HTTP/2

This came about through the efforts of Google to make the web faster. They managed to make it 40% faster but several orders of magnitude more complicated.

Not worth it in my opinion.

I absolutely agree with one of major critics of HTTP/2 Poul-Hemming Kamp that HTTP/2 is not an improvement over original version of HTTP.

I would describe this as premature optimization.

The issue is that it adds a lot of complexity and makes it harder to debug issues. It also makes it harder to implement web server and clients. It goes against made HTTP successful in the first place by Tim - it was simple!

This isn’t good since it means that it’s harder to write a web browser or server.

Why does that matter?

HTTP/2 implementation is part of Chromium which is the browser engine which powers both Chrome and Microsoft’s Edge Browser. It’s also implement as part of nginx which is the dominate web server. These two bodies of code are embedded into thousands of devices. Uh oh.

HTTP/2 exacerbates a trend towards having very little diversity our IT infra-structure. Hmmm? See where this is leading? If you thought log4j is bad think about the impact of vulnerabilities in these two pieces of software which are used everywhere and you have a disaster waiting to happen which will make log4j seem like a minor issue.

Hope someone on Google is listening !

See the how do you reverse engineer a funky protocol video.