QUIC as a solution to protocol ossification
QUIC as a solution to protocol ossification
Posted Jan 30, 2018 12:36 UTC (Tue) by tialaramex (subscriber, #21167)In reply to: QUIC as a solution to protocol ossification by nim-nim
Parent article: QUIC as a solution to protocol ossification
nim-nim is surprised that things are being moved into the cloud, why is this happening? How can it be that "owners" are preferring the cloud where nim-nim can't give them "control" ? What can be behind this? Surely only some nefarious motive at work.
The reality is that the "control" nim-nim and co. have given to "owners" results in things not working properly and it being more and more difficult to fix it. Layer upon layer of "control" afforded by middle boxes makes it impossible to innovate, and those "owners" choke and writhe. The cloud doesn't do very much, but they're so unused to having any freedom at all from the "control" nim-nim's cohort have "given" them that it feels like unlimited power in contrast.
So a company which spent $1M and three years trying to build a new web site, and failing as middle box after middle box refused to co-operate (sorry "gave them control" by not working) is astonished that Amazon, a company that sells books, can put up that web site for them in under a month for a few grand a year. And us LWN readers might smirk - we could do that for the price of a Raspberry Pi and a lost weekend, except that, well, only if we didn't submit to any of nim-nim's "control" as most home Internet users have.
The real difference in the cloud is that when a nim-nim sales person comes to call, the people in the room ask awkward questions like "How does this device deal with protocol incompatibilities? What's your plan for moving away from SHA-256?" rather than "It's really important to us that we deal with Risk, do you have a form letter that says buying this product will fix our Risk so we can show it to our auditors?". And I'm sure that makes nim-nim sad, but it makes actual _users_ happy, so I'll take that trade thanks.
Historically when I've given concrete examples nim-nim has simply insisted they're wrong, which I guess is brazen enough that it must feel righteous, like insisting "I'm the least racist person you'll ever meet" in the middle of doing something very racist. But I'll give one here again for everybody else's benefit, even if it's predictable that nim-nim will continue to believe that facts are wrong.
Last week a product I'm responsible for broke, again. Why did it break? Well, we have a middle box, you see, to ensure we have "control" over er, our own web servers, before the data reaches the next middle box, which is there to ensure "control" over the actions of the other middle box. And apparently somebody at the middle box's manufacturer heard about "Clickjacking". So, they rolled out an update that prevents it by adding a rule to forbid third party frames. (Anybody who does web development for a living now knows where this is going). This update broke "my" product which a partner uses, because they embed frames and thus look exactly like Clickjacking, which is why we hadn't already used a countermeasure and had in fact _explicitly_ rejected doing so for that product, asking the partner to instead re-design to avoid frames before we addressed the problem.
But why "again"? Well, after we fixed this the first time, another person on the team looking after that middle box saw the corrected rule and since there's no actual change management control on the middle box (it's for "control" remember, no need for any oversight or a decent UX, the people signing the cheques will never use it) they figured it must be a mistake and "fixed" it back how it was before, so frames stopped working again.
Ultimately I'm not all that worried about the nim-nims of the world, because although they're annoying they're fighting gravity here, the middle boxes guarantee the doom of companies that embrace them, the more and deeper you invest in middle boxes the worse and faster the ossification. Call it "control" all you like, if you can't grow and change this universe will kill you. The Dumb Network that nim-nim has attributed to Google is an idea which was old before Google even existed, both the Internet and its predecessors back to at least the Treaty of Bern are founded on the correct observation that a Dumb Network is the only thing that'll actually get the job done.
Posted Jan 30, 2018 18:30 UTC (Tue)
by alonz (subscriber, #815)
[Link]
Posted Jan 31, 2018 9:30 UTC (Wed)
by nim-nim (subscriber, #34454)
[Link] (1 responses)
1. I don't sell and I haven't ever sold not ever benefited from any middlebox sell, directly or indirectly
2. I *have* tried to work with anti-middleware persons to get them fix their implementation of some standards. Their bugs were causing pain to tends of thousands of people that had no beef in the middleware vs non middleware dispute and probably though IT people were collectively dangerous imbeciles. Only to meet obfuscation and evasion, and finally understand the breakage was 100% intentional and they were crippling some use cases and wasting their user's (and sometimes customers') time and energy to push their opinions. Only they would not own up to it and were lying to their users in pretending they had implemented standards when they had sabotaged the parts of them they didn't like, and used it as argument to propose the removal of those parts.
3. In any medium to large organization you will have idiots that will do things just because they can and feel they will get away with it. That's what control systems are about. If you don't believe in control systems, share a computer with a score of other persons, all running as admin, with no enforcing at all, and see how long you can cope with being charged with making the thing run.
