Posted by
ryuzaki0
on from the what-already? dept.
fabbe writes "The HTTP 1.1 protocol has been approved by the W3C and IETF. CNET article is here. "
Both bodies apparently showed ruthless efficiency getting
these standards out there... speeds that make even glaciers
jealous.
I was watching a show called "Flightpath" on Discovery channel last night and they were showing all sorts of nifty things about the new YF-22 fighter aircraft. This is the new hybrid stealth fighter that is going to replace the F-15 for general figter missions.
This plane has been under development more or less for the past 19 or 20 years. Although there are 9 or so flight ready versions of this plane which exist TODAY, there will not be any in actual military service for about 5 more years. Some people have described these planes as the most complex machines ever built. They HAVE to work perfectly because if they don't, the pilots will probably be killed and their strategic value will be lessened.
When much of the software being used today is labelled "mission critical" don't you think it should be well thought out and done PROPERLY as well? Perhaps not 25 years, but don't you find it amazing how stupid is it to spend so much money on software that only partially works?
The notion of "internet time" is complete and utter BS, invented solely to give software companies excuses for shoddy software and to make "lazy programmers" seem more productive.
HTTP/1.1 performance and other issues...
by
jg
·
· Score: 5
It wasn't quite as glacial as one might think. The draft standard was approved in March; the RFC issued recently when the RFC editor caught up on backlog. The internet drafts have not had a significant change for nearly a year. Most vendors have been working to the ID's for a long time.
HTTP/1.1 has already been pretty widely deployed: this was the approval of the draft standard, rather than the proposed standard.
As to performance stuff, see: http://www.w3.org/Protocols/HTTP/Performance/
As to recovering IP addresses, most clients have been sending the host name as part of the request using the HOST header for a long while. This means you can distinguish different web sites without depending on the IP address to distinguish them. - Jim Gettys HTTP/1.1 editor.
Virutal hosts and authentication
by
Chronoforge
·
· Score: 3
I'll try to answer a couple of the big questions I've seen here from RFC 2616 (HTTP/1.1) and the Apache docs.
Virtual hosts: Currently, a request looks something like GET / HTTP/1.0
But under HTTP/1.1, it looks more like GET / HTTP/1.1 HOST www.example.com
This way, the webserver knows what domain to serve the request from.
Now, this assumes that you referred to the webserver by name. If you refer to it by IP, the request looks like: GET / HTTP/1.1 HOST 192.168.12.27
Or, if you're using an HTTP/1.0 browser, the request would be GET / HTTP/1.0
In either case, Apache (I don't know about other servers cause I don't use them) will serve the request from the first VHost that matches that IP -- see http://www.apache.org/docs/vhosts/name-based.html
Thus, If you're running a children's educational site and a pr0n site on the same IP, not only are you an idiot, you should have the server direct older browsers and non-DNS users to a page that says 'Oops' (and possibly a list of the sites you serve).
Authentication: Under HTTP/1.0, the only supported authentication mode was basic. The username and password were base64 encoded for transmission, but not encrypted.
With HTTP/1.1 we get MD5 encoding.
This whole message will make a lot more sense if you read the Apache docs, RFC 1945 (HTTP/1.0, it's shorter than 2616[HTTP/1.1], and good for the basics), and RFC 2617 (Basic and Digest HTTP Authentication).
The long ratification times can be annoying, but it's better than the alternatives. We're all frustrated at the Netscape and MSIE "extensions" to HTML. Imagine now that the HTTP was also changing as frequently.
How much time do shops waste getting "compliant" MSIE browsers and "compliant" Netscape browsers to render the same source document into reasonably close fascimiles? How many shops give up and have separate MSIE and Netscape trees?
Now multiply that by the HTTP 1.0 server, the 1.1 server, the 1.1b server, the 1.2 server, the 1.3 server, and the 2.0 server. You would either see development slow to a crawl, or a lot of shops simply announcing that they would support a single server/client pair. The one that is bundled with every PC sale due to it's unquestionable (*not* 'unquestioned!') technical excellence. *cough*
Gee, maybe Microsoft is right and having a strong Imperial hand *does* help competition. King Bill could have simply announced that everyone shall use HTTP 1.1 (after paying another $200 for the privilege of serving his liege, of course) years ago, and by now we would be running HTTP 1.4 complete with 'Microsoft' 'innovations' such as push technology, dedicated "channels", and Lord Bill knows what else.
