Slashdot Mirror
S+M Vs. SPDY: Microsoft and Google Battle Over HTTP 2.0
MrSeb writes "HTTP, the protocol that underpins almost every inch of the world wide web, is about to make the jump from version 1.1 to 2.0 after some 13 years of stagnation. For a long time it looked like Google's experimental SPDY protocol would be the only viable option for the Internet Engineering Task Force to ratify as HTTP 2.0, but now out of left field comes a competing proposal from Microsoft. Lumbered with the truly awful name of HTTP Speed+Mobility, or HTTP S+M for short, Microsoft's vision of HTTP 2.0 is mostly very similar to SPDY, but with additional features that cater toward apps and mobile devices. 'The HTTP Speed+Mobility proposal starts from both the Google SPDY protocol and the work the industry has done around WebSockets,' says Jean Paoli from the Microsoft Interoperability team. Basically, the S+M proposal looks like it's less brute-force than SPDY: Where server push, encryption, and compression are all built into SPDY, Microsoft, citing low-powered devices and metered connections, wants them to be optional extensions. Judging by the speed at which the internet (and the internet of things) is developing, I think MS's extensible, flexible solution has its merits."
S&M - really??
I wonder if all the options of all the extensions will be part of the spec, or is this another embrace, extend, extinguish?
S&M? lol what is it with microsoft and their naming schemes. Turtle phone anyone?
Lets take a little look at the history of Microsoft and clearly understand what we're getting into before we blindly adapt one of their standards.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
The Microsoft S&M (TM) standard will mandate the declaration 'use strict' on all pages.
Oh, and I don't think Microsoft can embrace, extend, extinguish this one even if they tried, because everyone knows that IIS is a piece of shit. Apache still has 55%, but nginx is the fastest growing web server; I don't think standards can disrupt what's already a healthy ecosystem.
They stopped innovating years ago - copying Google is about the only thing they can do these days. And what's with the word "mobile" in this me too effort - it's not like they've ever had any relevance there, or ever will.
spell it right please
I like my HTTP protocols to be a little bit kinky.
... why they don't go whole hog, and call it "HTTP BSDM".
I'm sure they could come up with a good backronym.
Well, the internet is for porn...
SSL needs to be mandatory .. there is way too much threat from various governments and even non governmental bodies that want to see what people are doing on the web.
If wish somebody would ship an SSL-only browser.
For every optional feature, the server will need code to deal with clients that do support it and clients that don't. It's more code to write and more potential for bugs. Of course this doesn't mean that every feature should be mandatory, but compression and encryption are already supported by pretty much every browser and server push would be a significant improvement over polling.
On metered connections, compression and server push would be improvements and encryption wouldn't make a difference. For power consumption, server push would be an improvement (polling means sending over a wireless link regularly), compression would probably not make much of a difference (assuming we're talking about gzip here) and encryption might tax the battery a bit more. However, if this is an issue, the common encryption algorithms could be hardware accelerated.
Encryption doesn't prevent caching (except maybe by the proxies), but I guess browsers do it that way .. the browsers won't cache as a precaution -- it can be overridden.
Microsoft, with the ridicule market share of Windows Phone, you are probably not in the position to tell to Google how to do this kind of technology.
Microsoft proposes HTTP 2.0 come in the following varieties:
HTTP Speed+Mobility Starter Edition
HTTP Speed+Mobility Professional
HTTP Speed+Mobility Enterprise
HTTP Speed+Mobility Ultimate
#DeleteChrome
Well that's kind of the point isn't it? In S&M someone always is the biter and the other one is the bitten.
It'll won't be Microsoft wearing the ballgag.
I disagree that the MS approach to making it extensible is valid... sure that makes sense in today's world, but by the time the standard is widely accepted, internet speeds in most developed nations will far out perform the need for it to be plug-able to accommodate for bandwidth issues. It yet again goes to show that MS has a hard time looking into the future in comparison to Google
But images are largely the reason for caching, that is the point.
Microsoft, bleating and extensible in the same sentence reeks of trying to get a foot in the door, don't let them
Google, insisting on SSL where only they can cache their content with effective man in the middle certificates. Making them the only company that can deliver content with any performance. Why wouldn't they want that? Additionally anyone wanting to access your particular Google searches such as by unfavorable governments such as the Americans or the British would then have exactly what they need, a single point to look at and a guarantee where the traffic came from. sheer genius.
Google is EVIL
Microsoft is EVIL
Government control is EVIL
So between them they break the beautiful anonymity and freedom of the web.
tinhats?
that this is how Microsoft planned to make everyone use their digital handcuffs.
Speedup from HTTP pipelining: +40%
There's a reason why they didn't test against pipelining, because there's no need for a new protocol at all. The reason why they want to push SPDY so much is they want a direct 1-to-1 connection between your browser and the Google -- no caching, no proxy, no more documents. If you want to use the internet you'll need to be signed in to Google like DRM. And a persistent connection that's open for a long time means it's the same user -- better to sell you ads and track you.
HTTP 2.0 should be HTTP, a hyper text transfer protocol.
it should have been put up on 4/1, one would never know if true or a April Fools prank
I sat down to write a new sig tonight and all I did was make the chair warm.
Please cite Internet standards that were based fully on a Microsoft proposal and had IP problems.
none
...who brought you the Critical Update Notification Tool!
It's not a ballgag, it's a rights-management appliance.
Did you forget Active Directory and Kerberos where Microsoft refused to say WTF they did in the extension field until the Kerberos working group threatened to redefine that field away and turn Microsoft's implementation incompatible?
