Internet Explorer Implements HTTP/2 Support

jones_supa writes: As part of the Windows 10 Technical Preview, Internet Explorer will introduce HTTP/2 support, along with performance improvements to the Chakra JavaScript engine, and a top-level domains parsing algorithm based on publicsuffix.org. HTTP/2 is a new standard by the Internet Engineering Task Force. Unlike HTTP/1.1, the new standard communicates metadata in binary format to significantly reduce parsing complexity. While binary is usually more efficient than text, the real performance gains are expected to come from multiplexing. This is where multiple requests can be share the same TCP connection. With this, one stalled request won't block other requests from being honored. Header compression is another important performance concern for HTTP.

Slash 2?

[Carewolf]

When did the slash get added, and why? Anyway it is just a cleaner modern verison of SPDY should be trivial to support for most browser assuming it is actually final final.

Re:Slash 2?

[mwvdlee]

Atleast since HTTP/1.0

http://tools.ietf.org/html/rfc... [ietf.org]

Re:

[Carewolf]

Atleast since HTTP/1.0

http://tools.ietf.org/html/rfc... [ietf.org]

Ah, so it is a regression ;)

Re:

[nedlohs]

In 1996 - http://tools.ietf.org/html/rfc... [ietf.org] - earlier if you count the prior drafts.

Re:Slash 2?

[PolygamousRanchKid]

HTTP/2 runs best on a PS/2 running OS/2.

Because then the Microkernel can take full advantage of the Microchannel.

Re:

[ArcadeMan]

PlayStation divided by two equals PlayStation Vita.

Web services vs. CORBA

[GbrDead]

Slowly, web services are becoming a bad reimplementation* of CORBA. Once again, why did we jump on their band wagon?

* Hm, maybe the correct word is "restandardization"?

Re:

[CajunArson]

I've always been a fan of IIOP. You can use IIOP even if you don't want to re-introduce some of the more hangover inducing parts of the full CORBA stack (java's remote interfaces use IIOP IIRC).

Some people complain that a binary protocol is somehow not "open" but I've seen enough "open" XML uber-nested gibberish in my time to question that assertion...

Re:Web services vs. CORBA

[Warbothong]

Slowly, web services are becoming a bad reimplementation* of CORBA. Once again, why did we jump on their band wagon?

As far as I understand it, SOAP is reimplementation of CORBA, whereas HTTP is a REST protocol.

Specifically, HTTP doesn't try to keep disparate systems synchronised; it is stateless and has no notion of "distributed objects". Every request contains all of the information necessary to generate a response, for example in HTTP Auth the credentials are included in every request.

Of course, people keep trying to re-introduce state back into the protocol, eg. for performance ("modified since") or to support stateful programs (cookies). These aren't necessary though; for example, we can replace cookies (protocol-level state) with serialised delimited continuations (content-level state) http://en.wikipedia.org/wiki/C... [wikipedia.org]

Re:

[tepples]

The PDF linked from that Wikipedia article recommends cookies at the bottom of page 2: "To lessen that problem [of inconsistent state], it is adviseable to use difficultly forgeable URL or cookies." And it may cause vulnerability to a session fixation attack [wikipedia.org] if the user shares a continuation encoded in a URL. Consider the "add to cart" action in an online shopping application. One of the inputs is "which cart are you holding", as you don't want a shopper to see or modify another shopper's cart. If a shopper

Re:

[Anonymous Coward]

There's 2 different requirements out there. The most common one, exposing an API in a way that can be consumed by as many clients as possible, is generally better served by REST. Its simpler, anything that can do standard http requests and supports the primary components (status codes, verbs, content types, headers, body) will be able to handle it.

The other is "these things I normally do within my own code, I want to be able to do them remotely" (ie: complex operations, transactions, queuing/transparently r

Re:

[Anonymous Coward]

nobody uses web services just as nobody uses CORBA

Are you daft? Wait, nevermind. You are daft.

We've all gone to love RESTful services over HTTP(s), and generally either JSON or some binary variant of it.

