0} class="border-s-border align-top">
-
+
{#each row.values as val, k (k)}
diff --git a/src/lib/components/detail/category-story/StoryDiagram.svelte b/src/lib/components/detail/category-story/StoryDiagram.svelte
index d2a9c91..7d13592 100644
--- a/src/lib/components/detail/category-story/StoryDiagram.svelte
+++ b/src/lib/components/detail/category-story/StoryDiagram.svelte
@@ -4,7 +4,7 @@
@@ -27,9 +25,8 @@
The architects of the field
- {pioneers.length} people whose work shows up across the protocols in this lab β
- from Bob Metcalfe's 1973 Ethernet sketch to Eric Rescorla's TLS 1.3 redesign half a
- century later.
+ {pioneers.length} people whose work shows up across the protocols in this lab β from Bob Metcalfe's
+ 1973 Ethernet sketch to Eric Rescorla's TLS 1.3 redesign half a century later.
diff --git a/src/lib/components/detail/registry-index/RfcsIndex.svelte b/src/lib/components/detail/registry-index/RfcsIndex.svelte
index 6a17807..42bae3c 100644
--- a/src/lib/components/detail/registry-index/RfcsIndex.svelte
+++ b/src/lib/components/detail/registry-index/RfcsIndex.svelte
@@ -31,8 +31,8 @@
The documents
- {rfcs.length} RFCs the chapters and protocol pages cite by name. Newest first; click
- any to read the spec inline with notable section pointers.
+ {rfcs.length} RFCs the chapters and protocol pages cite by name. Newest first; click any to read
+ the spec inline with notable section pointers.
diff --git a/src/lib/components/icons/CategoryIcon.svelte b/src/lib/components/icons/CategoryIcon.svelte
index e7651e6..bc78edf 100644
--- a/src/lib/components/icons/CategoryIcon.svelte
+++ b/src/lib/components/icons/CategoryIcon.svelte
@@ -32,7 +32,11 @@
Bluetooth
} from 'lucide-svelte';
- let { icon, size = 24, animate = false }: { icon: string; size?: number; animate?: boolean } = $props();
+ let {
+ icon,
+ size = 24,
+ animate = false
+ }: { icon: string; size?: number; animate?: boolean } = $props();
const iconMap: Record
= {
// Categories
@@ -69,17 +73,10 @@
};
const Component = $derived(iconMap[icon]);
-
- let hovered = $state(false);
{#if Component}
- (hovered = true)}
- onmouseleave={() => (hovered = false)}
- >
+
{:else}
@@ -102,13 +99,28 @@
.icon-animate {
transition: transform 0.3s cubic-bezier(0.175, 0.885, 0.32, 1.275);
}
- .icon-animate.animate {
+ .icon-animate.animate,
+ .icon-animate:hover {
animation: icon-pulse 0.6s cubic-bezier(0.175, 0.885, 0.32, 1.275);
}
@keyframes icon-pulse {
- 0% { transform: scale(1) rotate(0deg); }
- 30% { transform: scale(1.15) rotate(-5deg); }
- 60% { transform: scale(1.1) rotate(3deg); }
- 100% { transform: scale(1) rotate(0deg); }
+ 0% {
+ transform: scale(1) rotate(0deg);
+ }
+ 30% {
+ transform: scale(1.15) rotate(-5deg);
+ }
+ 60% {
+ transform: scale(1.1) rotate(3deg);
+ }
+ 100% {
+ transform: scale(1) rotate(0deg);
+ }
+ }
+ @media (prefers-reduced-motion: reduce) {
+ .icon-animate.animate,
+ .icon-animate:hover {
+ animation: none;
+ }
}
diff --git a/src/lib/components/mobile/CategoryAccordion.svelte b/src/lib/components/mobile/CategoryAccordion.svelte
index 325cfed..d1aba37 100644
--- a/src/lib/components/mobile/CategoryAccordion.svelte
+++ b/src/lib/components/mobile/CategoryAccordion.svelte
@@ -46,7 +46,7 @@
{#if expanded}
{#each protocols as proto (proto.id)}
-
+
{/each}
{/if}
diff --git a/src/lib/components/mobile/MobileDetailSheet.svelte b/src/lib/components/mobile/MobileDetailSheet.svelte
index e955e72..83235dd 100644
--- a/src/lib/components/mobile/MobileDetailSheet.svelte
+++ b/src/lib/components/mobile/MobileDetailSheet.svelte
@@ -71,7 +71,10 @@
{/if}
- {#each getHighlightedName(proto.id, proto.name) as seg}{#if seg.highlight}{seg.text} {:else}{seg.text}{/if}{/each}
+ {#each getHighlightedName(proto.id, proto.name) as seg, i (i)}{#if seg.highlight}{seg.text} {:else}{seg.text}{/if}{/each}
-
+
{#if appState.detailViewMode === 'learn'}
@@ -91,9 +94,9 @@
{/each}
-
+
-
+
@@ -103,9 +106,7 @@
{#each proto.useCases as useCase, i (i)}
-
{useCase}
@@ -117,10 +118,10 @@
{/if}
-
+
{:else if appState.detailViewMode === 'simulate'}
{#key proto.id}
-
+
{/key}
{:else if appState.detailViewMode === 'compare'}
{#if appState.compareTargetId}
@@ -128,13 +129,13 @@
{@const pair = getPair(proto.id, appState.compareTargetId)}
{#if targetProto}
{#if pair?.type === 'relationship'}
-
+
{:else}
-
+
{/if}
{/if}
{:else}
-
+
{/if}
{/if}
diff --git a/src/lib/components/mobile/MobileView.svelte b/src/lib/components/mobile/MobileView.svelte
index 49b02d7..15a3120 100644
--- a/src/lib/components/mobile/MobileView.svelte
+++ b/src/lib/components/mobile/MobileView.svelte
@@ -13,8 +13,24 @@
-
-
+
+
diff --git a/src/lib/data/book/chapters.ts b/src/lib/data/book/chapters.ts
index 3ca465d..25da61a 100644
--- a/src/lib/data/book/chapters.ts
+++ b/src/lib/data/book/chapters.ts
@@ -47,8 +47,7 @@ const FOUNDATION_SYNOPSIS: Record = {
'Two communication patterns β {{client-server|client/server}} and {{peer-to-peer|peer-to-peer}} β and what each makes easy or hard.',
'encryption-basics':
"What HTTPS actually protects β and what it doesn't. [[tls|TLS]] at the boundary.",
- 'ai-protocols':
- '[[mcp|MCP]] and [[a2a|A2A]] β the new layer of protocols designed for AI agents.'
+ 'ai-protocols': '[[mcp|MCP]] and [[a2a|A2A]] β the new layer of protocols designed for AI agents.'
};
const partI: BookPart = {
@@ -65,16 +64,6 @@ const partI: BookPart = {
}))
};
-/**
- * Parts IIβXII β outline only for now. Empty `slots` arrays mark
- * each chapter as "coming soon"; the TOC renderer treats them
- * differently from clickable chapters. Filling them in is the next
- * sustained content workstream.
- */
-function stubChapters(items: { id: string; title: string; synopsis: string }[]): Chapter[] {
- return items.map((c) => ({ id: c.id, title: c.title, synopsis: c.synopsis, slots: [] }));
-}
-
export const bookParts: BookPart[] = [
partI,
storyOfTheInternet,
diff --git a/src/lib/data/book/parts/async-iot.ts b/src/lib/data/book/parts/async-iot.ts
index 6195557..022b853 100644
--- a/src/lib/data/book/parts/async-iot.ts
+++ b/src/lib/data/book/parts/async-iot.ts
@@ -19,7 +19,8 @@ export const asyncIot: BookPart = {
{
id: 'mqtt',
title: 'MQTT',
- synopsis: 'Sensors, satellites, and [[mqtt|2-byte publish overhead]] β designed in 1999 to instrument oil pipelines.',
+ synopsis:
+ 'Sensors, satellites, and [[mqtt|2-byte publish overhead]] β designed in 1999 to instrument oil pipelines.',
slots: [
{
kind: 'pull-quote',
@@ -84,11 +85,12 @@ The architecture is **{{mqtt-publish|publish}}-{{mqtt-subscribe|subscribe}}** th
{
id: 'amqp',
title: 'AMQP',
- synopsis: '[[amqp|Banking-grade messaging]] β JPMorgan Chase, John O\'Hara, and "two billion dollars in collateral calls before he could blink."',
+ synopsis:
+ '[[amqp|Banking-grade messaging]] β JPMorgan Chase, John O\'Hara, and "two billion dollars in collateral calls before he could blink."',
slots: [
{
kind: 'pull-quote',
- text: 'If you read [[amqp|AMQP]] 1.0, it\'s called Advanced Message Queue Protocol, but there are no queues in it.',
+ text: "If you read [[amqp|AMQP]] 1.0, it's called Advanced Message Queue Protocol, but there are no queues in it.",
attribution: 'Alexis Richardson, March 2025'
},
{
@@ -147,7 +149,8 @@ The trade-off versus [[mqtt|MQTT]] remains operational complexity. An [[amqp|AMQ
{
id: 'kafka',
title: 'Kafka',
- synopsis: '[[kafka|A distributed commit log]] as architecture unit β {{linkedin|LinkedIn}}, 2010, named after Franz [[kafka|Kafka]] because "it\'s a system optimized for writing."',
+ synopsis:
+ '[[kafka|A distributed commit log]] as architecture unit β {{linkedin|LinkedIn}}, 2010, named after Franz [[kafka|Kafka]] because "it\'s a system optimized for writing."',
slots: [
{
kind: 'pull-quote',
@@ -212,11 +215,12 @@ The wire-level details that {{matter|matter}} operationally: [[kafka|Kafka]]'s r
{
id: 'coap',
title: 'CoAP',
- synopsis: '[[coap|REST shrunk for microcontrollers]] β and one of the most-deployed-at-scale uses turned out to be Chinese smartphones.',
+ synopsis:
+ '[[coap|REST shrunk for microcontrollers]] β and one of the most-deployed-at-scale uses turned out to be Chinese smartphones.',
slots: [
{
kind: 'pull-quote',
- text: 'NETSCOUT\'s January 2019 scan found 388,344 publicly-reachable [[coap|CoAP]] endpoints, 81% in China, but most were not IoT devices β they were Chinese smartphones running the QLC Chain {{peer-to-peer|peer-to-peer}} crypto stack.',
+ text: "NETSCOUT's January 2019 scan found 388,344 publicly-reachable [[coap|CoAP]] endpoints, 81% in China, but most were not IoT devices β they were Chinese smartphones running the QLC Chain {{peer-to-peer|peer-to-peer}} crypto stack.",
attribution: 'Author'
},
{
diff --git a/src/lib/data/book/parts/famous-outages.ts b/src/lib/data/book/parts/famous-outages.ts
index fdfef07..4d30855 100644
--- a/src/lib/data/book/parts/famous-outages.ts
+++ b/src/lib/data/book/parts/famous-outages.ts
@@ -48,7 +48,7 @@ The fix was to install patched {{imp|IMP}} software that rejected sequence numbe
},
{
type: 'callout',
- title: 'Postel\'s Law had limits',
+ title: "Postel's Law had limits",
text: '**Be conservative in what you send, be liberal in what you accept.** A beautiful guideline β until "liberal" means accepting a malformed message and propagating it network-wide. The 1980 collapse forced the field to admit Postel\'s Law has an important exception: be **strict** in what you accept from anything that isn\'t under your operational control. The modern interpretation: be liberal with **format**, strict with **semantics**.'
