Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTTP's Days Numbered

Posted by ryuzaki0 on from the big-number-or-small-number-is-the-question dept.

dlek writes: "ZDNet is running an article in which a Microsoft .Net engineer declares HTTP's days are numbered. (For those of you just tuning in, HTTP is the primary protocol for the world-wide web.) Among the tidbits in this manifesto is the inference that HTTP is problematic primarily because it's asymmetric--it's not peer-to-peer, therefore it's obsolete. Hey everybody, P2P was around long before Napster, and was rejected when client-server architecture was more appropriate!"

18 of 505 comments (clear)

  1. Well Duh... by pridkett · · Score: 4, Insightful

    Anyone who has tried to understand the various "standards" for web services and their associated train wreck (I think I'm being gracious here) would realize that most of them are bolted on to a protocol that was never meant to serve them in such a way. HTTP is meant for quick requests, not monoloithic requests that take a long time.

    Before you rush to say Mickeysoft is destroying the web, please realize that he's referring to web services, not your personal home page (although I'd imagine they'd like to make that proprietary too).

    --
    My Slashdot account is old enough to drink...
  2. What the title _should_ read: by PureFiction · · Score: 5, Insightful

    "HTTP's days as an RPC transport are numbered"

    HTTP works great for a large number of purposes. It will continue to work great for a large number of purposes. However, it is not so great when you are trying to build powerful RPC mechanisms like SOAP on top of it. It's the latter where HTTP will slowly loose favor.

    Your web browser will still be making HTTP requests for HTML documents many years into the future...

  3. NAT & Firewalls by mikeee · · Score: 5, Insightful

    The problem is, most machines aren't even really *on* the internet anymore, just on the Web. Which is not as powerful, so you end up with these godawful kludges trying to run applications over HTTP.

    The Right Thing would be to get IPv6 out, make local client firewalls and sandboxing standard, and ditch NAT and central firewalls.

    Yeah, right.

    Instead we have SOAP, a RPC-over-HTTP kludge. We may as well run PPP-over-HTTP and have done with it...

    1. Re:NAT & Firewalls by mikeee · · Score: 5, Insightful

      If you don't have a real, static IP, no, you aren't really on the internet.

      If you are behind a firewall that only allows HTTP, no. If it only allows outgoing connections, not really. All you can do is what HTTP can do, which is much less than IP can.

      It would be really sad if the net were reduced to the web. "You say you need IP connectivity? Are you some kind of hacker?"

    2. Re:NAT & Firewalls by GSloop · · Score: 5, Insightful

      Yeah, let me run and open every port to every caller! I guess I was completely crazy to close off all those ports and limit connections for any and every service...

      [Sheesh] Security and Convience will ALWAYS play off against each other. If you have locks on your house, you're not really getting the full benefit of a house!? Sure, locks make life more "inconvenient." But you trade some convenience for security. I close off all those ports because I don't know what might be used to exploit the openings.

      Now, we'll get to arguing about packet filtering vs. proxy filtering and how proxies are better...blah blah blah.

      In short, I want a BALANCE of convenience and security. Blocking some content (ports/hosts) is a way to do that. That's a good thing in a system that's setup right. Does your company let anyone into the building that wants to get in, and only disallow those that it activly sees doing mischief? No (at least for your sake I hope) they don't. They say, do you have some purpose here? Are you explicitly allowed. Then you get in.

      Frankly you can argue about NAT and unblocked connections all you want. What my clients want is functionality. The functionality of the network is compromised by too open a security (too much functionality) of the internet. They want the machines to work, the data to get processed, and to spend as little money as possible fighting battles. The solution is only to open that which needs to be open to acomplish the business objectives.

      Cheers!

  4. A new FUD campaign, I swear by mfarah · · Score: 3, Insightful
    Box likes to think of HTTP as the "cockroach of the Internet" because "after the holocaust it will be the only protocol left standing."

    Gee, I wonder WHAT shape will that holocaust take. Maybe it'll be a killer protocol that pursues and assasinates other protocols? Damn, Mr. Box, use the proper words, will you?



    This works for small transactions asking for Web pages, but when Web services start running transactions that take some time to complete over the protocol, the model fails. "If it takes three minutes for a response, it is not really HTTP any more," Box said.

    Well, of course it isn't. Is it, then, HTTP's fault that it doesn't work perfectly when used for stuff it wasn't designed to do? Hell, I'd love to see telnet-over-HTTP done while we're at this.



    "We have to do something to make it (HTTP) less important," said Box. "If we rely on HTTP we will melt the Internet. We at least have to raise the level of abstraction, so that we have an industry-wide way to do long-running requests--I need a way to send a request to a server and not the get result for five days."

    Maybe if we get back to use the proper protocols (say, why don't we rely on ftp for transferring files, for example?), we wouldn't have the current "problem".



