123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 |
- <?xml version="1.0" encoding="utf-8"?>
- <!--
-
- h t t :: / / t /
- h t t :: // // t //
- h ttttt ttttt ppppp sssss // // y y sssss ttttt //
- hhhh t t p p s // // y y s t //
- h hh t t ppppp sssss // // yyyyy sssss t //
- h h t t p s :: / / y .. s t .. /
- h h t t p sssss :: / / yyyyy .. sssss t .. /
-
- <https://y.st./>
- Copyright © 2016 Alex Yst <mailto:copyright@y.st>
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <https://www.gnu.org./licenses/>.
- -->
- <!DOCTYPE html>
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <base href="https://y.st./en/weblog/2016/03-March/12.xhtml" />
- <title>Progress has been made by Qt, but Webkit doesn't actually understand the issue <https://y.st./en/weblog/2016/03-March/12.xhtml></title>
- <link rel="icon" type="image/png" href="/link/CC_BY-SA_4.0/y.st./icon.png" />
- <link rel="stylesheet" type="text/css" href="/link/basic.css" />
- <link rel="stylesheet" type="text/css" href="/link/site-specific.css" />
- <script type="text/javascript" src="/script/javascript.js" />
- <meta name="viewport" content="width=device-width" />
- </head>
- <body>
- <nav>
- <p>
- <a href="/en/">Home</a> |
- <a href="/en/a/about.xhtml">About</a> |
- <a href="/en/a/contact.xhtml">Contact</a> |
- <a href="/a/canary.txt">Canary</a> |
- <a href="/en/URI_research/"><abbr title="Uniform Resource Identifier">URI</abbr> research</a> |
- <a href="/en/opinion/">Opinions</a> |
- <a href="/en/coursework/">Coursework</a> |
- <a href="/en/law/">Law</a> |
- <a href="/en/a/links.xhtml">Links</a> |
- <a href="/en/weblog/2016/03-March/12.xhtml.asc">{this page}.asc</a>
- </p>
- <hr/>
- <p>
- Weblog index:
- <a href="/en/weblog/"><abbr title="American Standard Code for Information Interchange">ASCII</abbr> calendars</a> |
- <a href="/en/weblog/index_ol_ascending.xhtml">Ascending list</a> |
- <a href="/en/weblog/index_ol_descending.xhtml">Descending list</a>
- </p>
- <hr/>
- <p>
- Jump to entry:
- <a href="/en/weblog/2015/03-March/07.xhtml"><<First</a>
- <a rel="prev" href="/en/weblog/2016/03-March/11.xhtml"><Previous</a>
- <a rel="next" href="/en/weblog/2016/03-March/13.xhtml">Next></a>
- <a href="/en/weblog/latest.xhtml">Latest>></a>
- </p>
- <hr/>
- </nav>
- <header>
- <h1>Progress has been made by Qt, but Webkit doesn't actually understand the issue</h1>
- <p>Day 00371: Saturday, 2016 March 12</p>
- </header>
- <p>
- I woke up this morning and found a letter in my inbox saying that the <abbr title="Server Name Indication">SNI</abbr> bug in Qt had been labeled as important by the developers.
- Mozilla reclassified my bug as being a bug in their <abbr title="Hypertext Transfer Protocol">HTTP</abbr> handling, which means that they are actually taking notice.
- Google was working on this bug before I told them about it.
- It's been a short period of time since I submitted these reports, but those that have taken notice actually seem to care.
- Both ellyjones and I thought that people would fail to realize that this is important.
- There are more bugs to report to other Web browsers, as well as Wget and <abbr title="Client for URLs/Client URL Request Library/Curl URL Request Library">cURL</abbr>, but that will have to wait for now.
- </p>
- <p>
- Later in the day, I received an email alerting me to a commit to Qt's code repository <a href="https://codereview.qt-project.org/#/c/152150/">fixing the bug</a>.
- I'm not sure if the commit is to the main repository or if this is some sort of pull request, but even if it's only a pull request, I doubt there's any reason to avoid accepting it.
- The code has already been written and it fixes a known problem.
- My best guess is that this is a pull request of sorts, as it shows a table listing different people that need to check the code and sign off on it.
- The commit message even shows that they are properly leaving the Host header alone while fixing the <abbr title="Server Name Indication">SNI</abbr> error.
- I am so excited!
- </p>
- <blockquote>
- <h6>Do not send the trailing dot of a hostname as part of the SNI</h6>
- <p>
- The SNI extension must not include the trailing dot, even though this is legitimate for the host header.
- </p>
- </blockquote>
- <p>
- Still later though, I received an email with bad news.
- The Webkit people think that I'm talking about in-browser certificate mismatch errors, not the malformed <abbr title="Server Name Indication">SNI</abbr> host names that the browser is sending.
- As they didn't understand what I meant, they <a href="https://bugs.webkit.org/show_bug.cgi?id=155378">don't think there's a problem</a>.
- Unless I can get through to them what I really mean and convince them that there is a problem, nothing will be done about it.
- </p>
- <p>
- I applied for four jobs today, looked into three places that turned out not to be hiring, and got a lead on a job that I will be able to look into on Monday.
- </p>
- <p>
- I learned something very interesting from sfan5 of <a href="ircs://sbuk7aqcxkoyipwv.onion:49152/%23Minetest">#Minetest</a>.
- As it turns out, the reason that some <abbr title="The Onion Router">Tor</abbr> exit nodes are able to access the freenode network isn't because freenode staff are too incompetent to implement the <abbr title="The Onion Router">Tor</abbr> <abbr title="Domain Name System">DNS</abbr> blacklist.
- Instead, it's because these nodes are specifically whitelisted.
- To be specific, <abbr title="Internet Protocol">IP</abbr> addresses used by a <abbr title="virtual private network">VPN</abbr> company called <a href="https://www.privateinternetaccess.com/">Private Internet Access</a> are allowed to access the freenode <abbr title="Internet Relay Chat">IRC</abbr> network even if these <abbr title="Internet Protocol">IP</abbr> addresses are currently used to relay traffic from the <abbr title="The Onion Router">Tor</abbr> network.
- Furthermore, it appears that Private Internet Access is one of freenode's sponsors; the money that Private Internet Access pays freenode may very well be in part a bribe for whitelisting their <abbr title="virtual private network">VPN</abbr> servers' <abbr title="Internet Protocol">IP</abbr> addresses.
- </p>
- <hr/>
- <p>
- Copyright © 2016 Alex Yst;
- You may modify and/or redistribute this document under the terms of the <a rel="license" href="/license/gpl-3.0-standalone.xhtml"><abbr title="GNU's Not Unix">GNU</abbr> <abbr title="General Public License version Three or later">GPLv3+</abbr></a>.
- If for some reason you would prefer to modify and/or distribute this document under other free copyleft terms, please ask me via email.
- My address is in the source comments near the top of this document.
- This license also applies to embedded content such as images.
- For more information on that, see <a href="/en/a/licensing.xhtml">licensing</a>.
- </p>
- <p>
- <abbr title="World Wide Web Consortium">W3C</abbr> standards are important.
- This document conforms to the <a href="https://validator.w3.org./nu/?doc=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2016%2F03-March%2F12.xhtml"><abbr title="Extensible Hypertext Markup Language">XHTML</abbr> 5.1</a> specification and uses style sheets that conform to the <a href="http://jigsaw.w3.org./css-validator/validator?uri=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2016%2F03-March%2F12.xhtml"><abbr title="Cascading Style Sheets">CSS</abbr>3</a> specification.
- </p>
- </body>
- </html>
|