fsebugoutzone.org:9999

       Post Awv8QOnXBr9Kq5lFOS by fell@ma.fellr.net
 (DIR) More posts by fell@ma.fellr.net
 (DIR) Post #Awv6UDJnc56uUBXn5U by bagder@mastodon.social
       2025-08-07T07:28:30Z
       
       0 likes, 2 repeats
       
       The &quot;HTTP1 must die&quot; details are now public: https://portswigger.net/kb/papers/dzmxreq/http1-must-die.pdf(via https://http1mustdie.com/)
       
 (DIR) Post #Awv6UEbCqqd2SShCrI by bagder@mastodon.social
       2025-08-07T07:34:49Z
       
       2 likes, 2 repeats
       
       I still think the messaging of this is alarmist and quite frankly, lame. Recall how we also have had multiple bad implementation details in HTTP/2, some that aren&#39;t even really possible to fix there so some people recommend h3 instead. Which then has its own share of challenges.They&#39;re all far from simple. They are all complicated.
       
 (DIR) Post #Awv7yYfMuH3hKwfM2K by wolf480pl@mstdn.io
       2025-08-07T08:12:32Z
       
       1 likes, 1 repeats
       
       @bagder http2 and http3 must also die. We should all switch to ssh with force_command, like git does. /s
       
 (DIR) Post #Awv80QABUX2VXoy5XE by bagder@mastodon.social
       2025-08-07T08:12:51Z
       
       1 likes, 0 repeats
       
       @wolf480pl gopher come back!
       
 (DIR) Post #Awv8MECkdMQYpIZEEy by wolf480pl@mstdn.io
       2025-08-07T08:16:48Z
       
       0 likes, 0 repeats
       
       @bagder oh, Gopher is so back. Also Gemini.
       
 (DIR) Post #Awv8QOnXBr9Kq5lFOS by fell@ma.fellr.net
       2025-08-07T08:17:30Z
       
       0 likes, 0 repeats
       
       @wolf480pl @bagder I would love authenticating to websites with my SSH key. Support for the next best thing, TLS client certificates, seems incomplete.
       
 (DIR) Post #Awv8hovhHpOco9t13g by wolf480pl@mstdn.io
       2025-08-07T08:20:43Z
       
       0 likes, 0 repeats
       
       @bagder but like, those are good for documents. If you ask me what&#39;s the best way to make interactive network applications in 2025, it&#39;s XMPP with XEP-0050 Ad-hoc commands and XEP-0004 Data Forms.
       
 (DIR) Post #Awv8ygTrx6eRWkuYu8 by mid_kid@fosstodon.org
       2025-08-07T07:55:00Z
       
       0 likes, 0 repeats
       
       @bagder I have heard so little about HTTP2 and 3 that I thought they were still mostly experimental. I know curl supports them, but I have no idea if I&#39;ll have to update my dozens of python urllib scripts at some point.HTTP/1.1 has been the default for so long I barely ever considered anything else was necessary outside of specialized applications.
       
 (DIR) Post #Awv8yhOwWuIyNlc8rg by eris@p.enes.lv
       2025-08-07T08:23:41Z
       
       0 likes, 0 repeats
       
       If you don&#39;t need any extra features from HTTP 2 &amp; 3, you can just ignore them, I think it&#39;s unlikely that sites will drop HTTP 1 support, no matter what kind of ancient design problems it has.CC: @bagder@mastodon.social
       
 (DIR) Post #AwvGVmdmlo6nrqHP16 by aral@mastodon.ar.al
       2025-08-07T09:47:15Z
       
       0 likes, 0 repeats
       
       @dalias @bagder Yep.
       
 (DIR) Post #AwvNPlboOQA8boR0QC by wolf480pl@mstdn.io
       2025-08-07T11:05:29Z
       
       0 likes, 0 repeats
       
       @amelia @bagder it could. It needs a lot of state per connection do it wouldn&#39;t scale very well. But it totally has the MUX to allow you to run multiple commands in parallel, so with one command invocation per request, headers in argv,  request body in stdin, it could totally do sth similar to h2.Also it&#39;d integrate very well with your cgi-bin.
       
 (DIR) Post #AwvNhh00GqeNWZIVsG by wolf480pl@mstdn.io
       2025-08-07T11:08:45Z
       
       0 likes, 0 repeats
       
       @amelia doesn&#39;t hurt to try... even if this whole ssh-as-web-transport thing doesn&#39;t take off, why shouldn&#39;t we have an ssh server that can handle c10k?
       
 (DIR) Post #AwvNpgGmrlCDZxxPG4 by wolf480pl@mstdn.io
       2025-08-07T11:10:09Z
       
       0 likes, 0 repeats
       
       @amelia or c100k for that matter
       
 (DIR) Post #AxVXwUWuuGzaQawfi4 by _GreyWolf@kinkycats.org
       2025-08-24T21:49:29Z
       
       0 likes, 0 repeats
       
       @SRAZKVTIsn&#39;t that basically what passkeys now provide?@fell @wolf480pl @bagder
       
 (DIR) Post #AxVXwVsvruCGdAFlfE by wolf480pl@mstdn.io
       2025-08-24T21:53:01Z
       
       0 likes, 0 repeats
       
       @_GreyWolf @SRAZKVT @fell @bagder except in the most treat-user-as-child, vendor-lock-in manner
       
 (DIR) Post #AxVYe6ooQTybd8790q by _GreyWolf@kinkycats.org
       2025-08-24T22:00:55Z
       
       0 likes, 0 repeats
       
       @wolf480plTBF the vendors break it in my opinion by making it exportable in any way.I would prefer Hardware based trust and just adding the keys of other hardware from a trusted device like &quot;do you want to add this machine to your account&quot;But you are right it&#39;s kinda weirdly proprietary in the way they do it :/But at least it&#39;s a standard for doing so now @SRAZKVT @fell @bagder
       
 (DIR) Post #AxVZIj5XYjVbuBJ3fk by wolf480pl@mstdn.io
       2025-08-24T22:08:20Z
       
       0 likes, 0 repeats
       
       @_GreyWolf @SRAZKVT @fell @bagder I would prefer if there were both freely exportable ones, and actually hardware ones, for me to choose from.The exportable-but-only-to-approved-apps is a quite spooky..