}
]
@@ -66,7 +66,7 @@ The fix was to install patched {{imp|IMP}} software that rejected sequence numbe
**Public post-mortems became the norm.** [[rfc:789|RFC 789]] established that engineering organisations {{mqtt-publish|publish}} detailed root-cause analyses of their incidents. The {{google|Google}} SRE book, the {{cloudflare|Cloudflare}} incident reports, the Facebook 2021 write-up β all descendants of this practice.
-**Sequence-number arithmetic is paranoid by default.** Modern protocols reject any {{sequence-number|sequence number}} that is impossibly far in the past or future, instead of trusting wall-clock-style ordering. [[tcp|TCP]]\'s [[rfc:9293|PAWS]] (Protection Against Wrapped Sequences, [[rfc:7323|RFC 7323]]) is one example.`
+**Sequence-number arithmetic is paranoid by default.** Modern protocols reject any {{sequence-number|sequence number}} that is impossibly far in the past or future, instead of trusting wall-clock-style ordering. [[tcp|TCP]]'s [[rfc:9293|PAWS]] (Protection Against Wrapped Sequences, [[rfc:7323|RFC 7323]]) is one example.`
},
{
type: 'image',
@@ -89,7 +89,7 @@ The fix was to install patched {{imp|IMP}} software that rejected sequence numbe
slots: [
{
kind: 'pull-quote',
- text: 'Most-specific wins, by definition. {{autonomous-system|AS}} 7007 didn\'t hijack anything on purpose β it simply announced everything as a /24, and the entire internet routed through a single underpowered Florida router.',
+ text: "Most-specific wins, by definition. {{autonomous-system|AS}} 7007 didn't hijack anything on purpose β it simply announced everything as a /24, and the entire internet routed through a single underpowered Florida router.",
attribution: 'Author'
},
{
@@ -125,7 +125,7 @@ What made the recovery so painful was that there was no way to tell [[bgp|BGP]]
title: 'Why It Took Twenty-Five Years to Fix',
text: `{{rpki|RPKI}} was specified in 2008. It took until 2026 to cross **50% of advertised [[ip|IP]] space covered**. The reason is the structure of [[bgp|BGP]] deployment.
-For {{rpki|RPKI}} to fix the {{autonomous-system|AS}} 7007 problem, two parties have to participate: the prefix-holder must {{mqtt-publish|publish}} a Route Origin Authorisation ({{roa|ROA}}), and the receiving router must enforce {{rov|Route Origin Validation}} ({{rov|ROV}}). For the first decade after specification, only a handful of large networks ran {{rov|ROV}}. Smaller operators pointed out β correctly β that running {{rov|ROV}} with low {{roa|ROA}} coverage means dropping legitimate routes from peers who haven\'t signed yet. So nobody enforced. Without enforcement, signing your prefixes had no upside. Classic chicken-and-egg.
+For {{rpki|RPKI}} to fix the {{autonomous-system|AS}} 7007 problem, two parties have to participate: the prefix-holder must {{mqtt-publish|publish}} a Route Origin Authorisation ({{roa|ROA}}), and the receiving router must enforce {{rov|Route Origin Validation}} ({{rov|ROV}}). For the first decade after specification, only a handful of large networks ran {{rov|ROV}}. Smaller operators pointed out β correctly β that running {{rov|ROV}} with low {{roa|ROA}} coverage means dropping legitimate routes from peers who haven't signed yet. So nobody enforced. Without enforcement, signing your prefixes had no upside. Classic chicken-and-egg.
What broke the deadlock was a series of high-profile incidents (2018 Amazon Route 53 / MyEtherWallet hijack, 2018 Iranian Telegram hijack, 2019 SafeHost / China Telecom leak) that made unsigned networks look negligent. By 2022, the major hyperscalers and tier-1s were enforcing. By 2026, [[frontier:rpki-rov-50-percent|over 50%]] of advertised [[ip|IP]] space was covered. {{aspa|ASPA}} β the {{autonomous-system|AS}}-path validation extension β is the next chapter.`
},
@@ -171,7 +171,7 @@ Mitnick used this to land a forged connection from a host listed in Shimomura's
{
type: 'callout',
title: 'rsh / rlogin trust was the multiplier',
- text: '[[tcp|TCP]] sequence prediction by itself is not catastrophic β it just lets you forge a connection. The reason this attack worked is that Berkeley Unix\'s \`.rhosts\` mechanism trusted **the source {{ip-address|IP address}}** of an incoming connection as authentication. Forge the source [[ip|IP]], get the trust. [[ssh|SSH]] (which Tatu YlΓΆnen wrote in 1995, partly in response to incidents like this one) replaced \`.rhosts\` with cryptographic identity β even a perfectly forged [[tcp|TCP]] connection cannot impersonate someone without their {{private-key|private key}}.'
+ text: "[[tcp|TCP]] sequence prediction by itself is not catastrophic β it just lets you forge a connection. The reason this attack worked is that Berkeley Unix's `.rhosts` mechanism trusted **the source {{ip-address|IP address}}** of an incoming connection as authentication. Forge the source [[ip|IP]], get the trust. [[ssh|SSH]] (which Tatu YlΓΆnen wrote in 1995, partly in response to incidents like this one) replaced `.rhosts` with cryptographic identity β even a perfectly forged [[tcp|TCP]] connection cannot impersonate someone without their {{private-key|private key}}."
},
{
type: 'narrative',
@@ -224,7 +224,7 @@ The technical legacy outlived the celebrity. **[[rfc:1948|RFC 1948]]** (Steve Be
{
type: 'narrative',
title: 'A Domestic Block, A Global Outage',
- text: `On 24 February 2008, the Pakistan Telecommunications Authority ordered domestic ISPs to block YouTube β the immediate cause was a video the government considered blasphemous. Pakistan Telecom ({{autonomous-system|AS}} 17557) implemented the block using the standard "Remotely Triggered Blackhole" (RTBH) technique: inject a more-specific [[bgp|BGP]] route for YouTube\'s prefix into their internal network, pointing it at a null interface. Any traffic destined for YouTube would be silently dropped at the Pakistan Telecom edge.
+ text: `On 24 February 2008, the Pakistan Telecommunications Authority ordered domestic ISPs to block YouTube β the immediate cause was a video the government considered blasphemous. Pakistan Telecom ({{autonomous-system|AS}} 17557) implemented the block using the standard "Remotely Triggered Blackhole" (RTBH) technique: inject a more-specific [[bgp|BGP]] route for YouTube's prefix into their internal network, pointing it at a null interface. Any traffic destined for YouTube would be silently dropped at the Pakistan Telecom edge.
This is fine β **as long as you don't propagate the route outside your network**.`
},
@@ -233,7 +233,7 @@ This is fine β **as long as you don't propagate the route outside your network
title: 'The Leak',
text: `Pakistan Telecom's upstream provider was PCCW Global ({{autonomous-system|AS}} 3491), a major Hong Kong-based {{transit|transit}}. PCCW Global was not filtering incoming [[bgp|BGP]] from Pakistan Telecom β they accepted the bogus, more-specific YouTube route and propagated it onward to every PCCW {{peer|peer}}. From there it went global.
-Within three minutes of the original injection, the entire internet believed the best path to YouTube\'s prefix was through Pakistan Telecom. Every YouTube request anywhere on the planet was being null-routed by a router in Karachi. YouTube\'s authoritative [[dns|DNS]] continued to resolve correctly; the actual [[tcp|TCP]] connections just disappeared into a black hole.
+Within three minutes of the original injection, the entire internet believed the best path to YouTube's prefix was through Pakistan Telecom. Every YouTube request anywhere on the planet was being null-routed by a router in Karachi. YouTube's authoritative [[dns|DNS]] continued to resolve correctly; the actual [[tcp|TCP]] connections just disappeared into a black hole.
YouTube was offline globally for two hours. PCCW Global eventually identified the bogus route and applied filtering, after which [[bgp|BGP]] convergence took another 30 minutes to restore reachability.`
},
@@ -252,9 +252,9 @@ YouTube was offline globally for two hours. PCCW Global eventually identified th
{
type: 'narrative',
title: 'Why "Most Specific Wins" Is Both Genius and Curse',
- text: `[[bgp|BGP]]\'s "most specific prefix wins" rule has a beautiful property: it lets traffic engineering work without coordination. If your origin announces a /16 and your {{cdn|CDN}} announces a /20 inside that block, every router automatically prefers the {{cdn|CDN}} β no negotiation needed.
+ text: `[[bgp|BGP]]'s "most specific prefix wins" rule has a beautiful property: it lets traffic engineering work without coordination. If your origin announces a /16 and your {{cdn|CDN}} announces a /20 inside that block, every router automatically prefers the {{cdn|CDN}} β no negotiation needed.
-The same rule is what made Pakistan/YouTube possible. A /24 inside YouTube\'s /22 wins, regardless of who is announcing it. The combination of "most specific wins" + "no origin validation" + "global propagation" turned every upstream provider into a single point of failure for every downstream customer\'s prefix integrity.
+The same rule is what made Pakistan/YouTube possible. A /24 inside YouTube's /22 wins, regardless of who is announcing it. The combination of "most specific wins" + "no origin validation" + "global propagation" turned every upstream provider into a single point of failure for every downstream customer's prefix integrity.
This is the structural reason [[bgp|BGP]] needs cryptography to fix it, not just better operational hygiene. Hygiene catches typos; cryptography catches deliberate hijacks. {{rpki|RPKI}} provides the cryptography. {{aspa|ASPA}} (the {{autonomous-system|AS}}-path validation extension, in {{ietf|IETF}} draft) closes the route-leak hole that origin validation alone cannot fix β where {{autonomous-system|AS}} X **does** legitimately originate the prefix, but its upstream then leaks the route through an unintended path.`
},
@@ -263,7 +263,7 @@ This is the structural reason [[bgp|BGP]] needs cryptography to fix it, not just
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/Arpanet_logical_map%2C_march_1977.png/500px-Arpanet_logical_map%2C_march_1977.png',
alt: 'ARPANET logical map, March 1977 β sites in the US plus a node at London.',
caption:
- 'The {{arpanet|ARPANET}} in March 1977 β a network small enough that one Pakistan-Telecom-class misconfiguration would have been caught manually within minutes. By 2008 the global [[bgp|BGP]] {{routing-table|routing table}} had grown to ~250,000 prefixes, and Pakistan Telecom\'s null-route on a single /24 of YouTube space silently became the world\'s outage in **three minutes flat**. Scale changes what counts as a recoverable error.',
+ "The {{arpanet|ARPANET}} in March 1977 β a network small enough that one Pakistan-Telecom-class misconfiguration would have been caught manually within minutes. By 2008 the global [[bgp|BGP]] {{routing-table|routing table}} had grown to ~250,000 prefixes, and Pakistan Telecom's null-route on a single /24 of YouTube space silently became the world's outage in **three minutes flat**. Scale changes what counts as a recoverable error.",
credit: 'Image: DARPA / public domain, via Wikimedia Commons'
}
]
@@ -275,7 +275,8 @@ This is the structural reason [[bgp|BGP]] needs cryptography to fix it, not just
{
id: 'china-telecom-2010',
title: 'China Telecom 2010',
- synopsis: '15% of the internet routed through a single {{autonomous-system|AS}} for 18 minutes.',
+ synopsis:
+ '15% of the internet routed through a single {{autonomous-system|AS}} for 18 minutes.',
slots: [
{
kind: 'prose',
@@ -285,7 +286,7 @@ This is the structural reason [[bgp|BGP]] needs cryptography to fix it, not just
title: 'Brief, Massive, Unexplained',
text: `On 8 April 2010 at 15:54 {{utc-time|UTC}}, China Telecom ({{autonomous-system|AS}} 23724) announced [[bgp|BGP]] routes for approximately **37,000 prefixes** β about **15% of the global {{routing-table|routing table}}** β claiming to be the best path. For 18 minutes, traffic destined for U.S. military networks (.mil), several .gov domains, and major commercial sites (Dell, Yahoo, {{ibm|IBM}}, {{microsoft|Microsoft}}) was traversing China Telecom's network on its way to the legitimate destination.
