How HTTP/2 will speed up your web browsing

When the last version of the Hypertext Transfer Protocol 1.1 (HTTP/1.1) was approved in 1999, fast computers were running 500MHz Pentium III chips, Bill Clinton was president of the United States, and software engineers were working hard at fixing the Y2K bug. As for the internet, the US Federal Communications Commission defined broadband as 200 kilobits per second (Kbps), and most users connected to it with 56Kbps modems. Things have changed, and HTTP, the web's fundamental protocol, is finally changing with the times, too.

http2.png
HTTP/2 in one box. --Google

After more than two years of consideration, the Internet Engineering Task Force (IETF) has finally approved HTTP/2. HTTP/2 is made up of two specifications: The new protocol itself, and HPACK, which provides header compression for HTTP/2. This revised protocol "will help provide faster user experience for browsing, reduce the amount of bandwidth required, and make the use of secure connections easier".

HTTP/2 is based in part on an earlier protocol called SPDY (pronounced speedy) from Google, and takes most of its speed improvements from it. There was never a competition between the two; SPDY is HTTP/2's father, not its rival.

The first way HTTP/2 speeds up traffic is by transferring all data as a binary format instead of HTTP 1.1's four text message styles. Besides making it simpler for web servers and browsers, this new format is more compact, because the more compact a web page is, the less time it takes to be transmitted.

HTTP/2 uses multiplexing. This makes for a more responsive website by avoiding HTTP 1.1's "head-of-line blocking" problem.

Read more: How HTTP/2 will speed up your web browsing
 
I enabled SPDY 4 on google chrome (unless it is enabled by default, in which case I probably disabled it). Are there any vulnerabilities I need to worry about?

I read about the CRIME malware exploit, which peeks at compressed information transferred from sites to the browser and somehow exploits that, but I gather that today's browsers are proof against that particular exploit.
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    Intel i5-4590
    Motherboard
    MSI h97 PC Mate
    Memory
    Kingston Valu Ram 2 x 8 gb
    Graphics Card(s)
    Radeon r7 265
    Monitor(s) Displays
    Viewsonic 22" flat display
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 250 gb 840 evo SSD,
    WD Blue 1 TB HD,
    Fantom 2 TB ext HD
    PSU
    Corsair 600 W
    Case
    Antec 1
    Cooling
    stock CPU cooler, 4 x case fans, GPU fan and P/S fan
    Keyboard
    HP ps/2 keyboard
    Mouse
    Logitech Trackman Marble
    Internet Speed
    50 mb/s
    Browser
    Chrome
    Antivirus
    Norton Security Suite
FF v36.0 was just released, includes full support for HTTP/2.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
Hi there

Web browsing speed isn't per se a problem -- the issues are usually YOUR ISP / Internet connection speed, contention on the remote server (i.e how many users are concurrently trying to access the web site) and the efficiency of the web sites code and your browsers in executing the instructions.

Most of the talk about "Browser Speed" these days is 100% POINTLESS as about 99% of the problems are not within control of the end user to do anything about it.

In any case when most browsing is now for video streaming you are going to be totally dependant on how the remote server streams the video and the speed it does so at.

If it's only streaming at say 2 Mb/s then it doesn't matter if you have the FASTEST OS / CPU / Internet service in the universe --you are still only going to get your video dished up at the remote servers delivery speed.

This type of stuff reminds me of the "Mega Pixel" wars in the early days of digital photography where a PRO DSLR with "Less MP"'s than a cheap consumer digital camera could of course give an infinitely better photo.

Cheers
jimbo
 

My Computer

System One

  • OS
    Linux Centos 7, W8.1, W7, W2K3 Server W10
    Computer type
    PC/Desktop
    Monitor(s) Displays
    1 X LG 40 inch TV
    Hard Drives
    SSD's * 3 (Samsung 840 series) 250 GB
    2 X 3 TB sata
    5 X 1 TB sata
    Internet Speed
    0.12 GB/s (120Mb/s)
HTTP/2 is supposedly compressing data so more can get thru at particular bandwith,that's where "speed" part comes in. On the other hand, computer as to un-compress that on the fly so that transfers onus on receiving end.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
I enabled SPDY 4 on google chrome (unless it is enabled by default, in which case I probably disabled it). Are there any vulnerabilities I need to worry about?

I read about the CRIME malware exploit, which peeks at compressed information transferred from sites to the browser and somehow exploits that, but I gather that today's browsers are proof against that particular exploit.

Quote from linked article.

Originally, HTTP/2 was going to use GZIP for compression. However, an exploit, Compression Ratio Info-leak Made Easy (CRIME), has made streaming compression protocols such as GZIP unsafe. So, HTTP/2 is using a different, less efficient, but safer security method.

Jim :cool:
 

My Computer

System One

  • OS
    Windows 7 HP 64bit, Windows 8.1 Pro w/Media Center 64BIT
    Computer type
    PC/Desktop
    System Manufacturer/Model
    ASUS - Home Built
    CPU
    AMD Phenom II X6 1100T
    Motherboard
    ASUS M5A99X EVO
    Memory
    Crucial Balistic DDR-3 1866 CL 9 (8 GB)
    Graphics Card(s)
    MSI R6850 Cyclone IGD5 PE
    Sound Card
    On Chip
    Monitor(s) Displays
    ASUS VE258Q 25" LED with DVI-HDMI-DisplayPort
    Screen Resolution
    1920 x 1080
    Hard Drives
    Two WD Cavier Black 2TB Sata 6gbs
    WD My Book Essential 2TB USB 3.0
    PSU
    Seasonic X650 80 Plus GOLD Modular
    Case
    Corsair 400R
    Cooling
    Antec Kuhler H2O 620, Two 120mm and four 140mm
    Keyboard
    AVS Gear Blue LED Backlight
    Mouse
    Logitech Marble Mouse USB, Logitech Precision Game Pad
    Internet Speed
    15MB
    Antivirus
    NIS, Malwarebytes Premium 2
    Other Info
    APC UPS ES 750, Netgear WNR3500L Gigabit & Wireless N Router with SamKnows Test Program,
    Motorola SB6120 Gigabit Cable Modem.
    Brother HL-2170W Laser Printer,
    Epson V300 Scanner
Back
Top