It's been 20 years today (Oct 16, UTC). Hard to believe.

• Previous message (by thread): It's been 20 years today (Oct 16, UTC). Hard to believe.
• Next message (by thread): It's been 20 years today (Oct 16, UTC). Hard to believe.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2018-10-17 02:35, Michael Thomas wrote:
> I believe that the IETF party line these days is that Postel was wrong 
> on this point. Security is one consideration, but there are others.

Postel's maxim also allowed extensibility.  If our network code rejects 
(or crashes) on things we don't currently understand and use, it ensures 
that they can't be used by apps that come along later either.  The 
attitude of rejecting everything in the name of security is what has 
forced app developers to tunnel APIs and everything else inside HTTP/DNS.

>
> Mike
>
> On 10/16/2018 07:18 PM, bzs at theworld.com wrote:
>> What it's trying to say is that you have control over your own code
>> but not others', in general.
>>
>> So make your own code (etc) robust and forgiving since you can't edit
>> others' code to conform to your own understanding of what they should
>> be sending you.
>>
>> I suppose that pre-dates github but nonetheless much of the code which
>> generates bits flung at you is proprietary and otherwise out of your
>> control but what you can control is your code's reaction to it.
>>
>> And of course the bits you generate which should try to make
>> conservative assumptions about what they might accept and interpret as
>> you expect.
>>
>> For example just because they sent you a seemingly malformed HTTP
>> request, and given that 4xx is for error codes, doesn't mean you
>> should return "420 You must be high!" and expect to be understood.
>>
>

• Previous message (by thread): It's been 20 years today (Oct 16, UTC). Hard to believe.
• Next message (by thread): It's been 20 years today (Oct 16, UTC). Hard to believe.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]