-- For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Slashdot Mirror
I was watching a show called "Flightpath" on Discovery channel last night and they were showing all sorts of nifty things about the new YF-22 fighter aircraft. This is the new hybrid stealth fighter that is going to replace the F-15 for general figter missions.
This plane has been under development more or less for the past 19 or 20 years. Although there are 9 or so flight ready versions of this plane which exist TODAY, there will not be any in actual military service for about 5 more years. Some people have described these planes as the most complex machines ever built. They HAVE to work perfectly because if they don't, the pilots will probably be killed and their strategic value will be lessened.
When much of the software being used today is labelled "mission critical" don't you think it should be well thought out and done PROPERLY as well? Perhaps not 25 years, but don't you find it amazing how stupid is it to spend so much money on software that only partially works?
The notion of "internet time" is complete and utter BS, invented solely to give software companies excuses for shoddy software and to make "lazy programmers" seem more productive.
It wasn't quite as glacial as one might think.
The draft standard was approved in March; the
RFC issued recently when the RFC editor caught
up on backlog. The internet drafts have not had
a significant change for nearly a year. Most
vendors have been working to the ID's for a long
time.
HTTP/1.1 has already been pretty widely deployed:
this was the approval of the draft standard,
rather than the proposed standard.
As to performance stuff, see:
http://www.w3.org/Protocols/HTTP/Performance/
As to recovering IP addresses, most clients
have been sending the host name as part of the
request using the HOST header for a long while.
This means you can distinguish different web sites
without depending on the IP address to distinguish
them.
- Jim Gettys
HTTP/1.1 editor.
I'll try to answer a couple of the big questions I've seen here from RFC 2616 (HTTP/1.1) and the Apache docs.
Virtual hosts:
Currently, a request looks something like
GET / HTTP/1.0
But under HTTP/1.1, it looks more like
GET / HTTP/1.1
HOST www.example.com
This way, the webserver knows what domain to serve the request from.
Now, this assumes that you referred to the webserver by name. If you refer to it by IP, the request looks like:
GET / HTTP/1.1
HOST 192.168.12.27
Or, if you're using an HTTP/1.0 browser, the request would be
GET / HTTP/1.0
In either case, Apache (I don't know about other servers cause I don't use them) will serve the request from the first VHost that matches that IP -- see http://www.apache.org/docs/vhosts/name-based.html
Thus, If you're running a children's educational site and a pr0n site on the same IP, not only are you an idiot, you should have the server direct older browsers and non-DNS users to a page that says 'Oops' (and possibly a list of the sites you serve).
Authentication:
Under HTTP/1.0, the only supported authentication mode was basic. The username and password were base64 encoded for transmission, but not encrypted.
With HTTP/1.1 we get MD5 encoding.
This whole message will make a lot more sense if you read the Apache docs, RFC 1945 (HTTP/1.0, it's shorter than 2616[HTTP/1.1], and good for the basics), and RFC 2617 (Basic and Digest HTTP Authentication).
--
Dave Richardson
The long ratification times can be annoying, but it's better than the alternatives. We're all frustrated at the Netscape and MSIE "extensions" to HTML. Imagine now that the HTTP was also changing as frequently.
How much time do shops waste getting "compliant" MSIE browsers and "compliant" Netscape browsers to render the same source document into reasonably close fascimiles? How many shops give up and have separate MSIE and Netscape trees?
Now multiply that by the HTTP 1.0 server, the 1.1 server, the 1.1b server, the 1.2 server, the 1.3 server, and the 2.0 server. You would either see development slow to a crawl, or a lot of shops simply announcing that they would support a single server/client pair. The one that is bundled with every PC sale due to it's unquestionable (*not* 'unquestioned!') technical excellence. *cough*
Gee, maybe Microsoft is right and having a strong Imperial hand *does* help competition. King Bill could have simply announced that everyone shall use HTTP 1.1 (after paying another $200 for the privilege of serving his liege, of course) years ago, and by now we would be running HTTP 1.4 complete with 'Microsoft' 'innovations' such as push technology, dedicated "channels", and Lord Bill knows what else.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken