29 Matching Annotations
  1. Last 7 days
  2. Nov 2021
  3. Aug 2021
  4. Jul 2021
  5. datatracker.ietf.org datatracker.ietf.org
    1. It is similarly intended to fail to establish a connection when data from other protocols, especially HTTP, is sent to a WebSocket server, for example, as might happen if an HTML "form" were submitted to a WebSocket server. This is primarily achieved by requiring that the server prove that it read the handshake, which it can only do if the handshake contains the appropriate parts, which can only be sent by a WebSocket client. In particular, at the time of writing of this specification, fields starting with |Sec-| cannot be set by an attacker from a web browser using only HTML and JavaScript APIs such as XMLHttpRequest [XMLHttpRequest].
    2. The WebSocket Protocol is designed on the principle that there should be minimal framing (the only framing that exists is to make the protocol frame-based instead of stream-based and to support a distinction between Unicode text and binary frames). It is expected that metadata would be layered on top of WebSocket by the application Fette & Melnikov Standards Track [Page 9] RFC 6455 The WebSocket Protocol December 2011 layer, in the same way that metadata is layered on top of TCP by the application layer (e.g., HTTP). Conceptually, WebSocket is really just a layer on top of TCP that does the following: o adds a web origin-based security model for browsers o adds an addressing and protocol naming mechanism to support multiple services on one port and multiple host names on one IP address o layers a framing mechanism on top of TCP to get back to the IP packet mechanism that TCP is built on, but without length limits o includes an additional closing handshake in-band that is designed to work in the presence of proxies and other intermediaries Other than that, WebSocket adds nothing. Basically it is intended to be as close to just exposing raw TCP to script as possible given the constraints of the Web. It's also designed in such a way that its servers can share a port with HTTP servers, by having its handshake be a valid HTTP Upgrade request. One could conceptually use other protocols to establish client-server messaging, but the intent of WebSockets is to provide a relatively simple protocol that can coexist with HTTP and deployed HTTP infrastructure (such as proxies) and that is as close to TCP as is safe for use with such infrastructure given security considerations, with targeted additions to simplify usage and keep simple things simple (such as the addition of message semantics).
  6. Jun 2021
    1. From a comment by Muneeb Ali:

      The original Internet protocols defined how data is delivered, but not how it's stored. This lead to centralization of data.

      The original Internet protocols also didn't provide end-to-end security. This lead to massive security breaches. (Other reasons for security breaches as well, but everything was based on a very weak security model to begin with.)

  7. Apr 2021
    1. Can we reconfigure growth to mean richness in difference? Flourishing interdependent diversity of networks, network protocols and forms of interaction? What does this mean for digital decay, and can the decay of files, applications and networks become some form of compost, or what might be the most dignified form of digital death and rebirth?

      Also see Apoptosis

  8. Mar 2021
  9. Feb 2021
    1. We were especially excited to see Dorsey cite Mike Masnick's excellent Protocols, Not Products paper.

      I don't think I've come across this paper before...

      Looking at the link, it's obvious I read it on December 11, 2019.

  10. Jan 2021
  11. Oct 2020
  12. Jul 2020
    1. Syncthing uses an open and documented protocol, and likewise the security mechanisms in use are well defined and visible in the source code. Resilio Sync uses an undocumented, closed protocol with unknown security properties.
  13. Jun 2020
    1. Syncthing uses an open and documented protocol, and likewise the security mechanisms in use are well defined and visible in the source code. Resilio Sync uses an undocumented, closed protocol with unknown security properties.
    1. Akhvlediani, T., Ali, S. M., Angus, D. C., Arabi, Y. M., Ashraf, S., Baillie, J. K., Bakamutumaho, B., Beane, A., Bozza, F., Brett, S. J., Bruzzone, R., Carson, G., Castle, L., Christian, M., Cobb, J. P., Cummings, M. J., D’Ortenzio, E., Jong, M. D. de, Denis, E., … Webb, S. (2020). Global outbreak research: Harmony not hegemony. The Lancet Infectious Diseases, 0(0). https://doi.org/10.1016/S1473-3099(20)30440-0

  14. May 2020
  15. Apr 2020
    1. During the first era of the internet — from the 1980s through the early 2000s — internet services were built on open protocols that were controlled by the internet community. This meant that people or organizations could grow their internet presence knowing the rules of the game wouldn’t change later on.
    2. During the first era of the internet — from the 1980s through the early 2000s — internet services were built on open protocols that were controlled by the internet community
  16. Sep 2017
  17. Aug 2017
    1. Focusing on the fundamentals of grammar is one approach to teaching writing.

      CUE ELA Protocols +UDL Research and background information that can be used to provide support for the use of the protocols

  18. Jun 2016
    1. dynamic documents

      A group of experts got together last year at Daghstuhl and wrote a white paper about this.

      Basically the idea is that the data, the code, the protocol/analysis/method, and the narrative should all exist as equal objects on the appropriate platform. Code in a code repository like Github, Data in a data repo that understands data formats, like Mendeley Data (my company) and Figshare, protocols somewhere like protocols.io and the narrative which ties it all together still at the publisher. Discussion and review can take the form of comments, or even better, annotations just like I'm doing now.