da_667I really wish you all weren't so cocksure about letting shit like HTTP/1.1 die.
Gonna miss the last vestige of the web that doesn't require wireshark to fuckin' parse it.
I kinda hate that HTTP/2 is straight binary and requires wireshark to make any sense of it, and that http/3 is basically just quic, which is google's love child of weird shit.
Brian Clark@da_667@infosec.exchange #DEFCON33 talk
Epic Null@da_667@infosec.exchange What is this about HTTP 1.1 dying?
1.3.6.1.4.1.61513@da_667@infosec.exchange yeah... I feel like suggesting http2 is a safer alternative is probably misguided and bias'd. It'll just have different problems.
CMDR Yojimbosan 🅅⁂@da_667@infosec.exchange It's throwing the baby out with the bathwater ... plaintextness is an excellent characteristic for a protocol to have, to aid humans. The actual problem we have is ambiguity in the protocol, not a problem with its encoding/representation.
Jeff Noxon@da_667@infosec.exchange I still debug HTTP servers using telnet 😂
da_667just shit it out over UDP. It'll be fine.
da_667I want to make a sticker out of this, a unicorn shitting out a rainbow, with that as the caption.
Who the fuck needs session orientation. Fuck you. you're not webscale if you're session oriented.
apth@da_667@infosec.exchange I would buy that on a tshirt
da_667I understand the need for encryption, trust me, I do, but I really don't like making the web more opaque than it already is.
da_667@apth@infosec.exchange I need that image of the person yeeting the baby with the word UDP overlaid on top of it to complete the look.
da_667I want to make a sticker out of this, a unicorn shitting out a rainbow, with that as the caption.
Who the fuck needs session orientation. Fuck you. you're not webscale if you're session oriented.
apth@da_667@infosec.exchange I would buy that on a tshirt
da_667I understand the need for encryption, trust me, I do, but I really don't like making the web more opaque than it already is.
da_667@apth@infosec.exchange I need that image of the person yeeting the baby with the word UDP overlaid on top of it to complete the look.
da_667@apth@infosec.exchange I need that image of the person yeeting the baby with the word UDP overlaid on top of it to complete the look.
da_667I like how everything network-related is revolutionary by either serializing it, or just shitting it out over UDP. "Trust the network, bro."
da_667or. OR. "It doesn't need its own registered port number. Put it over 443/TCP (or udp now, I guess) and its unblockable.
what If I want to be able to block it?How dare you not be webscale, forward-thinking and/or cypherpunk by handing over yet another fucking web protocol to Google, Cloudflare or Microsoft.
da_667or. OR. "It doesn't need its own registered port number. Put it over 443/TCP (or udp now, I guess) and its unblockable.
what If I want to be able to block it?How dare you not be webscale, forward-thinking and/or cypherpunk by handing over yet another fucking web protocol to Google, Cloudflare or Microsoft.
John Timaeus@da_667@infosec.exchange
Or drop it on 53.
Nobody blocks 53.
@da_667@infosec.exchange QUIC taking over has been a boon for getting through lazy port filtering from ISPs. All of my wireguard infra is on 443/UDP and it never fails to get through with the quickness
cR0w@da_667@infosec.exchange
massive bong rip
What if we just straight up get rid of the transport later altogether? Why even have all these ports?
da_667