Post · bonfire.cafe

Post

@hipsterelectron@circumstances.run · 2 hours ago

looked up what the hell a persistent http session is doing with those resources it allocated
https://en.wikipedia.org/wiki/HTTP_persistent_connection

Under HTTP 1.0, connections should always be closed by the server after sending the response.[1]

i fucking knew it this shit again

Since at least late 1995,[2] developers of popular products (browsers, web servers, etc.) using HTTP/1.0, started to add an unofficial extension (to the protocol) named "keep-alive" in order to allow the reuse of a connection for multiple requests/responses.[3][4]

[4] is literally just paywalled and shouldn't be on wikipedia. [3] is good but doesn't say anything about the motivation. [2] is the google groups usenet archive https://groups.google.com/g/comp.infosystems.www.authoring.cgi/c/hGxfGUtAX8M

What is HTTP_Connection?

HTTP persistent connection - Wikipedia

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 2 hours ago

anyway they mention netscape. this starts around 1995, which is when elgamal is the head of ssl at netscape https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0,_2.0,_and_3.0 specifically presiding over:

v1, which was so bad it was never released
v2, which was so bad it was immediately found to be broken and someone else took over the development
v3, which had a broken cipher contributed by one of the RSA guys who also brought you DUAL_EC_DRBG

Transport Layer Security - Wikipedia

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 2 hours ago

also moxie marlinspike has somehow SEOed himself to show up when you search wikipedia for SSL/TLS. he looks like a different kind of fuckboy now

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 2 hours ago

i do really like the c-ares project from curl for async DNS resolves. really nice way to factor out code from other parts of curl

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 2 hours ago

this is hero coded behavior https://c-ares.org/features/ if you write a description of your configurable caching heuristics as concise as this i will probably love you forever

c-ares: a modern asynchronous DNS resolver

c-ares is a modern DNS (stub) resolver library, written in C. It provides interfaces for asynchronous queries while trying to abstract the intricacies of the underlying DNS protocol. It was originally intended for applications which need to perform DNS queries without blocking, or need to perform multiple DNS queries in parallel.

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 2 hours ago

the query name randomization feature is supported by google and vaguely seems to leak fingerprintable info maybe but kinda doubtful. anyway just to make the point it's disabled by default. stenberg has nice instincts. his namesearching is kind of silly but he's never exhibited behavior that really concerns me. really liked his handling of the rust tls library that sucked and didn't explain their divergence from the standards in test cases and eventually just gave up

d@nny disc@ mc²

@hipsterelectron@circumstances.run replied · 1 hour ago

pouting bc no one cares enough about my code to pwn it yet https://c-ares.org/vulns.html

c-ares: a modern asynchronous DNS resolver

c-ares vulnerabilities

1+ more replies (not shown)

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.27 no JS en

Automatic federation enabled