    Another problem with HTTP, said Box, is that it is asymmetric. "Only one entity can initiate an exchange over HTTP, the other entity is passive, and can only respond. For peer-to-peer applications this is not really suitable," he said.

    Of course it isn't, HTTP is designed with a client-server model in mind.



    In my humble opinion, this is just the first step from Microsoft for a new FUD campaign against HTTP: "First, we show everyone how HTTP isn't any good, then we roll over our brand new protocol that supports all of HTTP's capabilities, and lacks its limitations. Buy it from us, your beloved Microsoft!".



    "Microsoft has some ideas (on how to break the independence on HTTP), IBM has some ideas, and others have ideas. We'll see," he said. But, he added, "if one vendor does it on their own, it will simply not be worth the trouble."

    This, of course, implies that Microsoft won't control the new protocol on its own... not at first. They'll just "embrace and extend" it later.

    --
    "Trust me - I know what I'm doing."
    - Sledge Hammer
  5. not so sure about that... by Narcocide · · Score: 5, Insightful

    while it's certainly true that http was never originally ENVISIONED as a protocol to serve shoutcast/icecast streams, for example, it's usefulness to that purpose is a tribute to how well the spec was thought out. the simple fact remains that it's an incredibly versatile protocol which can be (and is) used for nearly every data/media transport/request over the internet. microsoft is going to have to do something FAR more impressive to convince me they have a good reason to scuttle the most re-purposeable protocol on the internet.

    ever wonder why 99% of ANY urls you see start with an http? ever wonder why flash webpages don't start with something like mmfttp and shoutcast streams don't start with plsttp?

    wonder.

    1. Re:not so sure about that... by dkemist · · Score: 4, Insightful

      You still have to conceed the point that http evolved to where it is today, and if one had to design something from scratch, it would likely be far different.

      I mean, let's take a connection oriented protocol like TCP and add a text based stateless protocol on top of it. Ok, that makes sense so far.... but wait, we want to be able to maintain state, so lets introduce this new concept called "cookies" and we'll use ASCII strings to identify things. And, it would be nice to be able to make multiple requests per TCP session, so let's put together some keep-alive mechanism. Ohh, and I want to be able to talk to multiple servers on a given IP, so let's add a host header field.... But wait, all of this is transmitted in clear text! Let's engineer a set of encyrption protocols to stick between our HTTP layer and our TCP layer. Here we'll solve some of the same engineering problems, like adding an SSL session ID to maintain state. Now, instead of requesting simple documents, how about we design an extensible markup spec to request "web services?" Yeah, that should work.

      It is a testament to the design of the protocol that it's still ticking with all these enhancements (aka hacks.) But, all the layers add bits of overhead that could likely be engineered out if one had the luxury of starting from scratch.

  6. doh! by mikeee · · Score: 3, Insightful

    Using TCP is a shortcut, and lazy.

    Until you end up reimplementing half of it on top of UDP. Badly. And yes, I've seen this multiple times.

    Enough with the NIH, please? There are many years of effort in the common TCP stacks, and many subtle things they do right that you'll miss the first dozen implementations.

    For the love of god, if you need a substancial subset of TCP's features, and can live with the overhead, use TCP!

  7. Re:He's got a point by Anonymous Coward · · Score: 3, Insightful

    Put the data you need to track in a database table or two and use hidden form vars to build the query to grab what you want.... Instant serverside cookies... No muss... Just another fscking query....

  8. Stateful vs. stateless by Salamander · · Score: 5, Insightful

    The problem with HTTP, as with any stateless protocol, is that there often are (or should be) relationships between requests. Ordering relationships are common, for example, as are authentication states. Stateless protocols are easier to implement, and thus should be preferred when such "implicit state" is not an issue, but in many other situations a protocol that knew something about state could be more efficient. All of this session-related cookie and URL-munging BS could just go away if the RPC-like parts of HTTP were changed to run on top of a generic session protocol.

    Another error embodied in HTTP - and it's one of my pet peeves - is that it fails to separate heartbeat/liveness checking from the operational aspects of the protocol. Failure detection and recovery gets so much easier when any two communicating nodes track their connectedness using one protocol and every other protocol can adopt a simple approach of "just keep trying until we're notified [from the liveness protocol] that our peer has died". This is especially true when there are multiple top-level protocols each concerned with peer liveness, or when a request gets forwarded through multiple proxies. As before, having the RPC-like parts of HTTP run on top of a generic failure detection/recovery layer would give us a web that's much more robust and also (icing on the cake) easier to program for.

    I don't know if any of this is what Don Box was getting at, but in very abstract terms he's right about HTTP being a lame protocol.

    --
    Slashdot - News for Herds. Stuff that Splatters.
  9. Considerations for long duration by Christopher+Bibbs · · Score: 3, Insightful

    Capabilities like chunked-encoding allow HTTP to not know how long the response will be before transmission begins. Explicit instructions for weather the connection is to remain open or closed after the request is complete. Support for acknowledgment before large data chunks are sent to server. Mandatory backward compatibility certainly hasn't taken anything away from the party. All of this is perfect for Client-Server, yes even "monolithic" actions.

