- From: Ilya Grigorik <igrigorik@google.com>
- Date: Tue, 13 Jan 2015 14:18:27 -0800
- To: Mark Nottingham <mnotting@akamai.com>
- Cc: Yoav Weiss <yoav@yoav.ws>, public-web-perf <public-web-perf@w3.org>
- Message-ID: <CADXXVKoXoC2PA2hJvJv_YF3n9jGyGOHSc=Gakk4rqBTYW-CV7g@mail.gmail.com>
On Wed, Jan 7, 2015 at 8:25 AM, Mark Nottingham <mnotting@akamai.com> wrote: > This doc: > http://w3ctag.github.io/packaging-on-the-web/ > says a number of things that about how a Web packaging format could > improve Web performance; e.g., for cache population, bundling packages to > distribute to servers, etc. > tl;dr: I think its introducing perf anti-patterns and is going against the general direction we want developers to head. Transport optimization should be left at transport layer and we already have much better (available today!) solutions for this. ---- some notes as I'm reading through the latest draft: (a) It's not clear to me how packages are updated after the initial fetch. In 2.1.1. you download the .pack with a CSS file but then request the CSS independently later... But what about the .pack? Wouldn't the browser revalidate it, detect that the package has changed (since CSS has been updated), and be forced to download the entire bundle once over? Now we have duplicate downloads on top of unnecessary fetches. In general, all bundling strategies suffer from one huge flaw: a single byte update in any of its subresources forces a full fetch of the entire file. Instead, we want to encourage *fine-grained* cache control and revalidation policies such that only the bytes that need to be updated are actually fetched.. this reduces data usage and loading speeds. (b) Packages introduce another HoL bottleneck: spec talks about ordering recommendations, but there is still a strict ordering during delivery (e.g. if the package is not a static resource then a single slow resource blocks delivery of all resources behind it). (c) Packages break granular prioritization: if we give packages high priority then all packaged assets within it inherit the same priority.. and even low priority assets within (e.g. images) are now competing against true high-priority assets (e.g. critical CSS). On the other hand, if we give packages low priority then we run the risk of hurting performance by penalizing high priority assets within the package... In short, mixing content-types within a bundle breaks prioritization and hurts performance. (d) "Scope" seems dangerous and underspecified: I can hijack requests to any origin? E.g. an attacker can take over requests for < popularwidget.com/assets> -- yikes? (e) "Package-aware caches should delay requesting resources within the scope of a package that they are downloading, until the package has been processed... If a package contains another package that is recognized by the package-aware cache, that package should be used to populate the cache in the same way"... Wouldn't that create a problem? For efficiency, the UA would have to wait to process the package and all of its potential sub-packages prior to initiating *any* other downloads since a sub-package could claim an arbitrary scope? And if the UA doesn't defer the download, now it runs the risk of downloading duplicate bytes: once for the individual request, another as part the package.. this would be a huge waste. ---- Out of the listed use cases, I think the compelling ones have the general shape of "taking X offline" where you want to know all the resources that you'll need to interact with an app later and/or offline. To address this, we don't need "package streaming", we just need a manifest that contains the list of all the files. I would propose dropping the streaming part entirely and focus on that instead -- the added benefit is that this would address all of the issues highlighted above. The transport bits of optimizing connections is orthogonal and should be left to the transport layer. <hand waving for a user-triggered "package fetch"> - User clicks on a "package" link - UA downloads manifest and pops up a dialog showing list of files + asks if user wants to download them - User accepts, UA fetches files using http/1.1 and http/2 transports as available/applicable - New folder appears on user's device containing all the files </hand waving> With http/2 we already have the necessary bits to implement the programmatic variant (i.e. equiv to rel=package): - server