-The leak was caught by automated monitoring (BGPmon, {{ripe-ncc|RIPE}} RIS, RouteViews) within minutes. China Telecom\'s upstreams installed filters around 16:12 {{utc-time|UTC}}, and [[bgp|BGP]] convergence restored normal routing by 16:18.`
+The leak was caught by automated monitoring (BGPmon, {{ripe-ncc|RIPE}} RIS, RouteViews) within minutes. China Telecom's upstreams installed filters around 16:12 {{utc-time|UTC}}, and [[bgp|BGP]] convergence restored normal routing by 16:18.`
},
{
type: 'narrative',
@@ -356,9 +357,9 @@ The disclosure was coordinated across Red Hat, Canonical, SUSE, Debian, {{aws|AW
{
type: 'narrative',
title: 'How a 23-Year-Old Option Survived Undetected',
- text: `The {{sack|SACK}} option itself ([[rfc:2018|RFC 2018]], October 1996) had been working correctly for **23 years**. The bug was not in {{sack|SACK}}\'s logic; it was in a specific edge-case interaction with the **frags_per_skb** limit, increased in 2009 to support larger send buffers.
+ text: `The {{sack|SACK}} option itself ([[rfc:2018|RFC 2018]], October 1996) had been working correctly for **23 years**. The bug was not in {{sack|SACK}}'s logic; it was in a specific edge-case interaction with the **frags_per_skb** limit, increased in 2009 to support larger send buffers.
-When {{sack|SACK}} indicated a large number of non-contiguous holes in the receive window, the kernel\'s logic for splitting the retransmit buffer into smaller skbs (socket buffers) miscalculated a 16-bit length field. The miscalculation overflowed, the kernel asserted, and the BUG_ON() panicked the system.
+When {{sack|SACK}} indicated a large number of non-contiguous holes in the receive window, the kernel's logic for splitting the retransmit buffer into smaller skbs (socket buffers) miscalculated a 16-bit length field. The miscalculation overflowed, the kernel asserted, and the BUG_ON() panicked the system.
The bug had been present in production code since 2009. It survived because:
1. The trigger required a specific combination of [[tcp|TCP]] options that no real client sent in normal traffic.
@@ -366,7 +367,7 @@ The bug had been present in production code since 2009. It survived because:
3. Most performance benchmarks did not exercise the path.
4. {{sack|SACK}} was considered "battle-tested" β engineers focused new attention on newer code paths instead.
-Looney found it by writing a fuzzer that combined {{sack|SACK}} with [[tcp|TCP]]\'s other options in unusual sequences. The same fuzzer found three additional related bugs ({{cve|CVE}}-2019-11478, 11479, 11479) that were patched in the same coordinated disclosure.`
+Looney found it by writing a fuzzer that combined {{sack|SACK}} with [[tcp|TCP]]'s other options in unusual sequences. The same fuzzer found three additional related bugs ({{cve|CVE}}-2019-11478, 11479, 11479) that were patched in the same coordinated disclosure.`
},
{
type: 'callout',
@@ -385,9 +386,9 @@ Looney found it by writing a fuzzer that combined {{sack|SACK}} with [[tcp|TCP]]
title: 'What Changed After SACK Panic',
text: `Three operational changes are now standard in production {{linux|Linux}} fleets.
-**Continuous fuzzing of network code paths.** syzkaller runs against every {{linux|Linux}} kernel commit, generating millions of random syscall + packet sequences per day. Most CVEs in the kernel\'s [[tcp|TCP]]/[[ip|IP]] stack since 2019 have been found this way, not by humans.
+**Continuous fuzzing of network code paths.** syzkaller runs against every {{linux|Linux}} kernel commit, generating millions of random syscall + packet sequences per day. Most CVEs in the kernel's [[tcp|TCP]]/[[ip|IP]] stack since 2019 have been found this way, not by humans.
-**Faster {{cve|CVE}} response in distributed {{linux|Linux}} environments.** Pre-2019, large fleets often took weeks to roll out a kernel patch β full reboot rotations, slow validation cycles. {{sack|SACK}} Panic forced the industry to invest in **live patching** (Red Hat\'s kpatch, Canonical\'s Livepatch, SUSE\'s kGraft) that can apply security fixes to a running kernel without reboot. By 2026, hyperscalers routinely live-patch kernel CVEs across millions of {{hosts-bare|hosts}} within hours.
+**Faster {{cve|CVE}} response in distributed {{linux|Linux}} environments.** Pre-2019, large fleets often took weeks to roll out a kernel patch β full reboot rotations, slow validation cycles. {{sack|SACK}} Panic forced the industry to invest in **live patching** (Red Hat's kpatch, Canonical's Livepatch, SUSE's kGraft) that can apply security fixes to a running kernel without reboot. By 2026, hyperscalers routinely live-patch kernel CVEs across millions of {{hosts-bare|hosts}} within hours.
**Per-feature kill switches.** The {{sack|SACK}} Panic patch is gated behind a sysctl (\`net.ipv4.tcp_sack\`) so operators can disable {{sack|SACK}} entirely if a future bug surfaces β without waiting for a kernel {{bgp-update|update}}. Modern kernel networking is full of such switches: an emergency lever for every major optional feature.`
},
@@ -396,8 +397,9 @@ Looney found it by writing a fuzzer that combined {{sack|SACK}} with [[tcp|TCP]]
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/3/35/Tux.svg/250px-Tux.svg.png',
alt: 'Tux β the Linux mascot, a chubby cartoon penguin.',
caption:
- '**Tux**, the {{linux|Linux}} mascot, drawn by Larry Ewing in 1996. Behind that cheerful penguin sits a [[tcp|TCP]] stack on every internet-facing {{linux|Linux}} server on Earth β and from 2009 to 2019 every one of them was a single crafted [[tcp|TCP]] packet away from \`kernel panic\`. The fix shipped 17 June 2019; the lesson β **code stability is not code correctness** β has reshaped {{linux|Linux}} kernel networking testing since.',
- credit: 'Image: Larry Ewing / lewing@isc.tamu.edu, public domain, via Wikimedia Commons'
+ '**Tux**, the {{linux|Linux}} mascot, drawn by Larry Ewing in 1996. Behind that cheerful penguin sits a [[tcp|TCP]] stack on every internet-facing {{linux|Linux}} server on Earth β and from 2009 to 2019 every one of them was a single crafted [[tcp|TCP]] packet away from `kernel panic`. The fix shipped 17 June 2019; the lesson β **code stability is not code correctness** β has reshaped {{linux|Linux}} kernel networking testing since.',
+ credit:
+ 'Image: Larry Ewing / lewing@isc.tamu.edu, public domain, via Wikimedia Commons'
}
]
}
@@ -423,16 +425,16 @@ Looney found it by writing a fuzzer that combined {{sack|SACK}} with [[tcp|TCP]]
title: 'A Rule That Killed Its Own Delivery Mechanism',
text: `On 30 August 2020, CenturyLink ({{autonomous-system|AS}} 209 β one of the largest tier-1 backbones in the U.S., now branded Lumen) propagated a [[bgp|BGP]] **Flowspec** rule across its global network.
-Flowspec ([[rfc:5575|RFC 5575]], {{rfc-doc|RFC}} 8955) lets operators install {{firewall|firewall}}-like rules through [[bgp|BGP]] β useful for distributing DDoS mitigation rules across thousands of routers in seconds. The rule in question was supposed to filter traffic for one customer\'s DDoS protection.
+Flowspec ([[rfc:5575|RFC 5575]], {{rfc-doc|RFC}} 8955) lets operators install {{firewall|firewall}}-like rules through [[bgp|BGP]] β useful for distributing DDoS mitigation rules across thousands of routers in seconds. The rule in question was supposed to filter traffic for one customer's DDoS protection.
-The catastrophic mistake: the rule\'s match criteria included [[bgp|BGP]] control traffic itself. Routers received the rule, applied it, and immediately began dropping the [[bgp|BGP]] {{bgp-keepalive|keepalive}} packets carrying the next rule. [[bgp|BGP]] sessions timed out across the network. As sessions dropped, [[bgp|BGP]] withdrew every prefix learned through them. The network entered a cascading-failure mode.`
+The catastrophic mistake: the rule's match criteria included [[bgp|BGP]] control traffic itself. Routers received the rule, applied it, and immediately began dropping the [[bgp|BGP]] {{bgp-keepalive|keepalive}} packets carrying the next rule. [[bgp|BGP]] sessions timed out across the network. As sessions dropped, [[bgp|BGP]] withdrew every prefix learned through them. The network entered a cascading-failure mode.`
},
{
type: 'narrative',
title: 'Five Hours of Manual Recovery',
text: `Once the bad rule had propagated, there was no automated way to retract it β the very mechanism for retracting Flowspec rules ([[bgp|BGP]]) was the mechanism the rule had broken. Every router needed to be touched manually, either via out-of-band management or by physically connecting a console.
-Recovery took **five hours**. During that window, approximately **3.5% of all global internet traffic dropped** β a massive number for a single backbone. {{cloudflare|Cloudflare}}, Amazon, {{microsoft|Microsoft}}, and most of the U.S. tier-1 customers reported downtime. {{cloudflare|Cloudflare}}\'s detailed write-up the next day became required reading in [[bgp|BGP]] operations.`
+Recovery took **five hours**. During that window, approximately **3.5% of all global internet traffic dropped** β a massive number for a single backbone. {{cloudflare|Cloudflare}}, Amazon, {{microsoft|Microsoft}}, and most of the U.S. tier-1 customers reported downtime. {{cloudflare|Cloudflare}}'s detailed write-up the next day became required reading in [[bgp|BGP]] operations.`
},
{
type: 'callout',
@@ -450,16 +452,16 @@ Recovery took **five hours**. During that window, approximately **3.5% of all gl
title: 'The Architectural Concern That Remains',
text: `CenturyLink rolled out automated controls preventing self-blocking rules. The broader industry adopted similar guards. But the underlying architectural concern β **the same protocol distributes both data and the rules governing data** β has no clean fix.
