12.xhtml 8.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
  1. <?xml version="1.0" encoding="utf-8"?>
  2. <!--
  3. h t t :: / / t /
  4. h t t :: // // t //
  5. h ttttt ttttt ppppp sssss // // y y sssss ttttt //
  6. hhhh t t p p s // // y y s t //
  7. h hh t t ppppp sssss // // yyyyy sssss t //
  8. h h t t p s :: / / y .. s t .. /
  9. h h t t p sssss :: / / yyyyy .. sssss t .. /
  10. <https://y.st./>
  11. Copyright © 2016 Alex Yst <mailto:copyright@y.st>
  12. This program is free software: you can redistribute it and/or modify
  13. it under the terms of the GNU General Public License as published by
  14. the Free Software Foundation, either version 3 of the License, or
  15. (at your option) any later version.
  16. This program is distributed in the hope that it will be useful,
  17. but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. GNU General Public License for more details.
  20. You should have received a copy of the GNU General Public License
  21. along with this program. If not, see <https://www.gnu.org./licenses/>.
  22. -->
  23. <!DOCTYPE html>
  24. <html xmlns="http://www.w3.org/1999/xhtml">
  25. <head>
  26. <base href="https://y.st./en/weblog/2016/03-March/12.xhtml" />
  27. <title>Progress has been made by Qt, but Webkit doesn&apos;t actually understand the issue &lt;https://y.st./en/weblog/2016/03-March/12.xhtml&gt;</title>
  28. <link rel="icon" type="image/png" href="/link/CC_BY-SA_4.0/y.st./icon.png" />
  29. <link rel="stylesheet" type="text/css" href="/link/basic.css" />
  30. <link rel="stylesheet" type="text/css" href="/link/site-specific.css" />
  31. <script type="text/javascript" src="/script/javascript.js" />
  32. <meta name="viewport" content="width=device-width" />
  33. </head>
  34. <body>
  35. <nav>
  36. <p>
  37. <a href="/en/">Home</a> |
  38. <a href="/en/a/about.xhtml">About</a> |
  39. <a href="/en/a/contact.xhtml">Contact</a> |
  40. <a href="/a/canary.txt">Canary</a> |
  41. <a href="/en/URI_research/"><abbr title="Uniform Resource Identifier">URI</abbr> research</a> |
  42. <a href="/en/opinion/">Opinions</a> |
  43. <a href="/en/coursework/">Coursework</a> |
  44. <a href="/en/law/">Law</a> |
  45. <a href="/en/a/links.xhtml">Links</a> |
  46. <a href="/en/weblog/2016/03-March/12.xhtml.asc">{this page}.asc</a>
  47. </p>
  48. <hr/>
  49. <p>
  50. Weblog index:
  51. <a href="/en/weblog/"><abbr title="American Standard Code for Information Interchange">ASCII</abbr> calendars</a> |
  52. <a href="/en/weblog/index_ol_ascending.xhtml">Ascending list</a> |
  53. <a href="/en/weblog/index_ol_descending.xhtml">Descending list</a>
  54. </p>
  55. <hr/>
  56. <p>
  57. Jump to entry:
  58. <a href="/en/weblog/2015/03-March/07.xhtml">&lt;&lt;First</a>
  59. <a rel="prev" href="/en/weblog/2016/03-March/11.xhtml">&lt;Previous</a>
  60. <a rel="next" href="/en/weblog/2016/03-March/13.xhtml">Next&gt;</a>
  61. <a href="/en/weblog/latest.xhtml">Latest&gt;&gt;</a>
  62. </p>
  63. <hr/>
  64. </nav>
  65. <header>
  66. <h1>Progress has been made by Qt, but Webkit doesn&apos;t actually understand the issue</h1>
  67. <p>Day 00371: Saturday, 2016 March 12</p>
  68. </header>
  69. <p>
  70. I woke up this morning and found a letter in my inbox saying that the <abbr title="Server Name Indication">SNI</abbr> bug in Qt had been labeled as important by the developers.
  71. Mozilla reclassified my bug as being a bug in their <abbr title="Hypertext Transfer Protocol">HTTP</abbr> handling, which means that they are actually taking notice.
  72. Google was working on this bug before I told them about it.
  73. It&apos;s been a short period of time since I submitted these reports, but those that have taken notice actually seem to care.
  74. Both ellyjones and I thought that people would fail to realize that this is important.
  75. There are more bugs to report to other Web browsers, as well as Wget and <abbr title="Client for URLs/Client URL Request Library/Curl URL Request Library">cURL</abbr>, but that will have to wait for now.
