WHAT'S GOING ON AT...FACEBOOK AND GOOGLE:
As a part of this regular feature, I summarize some of the best and most interesting blog posts, updates, and more from engineering teams at some of the top companies in the world. These posts are often filled with useful insights and tips you and your team can apply in your own projects, as well as inspiration, but it can be hard to find the time to read them. View this feature as your "sparknotes," of sorts, condensing what these teams are up to into something you can digest in less than a minute!
Today, we're spotlighting Facebook and Google, specifically looking at how Facebook created its own QUIC implementation and the Google Chrome team built the Chrome DevTools WebAuthn tab (for those unfamiliar, the Web Authn API makes it possible for servers to use public-key cryptography as opposed to passwords.).
What's Going On At...Facebook:
Facebook created its own QUIC implementation, mvfst, so the engineering team could quickly test and deploy QUIC on its own systems. How it did so:
- To make the new protocol integrate easily with Facebook's existing software while saving time and ensuring it would work well on the larger internet, Facebook deployed QUIC on a large subset of Facebook network traffic. The team focused particularly on internal network traffic that included proxied public traffic to the social media platform.
- By doing so, it made it possible for the team to create a method that makes its network load balancer QUIC-aware and maintains load balancer’s zero-downtime release guarantees.
Deploying to the internet:
- After this worked successfully, the team deployed QUIC to the internet, with its first target being the Facebook app itself, which comes with an infrastructure that makes it possible for them to roll changes apps in a limited, safer way.
- The team started by experimenting with enabling QUIC for dynamic GraphQL requests in the Facebook app.
- The results show QUIC offered a number of improvements in various metrics; Facebook users experienced a 6% drop in request errors, a 20% tail latency reduction, and a 5% drop in response header size relative to HTTP/2.
- Yet there were some issues whose root causes also ended up being a problem while transitioning traffic to QUIC. Despite the fact the team was enabling QUIC only for dynamic requests, there was an increase in error rates for static content downloaded with TCP.
- The root cause, it turns out...
Deploying for static content:
- Next, the team focused on...
What's Going On At...Google:
The Google Chrome team explained how it created the Chrome DevTool Web Authn tab for the Web Authentication API, which makes it possible for servers to use public-key cryptography as opposed to passwords.
- The Chrome team focused on adding debugging support in Chrome DevTools so that developers using WebAuthn could access physical authenticators.
- Before adding the support, these were hard to access because of the variety of authenticators out there and because, by their nature, inspecting physical authenticators' state is impossible.
- Thus, the WebAuthn DevTools tab was created making it easier to debug WebAuthn by making it possible for developers to emulate these authenticators, customize their capabilities, and inspect their states.
The team added debugger support to WebAuthn in two parts...
Start your FREE 14-day trial of Inside Dev Premium today to read the full post and receive this feature regularly.