push eliminates need to request each resource individually - client does not need to know what to request, server determines that - all the power and compatibility with granular prioritization, caching logic, no HoL, etc. E.g. normalize.github.io... supported by all latest browsers (IE, FF, Safari, Chrome). Arguably, the only thing missing is a JS API for handling server push'ed resources -- something that's been brought up a few times now and it seems like everyone is in agreement that such thing should exist. Just needs to spec it and ship it.. :) The "stop-gap" argument doesn't resonate with me.. Push is already here in every modern browser and does not suffer from above limitations, whereas new package format requires that we ship new features both on the UA and server side -- it's neither a stop-gap nor an improvement over what we already have. I don't see the point. ----- In summary: "streamable package format" introduces a lot of perf-related complications which are inherently at odds with the direction that the UA's would like developers to take: we want granular caching policies, prioritization, and downloads; we have existing solutions that address the transport optimization concerns in a much better way. ig On Fri, Jan 9, 2015 at 8:09 AM, Mark Nottingham <mnotting@akamai.com> wrote: > > > On 8 Jan 2015, at 5:32 am, Yoav Weiss <yoav@yoav.ws> wrote: > > > > Hi Mark, > > Hey Yoav, > > > Thanks for bringing up that document to our attention. I wasn't aware of > this effort. > > > > I've now reviewed the document and would submit detailed feedback to the > doc's repo. > > > > I guess the main question for such a format would be if it's safe enough > to deploy over plain-text HTTP, since it enables cache population under a > certain path. Is it not something that can be abused, beyond the current > possible abuse of HTTP cache in MITM scenarios? > > If it's safe enough, then I guess packaging can replace the current > cache-hostile practice of resource concatenation, as a stop-gap until > HTTP/2 push saves the day. That cache-hostility is often tackled by using > localStorage as a cache replacement, but I see how native cache population > would be better. > > Very good question - I’d suggest raising an issue on the repo. > > > Do we have some data/predictions regarding the time it would take to get > us to, let's say, 50% server-side HTTP/2 deployment? That'd enable us to > see the value of working on a stop-gap measure now. > > Not yet; I suspect we’ll know a lot more in ~6 months. > > Cheers, > > > > > > Yoav > > > > > > On Wed, Jan 7, 2015 at 5:25 PM, Mark Nottingham <mnotting@akamai.com> > wrote: > > Hi all, > > > > This doc: > > http://w3ctag.github.io/packaging-on-the-web/ > > says a number of things that about how a Web packaging format could > improve Web performance; e.g., for cache population, bundling packages to > distribute to servers, etc. > > > > Have people in this community reviewed it? > > > > Regards, > > > > > > -- > > Mark Nottingham mnot@akamai.com http://www.mnot.net/ > > > > > > -- > Mark Nottingham mnot@akamai.com http://www.mnot.net/ > > On Fri, Jan 9, 2015 at 8:09 AM, Mark Nottingham <mnotting@akamai.com> wrote: > > > On 8 Jan 2015, at 5:32 am, Yoav Weiss <yoav@yoav.ws> wrote: > > > > Hi Mark, > > Hey Yoav, > > > Thanks for bringing up that document to our attention. I wasn't aware of > this effort. > > > > I've now reviewed the document and would submit detailed feedback to the > doc's repo. > > > > I guess the main question for such a format would be if it's safe enough > to deploy over plain-text HTTP, since it enables cache population under a > certain path. Is it not something that can be abused, beyond the current > possible abuse of HTTP cache in MITM scenarios? > > If it's safe enough, then I guess packaging can replace the current > cache-hostile practice of resource concatenation, as a stop-gap until > HTTP/2 push saves the day. That cache-hostility is often tackled by using > localStorage as a cache replacement, but I see how native cache population > would be better. > > Very good question - I’d suggest raising an issue on the repo. > > > Do we have some data/predictions regarding the time it would take to get > us to, let's say, 50% server-side HTTP/2 deployment? That'd enable us to > see the value of working on a stop-gap measure now. > > Not yet; I suspect we’ll know a lot more in ~6 