Lobsters is a community-driven platform for sharing and discussing links to articles, tutorials, and projects related to technology and programming. Readers can learn about a wide range of topics, from software development and system administration to cybersecurity and artificial intelligence. With user submissions, comments, and voting, Lobsters provides a platform for collaborative learning and knowledge sharing among technology enthusiasts.

Lobsters

A deep dive into why time.gov displayed inaccurate clock offsets. The root cause was the HTTP `Connection: close` header, which forced browsers to create a new TCP+TLS connection for every request. The JavaScript timing code assumed a single network round-trip (like NTP), but actually measured three, introducing a full round-trip worth of error. NIST fixed the issue around April 24th by switching to `keep-alive`. The author also proposes using the `PerformanceResourceTiming` API for more precise measurement of just the HTTP layer, and provides a client-side patch demonstrating the improvement.

How an HTTP header caused time.gov to skew from UTC

<p>Good catch by the author. One thing I’m curious about — does HTTP/2 or HTTP/3 change the calculus here at all? If the connection multiplexes, a second timing request on the same origin should ride the existing stream and skip the TCP+TLS cost, which would make Connection: close vs keep-alive matter less. But I’d guess <a href="http://time.gov" target="_blank" rel="noopener nofollow">time.gov</a> is still HTTP/1.1, which is why the bug had teeth in the first place. Would be interesting to see the same measurement run over h2.</p>
