Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTTP/2.0 Opens Every New Connection It Makes With the Word 'PRISM' (jgc.org)

Posted by samzenpus on from the reading-between-the-lies dept.

An anonymous reader writes: British programmer and writer John Graham-Cumming has spotted what appears to be a 'code-protest' in the next generation of the hypertext protocol. Each new connection forged by the HTTP/2.0 protocol spells out the word 'PRISM' obliquely, though the word itself is obscured to the casual observer by coded returns and line-breaks. Work on the hidden message in HTTP/2.0 seems to date back to nine days after the Snowden revelations broke, with the final commit completed by July of 2013. In July 2013 one of the protocol's architects appealed to the development group to reconsider design principles in the light of the revelations about the NSA's worldwide surveillance program.

10 of 200 comments (clear)

  1. HTTP/2.0 support. by Anonymous Coward · · Score: 5, Funny

    HTTP/2.0 also supports the Bitcoin protocol which allows underpaid female STEM workers to drive 3D printed Uber cars or get a job (powered by DICE) delivering Arduinos via drones to Elon Musks new IoT manufacturing Chinese death factory.

  2. So who did it? by 140Mandak262Jamuna · · Score: 5, Interesting
    It should be possible to find out who did the code chage, who approved the change and who merged it.

    One of our coders used a limerick, yes it was the man from Nantucket, as a static string. He used it to test some of the string utility functions he was developing. Forgot to remove it. Eventually a nosy customer found it by running strings on our executable and made a stink about it. (Never explained why they were poking around our executable with strings) It is out of our builds now, but if you do a blame on stingutils.cpp you can still see it and see how long it stayed in production.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:So who did it? by Dog-Cow · · Score: 2

      The GP never implied the customer didn't have the right.

  3. Re:it took 2 1/2 years... by viperidaenz · · Score: 5, Insightful

    took 2 1/2 years for someone to care

  4. Re:no, without linefeeds it says PRI*HTTP/2.0SM by dcollins117 · · Score: 5, Insightful

    So someone added cruft to a communications protocol just to make a political statement? Seems to me that is a very poor reason to make a technical decision. It's not needed, it should be removed.

  5. Re:it took 2 1/2 years... by Atmchicago · · Score: 2

    How long would it take for someone to spot something similar in a closed project? Forever?

    --

    You can lead a horse to water, but you can't make it dissolve.

  6. Re:no, without linefeeds it says PRI*HTTP/2.0SM by BitterOak · · Score: 2

    Isn't that what the characters "HTTP/2.0" do? How does that not identify it as http2?

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  7. Re:it took 2 1/2 years... by harperska · · Score: 2

    Forever? Quite probably. Considering the developer who last touched any given source file in a large closed project has probably long since been laid off years before the poor contractor at some Bangalore outsourcing firm tasked with fixing a bug in the aforementioned source file was ever hired.

  8. Re:no, without linefeeds it says PRI*HTTP/2.0SM by Jesus_666 · · Score: 3, Insightful

    // HTTP 1.1 is essentially 1.0 so any future version of HTTP will work with our code.
    var weSupportThis = new Regex("^HTTP/\d+\.\d+").IsMatch(header);

    There are many coders out there and many broken ways of detecting protocols. Only changing the version number might run into trouble if one side of the conversation assumes that everything starting with "HTTP" is going to be pretty much equivalent to HTTP/1.0. So at least the "PRI" part makes sense.

    --
    USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  9. Re:it took 2 1/2 years... by thegarbz · · Score: 4, Insightful

    No. It took this long for someone to post it to Slashdot.

    People still don't care.