    Now if you want to use HTTP to do P2P, then most likely you're only doing it so corporate users can flow out from behind their various firewalls without getting special permission from the IS department. Perhaps, HTTP isn't right in those situatins, but that doesn't mean something is wrong with HTTP. Put the blame where its due.

  10. It has begun by pergamon · · Score: 3, Insightful

    I knew it was only a matter of time before Microsoft realized it didn't need HTTP anymore. Granted, that isn't *exactly* what this article is talking about, but I think they're just warming up. If you read carefully, they're not just attacking HTTP as an RPC transport, but HTTP because it is an RPC protocol.

    Why bother with HTTP, FTP, SMTP, POP, IMAP, etc when they control most of the clients and almost half the servers on the Internet. They could replace all those with their own set of protocols or, more likely, a single MS-specific protocol. They say they're already working on some new RPC solution right here in this article. It isn't too hard to imagine them introducing this WindowsProtocol on the server and in some beta of MSIE. Then MSIE starts to try to use WindowsProtocol for any network communications before falling back to the standard protocols. In 3-5 years when they're up to 60% or 70% of the server market, server side Windows has an option that is default "on" that disables non-WindowsProtocol connections and client-side Windows starts asking the user if they want to enable connections to "legacy" services, while warning them that it isn't Microsoft so it can't be good. After that, who would run a server that can't accept connections from 90% of consumer computers?

    Of course I don't want this to happen, but what's to stop them? I doubt the <5% of us that realize its wrong will be able to.

  11. What nonsense by rseuhs · · Score: 5, Insightful
    Next, let's discuss Microsoft realizing that .NET is a "stupid idea." Microsoft doesn't care about setting up a scapegoat because they're 100% sure it will work, and they're probably right. The whole company has been restructured to work with .NET and it is not going away. Latest copy of Windows in development is Windows.NET, latest set of development tools is Visual Studio.NET, latest certification is MCSD.NET. Getting a trend here yet?

    Yeah, I know with the Linux-hype over, some people feel very "objective" when they treat Microsoft's marketing schemes like the word of god.

    However:

    .NET is essentially just the next incompatible-to-everything-but-itself Win32API with some Java-ideas and pseudo-language-independence thrown in.

    Will it become the standard on Windows? Sure, just like the Win32API - just like any api Microsoft pushes.

    Will it harm or endange other operating systems? No. Worst case is that everything stays the same and Linux can't run Windows-programs. Best-case is that Mono allows Windows-compatibility which would benefit Linux greatly.

    .NET is nothing new, it's just the next API Microsoft *HAS* to push, otherwise nobody upgrades. And it could be Microsoft's biggest mistake if it runs on Linux.

    1. Re:What nonsense by rseuhs · · Score: 3, Insightful
      XML, SOAP, DHTML etc. are not core parts. (And XML allows binary sections which means that you can put *everything* no matter how incompatible into an XML, BTW)

      The important thing is the API which will be incompatible to everything else. If it isn't it would be very bad for Microsoft.

      I suspect that .NET is incompatible to everything else, but projects like Mono could endanger this incompatibility and become big problems for Microsoft.

      Linux can only win. Worst case is that everything stays as incompatible as it is now, best case is that .NET becomes multi-platform which would kill Windows in a few years.

      The reality will probably be something in between: Compatibility will be better than current Wine/Win32 compatibility, but not 100% - yet Linux could make big inroads also on desktops if Windows-compatibility is good enough.

      The way I see it is that Bill Gates and Steve Ballmer fell victim to a big delusion: That Windows could survive on a leveled playing-field.

  12. http == qwerty by peter303 · · Score: 3, Insightful

    Sure both have flaws. But they are so entrenched, they'll never be displodged.

  13. Protocols never die by metoc · · Score: 4, Insightful

    HTTP is a protocol that was developed as a solution to a problem. That didn't mean we stopped using POP, FTP, Gopher, Telnet, KERMIT, etc., as they were developed to solve different problems. Now the new problem is Web Services, and the solution should not mean that we will stop using HTTP it to deliver web pages, or FTP to move files. We should not fear a new protocol (assuming it is good & worthy). As long as the solution has an IETF RFC number, with all the consultation and work required, it can be implemented by anyone. Remember HTTP wasn't invented by Microsoft, Netscape or even Linus. If you don't want Microsoft, AOL, Oracle or the MPAA developing the next solution, then come up with a great idea and start submitting RFCs.

  14. Re:Yeah, but by saintlupus · · Score: 4, Insightful

    HTTP is old and needs to be replaced, as soon as we can figure out what the best replacement is.

    Er, why? Am I not being advertised to in the most efficient, flashy manner?

    Fuck, the majority of what I use the web for could be handled by Gopher, let alone this fancy pants HTTP protocol.

    --saint