-[[bgp|BGP]] is the universal control plane for internet routing. Flowspec rides on [[bgp|BGP]] because that\'s what every router already speaks. The alternative β a separate out-of-band protocol for distributing filter rules β would require new infrastructure on every router on the internet. The economic friction is too high; nobody is going to deploy it.
+[[bgp|BGP]] is the universal control plane for internet routing. Flowspec rides on [[bgp|BGP]] because that's what every router already speaks. The alternative β a separate out-of-band protocol for distributing filter rules β would require new infrastructure on every router on the internet. The economic friction is too high; nobody is going to deploy it.
-So we live with the architectural fragility and add operational guards. Every modern router\'s Flowspec implementation now refuses to install rules that would drop [[bgp|BGP]]\'s own ports (179) or the matching {{peer|peer}} addresses. Each new generation of routers adds more such guards. The lesson is incremental rather than fundamental: when you build a control plane on top of itself, every change to the control plane needs to be reviewed for self-consistency β manually, before it ships.`
+So we live with the architectural fragility and add operational guards. Every modern router's Flowspec implementation now refuses to install rules that would drop [[bgp|BGP]]'s own ports (179) or the matching {{peer|peer}} addresses. Each new generation of routers adds more such guards. The lesson is incremental rather than fundamental: when you build a control plane on top of itself, every change to the control plane needs to be reviewed for self-consistency β manually, before it ships.`
},
{
type: 'image',
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/8/83/ARPANET_first_router.jpg/500px-ARPANET_first_router.jpg',
alt: 'A BBN Interface Message Processor β the original ARPANET router, ancestor of every BGP-speaking device on the modern internet.',
caption:
- 'A {{bbn|BBN}} {{imp|Interface Message Processor}} β the original {{arpanet|ARPANET}} router. Every modern [[bgp|BGP]]-speaking router carries the same architectural DNA: a control plane that builds the {{routing-table|forwarding table}} from messages it receives over the *same wires* it eventually forwards user data over. CenturyLink\'s 2020 Flowspec self-block is the canonical example of how that elegant unification can blow up when a single rule disables its own delivery mechanism.',
+ "A {{bbn|BBN}} {{imp|Interface Message Processor}} β the original {{arpanet|ARPANET}} router. Every modern [[bgp|BGP]]-speaking router carries the same architectural DNA: a control plane that builds the {{routing-table|forwarding table}} from messages it receives over the *same wires* it eventually forwards user data over. CenturyLink's 2020 Flowspec self-block is the canonical example of how that elegant unification can blow up when a single rule disables its own delivery mechanism.",
credit: 'Photo: Steve Jurvetson, CC BY 2.0, via Wikimedia Commons'
}
]
@@ -484,23 +486,23 @@ So we live with the architectural fragility and add operational guards. Every mo
{
type: 'narrative',
title: 'A Routine Maintenance Command, Then Six Hours',
- text: `On 4 October 2021 at 15:39 {{utc-time|UTC}}, a Facebook engineer ran a routine maintenance command on the backbone connecting Facebook's data centres. The command was supposed to assess capacity by temporarily withdrawing a single backbone link\'s [[bgp|BGP]] advertisements, then restoring them.
+ text: `On 4 October 2021 at 15:39 {{utc-time|UTC}}, a Facebook engineer ran a routine maintenance command on the backbone connecting Facebook's data centres. The command was supposed to assess capacity by temporarily withdrawing a single backbone link's [[bgp|BGP]] advertisements, then restoring them.
-The command had a bug. It withdrew **all** of Facebook\'s [[bgp|BGP]] route advertisements globally β not just for the one link it was supposed to assess. Within minutes, every facebook.com, instagram.com, and whatsapp.com lookup returned NXDOMAIN. **3.5 billion users disconnected.**
+The command had a bug. It withdrew **all** of Facebook's [[bgp|BGP]] route advertisements globally β not just for the one link it was supposed to assess. Within minutes, every facebook.com, instagram.com, and whatsapp.com lookup returned NXDOMAIN. **3.5 billion users disconnected.**
That was the easy part of the cascade.`
},
{
type: 'narrative',
title: 'The DNS Black Hole',
- text: `Facebook\'s authoritative [[dns|DNS]] servers were inside the data centres that just lost their [[bgp|BGP]] advertisements. Resolvers around the world tried to query them β and got nothing back, because the [[ip|IP]] addresses no longer routed anywhere.
+ text: `Facebook's authoritative [[dns|DNS]] servers were inside the data centres that just lost their [[bgp|BGP]] advertisements. Resolvers around the world tried to query them β and got nothing back, because the [[ip|IP]] addresses no longer routed anywhere.
-After a brief period of cached responses, every cached record expired (typical TTLs are minutes, not hours). [[dns|DNS]] resolution for Facebook\'s domains failed worldwide. **Without [[dns|DNS]]**, Facebook\'s internal systems β Workplace, Calendar, internal monitoring, [[oauth2|OAuth]], the company directory β all failed. Engineers could not reach their own infrastructure remotely. They could not even verify that the outage was [[bgp|BGP]]-related, because their monitoring tools couldn\'t resolve internal hostnames.`
+After a brief period of cached responses, every cached record expired (typical TTLs are minutes, not hours). [[dns|DNS]] resolution for Facebook's domains failed worldwide. **Without [[dns|DNS]]**, Facebook's internal systems β Workplace, Calendar, internal monitoring, [[oauth2|OAuth]], the company directory β all failed. Engineers could not reach their own infrastructure remotely. They could not even verify that the outage was [[bgp|BGP]]-related, because their monitoring tools couldn't resolve internal hostnames.`
},
{
type: 'narrative',
title: 'The Badge Readers',
- text: `The next layer of cascade was the part that made the outage famous in the broader world. Facebook\'s **physical security infrastructure** β door badge readers at the data centres β depended on the same authentication system that had just disappeared.
+ text: `The next layer of cascade was the part that made the outage famous in the broader world. Facebook's **physical security infrastructure** β door badge readers at the data centres β depended on the same authentication system that had just disappeared.
Engineers headed to the data centres physically. They could not enter the buildings. The badge system was offline. They had to be physically escorted in by on-site security staff who could manually override the locks. Then, once inside, they had to find the specific machines that needed manual intervention β and the data-centre wayfinding tools were also offline.
@@ -522,7 +524,7 @@ The first [[bgp|BGP]] fix went in around 21:00 {{utc-time|UTC}}. Recovery took u
title: 'What Changed After Facebook 2021',
text: `Three structural changes rolled through the industry in the eighteen months after the outage.
-**Out-of-band recovery for authoritative [[dns|DNS]].** Facebook (and others) moved to a model where authoritative [[dns|DNS]] for their critical domains is reachable through multiple independent network paths β including paths that do not depend on the company\'s own backbone. {{cloudflare|Cloudflare}} and {{aws|AWS}} Route 53 both saw enterprise growth as customers moved [[dns|DNS]] to "if our network is down, our [[dns|DNS]] is still up."
+**Out-of-band recovery for authoritative [[dns|DNS]].** Facebook (and others) moved to a model where authoritative [[dns|DNS]] for their critical domains is reachable through multiple independent network paths β including paths that do not depend on the company's own backbone. {{cloudflare|Cloudflare}} and {{aws|AWS}} Route 53 both saw enterprise growth as customers moved [[dns|DNS]] to "if our network is down, our [[dns|DNS]] is still up."
**Physical access systems on independent networks.** Badge readers, door locks, environmental controls, fire suppression β anything that needs to work during a network outage β now runs on dedicated, isolated networks at most hyperscalers. The lesson: physical security cannot depend on the network whose data centre it secures.
@@ -545,7 +547,8 @@ The first [[bgp|BGP]] fix went in around 21:00 {{utc-time|UTC}}. Recovery took u
{
id: 'rogers-2022',
title: 'Rogers 2022 β A Country Disconnected',
- synopsis: 'Fifteen hours, half of Canada offline β one [[bgp|BGP]]/{{ospf-hello|OSPF}} redistribution mistake.',
+ synopsis:
+ 'Fifteen hours, half of Canada offline β one [[bgp|BGP]]/{{ospf-hello|OSPF}} redistribution mistake.',
slots: [
{
kind: 'pull-quote',
@@ -558,29 +561,29 @@ The first [[bgp|BGP]] fix went in around 21:00 {{utc-time|UTC}}. Recovery took u
{
type: 'narrative',
title: 'When the ISP Is the Country',
- text: `On 8 July 2022 at 04:45 EDT, Rogers Communications β the largest {{isp|ISP}} and mobile carrier in Canada, serving over **11 million subscribers** β went down nationally. For 15 hours, Rogers customers had no internet, no mobile signal, no landline (Rogers also runs Canada\'s largest {{voip|VoIP}}-based home phone service through its Hi-Speed Internet bundles), no Interac debit transactions (Interac\'s national network runs over Rogers connectivity), and **no 911 service** in many regions.
+ text: `On 8 July 2022 at 04:45 EDT, Rogers Communications β the largest {{isp|ISP}} and mobile carrier in Canada, serving over **11 million subscribers** β went down nationally. For 15 hours, Rogers customers had no internet, no mobile signal, no landline (Rogers also runs Canada's largest {{voip|VoIP}}-based home phone service through its Hi-Speed Internet bundles), no Interac debit transactions (Interac's national network runs over Rogers connectivity), and **no 911 service** in many regions.
-The trigger was a misconfiguration during a planned maintenance {{bgp-update|update}} to the Rogers [[ip|IP]]/MPLS core. A bad route policy caused control-plane {{cpu|CPU}} exhaustion across Rogers\' core routers β they spent so much {{cpu|CPU}} recomputing routes in response to the bad policy that they had no cycles left to actually forward traffic.`
+The trigger was a misconfiguration during a planned maintenance {{bgp-update|update}} to the Rogers [[ip|IP]]/MPLS core. A bad route policy caused control-plane {{cpu|CPU}} exhaustion across Rogers' core routers β they spent so much {{cpu|CPU}} recomputing routes in response to the bad policy that they had no cycles left to actually forward traffic.`
},
{
type: 'narrative',
title: 'A Country-Wide Cascade',
- text: `The downstream effects revealed how deeply a single carrier\'s connectivity had been woven into Canadian infrastructure.
+ text: `The downstream effects revealed how deeply a single carrier's connectivity had been woven into Canadian infrastructure.
-**Banking and payments**: Interac\'s e-Transfer service stopped working nationwide. Most debit-card transactions failed. Some ATMs went offline. Several major retailers had to close because they could not accept payment.
+**Banking and payments**: Interac's e-Transfer service stopped working nationwide. Most debit-card transactions failed. Some ATMs went offline. Several major retailers had to close because they could not accept payment.
**Healthcare**: Several hospital systems lost connectivity to Rogers-hosted services. Telehealth platforms that depended on Rogers {{voip|VoIP}} failed.