months. > > Cheers, > > > > > > Yoav > > > > > > On Wed, Jan 7, 2015 at 5:25 PM, Mark Nottingham <mnotting@akamai.com> > wrote: > > Hi all, > > > > This doc: > > http://w3ctag.github.io/packaging-on-the-web/ > > says a number of things that about how a Web packaging format could > improve Web performance; e.g., for cache population, bundling packages to > distribute to servers, etc. > > > > Have people in this community reviewed it? > > > > Regards, > > > > > > -- > > Mark Nottingham mnot@akamai.com http://www.mnot.net/ > > > > > > -- > Mark Nottingham mnot@akamai.com http://www.mnot.net/ > > On Fri, Jan 9, 2015 at 8:09 AM, Mark Nottingham <mnotting@akamai.com> wrote: > > > On 8 Jan 2015, at 5:32 am, Yoav Weiss <yoav@yoav.ws> wrote: > > > > Hi Mark, > > Hey Yoav, > > > Thanks for bringing up that document to our attention. I wasn't aware of > this effort. > > > > I've now reviewed the document and would submit detailed feedback to the > doc's repo. > > > > I guess the main question for such a format would be if it's safe enough > to deploy over plain-text HTTP, since it enables cache population under a > certain path. Is it not something that can be abused, beyond the current > possible abuse of HTTP cache in MITM scenarios? > > If it's safe enough, then I guess packaging can replace the current > cache-hostile practice of resource concatenation, as a stop-gap until > HTTP/2 push saves the day. That cache-hostility is often tackled by using > localStorage as a cache replacement, but I see how native cache population > would be better. > > Very good question - I’d suggest raising an issue on the repo. > > > Do we have some data/predictions regarding the time it would take to get > us to, let's say, 50% server-side HTTP/2 deployment? That'd enable us to > see the value of working on a stop-gap measure now. > > Not yet; I suspect we’ll know a lot more in ~6 months. > > Cheers, > > > > > > Yoav > > > > > > On Wed, Jan 7, 2015 at 5:25 PM, Mark Nottingham <mnotting@akamai.com> > wrote: > > Hi all, > > > > This doc: > > http://w3ctag.github.io/packaging-on-the-web/ > > says a number of things that about how a Web packaging format could > improve Web performance; e.g., for cache population, bundling packages to > distribute to servers, etc. > > > > Have people in this community reviewed it? > > > > Regards, > > > > > > -- > > Mark Nottingham mnot@akamai.com http://www.mnot.net/ > > > > > > -- > Mark Nottingham mnot@akamai.com http://www.mnot.net/ > > On Fri, Jan 9, 2015 at 8:09 AM, Mark Nottingham <mnotting@akamai.com> wrote: > > > On 8 Jan 2015, at 5:32 am, Yoav Weiss <yoav@yoav.ws> wrote: > > > > Hi Mark, > > Hey Yoav, > > > Thanks for bringing up that document to our attention. I wasn't aware of > this effort. > > > > I've now reviewed the document and would submit detailed feedback to the > doc's repo. > > > > I guess the main question for such a format would be if it's safe enough > to deploy over plain-text HTTP, since it enables cache population under a > certain path. Is it not something that can be abused, beyond the current > possible abuse of HTTP cache in MITM scenarios? > > If it's safe enough, then I guess packaging can replace the current > cache-hostile practice of resource concatenation, as a stop-gap until > HTTP/2 push saves the day. That cache-hostility is often tackled by using > localStorage as a cache replacement, but I see how native cache population > would be better. > > Very good question - I’d suggest raising an issue on the repo. > > > Do we have some data/predictions regarding the time it would take to get > us to, let's say, 50% server-side HTTP/2 deployment? That'd enable us to > see the value of working on a stop-gap measure now. > > Not yet; I suspect we’ll know a lot more in ~6 months. > > Cheers, > > > > > > Yoav > > > > > > On Wed, Jan 7, 2015 at 5:25 PM, Mark Nottingham <mnotting@akamai.com> > wrote: > > Hi all, > > > > This doc: > > http://w3ctag.github.io/packaging-on-the-web/ > > says a number of things that about how a Web packaging format could > improve Web performance; e.g., for cache population, bundling packages to > distribute to servers, etc. > > > > Have people in this community reviewed it? > > > > Regards, > > > > > > -- > > Mark Nottingham mnot@akamai.com http://www.mnot.net/ > > > > > > -- > Mark Nottingham mnot@akamai.com http://www.mnot.net/ > >
Received on Tuesday, 13 January 2015 22:19:35 UTC