • History sniffing via CSS
      • Invisible iframes
    • Purposes
      • login detection
    • Techniques
      • iframe onload
      • img onload
      • img onerror
    • Market forces
      • Browsers need market share
      • Hard to mandate repairs that “break things”
      • “a more secure platform” is not a value add, not given the porting headache
      • Opt-in features
    • Opt-in Schemes
      • Content Security Policy
      • X-Frame-Options
      • Origin
      • Strict Transport Security
      • SSL (Secure Sockets Layer)
      • Secure cookie flag
      • HttpOnly cookie flags
    • Proposal
      • Full in-browser sandboxing
      • Make the desktop apps like the “mobile apps”

Cookie2 & Set-Cookie2 are not supported by Firefox, is deprecated with RFC 6265 anyway

  • Comment 19notes that Cookie2 is officially deprecated
    • Bug 208985 Set-Cookie2: not accepted (RFC 2965)
    • Indeed, using Set-Cookie2 against a Firefox 18 client does nothing
  • RFC 6265 HTTP State Management Mechanism; A. Barth (UCB); 2011-04
    Obsoleted:

Mentions

From in RFC 6265

The SELinux booleans and Apache httpd

 References

Just about the booleans, not about the labels…

Actualities

$ getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> off
httpd_manage_ipa --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_tty_comm --> on
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_verify_dns --> off
$ uname -a
Linux opened 3.6.6-1.fc16.i686.PAE #1 SMP Mon Nov 5 17:11:25 UTC 2012 i686 i686 i386 GNU/Linux
$ cat /etc/fedora-release 
Fedora release 16 (Verne)
$ rpm -q -a | grep -Ee '(policy|http)' | sort
checkpolicy-2.1.6-2.fc16.i686
httpd-2.2.22-2.fc16.i686
httpd-tools-2.2.22-2.fc16.i686
policycoreutils-2.1.4-13.fc16.i686
policycoreutils-gui-2.1.4-13.fc16.i686
policycoreutils-python-2.1.4-13.fc16.i686
policycoreutils-restorecond-2.1.4-13.fc16.i686
policycoreutils-sandbox-2.1.4-13.fc16.i686
polkit-desktop-policy-0.102-3.fc16.noarch
python-httplib2-0.7.4-6.fc16.noarch
selinux-policy-3.10.0-96.fc16.noarch
selinux-policy-targeted-3.10.0-96.fc16.noarch

Default catchall wildcard VirtualHost stanza for Apache httpd

References

In httpd documentation at Apache

Folklore and Q&A

Example

NameVirtualHost *:80 
<VirtualHost *:80>
    ServerName baker.com
    # baker.com -> www.baker.com
    Redirect permanent / http://www.baker.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName baker.org
    # baker.org -> www.baker.org
    Redirect permanent / http://www.baker.org/
</VirtualHost>
Include vhost/*.conf
<VirtualHost *:80>
    ServerName default
    ServerAlias *
    ServerAlias default.baker.com
    # *anything* else gets redirected back to www.baker.com
    Redirect permanent / http://www.baker.com/
</VirtualHost>