-**Government services**: Service Canada\'s online portals were unreachable from Rogers networks. The Canada Border Services Agency reported delays at land crossings.
+**Government services**: Service Canada's online portals were unreachable from Rogers networks. The Canada Border Services Agency reported delays at land crossings.
-**Emergency services**: 911 calls failed in many areas. Some provinces issued public advisories telling residents to use neighbours\' phones, alternate networks, or visit fire stations directly.
+**Emergency services**: 911 calls failed in many areas. Some provinces issued public advisories telling residents to use neighbours' phones, alternate networks, or visit fire stations directly.
Recovery required Rogers engineers to log in to individual core routers (over out-of-band management, which thankfully was separate) and manually roll back the change. By 21:00 EDT, partial service was restored. Full service took until 14 July β six days of intermittent issues for some customers.`
},
{
type: 'callout',
title: 'The deeper structural lesson',
- text: 'When a single private company\'s outage takes down national emergency services, the company is no longer just a private business β it is **critical national infrastructure**. The {{crtc|CRTC}}\'s post-incident investigation forced Rogers to enter mandatory **reciprocal-roaming agreements** with Bell and Telus, so that future single-carrier outages would not strand emergency calls. Other countries (Australia, the UK, Germany) used the Rogers incident as a reference point for similar regulatory action.'
+ text: "When a single private company's outage takes down national emergency services, the company is no longer just a private business β it is **critical national infrastructure**. The {{crtc|CRTC}}'s post-incident investigation forced Rogers to enter mandatory **reciprocal-roaming agreements** with Bell and Telus, so that future single-carrier outages would not strand emergency calls. Other countries (Australia, the UK, Germany) used the Rogers incident as a reference point for similar regulatory action."
}
]
},
@@ -593,8 +596,8 @@ Recovery required Rogers engineers to log in to individual core routers (over ou
title: 'The Regulatory Aftermath',
text: `The {{crtc|CRTC}} (Canadian Radio-television and Telecommunications Commission) issued a formal decision on 22 March 2023 requiring all major Canadian carriers to:
-1. Implement **reciprocal roaming for emergency calls** within six months β so that a phone unable to reach its own carrier can still complete 911 calls through any competing carrier\'s tower.
-2. Submit **detailed network architecture and dependency reports** annually, including every system that depends on the carrier\'s network for life-safety functions.
+1. Implement **reciprocal roaming for emergency calls** within six months β so that a phone unable to reach its own carrier can still complete 911 calls through any competing carrier's tower.
+2. Submit **detailed network architecture and dependency reports** annually, including every system that depends on the carrier's network for life-safety functions.
3. Maintain **out-of-band management** independent of the production network for all core routing infrastructure.
4. Conduct **annual outage simulations** with the federal government, including coordinated emergency-services {{failover|failover}}.
@@ -641,7 +644,7 @@ Approximately **125 million devices** became unreachable for **up to twelve hour
Several states issued public advisories during the outage telling AT&T customers to:
- Use [[wifi|Wi-Fi]] calling (which routes through the home internet rather than the cellular network)
-- Switch to a different carrier\'s {{sim-usim|SIM}} if available
+- Switch to a different carrier's {{sim-usim|SIM}} if available
- Use landlines if accessible
- Walk or drive to the nearest fire station, police station, or hospital
@@ -650,7 +653,7 @@ The {{fcc|FCC}} opened a formal investigation under the 2018 911 Reliability Rul
{
type: 'callout',
title: 'Same shape as Rogers 2022',
- text: 'The shape of the AT&T failure mirrors [[outage:rogers-2022|Rogers 2022]] uncomfortably: a planned change, deployed simultaneously across the production fleet, with insufficient progressive-rollout controls. The lesson the industry should have internalised after Rogers β **never push a config change to the entire fleet at once** β had not propagated. AT&T\'s post-incident report committed to canary deployment for all core network changes within the year.'
+ text: "The shape of the AT&T failure mirrors [[outage:rogers-2022|Rogers 2022]] uncomfortably: a planned change, deployed simultaneously across the production fleet, with insufficient progressive-rollout controls. The lesson the industry should have internalised after Rogers β **never push a config change to the entire fleet at once** β had not propagated. AT&T's post-incident report committed to canary deployment for all core network changes within the year."
}
]
},
@@ -663,7 +666,7 @@ The {{fcc|FCC}} opened a formal investigation under the 2018 911 Reliability Rul
title: 'The Canary-Deployment Maturity Gap',
text: `The web/cloud industry adopted canary deployments more than a decade ago β every meaningful change rolls out to 0.1%, then 1%, then 10%, then 100% of traffic, with automatic rollback on failure indicators. The telecom industry has lagged.
-Reasons for the lag are structural. Wireless networks have **strong global consistency requirements** that don\'t align cleanly with canary deployment β you can\'t have one cell tower running a different version of the radio access network protocol than the towers next to it without breaking handoff. Some configuration changes are necessarily global. Some changes are necessarily simultaneous (e.g., security updates that close a known vulnerability).
+Reasons for the lag are structural. Wireless networks have **strong global consistency requirements** that don't align cleanly with canary deployment β you can't have one cell tower running a different version of the radio access network protocol than the towers next to it without breaking handoff. Some configuration changes are necessarily global. Some changes are necessarily simultaneous (e.g., security updates that close a known vulnerability).
Post-AT&T-2024, the industry consensus is that **most changes can be canaried** β even in wireless cores β and the small number that genuinely cannot should receive correspondingly more pre-deployment review. The architectural debate, ongoing, is whether the same caution should apply to security patches that need to ship fast: a mass-deployment outage and an unpatched-{{cve|CVE}} outage are both bad in different ways, and the correct trade-off is not obvious.`
},
diff --git a/src/lib/data/book/parts/frontier.ts b/src/lib/data/book/parts/frontier.ts
index 437ab15..48388ef 100644
--- a/src/lib/data/book/parts/frontier.ts
+++ b/src/lib/data/book/parts/frontier.ts
@@ -19,7 +19,8 @@ export const frontier: BookPart = {
{
id: 'post-quantum',
title: 'Post-Quantum TLS',
- synopsis: '{{pq-ciphersuite|X25519MLKEM768}} default in iOS 26 and Chrome β the first deployed post-quantum [[tls|TLS]] {{handshake|handshake}} on the public web.',
+ synopsis:
+ '{{pq-ciphersuite|X25519MLKEM768}} default in iOS 26 and Chrome β the first deployed post-quantum [[tls|TLS]] {{handshake|handshake}} on the public web.',
slots: [
{
kind: 'pull-quote',
@@ -48,7 +49,7 @@ Browser deployment moved fast. **Chrome 124 (April 2024)** made X25519Kyber768 d
{
type: 'callout',
title: 'Apple iOS 26 cliff: <2% to 25% in 90 days',
- text: '**{{apple|Apple}} iOS 26 / iPadOS 26 / macOS Tahoe 26 / visionOS 26 (September 2025)** turned {{pq-ciphersuite|X25519MLKEM768}} on by default for all [[tls|TLS]] 1.3 in Network.framework. Within **four days** the iOS post-quantum traffic share went from <2% to 11%. By December 2025 it was >25%. {{apple|Apple}}\'s scale plus the default-on shipping pattern is the fastest deployment of a new [[tls|TLS]] feature in the protocol\'s history.'
+ text: "**{{apple|Apple}} iOS 26 / iPadOS 26 / macOS Tahoe 26 / visionOS 26 (September 2025)** turned {{pq-ciphersuite|X25519MLKEM768}} on by default for all [[tls|TLS]] 1.3 in Network.framework. Within **four days** the iOS post-quantum traffic share went from <2% to 11%. By December 2025 it was >25%. {{apple|Apple}}'s scale plus the default-on shipping pattern is the fastest deployment of a new [[tls|TLS]] feature in the protocol's history."
},
{
type: 'narrative',
@@ -88,7 +89,8 @@ The **47-day-cert cliff**: {{certificate-authority|CA}}/Browser Forum **Ballot S
{
id: 'l4s-everywhere',
title: 'L4S Everywhere',
- synopsis: '{{l4s|L4S}}: sub-millisecond queuing {{latency|latency}} for cooperating flows β Comcast launched in production January 2025.',
+ synopsis:
+ '{{l4s|L4S}}: sub-millisecond queuing {{latency|latency}} for cooperating flows β Comcast launched in production January 2025.',
slots: [
{
kind: 'pull-quote',
@@ -137,7 +139,7 @@ The unresolved political fight is **{{l4s|L4S}}-vs-classic fairness**: Scalable
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/0/09/Cable_Modem.JPG/500px-Cable_Modem.JPG',
alt: 'A DOCSIS cable modem β the kind of last-mile device that ships L4S-capable AQM in 2024-2025.',
caption:
- 'A consumer **cable modem** β the bit of hardware Comcast turned into the world\'s first production **{{l4s|L4S}}** deployment in **January 2025** across six US metros (Atlanta, Chicago, Colorado Springs, Philadelphia, Rockville MD, San Francisco). {{docsis|DOCSIS}} 4.0 modems ship {{l4s|L4S}}-capable Dual-Queue {{aqm|AQM}}; {{apple|Apple}} iOS 17 / macOS Sonoma added {{l4s|L4S}} support in 2023. Sub-millisecond queuing delay at full link utilisation, finally, after 15 years of {{bufferbloat|bufferbloat}}.',
+ "A consumer **cable modem** β the bit of hardware Comcast turned into the world's first production **{{l4s|L4S}}** deployment in **January 2025** across six US metros (Atlanta, Chicago, Colorado Springs, Philadelphia, Rockville MD, San Francisco). {{docsis|DOCSIS}} 4.0 modems ship {{l4s|L4S}}-capable Dual-Queue {{aqm|AQM}}; {{apple|Apple}} iOS 17 / macOS Sonoma added {{l4s|L4S}} support in 2023. Sub-millisecond queuing delay at full link utilisation, finally, after 15 years of {{bufferbloat|bufferbloat}}.",
credit: 'Photo: Wikimedia Commons / CC BY-SA'
}
]
@@ -152,7 +154,8 @@ The unresolved political fight is **{{l4s|L4S}}-vs-classic fairness**: Scalable
{
id: 'ipv6-mostly',
title: 'IPv6-Mostly',
- synopsis: 'On 28 March 2026, {{google|Google}}\'s [[ipv6|IPv6]] dashboard recorded 50.1% for the first time β and [[ip|IPv4]] crossed under.',
+ synopsis:
+ "On 28 March 2026, {{google|Google}}'s [[ipv6|IPv6]] dashboard recorded 50.1% for the first time β and [[ip|IPv4]] crossed under.",
slots: [
{
kind: 'pull-quote',
@@ -204,7 +207,7 @@ The "everyone gets this wrong" detail: [[ipv6|IPv6]]'s mandatory-to-implement [[
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/d/d2/Internet_map_1024.jpg/500px-Internet_map_1024.jpg',
alt: 'A 2005 visualisation of the global internet topology with each line a BGP peering relationship.',
caption:
- 'A snapshot of the global internet, each line a [[bgp|BGP]] {{peering|peering}} relationship. The 28-year migration of this graph to [[ipv6|IPv6]] addressing finally crossed **50.1%** of {{google|Google}}\'s measured user base on **28 March 2026**. The driver was not advocacy; it was *economics* β {{aws|AWS}}\'s **$0.005/{{ip-address|IP}}/hour charge from 1 February 2024** did more for v6 deployment in a year than two decades of standards work.',
+ "A snapshot of the global internet, each line a [[bgp|BGP]] {{peering|peering}} relationship. The 28-year migration of this graph to [[ipv6|IPv6]] addressing finally crossed **50.1%** of {{google|Google}}'s measured user base on **28 March 2026**. The driver was not advocacy; it was *economics* β {{aws|AWS}}'s **$0.005/{{ip-address|IP}}/hour charge from 1 February 2024** did more for v6 deployment in a year than two decades of standards work.",
credit: 'Image: The Opte Project / Wikimedia Commons, CC BY 2.5'
}
]
@@ -218,7 +221,8 @@ The "everyone gets this wrong" detail: [[ipv6|IPv6]]'s mandatory-to-implement [[
{
id: 'rpki-aspa',
title: 'RPKI + ASPA',
- synopsis: '{{rpki|Cryptographic BGP}}, finally arriving β 50% of [[ip|IPv4]] covered May 2024.',
+ synopsis:
+ '{{rpki|Cryptographic BGP}}, finally arriving β 50% of [[ip|IPv4]] covered May 2024.',
slots: [
{
kind: 'pull-quote',
@@ -259,7 +263,7 @@ The "everyone gets this wrong" detail: [[ipv6|IPv6]]'s mandatory-to-implement [[
},
{
type: 'narrative',
- title: 'When RPKI Backfires, And When It Doesn\'t',
+ title: "When RPKI Backfires, And When It Doesn't",
text: `**Orange EspaΓ±a, 3 January 2024**: a threat actor "Snow" used infostealer-harvested credentials to log in to Orange Spain's {{ripe-ncc|RIPE NCC}} account and edited ROAs to make legitimate prefixes {{rpki|RPKI}}-invalid β the first major outage caused by **{{rpki|RPKI}} being too strict against an attacker-modified {{roa|ROA}} set**. Lesson: enforce 2FA on RIR portals. The vulnerability is not in {{rpki|RPKI}}; it is in the human-facing authentication surface around {{rpki|RPKI}}.
