I started going to IETF meetings.
Uncategorized
9
Posts
4
Posters
13
Views
-
I started going to IETF meetings. Those events take place 3 times a year, with ~1000 people attending in person and another ~1000 remotely. A good chunk of those are paid to be there and some are employed by big companies like Apple and Google. This is the place where the fundamental fabric of the internet is constantly being improved. TLS 1.3, HTTP/3, MLS to name a few.
With this in mind I have no fucking clue what Moxie was on about when he said interoperable protocols are stuck in the 1990s.
-
I started going to IETF meetings. Those events take place 3 times a year, with ~1000 people attending in person and another ~1000 remotely. A good chunk of those are paid to be there and some are employed by big companies like Apple and Google. This is the place where the fundamental fabric of the internet is constantly being improved. TLS 1.3, HTTP/3, MLS to name a few.
With this in mind I have no fucking clue what Moxie was on about when he said interoperable protocols are stuck in the 1990s.
@daniel@gultsch.social
#QUIC (and #HTTP3) exists to serve the interests and needs of #Google.
In particular 0-RTT is basically a low-level cookie that allows deterministic user tracking below and before #http: if it will ever spread, disabling or deleting cookies, even out-lawing them, won't be a issue for #SurveillanceCapitalism.
So these days what happens at #IETF is much more lobbying than engineering. Overpaid engineers lobby against the users to further cement the power of their corporations.
I wouldn't call these as "improvements".
These days, sadly, IETF is the place where the fundamental fabric of the internet is constantly being ^^enshittified**.
@lorenzo@snac.bobadin.icu
-
@daniel@gultsch.social
#QUIC (and #HTTP3) exists to serve the interests and needs of #Google.
In particular 0-RTT is basically a low-level cookie that allows deterministic user tracking below and before #http: if it will ever spread, disabling or deleting cookies, even out-lawing them, won't be a issue for #SurveillanceCapitalism.
So these days what happens at #IETF is much more lobbying than engineering. Overpaid engineers lobby against the users to further cement the power of their corporations.
I wouldn't call these as "improvements".
These days, sadly, IETF is the place where the fundamental fabric of the internet is constantly being ^^enshittified**.
@lorenzo@snac.bobadin.icu@giacomo @daniel @lorenzo IETF protocol specs regularly include sections with privacy considerations just like security considerations. These point out such problems and guide implementers to get them right (eg. to only use 0RTT if user tracking is of no concern because cookies would be on anyway). If a browser implements that wrong, it's for other lacks but awareness.
-
@giacomo @daniel @lorenzo IETF protocol specs regularly include sections with privacy considerations just like security considerations. These point out such problems and guide implementers to get them right (eg. to only use 0RTT if user tracking is of no concern because cookies would be on anyway). If a browser implements that wrong, it's for other lacks but awareness.
-
Well @chrysn@chaos.social, I really appreciate your good intentions and will to fight for users' #privacy.
But I was not talking about you or the few independent developers who still volunteer at #IETF these days.
I was talking about IETF effects on the Internet standards as a whole.
I'm afraid the impact of a few independent engineers is not going to balance the power of organized and well funded #BigTech lobbyists.
As an example, let's stay on topic and look at RFC 9001, "Using #TLS to Secure #QUIC".
All that is said about the impoved ability of the server to identify (and thus track) the user are in two lines about session resumption (emphasys mine):Session resumption allows servers to link activity on the original connection with the resumed connection, which might be a privacy issue for clients. Clients can choose not to enable resumption to avoid creating this correlation.
Now please notice the #hypocrisy: the wording is set up as if clients should opt-in, but it's pretty unlikely that users will be given a choice between a personal data leak at protocol level and an imperceptible increase in connection time, in particular with 0-RTT where " Endpoints cannot selectively disregard information that might alter the sending or processing of 0-RTT".
So while I'm pretty curious about @bagder@mastodon.social's perspective, I see that #Google managed to get a protocol designed to thwart user privacy and reduce its own server costs (even just the energy consumed during TLS hadshakes, amount to thousands dollars each day).
This way, if EU would decide to forbid tracking cookies at all, Google would get a competitive advantage over all other #AdsTech companies.
Now a properly working IETF would have rejected such shit, knowing that it would have been leveraged against people (and democracies) though #Chrome browsers and #Android defaults.