First of all, RESTful service structure is inadequate and inefficient. Most data isn't built to be dealt with at an entity level. That's the reason everyone got over ROR, and it's the reason RESTful services are useless. HTTP methods are to instruct the server how to handle the request, not the payload.

Secon

Re:

[K. S. Kyosuke]

And for strictly-validated systems (read: interfaced with a fragile, ancient mainframe system that requires precise formatting of inputs because the CxO's want to keep COBOL around for cost reasons and "if-it-ain't-broke" doesn't equate to "if-it-ain't-shitty"), nothing beats the verifiability of XML and good old SOAP/WSDL-style web services.

ITA Software people had to deal with this problem when dealing with importing airline data for their new lispy systems. Forget XML and SOAP, they had to write their own parsers. There are no XML schemas for ancient formats like that.

I've been impressed with IE lately

[Isca]

Chrome has plenty of innovations but it easily becomes a resource hog and bogs down the system. IE 10 keeps chugging along. Microsoft isn't quite the microsoft of the past. These improvements should be felt the most in the mobile space where they clearly have the best browser. Their only problem? it might all be too late if they can never get out from under the shadow of their reputation.

Re: I've been impressed with IE lately

[Ilgaz]

Everything making us impressed with IE ends up with "It is latest Windows only" argument.

Re:I've been impressed with IE lately

[zennling]

Re the resource usage issue - isnt IE's low(ish) resource usage only due to the fact that alot of what it needs to render a page is actually in the OS and thus loaded already before it needs it?

Re:

[Anonymous Coward]

That is what is traditionally told, but I'm not sure if anyone has done a recent analysis of precisely which shared objects are already in memory when IE starts.

Re:I've been impressed with IE lately

[Cenan]

What the mobile (or smartphone) boom should have shown every nerd on the face of the planet: nobody outside of /. gives a shit about "reputation" when picking up a new phone or tablet. If Microsoft manages to launch a smartphone that is affordable (i.e not priced above an iPhone) and manages to make Windows-not-metro-for-fucks-sake-please-dear-god-please-stop-reminding-us usable on a touch device and the desktop at the same time, all that bad nerd press from the last 15-20 years will mean diddly squat for their sales figures.

The non nerdy friends and colleagues I have all pretty much agree on what is important in a new phone: camera (especially camera vs. dim light conditions), app store inventory (games mostly), fb app, twitter app, instagram app. Who made the device is of very little concern.

Now, with a one OS to rule all platforms approach, they might even be able to add some of that Apple just-works magic to their portfolio, which is not to be scuffed at.

And I agree, MS is not old MS anymore. They've been forced to try and keep up rather than the old buy-and-extinguish strategy, at least in the mobile and touch device market, and I think it's been good for them.

Re:

[TheRaven64]

My girlfriend has a Windows phone (bought in spite of Windows, not because of it - it's the phone with the best camera currently available), so I've spent a bit of time playing with it. I'm really impressed with a lot of what Microsoft has done in terms of usability, but there are lots of obvious omissions in terms of basic functionality. For example, no easy way of syncing calendars or contacts (this is also true on Android if you don't drink the Google Koolaid, but at least there are third-party sync ad

Re:

[Richard_at_work]

Not entirely sure what you see is missing, but contacts and calendar stuff is synced via your Microsoft account automatically, and when you open the Office app there is a "phone" option which opens documents on your phone (including the folder which you copy stuff to over USB).

Re:

[TheRaven64]

Not entirely sure what you see is missing, but contacts and calendar stuff is synced via your Microsoft account automatically

So you need to store your calendar and contacts with Microsoft to sync? No thank you. iOS doesn't require that you share things with Apple and on Android the default is to share with Google but there are other options.

, and when you open the Office app there is a "phone" option which opens documents on your phone (including the folder which you copy stuff to over USB).

Didn't seem to work. Do you have to copy the files to a specific location?

Re:

[shutdown -p now]

For example, no easy way of syncing calendars or contacts

Can you clarify? My WP maintains three synced calendars - one for my Exchange work account, one for my personal Google account, and one for Facebook.