**{{cloudflare|Cloudflare}} 1.1.1.1 hijack (27 June 2024)**: Brazilian {{isp|ISP}} Eletronet (AS267613) announced **1.1.1.1/32**. {{cloudflare|Cloudflare}} had a valid /24 {{roa|ROA}}, but ROAs cover up to maxLength /24, so a /32 announcement is not {{rpki|RPKI}}-invalid. Tier-1 {{peer|PEER}} 1 (AS1031) accepted and propagated. **300 networks in 70 countries lost 1.1.1.1.** The lesson: maxLength matters; sloppy {{roa|ROA}} configuration creates loopholes {{aspa|ASPA}} cannot close.
@@ -287,7 +291,8 @@ The regulatory layer is moving too. **The {{fcc|FCC}} issued a Notice of Propose
{
id: 'ultra-ethernet',
title: 'Ultra Ethernet',
- synopsis: 'Replacing RoCEv2 in {{ai|AI}} training fabrics β [[ethernet|Ultra Ethernet]] Specification 1.0 published 11 June 2025.',
+ synopsis:
+ 'Replacing RoCEv2 in {{ai|AI}} training fabrics β [[ethernet|Ultra Ethernet]] Specification 1.0 published 11 June 2025.',
slots: [
{
kind: 'pull-quote',
@@ -351,7 +356,8 @@ The commercial scale: **[[ethernet|Ethernet]] switching market exceeded $30B in
{
id: 'wifi-7-and-8',
title: 'Wi-Fi 7 and 8',
- synopsis: '[[wifi|Wi-Fi]] 7\'s 320 MHz, then [[wifi|Wi-Fi]] 8\'s 25% better {{tail-latency|tail latency}} target β and the politics of 6 GHz.',
+ synopsis:
+ "[[wifi|Wi-Fi]] 7's 320 MHz, then [[wifi|Wi-Fi]] 8's 25% better {{tail-latency|tail latency}} target β and the politics of 6 GHz.",
slots: [
{
kind: 'pull-quote',
diff --git a/src/lib/data/book/parts/how-to-learn-more.ts b/src/lib/data/book/parts/how-to-learn-more.ts
index d00cb1e..48564f0 100644
--- a/src/lib/data/book/parts/how-to-learn-more.ts
+++ b/src/lib/data/book/parts/how-to-learn-more.ts
@@ -18,7 +18,8 @@ export const howToLearnMore: BookPart = {
{
id: 'rfcs-to-read',
title: 'RFCs Worth Reading',
- synopsis: 'A guided tour with section pointers β the documents that pay back the time investment.',
+ synopsis:
+ 'A guided tour with section pointers β the documents that pay back the time investment.',
slots: [
{
kind: 'prose',
@@ -102,7 +103,8 @@ For specialised areas: **Olivier Bonaventure, "Computer Networking: Principles,
{
id: 'courses',
title: 'Courses',
- synopsis: 'Stanford {{cs144-course|CS144}} (build a [[tcp|TCP]] stack), {{mit|MIT}} 6.829, Berkeley CS168.',
+ synopsis:
+ 'Stanford {{cs144-course|CS144}} (build a [[tcp|TCP]] stack), {{mit|MIT}} 6.829, Berkeley CS168.',
slots: [
{
kind: 'prose',
@@ -137,7 +139,8 @@ For a self-paced path: read **{{rfc-doc|RFC}} 1180** (28 pages), then take **{{c
{
id: 'blogs',
title: 'Blogs',
- synopsis: '{{cloudflare|Cloudflare}}, {{meta|Meta}} Engineering, {{apnic|APNIC}} Labs, ipSpace.net.',
+ synopsis:
+ '{{cloudflare|Cloudflare}}, {{meta|Meta}} Engineering, {{apnic|APNIC}} Labs, ipSpace.net.',
slots: [
{
kind: 'prose',
diff --git a/src/lib/data/book/parts/layer-2-3.ts b/src/lib/data/book/parts/layer-2-3.ts
index e41f33c..2f3e302 100644
--- a/src/lib/data/book/parts/layer-2-3.ts
+++ b/src/lib/data/book/parts/layer-2-3.ts
@@ -20,7 +20,8 @@ export const layer23: BookPart = {
{
id: 'ethernet',
title: 'Ethernet',
- synopsis: 'From {{xerox-parc|PARC}} coaxial cable to [[ethernet|800 GbE]] in {{ai|AI}} training fabrics.',
+ synopsis:
+ 'From {{xerox-parc|PARC}} coaxial cable to [[ethernet|800 GbE]] in {{ai|AI}} training fabrics.',
slots: [
{
kind: 'pull-quote',
@@ -87,7 +88,8 @@ The **[[frontier:ultra-ethernet-1-0|Ultra Ethernet Consortium]] Specification 1.
{
id: 'wifi',
title: 'Wi-Fi',
- synopsis: '{{csma-ca|CSMA/CA}} on the airwaves; from {{fcc|FCC}} Docket 81-413 to [[wifi|Wi-Fi]] 8.',
+ synopsis:
+ '{{csma-ca|CSMA/CA}} on the airwaves; from {{fcc|FCC}} Docket 81-413 to [[wifi|Wi-Fi]] 8.',
slots: [
{
kind: 'pull-quote',
@@ -153,7 +155,8 @@ The breach that changed everything: **TJX (disclosed 17 January 2007)** β atta
{
id: 'arp-and-ndp',
title: 'ARP and NDP',
- synopsis: 'How a {{packet|packet}} finds the next physical hop β [[arp|STD 37]] has not been obsoleted in 44 years.',
+ synopsis:
+ 'How a {{packet|packet}} finds the next physical hop β [[arp|STD 37]] has not been obsoleted in 44 years.',
slots: [
{
kind: 'prose',
@@ -203,7 +206,7 @@ Two {{ndp|NDP}} CVEs deserve naming.
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/9/90/Ethernet_Switch_%28Front_View%29.jpg/500px-Ethernet_Switch_%28Front_View%29.jpg',
alt: 'A rack-mounted Ethernet switch with rows of RJ-45 ports.',
caption:
- 'An [[ethernet|Ethernet]] switch β the physical thing that builds and maintains a {{mac-address|MAC}}-address-to-port table for every device plugged in. Every entry in that table is a successful [[arp|ARP]] request: *who has 192.0.2.5? I do, at ab:cd:ef:01:02:03.* The switch caches; the host caches; the entire seam between the [[ip|IP]] layer\'s 32-bit addresses and the [[ethernet|Ethernet]] layer\'s 48-bit ones lives in those two caches.',
+ "An [[ethernet|Ethernet]] switch β the physical thing that builds and maintains a {{mac-address|MAC}}-address-to-port table for every device plugged in. Every entry in that table is a successful [[arp|ARP]] request: *who has 192.0.2.5? I do, at ab:cd:ef:01:02:03.* The switch caches; the host caches; the entire seam between the [[ip|IP]] layer's 32-bit addresses and the [[ethernet|Ethernet]] layer's 48-bit ones lives in those two caches.",
credit: 'Photo: Wikimedia Commons / CC BY-SA'
}
]
@@ -317,7 +320,7 @@ It then took **twenty-eight years** to reach 50% adoption. The reason is not tec
{
type: 'narrative',
title: 'The 50.1% Crossing β And Why It Inflected',
- text: `**On 28 March 2026, {{google|Google}}\'s [[ipv6|IPv6]] dashboard recorded 50.1% for the first time** β [[ipv6|IPv6]] briefly surpassed [[ip|IPv4]] in {{google|Google}}'s measured user base. {{apnic|APNIC}} Labs and {{cloudflare|Cloudflare}} Radar still place global [[ipv6|IPv6]] capability in the **40-43%** range; the 50% number is a {{google|Google}}-specific snapshot. But it is a milestone the community has been waiting for since 1995.
+ text: `**On 28 March 2026, {{google|Google}}'s [[ipv6|IPv6]] dashboard recorded 50.1% for the first time** β [[ipv6|IPv6]] briefly surpassed [[ip|IPv4]] in {{google|Google}}'s measured user base. {{apnic|APNIC}} Labs and {{cloudflare|Cloudflare}} Radar still place global [[ipv6|IPv6]] capability in the **40-43%** range; the 50% number is a {{google|Google}}-specific snapshot. But it is a milestone the community has been waiting for since 1995.
Adoption inflected when **mobile carriers** went [[ipv6|IPv6]]-mostly for cellular subscribers. **T-Mobile US** moved its mobile core to [[ipv6|IPv6]]-only with {{four-six-four-xlat|464XLAT}} (Cameron Byrne, NANOG 61, 2014) β the production case study that defined the pattern. **Reliance Jio (India)** launched [[ipv6|IPv6]]-first in 2016 β >237M [[ipv6|IPv6]] users by 2017 β single biggest reason India's [[ipv6|IPv6]] share now runs 67-80%. **{{meta|Meta}}** runs >99% of internal datacenter traffic over [[ipv6|IPv6]]; entire new clusters are [[ipv6|IPv6]]-only. {{meta|Meta}} says **internal [[ipv6|IPv6]] is 10-15% faster than [[ip|IPv4]]** (and on one carrier mobile measurement, 40% faster).