CC: @daniel@gultsch.social @lorenzo@snac.bobadin.icu
-
Well @chrysn@chaos.social, I really appreciate your good intentions and will to fight for users' #privacy.
But I was not talking about you or the few independent developers who still volunteer at #IETF these days.
I was talking about IETF effects on the Internet standards as a whole.
I'm afraid the impact of a few independent engineers is not going to balance the power of organized and well funded #BigTech lobbyists.
As an example, let's stay on topic and look at RFC 9001, "Using #TLS to Secure #QUIC".
All that is said about the impoved ability of the server to identify (and thus track) the user are in two lines about session resumption (emphasys mine):Session resumption allows servers to link activity on the original connection with the resumed connection, which might be a privacy issue for clients. Clients can choose not to enable resumption to avoid creating this correlation.
Now please notice the #hypocrisy: the wording is set up as if clients should opt-in, but it's pretty unlikely that users will be given a choice between a personal data leak at protocol level and an imperceptible increase in connection time, in particular with 0-RTT where " Endpoints cannot selectively disregard information that might alter the sending or processing of 0-RTT".
So while I'm pretty curious about @bagder@mastodon.social's perspective, I see that #Google managed to get a protocol designed to thwart user privacy and reduce its own server costs (even just the energy consumed during TLS hadshakes, amount to thousands dollars each day).
This way, if EU would decide to forbid tracking cookies at all, Google would get a competitive advantage over all other #AdsTech companies.
Now a properly working IETF would have rejected such shit, knowing that it would have been leveraged against people (and democracies) though #Chrome browsers and #Android defaults.
CC: @daniel@gultsch.social @lorenzo@snac.bobadin.icu -
Sorry if I reopen the thread, but I've just read these slides from the OpenSSL Conference of this years
https://archive.openssl-conference.org/2025/presentations/Peter_Gutmann_ietf.pdf
I think they're worth a read (and it's somewhat funny too). Even mention #QUIC/#HTTP3 as case study about #Google capture of #IETF.
CC: @chrysn@chaos.social @daniel@gultsch.social @lorenzo@snac.bobadin.icu
-
Sorry if I reopen the thread, but I've just read these slides from the OpenSSL Conference of this years
https://archive.openssl-conference.org/2025/presentations/Peter_Gutmann_ietf.pdf
I think they're worth a read (and it's somewhat funny too). Even mention #QUIC/#HTTP3 as case study about #Google capture of #IETF.
CC: @chrysn@chaos.social @daniel@gultsch.social @lorenzo@snac.bobadin.icu@giacomo @bagder @chrysn @lorenzo is there a recording of the talk? My experience with the IETF thus far is fairly positive and I'm most certainly not employed by FAANG.
However my experience is also limited having only written and published one RFC and only having been to two in person meetings so I'm more than willing to hear other perspectives. There is also a chance that the experience differs from working group to working group. -
@giacomo @bagder @chrysn @lorenzo is there a recording of the talk? My experience with the IETF thus far is fairly positive and I'm most certainly not employed by FAANG.
However my experience is also limited having only written and published one RFC and only having been to two in person meetings so I'm more than willing to hear other perspectives. There is also a chance that the experience differs from working group to working group.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@GyrosGeier I looked it up and I think you might be right
-
@GyrosGeier oh no, there's more than one x86_64?
-
@livelakeerie ever since seeing a video of one of the bad endings from one of the later myst games where you can get trapped on myst island and it's all run down and rainy, I sometimes think it would be cool if there were a little game where there was a little abandoned island full of weird old stuff and it was constantly experiencing Weather and other interesting atmospheric phenomena, and there was no point to it other than to walk around and look at stuff. anyways this reminded me of that
-
@aeva more likely they dropped support for x86_64v1.
Debian still has v1 support, and CERN has indicated on the mailing list that they'd move away from Debian if they dropped it, so that should work.
-
@aeva Lake Eerie.
-
currently my best plan to get mollytime working on that machine is to port mollytime to haiku. I think my meds are starting to wear off for the night
-
@MontgomeryGator ah, interesting, but there is a driver?
-
RE: https://mastodon.social/@livelakeerie/115607369705541739
I'm pretty sure this is one of the levels in Myst?