Some things are just really odd omissions. You can plug the phone into a computer and copy PDFs and Word documents to it. It comes with applications that are designed for reading PDFs (Adobe Reader) and editing Word documents (MS Word), but there is no way for these applications to open the things that you've just copied into the phone's documents folder.

It's there in 8.1, just not enabled out of the box. Install the "Files" app from the Store (it's an official app, but for some mysterious reason not preinstalled) - then you can just navigate the folders and open files from them with whatever app subscribed to opening that type of file.

Re:

[TheRaven64]

Can you clarify? My WP maintains three synced calendars - one for my Exchange work account, one for my personal Google account, and one for Facebook.

Three proprietary protocols for syncing with three entities. No support for either CardDAV / CalDAV so you (or your corporate IT folks) can run your own server, or local sync with a PC so that you can sync without any clouds involved.

It's there in 8.1, just not enabled out of the box. Install the "Files" app from the Store (it's an official app, but for some mysterious reason not preinstalled) - then you can just navigate the folders and open files from them with whatever app subscribed to opening that type of file.

Thanks!

Re:

[shutdown -p now]

I get Outlook and Facebook. does it really speak some proprietary protocol to sync with Google calendars? What do they use?

Re:

[spiralx]

I have the same phone, and it sounds like it hasn't been updated to WP 8.1, which I think solves these issues. Or at least I don't have them on my phone.

Re:

[TheRaven64]

I don't think she's seen an automatic update, what's the procedure for updating?

Re:

[spiralx]

Go to Settings and Phone Update is about halfway down - you can check for any missing updates to the OS there. I think you need to be on Wi-Fi or plugged into the PC to work though.

Also below that in Settings the About page should be able to tell you what versions you have for the OS, firmware etc. I'm currently on OS v8.10.12393.890 :)

Re:

[tepples]

Sales numbers is only interesting to people inside the selling company. Never to the buyer - ever.

If not from sales numbers, then from what metric should the buyer calculate whether the company will survive to honor its support promises?

Re:

[Cenan]

Well, I've done the same damage to my own circle of friends. Funny though, it's never really been much of an issue with online shopping here (Denmark) since the banks were quite fast with a unified solution that just works, and to date has had no incidents from a security standpoint (same goes for chip+PIN, this was introduced a decade ago, and I've yet to hear about any leaked CCs around here).

But the damage lingers long after you've abandoned the gripe yourself, I can relate to that. My sister still calls

Re:

[jzilla]

If you have not worked with web front end and not had to deal with the torture that is ie 6, 7, 8 and to a lesser extent 9. Then it might be easy to forget and forgive.
But even if ie 10 is an acceptable browser, it just proves that microsoft will produce a decent product only a last resort. When all the chips are down and they are loosing market share in a steady flow, then and only then does the prospect of not making a steaming pile of dogshit become feasible. I'm not impressed.

Re:

[jones_supa]

But even if ie 10 is an acceptable browser, it just proves that microsoft will produce a decent product only a last resort. When all the chips are down and they are loosing market share in a steady flow, then and only then does the prospect of not making a steaming pile of dogshit become feasible.

Yes, that seems to be true. I have always suspected that that was also the motivation in developing the NT6 foundation (which greatly improved security, stability and performance of Windows). Mac was getting more popular and Linux was getting rather good on the desktop.

Re:

[Cenan]

You're going to collapse the space-time continuum talking like that.

Re:

[pooh666]

I like that IE will actually ACCEPT my self signed CA cert(when I install it) without throwing crazed monkeys at it :)

Re:

[CastrTroy]

Those $100 full X86 Windows tablets that HP is coming out with might do a lot to bring Windows around in the mobile space. Pair that with their phones that I've only heard good things about, and I think they stand a pretty good chance of taking back a large part of market. The only downside that people complain most about with Windows Phone and things like the Surface RT was that there wasn't enough apps, and that they were too expensive. Create a $100 tablet that runs full Windows and you get rid of the

Re:

[Bengie]

Chrome can be a resources hog, but it's the only browser that doesn't periodically freeze up when attempting to load web pages. And "resources hog" is a relative term when desktops tend to now have 16GB+ memory and quad core 3ghz CPUs that are idle 24/7. I would rather have a browser that is wasteful with my over-abundance of resources and runs smoothly, than a browser that is fickle about using resources, but has jarring interruptions.