@@ -343,7 +346,7 @@ The 2024 {{ietf|IETF}} backlog tells the story of where [[ipv6|IPv6]] work is ha
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/7/70/Ipv6_address_leading_zeros.svg/500px-Ipv6_address_leading_zeros.svg.png',
alt: 'IPv6 address structure showing the eight 16-bit groups and the double-colon zero-compression rule.',
caption:
- 'An [[ipv6|IPv6]] address β **128 bits**, written as eight colon-separated 16-bit groups, with one run of zeros collapsed to `::`. The field grew from [[ip|IPv4]]\'s 32 bits to enough that every grain of sand on Earth could have its own {{subnet|subnet}}. On 28 March 2026 {{google|Google}}\'s [[ipv6|IPv6]] dashboard crossed **50.1%** for the first time β 28 years after [[rfc:2460|RFC 2460]] was published.',
+ "An [[ipv6|IPv6]] address β **128 bits**, written as eight colon-separated 16-bit groups, with one run of zeros collapsed to `::`. The field grew from [[ip|IPv4]]'s 32 bits to enough that every grain of sand on Earth could have its own {{subnet|subnet}}. On 28 March 2026 {{google|Google}}'s [[ipv6|IPv6]] dashboard crossed **50.1%** for the first time β 28 years after [[rfc:2460|RFC 2460]] was published.",
credit: 'Image: Wikimedia Commons / CC BY-SA 4.0'
}
]
@@ -371,7 +374,7 @@ The 2024 {{ietf|IETF}} backlog tells the story of where [[ipv6|IPv6]] work is ha
sections: [
{
type: 'narrative',
- title: 'Mike Muuss\'s One-Night Tool',
+ title: "Mike Muuss's One-Night Tool",
text: `[[icmp|ICMP]] ([[rfc:792|RFC 792]], September 1981) is the protocol that lets the network tell you something is wrong without opening a connection. When a router drops your packet because the **{{ttl|TTL}}** hit zero, it sends an [[icmp|ICMP]] **{{time-exceeded|Time Exceeded}}** back to you β the mechanism that **{{traceroute|traceroute}}** exploits to map every hop along a path. When a destination is unreachable, you get **Destination Unreachable**. When a router has too small an {{mtu|MTU}} for your packet and the **Don't Fragment** bit is set, it sends **{{fragmentation|Fragmentation}} Needed**, which is what **{{path-mtu-discovery|Path MTU Discovery}}** depends on.
The most famous [[icmp|ICMP]] message is **{{echo-request|Echo Request}} / {{echo-reply|Echo Reply}}** β what **{{ping|ping}}** sends. **Mike Muuss** wrote {{ping|ping}} at BRL Aberdeen **in December 1983 in a single night** after hearing Dave Mills describe Fuzzball {{latency|latency}}-timing experiments. He had to write the kernel raw-[[icmp|ICMP]] socket support too because it didn't exist. *"Had everything working well before sunrise."*
@@ -428,7 +431,7 @@ The most famous [[icmp|ICMP]] message is **{{echo-request|Echo Request}} / {{ech
slots: [
{
kind: 'pull-quote',
- text: '[[bgp|BGP]] doesn\'t have a real authentication story for 30+ years. The 16-byte all-ones Marker field at the start of every [[bgp|BGP]] message was originally a placeholder for an authentication digest β now vestigial.',
+ text: "[[bgp|BGP]] doesn't have a real authentication story for 30+ years. The 16-byte all-ones Marker field at the start of every [[bgp|BGP]] message was originally a placeholder for an authentication digest β now vestigial.",
attribution: 'Author'
},
{
@@ -483,9 +486,9 @@ That sketch became [[rfc:4271|BGP-1]] ([[rfc:1105|RFC 1105]], June 1989), then [
{
type: 'image',
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/Arpanet_logical_map%2C_march_1977.png/500px-Arpanet_logical_map%2C_march_1977.png',
- alt: 'ARPANET logical map, March 1977 β predecessor topology to today\'s BGP-routed internet.',
+ alt: "ARPANET logical map, March 1977 β predecessor topology to today's BGP-routed internet.",
caption:
- 'The {{arpanet|ARPANET}} logical map, March 1977 β every node fits on a single sheet of paper. Today\'s [[bgp|BGP]] global {{routing-table|routing table}} has crossed **a million prefixes**, advertised by ~46,800 {{autonomous-system|ASes}}. [[pioneer:yakov-rekhter|Yakov Rekhter]] and Kirk Lougheed sketched the *Two-Napkin Protocol* in 1989 β three handwritten sheets that became the protocol every {{transit|transit}} provider on Earth still speaks.',
+ "The {{arpanet|ARPANET}} logical map, March 1977 β every node fits on a single sheet of paper. Today's [[bgp|BGP]] global {{routing-table|routing table}} has crossed **a million prefixes**, advertised by ~46,800 {{autonomous-system|ASes}}. [[pioneer:yakov-rekhter|Yakov Rekhter]] and Kirk Lougheed sketched the *Two-Napkin Protocol* in 1989 β three handwritten sheets that became the protocol every {{transit|transit}} provider on Earth still speaks.",
credit: 'Image: DARPA / public domain, via Wikimedia Commons'
}
]
@@ -504,7 +507,8 @@ That sketch became [[rfc:4271|BGP-1]] ([[rfc:1105|RFC 1105]], June 1989), then [
{
id: 'dns',
title: 'DNS',
- synopsis: "[[dns|The naming layer]] every other protocol depends on β designed by [[pioneer:paul-mockapetris|Paul Mockapetris]] in 1983.",
+ synopsis:
+ '[[dns|The naming layer]] every other protocol depends on β designed by [[pioneer:paul-mockapetris|Paul Mockapetris]] in 1983.',
slots: [
{
kind: 'pull-quote',
@@ -526,12 +530,12 @@ The first six TLDs were **\`.edu, .gov, .com, .mil, .org, .net\`**, with **\`.in
{
type: 'callout',
title: '.onion is a special-use carve-out',
- text: '**{{iana|IANA}} reserved \`.onion\` as a Special-Use Domain Name ([[rfc:7686|RFC 7686]], 2015) β MUST NOT be looked up in public [[dns|DNS]].** A rare carve-out outside {{icann|ICANN}}\'s namespace, granted because the Tor protocol uses .onion as an internal addressing scheme rather than a public naming hierarchy. The reservation prevents accidental [[dns|DNS]] leakage of Tor traffic.'
+ text: "**{{iana|IANA}} reserved `.onion` as a Special-Use Domain Name ([[rfc:7686|RFC 7686]], 2015) β MUST NOT be looked up in public [[dns|DNS]].** A rare carve-out outside {{icann|ICANN}}'s namespace, granted because the Tor protocol uses .onion as an internal addressing scheme rather than a public naming hierarchy. The reservation prevents accidental [[dns|DNS]] leakage of Tor traffic."
},
{
type: 'narrative',
title: 'The Kaminsky Moment, And Modern DNSSEC',
- text: `**Dan Kaminsky\'s {{cve|CVE}}-2008-1447 (July 2008)** turned every {{recursive-resolver|recursive resolver}} in the world into a cache-poisoning target by abusing in-bailiwick referrals + the small (16-bit) [[dns|DNS]] transaction {{id-identifier|ID}}. The disclosure was coordinated across all major [[dns|DNS]] vendors; patches added **source-port randomisation** as the immediate mitigation. The deeper fix is **{{dnssec|DNSSEC}}**, which has been deploying glacially.
+ text: `**Dan Kaminsky's {{cve|CVE}}-2008-1447 (July 2008)** turned every {{recursive-resolver|recursive resolver}} in the world into a cache-poisoning target by abusing in-bailiwick referrals + the small (16-bit) [[dns|DNS]] transaction {{id-identifier|ID}}. The disclosure was coordinated across all major [[dns|DNS]] vendors; patches added **source-port randomisation** as the immediate mitigation. The deeper fix is **{{dnssec|DNSSEC}}**, which has been deploying glacially.
**KeyTrap ({{cve|CVE}}-2023-50387, February 2024)**: ATHENE researchers (Heftrig, Schulmann, Vogel, Waidner) disclosed inherent {{dnssec|DNSSEC}} validation complexity attacks β CVSS 7.5. BIND, Unbound, PowerDNS, Knot all patched, but the underlying {{dnssec|DNSSEC}} RFCs themselves are the issue. {{dnssec|DNSSEC}} is conceptually right and operationally fragile.
diff --git a/src/lib/data/book/parts/patterns-failures.ts b/src/lib/data/book/parts/patterns-failures.ts
index b59b946..5ecf1a1 100644
--- a/src/lib/data/book/parts/patterns-failures.ts
+++ b/src/lib/data/book/parts/patterns-failures.ts
@@ -77,7 +77,7 @@ Modern protocols inherit the same idea. [[quic|QUIC]] has per-stream and per-con
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/7/71/TCP_Three-Way_Handshake.svg/500px-TCP_Three-Way_Handshake.svg.png',
alt: 'TCP three-way handshake β SYN, SYN-ACK, ACK between client and server.',
caption:
- 'The canonical **{{handshake|handshake}}**: [[tcp|TCP]]\'s **{{syn-cookies|SYN}} β {{syn-ack|SYN-ACK}} β {{ack|ACK}}** dance from [[rfc:9293|RFC 793]] in 1981. Every other {{handshake|handshake}} in this book β [[tls|TLS]] {{client-hello|ClientHello}}/{{server-hello|ServerHello}}/Finished, [[ssh|SSH]] KEX, [[mqtt|MQTT]] {{mqtt-connect|CONNECT}}/CONNACK, [[sctp|SCTP]]\'s four-way {{cookie|Cookie}} {{exchange|exchange}} β is a variation on this shape. Recognise the pattern once; recognise it in every other protocol you ever read.',
+ "The canonical **{{handshake|handshake}}**: [[tcp|TCP]]'s **{{syn-cookies|SYN}} β {{syn-ack|SYN-ACK}} β {{ack|ACK}}** dance from [[rfc:9293|RFC 793]] in 1981. Every other {{handshake|handshake}} in this book β [[tls|TLS]] {{client-hello|ClientHello}}/{{server-hello|ServerHello}}/Finished, [[ssh|SSH]] KEX, [[mqtt|MQTT]] {{mqtt-connect|CONNECT}}/CONNACK, [[sctp|SCTP]]'s four-way {{cookie|Cookie}} {{exchange|exchange}} β is a variation on this shape. Recognise the pattern once; recognise it in every other protocol you ever read.",
credit: 'Image: Wikimedia Commons / public domain'
}
]
@@ -221,7 +221,7 @@ The arc: react to loss β react to delay β model the network β use explicit
{
type: 'callout',
title: 'The unsolved problem: heterogeneous fairness',
- text: 'Every congestion-control algorithm is fair to itself. Mix {{bbr|BBR}} with {{cubic|CUBIC}} on a shared bottleneck and {{bbr|BBR}} takes the lion\'s share. Mix {{l4s|L4S}} with classic flows in the wrong queue and {{l4s|L4S}} starves. Each new algorithm has had to fight not just for performance but for **coexistence** with the deployed base β a constraint that consumes most of the engineering effort. {{bbrv3|BBRv3}} spent two years on coexistence work before it was production-ready.'