4. If you think software developers are any more responsible just look at the junk that get pushed to app stores and all the nasty permissions those apps ask for just because app stores were designed with a "no middle control" mindset and the few controls that exist were bolted on later and are completely inefficient and lacking. Networks are no magic, they're an IT system like a computer, they have the same control requirements (and will need more as they migrate to SDN. More power means more responsibility, more responsibility means more control requirements).
5. Disabling controls makes things run faster and simpler. Who would have thought of it? (see also: Intel/meltdown)
6. In a "smart object" world where everything from microwaves to lightbulbs runs IP you *will* have to administer a fairly complex network at home. We'll see how much you like it when Google strips you of any control power, and known-dangerous and unpatched gadgets get to talk freely with the exterior. I believe smart camera operators had their first waking call last year.
I'll leave you the 'amusing' insults that have really no place on lwn.
Posted Feb 2, 2018 23:10 UTC (Fri)
by lsl (subscriber, #86508)
[Link]
Some specifics would be nice. Are we really talking about bugs or about things like not implementing plaintext downgrades on encrypted protocols? Or making it harder to perform MITM attacks on TLS users thus breaking the "use cases" of ad/garbage injection (loved by mobile ISPs) and other integrity/confidentiality violations of traffic intended to be encrypted and authenticated?
Posted Feb 2, 2018 0:44 UTC (Fri)
by jschrod (subscriber, #1646)
[Link]
To associate a poster on lwn.net with racism because you disagree with him is not the style of discussion that I'm used to, here around. Please refrain from it. This kind of personal attack doesn't help to communicate your arguments, either.
FWIW: I neither follow nim-nim's opinion nor yours, so please don't accuse me of bias.
Posted Feb 7, 2018 19:33 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link] (2 responses)
So I explained, calmly, that this is undoubtedly caused by a middle box, I specified the exact brand of middle box they'd most likely bought which causes this error, and that I had previously _emphatically_ warned those implementing the latest middle box that it would likely cause serious problems unless its rules had been appropriately hand-crafted to let our actual traffic through, at which point it would simply be dead weight. I think I even forwarded the emails where those responsible had promised to co-operate with me during installation, and then gone silent.
I was assured that even if we had coincidentally just bought a middle box from the exact manufacturer I specified, the network engineering team responsible were 100% certain that it wasn't their box at fault. The problem must be in my application and I needed to pull my finger out and fix whatever it was. I reiterated that it's the middle box, and suggested means by which they could verify that for themselves, and then I just let it all slide by, because it's futile to engage with such nonsense.
This morning my Product Owner, who for his sins does have to actually sit there in person and listen to this every day, managed to persuade someone to do him a favour and try a simple A/B test. He would fail to get into the application, they would switch off the middle box, then he'd try again. To their astonishment it suddenly worked. Then they switched it back on, his application session failed almost immediately and he wasn't able to get back in. How about that?
Now, nim-nim has explained elsewhere that despite symptoms like these in their opinion it's wrong to blame the middle box. Blame client software, or policy decisions, or Google. Here's the problem even if you want to sympathise with that point of view: Nobody cares. You can fire me and get another team in and re-write the entire application, spending millions of dollars and refunding all the existing customers, and at the end it still doesn't work. Or, you can switch off the middle box and it works immediately. It's a no brainer. It wouldn't even matter if _somehow_ the middle box isn't really the "cause" of your problem: no middle box, no problem.
Posted Feb 8, 2018 1:36 UTC (Thu)
by karkhaz (subscriber, #99844)
[Link] (1 responses)
Posted Feb 8, 2018 18:34 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
And the hilarious thing is that the middle box's job is to transmit the customer's data - which it is clearly and blatantly failing to do!
What Google wants, and (maybe slightly altered) what everyone else wants, is for whatever leaves my *source* network should get to my *destination* network INTACT and UNALTERED. What f'ing right does the TRANSPORT network have to interfere and alter my data or throw it away? Because that's what nim-nim is advocating - let the transport network (and indeed, not even that, let the vendors of the equipment running the transport network) dictate what traffic is allowed is allowed to pass over the transport network. NOT good if I'm paying for my data to be transported ...
Cheers,
Well, these companies now have the FCC's ear… and FCC is more than happy to agree with their vision of "help".
QUIC as a solution to protocol ossification
QUIC as a solution to protocol ossification
QUIC as a solution to protocol ossification
QUIC as a solution to protocol ossification
excors made a good point in a neighbouring post of yours: https://lwn.net/Comments/745923/
QUIC as a solution to protocol ossification
QUIC as a solution to protocol ossification
QUIC as a solution to protocol ossification
Wol