Threads for ilija

  1. 1

    How well do these work across browsers? I thought at least Safari disabled a load of these because they can be used for tracking. In the simplest case, if I use a tracking ID as the etag, I can use that as a beacon: the browser will say ‘Hey server, I have a thing with {tracking ID}, is it the latest?’ and the server says ‘Yup. Muahahahaha, now I have tracked this user’. It’s probably a bit harder with the other things, but I can imagine that if the last-modified time is a full ISO 8601 format and I don’t update resources more than once per minute then I can use the seconds + milliseconds to give me 60,000 unique tokens that I can use for tracking IDs.

    1. 1

      How well do these work across browsers?

      They’re part of the HTTP spec, so all browsers (probably) implement them. Not sure if Safari disables these headers but you’re correct when saying that they can be used to track users. It is a well documented tracking vector.

      I can imagine that if the last-modified time is a full ISO 8601 format and I don’t update resources more than on…

      It’s actually simpler. ETags are opaque for the clients, so one can, in theory, put a fingerprint in the ETag and track that user agent across its session. In fact, KissMetrics got sued for it back in 2012.

    1. 4

      This is really good. Thank you for explaining wth weak etags are.

      Could do with an explanation of when the UA will use weak or string comparison for etags. Wikipedia claims it’s weak when you want to refresh something you already downloaded, strong when you want to resume a download with a range request (for which you need to be certain that you’re going to be downloading the next part of a byte-for-byte identical file to the one you started downloading earlier).

      Teasing the title, requests that aren’t made at all are even faster 😉. I’ve seen sites get visibly faster from setting cache-control public max-age=… on a few dozen static resources.

      1. 1

        Thank you!

        Wikipedia is (as usual) right. Weak ETags are useful for refreshes, while strong ETags are useful for downloads using Range.

        I am keen to write more on the topic 👆 if that’s something you’d be interested in reading?

      1. 2
        1. 2

          Maybe a bit late to reply, but thanks – I am glad you found the article worth reading!

        1. 1

          Started watching The Mandalorian. (Better late than never.)

          Did a 2nd coat of the indoor stairs of the house.

          Back to language learning after a break of two weeks.

          1. 4

            As always: it depends.

            What is the goal here? For example, do you want to learn a new language/framework, or do you want to get something functional to market fast, so you can test the market? Or something else perhaps?

            If the goal is to get something out to market ASAP – use something you’re comfortable with.

            If the goal is to learn (which is great!) – check out either Go or Elixir, I find them both worth learning.

            What I would suggest is avoiding mixing up these two (I’ve done it a few times in the past). Building a product while learning a tech stack will be frustrating, and most likely you won’t be happy with the result (which is to be expected, because it’s your first project in $NEW_STACK).

            Have fun building!

            1. 1

              https://ieftimov.com/ - you should read it if you are curious about backend-related topics, or if Go, Ruby, Elixir interest you.

              1. 1

                Keep reading “On Writing Well” by William Zinsser. Try to wrap up a blog post I’ve already started.

                1. 2

                  Finish a blog post I am writing. Advent of Code day 1.

                  1. 2

                    Probably going to write a short post on my blog. And read a chapter or two from “Elixir in Action”. Other than that, nothing really.

                    1. 2

                      Push a new post and continue working on my series of posts on testing in Go that I’ve been doing for a while now.

                      Also, I am going to do some thinking and jot ideas about building a tiny app for peer reviews of articles.

                      Lastly, it’s a warm weekend in western Europe, so I hope for some BBQ and cold beer in the sun.

                      1. 2

                        Have been writing a series of articles on my blog on the topic of testing in Golang, working on the latest article covering naming conventions (file, function and variable names).

                        P.S. If someone feels like proofreading or reviewing please reach out!