The one permanently fixed standard: HTTPS.
But in name only! Due to security considerations, HTTPS can never be fully backwards compatible, as all older secure communications standards are now insecure in the present-day. HTTP, the non-secure variant of HTTPS, is no longer largely used because so many popular online services require a login, and user credentials must be kept secure.
So, what is HTTPS in principle?
-
A point-to-point link is established between two software processes, by means of a dial-in protocol.
-
The dial-in protocol must support host names, which human-friendly strings that are used to identify a particular software process.
-
The dial-in protocol must support authentication of at least one of the two software processes. Support for authenticating both software processes is optional and seldom used, although the use of two-way authentication is growing.
-
The established link must be encrypted.
-
The established link must be an asynchronous serial communications channel. That is, the software processes are free to choose random times to send data, rather than needing special programming to send the data in clocked time periods. As a special extension to asynchronous serial communications, there is no requirement that data receive happens at a specific rate to avoid data loss. The minimum unit of data that can be transferred or received is a single 8-bit byte.
-
From the standpoint of the software, not of the hardware, which is typically a sychronous communications channel with a transmission control protocol (TCP) layered on top. All communications lumped into larger packets, even the 1-byte communications, but that is merely a low-level technical detail of present-day implementations which is subject to change. Again, due to the use of synchronous serial communications for higher bandwidth.
-
Device drivers are used to interact with such complex synchronous communications hardware. Whereas, the same protocols can be layered on top of asynchronous communications hardware with less complexity, but also less performance.
-
Input packets can be effectively buffered for a much longer period of time, and many more, before a connection error is sent back to the sender, compared to traditional asynchronous serial communications. Also, the fact that traditional asynchronous serial communications does not mandate acknowledge packets for sent packets.
Okay, yes, so you get the idea. Like you just said above.
-
About packetization. The reason why it works okay, is because applications that use small packets typically don’t need to transmit and receive those packets extremely fast, and an extremely large number of such packets.
-
Why async? Because that’s what Unix exposes as a stream file descriptor! And sockets are built off of file descriptors, plus the connection protocol.
-
-
HTTPS, as the core standard, brings in a few companion standards as “mere dependencies.” These are not required for the modern-day Internet, they are only facts as to how the Internet is implemented in the present-day.
On top of this base, applications or platforms are programmed. So, the one platform that has become the most popular? The web browser. The web browser started out as an application, but later scripting abilities were added, which then led to the gradual morphing into a platform, by virtue of being able to deliver software updates over the Internet.
Executable programs that provide for local computation are written in JavaScript, Asm.js, or WebAssembly code. Local computation is connected to interactivity via Web APIs. HTML and CSS are vestigial standards developed from the earlier Internet with an emphasis on static web pages. The primary interest in using these APIs in the modern context is because they have accessibility standards deeply entrenched in them, courtesy of the World Wide Web Consortium (W3C). The other side of affairs, the Web Hypertext Applications Working Group (WHAWG), has been very keen about adding new features, but not so much in the way of accessibility.
Hence, HTML and CSS are used as foundational components of modern Web User Interfaces (Web UI) for this particular interest, even though the exact same can be done via an HTML 5 Canvas nowadays.
It remains to be seen if the existing widget toolkits for modern web development will evolve to effectively deprecate HTML and CSS, with static content being viewed through the virtue of special HTML 5 viewers in modern web browsers.
Web APIs are newer software interfaces defined to connect down to the older software interfaces that operating systems expose. The main difference between OS APIs and Web APIs is that Web APIs place an increased emphasis on security, due to the newer and larger Internet community being much more malicious than the older local software developer community. And, the fact that exploits spread much faster via the Interent, the web in particular, than via older, traditional communications means. Two processes that originated from different sites running on the same computer are treated with as much virtual isolation as two computers from opposite sides of the world, because that is the physical isolation of the actual physical hosting sites.
Now, you could have two web browsers communicate directly with each other, but that is not what is commonly done in practice. So what is typically done is to create another program called a server.
-
This is actually a requirement of the HTTPS protocol. Requests can only be made in one direction, to the server. Communication the other way around is more restricted, in that it is generally only allowed as the response to a request. Unsolicited connection requests and communications are typically blocked by a firewall.
-
But, a server is more generous in allowing unsolicited connections. By this very nature, a server is more vulnerable to denial-of-service attacks, where an attacker abuses the generosity of the server in acception connections and communications such that the service is greatly diminished for all users, including the attacker.
-
And the servers often have special privileges that the clients don’t, like access to fast Internet backbone, colocation with many other server computers hosting popular websites, close proximity to skilled tech maintenance staff, and so on.