And they really should work together to combine both ideas.
Microsoft actually want to contribute on a level playing field now.
So they should be given a chance at least.
They have contributed some very useful things to the web right now that we take for granted on quite a few sites, this in particular.
And before people say "oh but it is slow", I'd like to see your native versions of the same thing. Hint: there are none.
But really, the very few programs where there are thousands upon thousands of active elements all with pretty detailed information on them, styling information, that can all equally affect each other directly through resizing, being plucked out the source, and so on, that are all on a UI are typically pretty damn slow, unless it is done through the video canvas. (that includes the native version of Google Wave that was done)
The video canvases on web browsers are getting so much quicker with each iteration that they will pretty quickly catch up to native speeds. And that isn't even counting WebGL.
What's the difference?
Oh, right, if you say the safe word, your partner will remove the ballgag.
I am officially gone from
The safeword is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0, right?
Does the M$ package comes with proprietary IP?
That'd be a golden shower, not S&M
When any part of a standard is optional, then you can't really depend on it. If you can't depend on it then you can't really use it for any real life scenarios. Optional features in standards are bad.
The safeword is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0, right?
Hey that's easier to say than this safe word :)
http://www.youtube.com/watch?v=9-2dN9E8vPk&feature=youtube_gdata_player
"Curiouser and Curiouser...." -Alice
Where are those people who complain about how "Gimp" is impossible to sell because a "real business" wouldn't be able to stop thinking about sexual deviancy..?
I'm sorry, but MS's idea is stupid. HTTP/2.0 will take years to enter mainstream, widespread usage, and will persist for a decade or more. Even today, modern mobile devices and networks should not have a problem implementing encryption, compression, and server-side push. For those that do, use HTTP/1.1 with or without SSL. Don't cripple the next standard because you're worried about some legacy device of today. By not making things optional, SPDY really raises the bar, giving us an awesome technological substrate to build on going forward where we can *assume* encryption, push, multi-channel, etc.
How many HTTP protocols do you use on your way to the ATM machine?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Maye it is time to rethink the architecture beyond single encrypted pipe bolted onto a legacy protocol made to mimic even older legacy protocols. There is no reason proxies could not cache opaque encrypted and signed blobs - be it components of documents or fragments of a broadcast stream - they don't need to know whats inside and client does not care who he gets it from as long as the indentity and authenticity can be verified. But we would need to decouple transport from encryption. SSL will not help us there. We'd need encrypted & signed content entities, and content distribution protocols that allow content distribution from multiple sites based on network distance. Take inspiration from the P2P networks lile BitTorrent.
Really, even for US citizens, the MITM ability of the US gov is bad enough, but those on the "naughty list", e.g. Canada, have as much or more to fear from the USA enacting a MITM attack.
How do you say a safeword while wearing a ballgag?
Don't a lot of sites already implement S&M? Ohh... S+M, not... I gotcha.
Microsoft has a history of marketing intelligence. They released the first version of Windows Update as the Critical Update Notification Tool (make the acronym...).
That or FC: Fluffy Creatures 2009 (SWF; NSFW).
They also had a campaign in System Center with the tagline "You're in control!" Spoken, it sounds like "hitting the bowl"
That or "Urine Control" sounds like what "Nintendo Wii" would mean if it were literal
the same way that "gun control is hitting what you're aiming at"
I hope that the IETF group insists on Microsoft's contributing being patent-free or royalty-free. Otherwise, this proposal should be instantly rejected. Same for Google and SPDY.
- David A. Wheeler (see my Secure Programming HOWTO)
Sign language. Though I hear it's difficult to sign when you're in handcuffs.
ActiveX and Silverlight
Watch for Penguins, they eat Apples and throw rocks at Windows.
No one -- even Microsoft -- is asking for "blind adoption". The Microsoft proposal offers numerous explicit issues for discussion and raises and provides a recommendations for addressing numerous issues with regards to Google's earlier proposal (both as regards to pragmatics and consistency with the HTTP/2.0 charter.) Its a discussion draft. Its not intended for blind adoption, its intended to spur further discussion in the work group.
Why not address the merits of the proposal?
So much content is dynamically "tagged" to be unique to the current browsing session, that caching HTTP proxies are becoming less useful. CSS and JS resources are modified with unique IDs and many admins reduce cache-control on the server headers to easily update their websites so they don't have to wait for some HTTP cache to expire somewhere between their server and the client.
I would say the privacy of having HTTPS everywhere far outweighs (on a social/society/individual level) the small benefit of middle-man cache (obviously the clients can still cache resources over SSL).
It also helps thwart (somewhat) network operators from mangling your traffic as their deep packet inspection isn't as useful on encrypted traffic.
That and Google has been working to reduce the latency of SSL negotiation including the use of False Start (reduce round trips), Next Protocol Negotiation (IETF draft mod of TLS handshake), and Snap Start (OSCP and cert caching). [Scroll to bottom of article for links to these changes.]
This work applies to HTTP/1.1 and will be even better in HTTP/2.0
And that's why big media likes using them so much!
Sleep your way to a whiter smile...date a dentist!
generally hum a pre-defined tune, or if it's your generic smaller one, generic grunting vs actual speech is easily determined, often entire words
So, we have a debate on whether or not you should have to give your facebook password to your boss, and your solution is to have them be able to get into absolutely every mail, twitter, facebook, etc account that you browse from work? This frankly scares me. I have a CA checker in my browser for just this issue.