Re: [hybi] Resolving Issue 11 - Amateur programmer requirement [was: Extensibility mechanisms?]
Willy Tarreau <w@1wt.eu> Fri, 23 July 2010 08:52 UTC
Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D73163A69B5 for <hybi@core3.amsl.com>; Fri, 23 Jul 2010 01:52:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.947
X-Spam-Level:
X-Spam-Status: No, score=-2.947 tagged_above=-999 required=5 tests=[AWL=-0.904, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PZ-tNzKvykJs for <hybi@core3.amsl.com>; Fri, 23 Jul 2010 01:52:05 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id B73083A63C9 for <hybi@ietf.org>; Fri, 23 Jul 2010 01:52:04 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o6N8qExQ021444; Fri, 23 Jul 2010 10:52:14 +0200
Date: Fri, 23 Jul 2010 10:52:14 +0200
From: Willy Tarreau <w@1wt.eu>
To: Julian Reschke <julian.reschke@gmx.de>
Message-ID: <20100723085214.GB21005@1wt.eu>
References: <AANLkTim=2hHLTT7s_s_qg_rejfxAPEvLJygMv5UXmqM0@mail.gmail.com> <1215617487.77672.1279854143695.JavaMail.root@cm-mail03.mozilla.org> <AANLkTin8Rkv9=z750JHMjNYtrC5w=4L-_Hcz9AKxfG61@mail.gmail.com> <4C492EBA.6080908@gmx.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4C492EBA.6080908@gmx.de>
User-Agent: Mutt/1.4.2.3i
Cc: hybi@ietf.org
Subject: Re: [hybi] Resolving Issue 11 - Amateur programmer requirement [was: Extensibility mechanisms?]
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2010 08:52:05 -0000
On Fri, Jul 23, 2010 at 07:55:06AM +0200, Julian Reschke wrote: > On 23.07.2010 06:50, Ian Fette (????????????????????????) wrote: > >The amateur programmer argument keeps coming up. Search google for hybi > >amateur programmer. It's been raised as an argument against suggestions > >that are meant to help the protocol scale, it's been raised in > >discussions of keepalives, it's been raised in multiple framing > >discussions... I'm not arguing it's a great construct. I don't actually > >agree that we should be designing for an amateur programmer. What I'm > >saying is that I do believe that this issue being outstanding is > >preventing further progress on other issues, so I want to see it put to > >rest. > >... > > +1 +1 Also, IMHO there's a contradiction between the fact that we're trying to do our best to ensure that the protocol prevents any form of cross-proto attacks, and the protocol is easily implementable by "amateurs" (which I parse as "the guys who want a quick and dirty implementation and who don't mind about small side effects as long as it works"). I think that most of the ML subscribers have already written in a hurry very simple shell script based web servers to be run from inetd and which did not care about the method, "../" in file names, permissions, keep-alive, content-length, etc... This is exactly what is permitted by the simplicity of the HTTP protocol : easy, possibly incomplete and possibly insecure implementations for amateurs. If we want amateurs to be able to make full and complete implementations of WS, then we'll always be limited in the features and security level (and we'll never agree on what the amater is able to do). If we define an extensible protocol that amateurs can implement partially because they only care about the most common denominator, then we have no problem adding new features and improving security. While HTTP talks about "implementations", meaning that everyone might implement a different subset of it, WS seems to focus only on one way to get it right. This strict view is probably what will finally make it hard for amateurs to implement it right ! Willy
- [hybi] Resolving Issue 11 - Amateur programmer re… Ian Fette (イアンフェッティ)
- Re: [hybi] Resolving Issue 11 - Amateur programme… Mark Nottingham
- Re: [hybi] Resolving Issue 11 - Amateur programme… James Graham
- Re: [hybi] Resolving Issue 11 - Amateur programme… Robert Sayre
- Re: [hybi] Resolving Issue 11 - Amateur programme… Ian Fette (イアンフェッティ)
- Re: [hybi] Resolving Issue 11 - Amateur programme… Julian Reschke
- Re: [hybi] Resolving Issue 11 - Amateur programme… L.Wood
- Re: [hybi] Resolving Issue 11 - Amateur programme… Pieter Hintjens
- Re: [hybi] Resolving Issue 11 - Amateur programme… Willy Tarreau