Re:

[neoritter]

Chrome freezes up for me all the time. More so than FF and IE.

Re:

[laie_techie]

And "resources hog" is a relative term when desktops tend to now have 16GB+ memory and quad core 3ghz CPUs that are idle 24/7.

Where do you find reasonably priced desktops with 16+GB of RAM? From what I've seen, 8GB seems to be the norm for desktops.

Re:

[Bengie]

When limiting myself to premium name brands, the price difference between 8GB and 16GB is about $65. 8GB is what I put on my firewall because it was dirt cheap, even though it doesn't even break 100MB of usage, and like $20 more than 4GB at the time. 8GB is quite low end.

Re:

[Bengie]

When I have 30+ tabs opened, which is common for me, one tab that has bad javascript or is doing something "bad", can cause all of the other tabs to not work correct. Chrome rarely has this issue, while IE and FF happen all the time for me. FF ad-block helps a lot, but it's still much worse than Chrome for me.

Xfce a downgrade? Hardly

[tepples]

You have to downgrade to something simple like XFCE to get similar levels of performance under Linux.

Downgrade? Xfce was an upgrade from the auto-installed Unity crap in Ubuntu 11.04. Running sudo apt-get install xubuntu-desktop let me get back up to where I was with GNOME 2.

Re:

[LordThyGod]

Chrome has plenty of innovations but it easily becomes a resource hog and bogs down the system. IE 10 keeps chugging along. Microsoft isn't quite the microsoft of the past. These improvements should be felt the most in the mobile space where they clearly have the best browser. Their only problem? it might all be too late if they can never get out from under the shadow of their reputation.

Yea, but until they release Android and iOS versions, its still going to be a niche consumer product.

Re:

[marcello_dl]

> Microsoft isn't quite the microsoft of the past.
Because it hasn't quite the market share of the past.

Re:

[cowwoc2001]

The main reason I avoid IE is the user interface. It's behind the times with respect to end-user usability and developer tools.

Re:

[zlogic]

I've tried using MS-only products for about a year before surrendering and switching back to Google.
Bing, Outlook.com, Windows 8.1/Windows Phone 8, Office 2013, all that sorts of stuff. Did not work out, and the biggest complaints about IE are:
1) Website compatibility. For some reason IE 11 chooses legacy mode for many modern sites like endomondo.com etc. which disables features and breaks stuff. Additionally, MS tried to force developers to stop using IE versions when determining supported features, which

Embrace first, then extend and extinguish

[raymorris]

You forgot the first word of "embrace, extend, extinguish".
Take html for example:

1) We now have browser that renders html, just like Netscape.
2) "Best viewed in Internet Explorer"
3) Requires IE 4 ... years later ...

Of fuck, Firefox is kicking our ass. Time to return to step 1.

Header Compression + Binary Headers

[bradgoodman]

Seems like the efficiency you gain parsing the binary header would be lost with the need to first decompress it ;-)

Re:

[xdor]

Exactly. But this is from the company who though zip-ing Excel files was a good idea (XLSX). You spend more time waiting for the file to decompress than actual loading into memory.

Obfuscation of headers into binary is going to put a lot of AJAX code out of business.

Re:

[cyber-vandal]

Presumably this will coexist with HTTP/1.1 but yes I can see a lot of Javascript rewriting in my future.

Re:

[jones_supa]

It was Sun Microsystems which invented Java. :)

Re:Header Compression + Binary Headers

[BaronAaron]

This won't effect AJAX. HTTP is abstracted away from the javascript engine by the browser. I imagine there might be some additional HTTP header parameters to play with while making AJAX calls, but that's about it. All the benefits from HTTP/2 will happen behind scene as far as AJAX is concerned.

