Privacy matters! But what if the tools meant to protect us are being misused? Our latest study (to appear ARES '24) reveals surprising facts about HTTP Client Hints (HTTP CHs) on the Web. [THREAD]
Join us on the #Podcast for a meaty conversation about the various levels of specifications and conventions which make the World-Wide Web go: from TCP/IP to HTTP to WebSockets and beyond.
We also talk about conventions in various languages & frameworks to enable building web applications servers in a straightforward and portable manner, as well as building a personal knowledge base wiki out of Markdown files and an SSG (Static-Site Generator). Let’s fly!
It seems like #tiktok uses #HTTP to distribute its videos. What type of heavy lift might it be to create a #fediverse alternative in the wake of the #tiktokban? Asking for my friends. Please RT.
Part 6 of "A Guide to Implementing ActivityPub in a Static Site (or Any Website)" is now out.
Sorry about the delay, this is the part that not many people will like, I assume. I try to explain how to implement the inbox, which by nature is dynamic non-static.
wenn ich auf einer seite die kein #HTTPS hat, keine daten eingebe und mich nicht anmelde etc. also nur rumscrolle und klicke gibt es keine erhöteres sicherheit-/Privatsphärerisiko oder?
sollte es nicht zu empfhelen sein, gibt es eine methode es trotzdem sicher/anonym zu machen?
weil es gibt immer wieder #webseiten mit lediglich #http die ich sehr gerne anschauen würde..
Simple, so don't forget that about the 403 Forbidden HTTP status code desire
From RFC 9110 about HTTP and 403
'An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).'
"JSON Patch is a format for describing changes to a #JSON document. It can be used to avoid sending a whole document when only a part has changed. When used in combination with the #HTTP PATCH method, it allows partial updates for HTTP #APIs in a standards compliant way."
🆕 blog! “I made a mistake in verifying HTTP Message Signatures”
It's never great to find out you're wrong, but that's how learning and personal growth happens. HTTP Message Signatures are hard1. There are lots of complex parts and getting any aspect wrong means certain death2. In a previous post, I wrote A simple(ish) guide to verifying …
#HTTP content negotiation has some unwritten rules for images. Accept: image/png, */* technically allows image/avif, but that’s not a wise interpretation.
Except what a caching proxy is supposed to do when the origin only sends AVIF?
New PC who this! Gave the @reactphp#HTTP Hello World a quick benchmark, clocks in at nearly 70K requests per second with 100 concurrent keep alive connections on a single #PHP process:
Une explication détaillée de HTTP3. La principale différence est qu'il utilise UDP + QUIC + TLS au lieu de TCP + TLS.
QUIC vise à moderniser et remplacer TLS, mais pour garder une compatibilité maximale avec les équipements réseau (routeurs, firewalls, etc.) UDP est nécessaire.
It’s bloody 2024, think we can agree on either wget or curl being installed by default on every freaking operating system by now so shell scripts can have a guaranteed way of carrying out http requests?
I mean it’s been about 35 years. I think it’s about time.
🆕 blog! “A simple(ish) guide to verifying HTTP Message Signatures in PHP”
Mastodon makes heavy use of HTTP Message Signatures. They're a newish almost-standard which allows a server to verify that a request made to it came from the person who sent it. This is a quick example to show how to verify these signatures using P…