mnot’s blog

Design depends largely on constraints.” — Charles Eames

Wednesday, 7 June 2017

How (Not) to Control Your CDN

In February, Omer Gil described the Web Cache Deception Attack.

this entry’s page

Thursday, 11 May 2017

How to Think About HTTP Status Codes

There’s more than a little confusion and angst out there about HTTP status codes. I’ve received more than a few e-mails (and IMs, and DMs) over the years from stressed-out developers (once at 2am, their time!) asking something like this:

this entry’s page

Thursday, 16 March 2017

The State of Browser Caching, Revisited

A long, long time ago, I wrote some tests using XmlHttpRequest to figure out how well browser caches behaved, and wrote up the results.

this entry’s page

Friday, 22 April 2016

Ideal HTTP Performance

The implicit goal for Web performance is to reduce end-user perceived latency; to get the page in front of the user and interactive as soon as possible.

this entry’s page

Wednesday, 9 March 2016

Alternative Services

The IESG has approved “HTTP Alternative Services” for publication as a Proposed Standard.

this entry’s page

Friday, 18 December 2015

Why 451?

Today, the IESG approved publication of “An HTTP Status Code to Report Legal Obstacles”. It’ll be an RFC after some work by the RFC Editor and a few more process bits, but effectively you can start using it now.

this entry’s page

Tuesday, 18 August 2015

Will there be a Distributed HTTP?

One of the things that came up at the HTTP Workshop was “distributed HTTP” — i.e., moving the Web from a client/server model to a more distributed one. This week, Brewster Khale (of fame) talked about similar thoughts on his blog and at CCC. If you haven’t seen that yet, I’d highly suggest watching the latter.

this entry’s page

Monday, 20 July 2015

Snowden Meets the IETF

Last night, we had a screening of CITIZENFOUR at the IETF meeting in Prague, and about 170 people showed up to see the movie about Edward Snowden’s relevations — information that led the IETF to declare such pervasive monitoring as an attack on the Internet itself.

this entry’s page

Monday, 15 June 2015

HTTP/2 Implementation Status

RFC7540 has been out for about a month, so it seems like a good time for a snapshot of where HTTP/2 implementation is at.

this entry’s page

Wednesday, 25 March 2015

Improving Captive Portals

Yesterday at IETF92 in Dallas, we had a “Bar BoF” (i.e., informal meeting) about improving the behaviour and handling of Captive Portals — those login pages that you have to click through to get onto networks in hotels, airports, and many other places.

this entry’s page