  76. </p>
  77. <p>
  78. Later in the day, I received an email alerting me to a commit to Qt&apos;s code repository <a href="https://codereview.qt-project.org/#/c/152150/">fixing the bug</a>.
  79. I&apos;m not sure if the commit is to the main repository or if this is some sort of pull request, but even if it&apos;s only a pull request, I doubt there&apos;s any reason to avoid accepting it.
  80. The code has already been written and it fixes a known problem.
  81. My best guess is that this is a pull request of sorts, as it shows a table listing different people that need to check the code and sign off on it.
  82. The commit message even shows that they are properly leaving the Host header alone while fixing the <abbr title="Server Name Indication">SNI</abbr> error.
  83. I am so excited!
  84. </p>
  85. <blockquote>
  86. <h6>Do not send the trailing dot of a hostname as part of the SNI</h6>
  87. <p>
  88. The SNI extension must not include the trailing dot, even though this is legitimate for the host header.
  89. </p>
  90. </blockquote>
  91. <p>
  92. Still later though, I received an email with bad news.
  93. The Webkit people think that I&apos;m talking about in-browser certificate mismatch errors, not the malformed <abbr title="Server Name Indication">SNI</abbr> host names that the browser is sending.
  94. As they didn&apos;t understand what I meant, they <a href="https://bugs.webkit.org/show_bug.cgi?id=155378">don&apos;t think there&apos;s a problem</a>.
  95. Unless I can get through to them what I really mean and convince them that there is a problem, nothing will be done about it.
  96. </p>
  97. <p>
  98. I applied for four jobs today, looked into three places that turned out not to be hiring, and got a lead on a job that I will be able to look into on Monday.
  99. </p>
  100. <p>
  101. I learned something very interesting from sfan5 of <a href="ircs://sbuk7aqcxkoyipwv.onion:49152/%23Minetest">#Minetest</a>.
  102. As it turns out, the reason that some <abbr title="The Onion Router">Tor</abbr> exit nodes are able to access the freenode network isn&apos;t because freenode staff are too incompetent to implement the <abbr title="The Onion Router">Tor</abbr> <abbr title="Domain Name System">DNS</abbr> blacklist.
  103. Instead, it&apos;s because these nodes are specifically whitelisted.
  104. To be specific, <abbr title="Internet Protocol">IP</abbr> addresses used by a <abbr title="virtual private network">VPN</abbr> company called <a href="https://www.privateinternetaccess.com/">Private Internet Access</a> are allowed to access the freenode <abbr title="Internet Relay Chat">IRC</abbr> network even if these <abbr title="Internet Protocol">IP</abbr> addresses are currently used to relay traffic from the <abbr title="The Onion Router">Tor</abbr> network.
  105. Furthermore, it appears that Private Internet Access is one of freenode&apos;s sponsors; the money that Private Internet Access pays freenode may very well be in part a bribe for whitelisting their <abbr title="virtual private network">VPN</abbr> servers&apos; <abbr title="Internet Protocol">IP</abbr> addresses.
  106. </p>
  107. <hr/>
  108. <p>
  109. Copyright © 2016 Alex Yst;
  110. You may modify and/or redistribute this document under the terms of the <a rel="license" href="/license/gpl-3.0-standalone.xhtml"><abbr title="GNU&apos;s Not Unix">GNU</abbr> <abbr title="General Public License version Three or later">GPLv3+</abbr></a>.
  111. If for some reason you would prefer to modify and/or distribute this document under other free copyleft terms, please ask me via email.
  112. My address is in the source comments near the top of this document.
  113. This license also applies to embedded content such as images.
  114. For more information on that, see <a href="/en/a/licensing.xhtml">licensing</a>.
  115. </p>
  116. <p>
  117. <abbr title="World Wide Web Consortium">W3C</abbr> standards are important.
  118. This document conforms to the <a href="https://validator.w3.org./nu/?doc=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2016%2F03-March%2F12.xhtml"><abbr title="Extensible Hypertext Markup Language">XHTML</abbr> 5.1</a> specification and uses style sheets that conform to the <a href="http://jigsaw.w3.org./css-validator/validator?uri=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2016%2F03-March%2F12.xhtml"><abbr title="Cascading Style Sheets">CSS</abbr>3</a> specification.
  119. </p>
  120. </body>
  121. </html>