Re:

[LordLimecat]

Exactly. But this is from the company who though zip-ing Excel files was a good idea (XLSX). You spend more time waiting for the file to decompress than actual loading into memory.

It was (decompression is way, way, way faster than IO to disk), but the two are completely unrelated.

Binary =/= compressed. They overlap, but they are not equivalent. Binary just generally means that its not specifically ASCII encoded, which generally means that it can skip the step of parsing and lexing the ASCII into binary-- which makes it run faster (not slower).

Re:

[Jeremi]

You spend more time waiting for the file to decompress than actual loading into memory.

If you had a really slow CPU and a really fast hard drive, that might be the case. Most computers these days have a really fast CPU compared to their hard drive, though.

Re:

[Bengie]

Yes, CPUs are so fast compared to harddrives, that not only does ZFS default to using compression for storage, but they are working on leaving the data compressed in memory. The cool benefit is the data block logic for moving between the caching layers is much simpler because there are not compression/decompression steps anymore. All compression and decompression happens in one spot in the code.

Re:

[shutdown -p now]

It's not zipping Excel files, it's zipping the OpenOffice XML - which compresses it a lot, since XML repeats the same strings over and over again in tags.

And it's not about load speed. It's about the size of those files when you, say, attach one to an email.

Re:

[Sarten-X]

The theory is that by saving network time receiving the smaller compressed header, the total time is still less.

Of course, this assumes that you're on a slow enough network that the compression savings are worth it. Since typically latency is a bigger problem than throughput, I don't see compression as being terribly important.

Similarly with the binary protocol: Parsing speed isn't the real problem. I'd rather have a plaintext protocol that I can test with PuTTY than save a few cycles parsing.

Re:

[BaronAaron]

Plain text is great when you're just transferring text. The problem is HTTP has been used for transferring a lot more then just text for a long time. Images, file downloads, video, etc. With HTTP/1.1 browsers have different parsing code paths depending on if it's a binary file or plaintext html. There are also special cases for handling white space and stuff like that. It makes developing and testing a browser more complex then is should be.

Re:

[LordLimecat]

Would you also prefer that TCP, UDP, ethernet, and IPSec used plaintext? What about TLS?

Sometimes it just doesnt make sense to use plaintext. Theres no time that plaintext would be useful that you couldnt simply use a tool (like wireshark or fiddler) to convert the binary into a readable form.

Peak vs. sustained speed

[tepples]

Depends on the network.

I agree. Let me explain another way it can depend on the network: There are cellular technologies in development that can push 1 Gbps. But if your cellular ISP imposes a 5 GB per month cap, as is common in the United States market, you can transfer data at maximum speed for 40 seconds and then suffer 100% packet loss for the rest of the day and the next 29 days. The sustained rate with a 5 GB cap is closer to 5*10^6*8/86400/30 = 15 kbps. So even if a network has a peak speed fast enough for uncompressed dat

Re:

[LordLimecat]

Being binary doesnt mean it needs decompression. It may actually mean that you skip the step of lexing ASCII into binary.

decompression: 800 Mbps

[raymorris]

I just did a quick test and found that decompression runs at about 800 Mbps. Therefore, if the network connection is slower than 800 Mbps, it makes sense to transfer compressed data over the network, then decompress it.

The fact that binary data doesn't need the same parsing like ascii does is kind of an unrelated issue.

Re:

[bradgoodman]

That doesn't mean anything. Were you running on a 3GHz Ivy Bridge server, or a little PIC IoT device? How much CPU time did it take? How many did your application need/require? Did the net result of header decompression along with the easier parsing of the binary header take more or fewer CPU resources then the older uncompressed, ASCII header? etc..etc..etc..

1.2 Ghz, and again - binary orthogonal to compress

[raymorris]

That was at 1.2 Ghz. It's likely that most devices used in the next 15 years will run at 1.2 Ghz or faster.

> Did the net result of header decompression along with the easier parsing of the binary header take more or fewer CPU resources then the older uncompressed, ASCII header?

You keep conflating two completely separate things, but faster + faster = faster. Compressed is faster than uncompressed. Note that's the end of a sentence.