+ text: "Every congestion-control algorithm is fair to itself. Mix {{bbr|BBR}} with {{cubic|CUBIC}} on a shared bottleneck and {{bbr|BBR}} takes the lion's share. Mix {{l4s|L4S}} with classic flows in the wrong queue and {{l4s|L4S}} starves. Each new algorithm has had to fight not just for performance but for **coexistence** with the deployed base β a constraint that consumes most of the engineering effort. {{bbrv3|BBRv3}} spent two years on coexistence work before it was production-ready."
},
{
type: 'image',
diff --git a/src/lib/data/book/parts/realtime-av.ts b/src/lib/data/book/parts/realtime-av.ts
index d2c09a0..da44d9f 100644
--- a/src/lib/data/book/parts/realtime-av.ts
+++ b/src/lib/data/book/parts/realtime-av.ts
@@ -74,7 +74,7 @@ Active 2025-2026 work in the {{ietf|IETF}} AVTCORE WG: **{{rfc-doc|RFC}} 9628 (2
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/6/6d/Polycom_VSX_7000_with_2_video_conferencing_screens.JPG/500px-Polycom_VSX_7000_with_2_video_conferencing_screens.JPG',
alt: 'A Polycom VSX 7000 video-conferencing system with two screens.',
caption:
- 'A **Polycom VSX 7000** video-conferencing system β the early-2000s enterprise hardware whose audio and video both rode [[rtp|RTP]] under the hood. From the 1992 MBone audio-cast that produced [[rtp|RTP]]\'s wire format to today\'s ~2.5M-concurrent Discord voice fleet, the same {{sequence-number|Sequence Number}} + Timestamp + {{payload|Payload}} Type fields have carried voice and video across every generation of conferencing hardware.',
+ "A **Polycom VSX 7000** video-conferencing system β the early-2000s enterprise hardware whose audio and video both rode [[rtp|RTP]] under the hood. From the 1992 MBone audio-cast that produced [[rtp|RTP]]'s wire format to today's ~2.5M-concurrent Discord voice fleet, the same {{sequence-number|Sequence Number}} + Timestamp + {{payload|Payload}} Type fields have carried voice and video across every generation of conferencing hardware.",
credit: 'Photo: Wikimedia Commons / CC BY-SA'
}
]
@@ -90,7 +90,8 @@ Active 2025-2026 work in the {{ietf|IETF}} AVTCORE WG: **{{rfc-doc|RFC}} 9628 (2
{
id: 'webrtc',
title: 'WebRTC',
- synopsis: '{{peer-to-peer|Peer-to-peer}} in the browser, {{ice|ICE}}/{{stun|STUN}}/{{turn|TURN}}, {{dtls|DTLS}}, {{srtp|SRTP}} β and the only way for a browser to send a [[udp|UDP]] packet.',
+ synopsis:
+ '{{peer-to-peer|Peer-to-peer}} in the browser, {{ice|ICE}}/{{stun|STUN}}/{{turn|TURN}}, {{dtls|DTLS}}, {{srtp|SRTP}} β and the only way for a browser to send a [[udp|UDP]] packet.',
slots: [
{
kind: 'pull-quote',
@@ -146,7 +147,7 @@ Plan B [[sdp|SDP]] is fully gone now: deprecation-warned in Chrome M89 (Feb 2021
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/2/23/Video_Conference_Using_Laptop.jpg/500px-Video_Conference_Using_Laptop.jpg',
alt: 'A laptop with a video conferencing application showing multiple participants.',
caption:
- 'A laptop video call β what the [[webrtc|WebRTC]] stack actually produces in the user\'s seat. Underneath: a {{ble|BLE}}-discovered camera, {{ice-candidate|ICE candidate}} gathering, a {{dtls|DTLS}}-keyed {{srtp|SRTP}} flow over [[udp|UDP]], NetEQ in the audio path, libwebrtc compiled into the browser. **1.21 million lines of code** in libwebrtc β three times the size of the Space Shuttle\'s onboard software, and it boots in under a second.',
+ "A laptop video call β what the [[webrtc|WebRTC]] stack actually produces in the user's seat. Underneath: a {{ble|BLE}}-discovered camera, {{ice-candidate|ICE candidate}} gathering, a {{dtls|DTLS}}-keyed {{srtp|SRTP}} flow over [[udp|UDP]], NetEQ in the audio path, libwebrtc compiled into the browser. **1.21 million lines of code** in libwebrtc β three times the size of the Space Shuttle's onboard software, and it boots in under a second.",
credit: 'Photo: Wikimedia Commons / CC BY-SA'
}
]
@@ -160,7 +161,8 @@ Plan B [[sdp|SDP]] is fully gone now: deprecation-warned in Chrome M89 (Feb 2021
{
id: 'sip-and-sdp',
title: 'SIP and SDP',
- synopsis: '[[pioneer:henning-schulzrinne|Henning Schulzrinne]] wrote three protocols ([[sip|SIP]], [[sdp|SDP]], [[rtp|RTP]]) that carry the world\'s phone calls.',
+ synopsis:
+ "[[pioneer:henning-schulzrinne|Henning Schulzrinne]] wrote three protocols ([[sip|SIP]], [[sdp|SDP]], [[rtp|RTP]]) that carry the world's phone calls.",
slots: [
{
kind: 'pull-quote',
@@ -189,7 +191,7 @@ Twenty-eight years in, the protocol-version line is still \`v=0\`. The [[sdp|SDP
{
type: 'callout',
title: 'The 911 outages keep happening',
- text: 'The **AT&T 22 February 2024 outage** disconnected 125 million devices and blocked ~25,000 911 calls β caused by a single misconfigured network element during expansion, surfacing as {{ims|IMS}}/[[sip|SIP]] registration failures. The **CenturyLink December 2018 911 outage** lost 911 service for 7.4 million Washington residents for 49 hours; 24,000 calls failed; Washington {{utc-time|UTC}} fined them $7.2 M. **{{volte|VoLTE}}/{{vonr|VoNR}} is the world\'s largest [[sip|SIP]] deployment** β {{gsma|GSMA}} reports 310+ {{volte|VoLTE}} operators in 140+ countries and 45+ commercial {{vonr|VoNR}} networks by 2025 β and the failure modes ripple straight into emergency services.'
+ text: "The **AT&T 22 February 2024 outage** disconnected 125 million devices and blocked ~25,000 911 calls β caused by a single misconfigured network element during expansion, surfacing as {{ims|IMS}}/[[sip|SIP]] registration failures. The **CenturyLink December 2018 911 outage** lost 911 service for 7.4 million Washington residents for 49 hours; 24,000 calls failed; Washington {{utc-time|UTC}} fined them $7.2 M. **{{volte|VoLTE}}/{{vonr|VoNR}} is the world's largest [[sip|SIP]] deployment** β {{gsma|GSMA}} reports 310+ {{volte|VoLTE}} operators in 140+ countries and 45+ commercial {{vonr|VoNR}} networks by 2025 β and the failure modes ripple straight into emergency services."
},
{
type: 'narrative',
@@ -231,11 +233,12 @@ The cryptography is slowly tightening: **{{rfc-doc|RFC}} 8760 (March 2020)** fin
{
id: 'hls-and-dash',
title: 'HLS and DASH',
- synopsis: '[[hls|HLS]] and [[dash|DASH]] β adaptive bitrate over plain {{http-method|HTTP}}, and the {{m3u|M3U}} playlist Winamp left behind.',
+ synopsis:
+ '[[hls|HLS]] and [[dash|DASH]] β adaptive bitrate over plain {{http-method|HTTP}}, and the {{m3u|M3U}} playlist Winamp left behind.',
slots: [
{
kind: 'pull-quote',
- text: 'The world\'s most-deployed video protocol still starts every playlist with `#EXTM3U` β the format Fraunhofer created in 1995 for WinPlay3 and Nullsoft popularised in Winamp on 21 April 1997.',
+ text: "The world's most-deployed video protocol still starts every playlist with `#EXTM3U` β the format Fraunhofer created in 1995 for WinPlay3 and Nullsoft popularised in Winamp on 21 April 1997.",
attribution: 'Author'
},
{
@@ -253,7 +256,7 @@ The trick was breaking the stream into **2-10 second segments**, each a regular
{
type: 'callout',
title: 'M3U is a Winamp inheritance',
- text: '[[hls|HLS]]\'s playlist format is **{{m3u|M3U}}**, which was created in 1995 by Fraunhofer IIS for **WinPlay3** and popularised by **Nullsoft\'s Winamp on 21 April 1997**. The world\'s most-deployed video protocol β the one carrying every live sports event, every Netflix stream, every {{apple|Apple}} TV {{broadcast|broadcast}} β still starts every playlist with `#EXTM3U`. The internet runs on inheritance.'
+ text: "[[hls|HLS]]'s playlist format is **{{m3u|M3U}}**, which was created in 1995 by Fraunhofer IIS for **WinPlay3** and popularised by **Nullsoft's Winamp on 21 April 1997**. The world's most-deployed video protocol β the one carrying every live sports event, every Netflix stream, every {{apple|Apple}} TV {{broadcast|broadcast}} β still starts every playlist with `#EXTM3U`. The internet runs on inheritance."
},
{
type: 'narrative',
@@ -291,7 +294,7 @@ The post-Flash reality: **Adobe Flash Player retired on 31 December 2020**, kill
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/f/f5/Zpracovani_videa_HTTP_Live_Streaming.png/500px-Zpracovani_videa_HTTP_Live_Streaming.png',
alt: 'HLS architecture diagram β encoder produces multi-bitrate segments, CDN serves them, player adapts bitrate.',
caption:
- '**[[hls|HLS]]** architecture: an encoder produces parallel multi-bitrate ladders of small .ts (or now .mp4 / CMAF) segments; a {{cdn|CDN}} serves them over plain {{http-method|HTTP}}; the client adapts bitrate between segments. Shipped 17 June 2009 with iPhone {{os|OS}} 3.0 / iPhone 3GS β {{apple|Apple}}\'s play to dodge Flash and survive the 2008 3G {{firewall|firewall}} reality by reusing {{http-method|HTTP}}/443.',
+ "**[[hls|HLS]]** architecture: an encoder produces parallel multi-bitrate ladders of small .ts (or now .mp4 / CMAF) segments; a {{cdn|CDN}} serves them over plain {{http-method|HTTP}}; the client adapts bitrate between segments. Shipped 17 June 2009 with iPhone {{os|OS}} 3.0 / iPhone 3GS β {{apple|Apple}}'s play to dodge Flash and survive the 2008 3G {{firewall|firewall}} reality by reusing {{http-method|HTTP}}/443.",
credit: 'