.. _phk_h2_again_again_again:
On the deck-chairs of HTTP/2
============================
Last week some people found out that the HTTP/2 protocol is not so
fantastic when it comes to Denial-of-Service attacks.
Funny that.
The DoS vulnerability "found" last week, and proudly declared
"zero-day" in the heroic sagas of supreme DevOps-ness, can be found
in section 6.5.2, page 38 bottom, of RFC7540, from 2015:
.. code-block:: none
SETTINGS_MAX_CONCURRENT_STREAMS (0x3): Indicates the maximum number
of concurrent streams that the sender will allow. This limit is
directional: it applies to the number of streams that the sender
permits the receiver to create. Initially, there is no limit to
this value. It is recommended that this value be no smaller than
100, so as to not unnecessarily limit parallelism.
Long before that RFC was made official, some of us warned about
``there is no limit``, but that would not be a problem because "We
have enough CPU's for that", we were told, mainly by the people
from the very large company who pushed H2 down our throat.
Overall HTTP/2 has been a solid disappointment, at least if you
believed any of the lofty promises and hype used to market it.
Yes, we got fewer TCP connections, which is nice when there are
only sixty-something thousand port numbers available, and yes we
got some parallelism per TCP connection.
Of course the price for that parallelism is that a dropped
packet no longer delays a single resource: Now it delays *everything*.
During the ratification period, this got the nickname
"Head-Of-Line-Blocking" or just "HoL-blocking", but that would also
not be a problem because "the ISPs would be forced to (finally) fix
that" - said some guy with a Google Fiber connection to his Silly
Valley home.
But we also got, as people "discovered" last week, a lot more
sensitive to DoS attacks - by design - because the entire point
of H2 was to get as much work done as soon as possible.
Then there is the entire section in the H2 RFC about "Stream
Priority", intended to reduce the risk of people reading the
words in the article until all the "monetization" were in place.
As far as I know, nobody ever got that to do anything useful,
unless they had somebody standing on the toes 24*7, pointing their
nose at the ever-moving moon, while reciting Chaucer from memory.
I think all browsers just ignore it now.
Oh¡ and "PUSH": The against-all-principles reverse primitive, so
the server could tell the browser, that come hell or high water,
you will need these advertisements right away.
Nobody got that working either.
But my all time personal favorite is this one:
The static HPACK compression table contains entries for the headers
``proxy-authentication`` and ``proxy-authorization``, which by
definition can never appear in a H2 connection. But they were in
some random dataset somebody used to construct the table, and "it
was far too late to change that now", because we were in a hurry
to get H2 deployed.
We have a saying in Danish: ?Hastv?rk er lastv?rk?, which roughly
translates to ?Hurry and be Sorry?, and well, yeah...
(If you want to read what I thought at the time, this is a draft
I never completed because I realized that H2 was just going to be a
rubber-stamping exercise: https://phk.freebsd.dk/sagas/httpbis/)
Once it became clear that H2 would happen, DoS vulnerabilities and
all, I dialed down my complaining about the DoS problems, partly
because I saw no reason to actively tell the script-kiddies and
criminals what to do, but mostly because clearly nobody was listening:
"It's a bypass. You've got to build bypasses."
Somewhat reluctantly we implemented H2 in Varnish, because people
told us they really, really would need this, it was going to be a
checkbox item for the C-team once they read about it in the WSJ,
and all the cool kids already had it &c &c.
We didn't do a bad job of it, but we could probably have done it
even better, if we had felt it would worth it.
But given that the ink on H2 was barely dry before QUIC was being
launched to replace it, and given that DoS vulnerabilities were
literally written into the standard, we figured that H2 was unlikely
to overtake the hot plate and the deep water as Inventions of The
Century, and economized our resources accordingly.
I am pleasantly surprised that it took the bad guys this long to
weaponize H2. Yes, there are 100 pages in the main RFC and neither
Hemmingway or Prachett were on the team, but eight years ? Of
course there is no knowing how long time it has been a secret weapon
in some country's arsenal of "cyber weapons".
But now that the bad guys have found it, and weaponized it, what do we do ?
My advice:
Unless you have solid numbers to show that H2 is truly improving
things for you and your clients, you should just turn it off.
Remember to also remove it from the ALPN string in hitch or whatever
TLS off-loader you use.
If for some reason you cannot turn H2 off, we are implementing some
parameters which can help mitigate the DoS attacks, and we will
roll new releases to bring those to you.
But other than that, please do not expect us to spend a lot of time
rearranging the deck-chairs of HTTP/2.
*/phk*
Henceforth, whatever our philosopher says about Matter will apply to extension and to extension alone. It cannot be apprehended by sight, nor by hearing, nor by smell, nor by taste, for it is neither colour, nor sound, nor odour, nor juice. Neither can it be touched, for it is not a body, but it becomes corporeal on being blended with sensible qualities. And, in a later essay, he describes it as receiving all things and letting them depart again without retaining the slightest trace of their presence.483 Why then, it may be asked, if Plotinus meant extension, could he not say so at once, and save us all this trouble in hunting out his meaning? There were very good reasons why he should not. In the first place, he wished to express himself, so far as possible, in Aristotelian phraseology, and this was incompatible with the reduction of Matter to extension. In the next place, the idea of an infinite void had been already appropriated by the Epicureans, to whose system he was bitterly opposed. And, finally, the extension of ordinary327 experience had not the absolute generality which was needed in order to bring Matter into relation with that ultimate abstraction whence, like everything else, it has now to be derived. That the millionaire was genuine, ¡°in person and not a caricature,¡± as Dick put it, was evident. Both the nurse, his relative, and his wife, were chatting with him as Jeff delivered the heavy packed ball made up of the gum. 233 "I guess not," said Landor, tolerantly, as he turned[Pg 106] his horse over to his orderly; "but, anyway," he added to Ellton, "we had a picnic¡ªof a sort." Si, unable to think of anything better, went with him. The train had stopped on a switch, and seemed likely to rust fast to the rails, from the way other trains were going by in both directions. The bridge gang, under charge of a burly, red-faced young Englishman, was in the rear car, with their tools, equipments, bedding and cooking utensils. THE DEACON HAS SOME EXPERIENCES WITH THE QUADRUPED. "You are not within a mile of the truth. I know it. Look here: I believe that is Gen. Rosecrans's own cow. She's gone, and I got an order to look around for her. I've never seen her, but from the description given me I believe that's she. Who brought her here?" "Deacon, these brothers and sisters who have come here with me to-night are, like myself, deeply interested in the moral condition of the army, where we all have sons or kinsmen. Now, can't you sit right there and tell us of your observations and experiences, as a Christian man and father, from day to day, of every day that you were down there? Tell us everything, just as it happened each day, that we may be able to judge for ourselves." HAS AN ENCOUNTER WITH THE PROVOST-MARSHAL. "Wonder which one o' them is the 200th Injianny's?" said Si to Shorty. "And your mother, and Harry?" The daughter must be the girl who was talking to him now. She sat on a little stool by the fire, and had brought out some sewing. "Over at Grandturzel¡ªcan't see wot's burning from here. Git buckets and come!" These things, however, gave little concern to the worthy who commanded the Kentish division. Tyler, though an excellent blacksmith, possessed few of the qualities requisite for forming a good general. Provided there was no very sensible diminution in the number of his followers, he cared not a straw for the score or two who, after quarrelling, or perhaps fighting, withdrew in such disgust that they vowed rather to pay the full tax for ever than submit to the insolence of the rebels. One man could fight as well as another, reasoned he; and, provided he was obeyed, what mattered it by whom. Dick went and Tom came¡ªit was sure to be all one in the end. But this burst of indignation soon passed away, and upon the suggestion of the prudent Sir Robert Hailes, he sent an evasive answer, with a command that the Commons should attend him at Windsor on the Sunday following. That it was a stratagem to gain entrance to the Tower, was the opinion of several, but, after much discussion, it was decided that the man should be admitted, and that the monk should be exhibited merely to intimidate the rebels, until the result of this promised communication should be known. HoMEŮͬÐÔÁµcbcb
ENTER NUMBET 0017
yshh3.com.cn
www.aa6l3.com.cn
www.rile1.net.cn
www.qubei4.com.cn
www.jiumi4.com.cn
wujin5.net.cn
www.qunna2.com.cn
www.andegy.com.cn
baore7.com.cn
www.andfin.com.cn