Also, and completely separately, binary is faster than ascii. Both are i

Re:

[bradgoodman]

Compressed is faster on the wire, but takes more CPU time to decompress. If I have a 100GbE network connection coming into a server - my network bandwidth might outpace my compute abilities.

100Gb, 0 Kbps, and Atom CPU, yes. Been tested

[raymorris]

Yes, if you're using a full 100GbE link to serve empty files nothing but headers, and you have an Atom CPU, that CPU will probably be the bottleneck. You'd want to upgrade that CPU.

On the other hand, if you're serving files, where the body of the response is much larger than the headers, you'd have only 100 Mbps of headers and your Atom CPU could keep up.

You're not under the impression that you are the first person to think about the potential tradeoff, are you? People much smarter than either of us calcu

Re:

[Bengie]

When coupled with a CDN hosting most of your multimedia(non-compressible data), nearly all of your bandwidth is compressible.

Re:

[amorsen]

This would make sense if HTTP requests were typically bandwidth-limited. Almost none of them are, most are way too short and never actually get TCP going at line-rate. HTTP is most often latency-bound, not bandwidth-bound, and the compression is meant to help with latency (reducing number of request packets), not bandwidth.

Re:

[amorsen]

It is actually surprisingly complicated.

It turns out that a typical HTTP/1.1 request requires multiple TCP packets to get all the headers across. With TCP slow start, this takes a long time because only one packet gets transmitted per round trip in the beginning. Obviously this gets even worse if you try to browse to a different continent, with 100ms+ latency.

HTTP/2 manages to fit most requests into one packet, assuming a reasonable MTU. To do this requires both a binary protocol encoding and header compres

Control

[xdor]

the real performance gains are expected to come from multiplexing. This is where multiple requests can be share the same TCP connection

Now we can report your activities to the NSA at the same time as the request: all right from your own computer! (pay no attention to those extra binary headers, they're there for your safety!)

Re:Control

[CajunArson]

Spoken like somebody who really doesn't understand TCP/IP but likes to say NSA for cheap mod points.

Re:

[LordLimecat]

This thread is filled with people who think that binary == compressed, plaintext == more efficient, and multiplexing == MITM.

I dont think anyone's really gonna notice.

Re:

[xdor]

I should probably take offense at this a bit, since I did a bit of multicast programming back in the day, but hey, just because I know how to use implementations of UDP and TCP over IP doesn't mean I understand the underlying layers. So I'm sure this must be in your wheelhouse.

And while I can see the advantage of sending more traffic over an already open socket, in the web-world isn't this just another name for a single-threaded browser?

I must concede the NSA doesn't need home-sourced traffic capture when

Re:

[Bengie]

HTTP1.1 already supported pipelining many requests over the same connection, but you had to wait for the prior request to finish before the next one could start processing. This means stalling while waiting. HTTP2's multiplexing allows for async requests, meaning you do no need to wait for a request to finish to issue the next request, and requests are capable of returning out of order. This means fewer opened TCP connections in order to to get the same performance, which means fewer states for firewalls an

Binary format

[dskoll]

Parsing out the binary format of HTTP frames will most likely open up a whole new class of client vulnerabilities as malicious servers feed them bad data. Yay.

Re:

[Sarusa]

Parsing is not necessary. When it's binary, you can directly read and use the values.

*facepalm* This is /exactly/ why it opens up a whole new class of client (or server) vulnerabilities. You have to assume you are being lied to by something malicious instead of just using the values. Easiest one - in a length field, lie about how many bytes are in the field. That's the Heartbleed bug!

And you're still going to have to parse it - you get a binary blob, but it's not a fixed struct you can just drop into memory

JS single thread?

[pooh666]

So does this put the pressure on to adapt JS to match up? Otherwise, it seems to me that the single thread deal with JS will partly hinder mulitplexing goodness. fast fast on the network, still slow slow on the browser. I guess that has always been the case even with multiple requests at a time, but it always seemed to me that was a kind of accepted, almost excuse re JS. Like yeah, "you don't want to make too many requests at once anyway"...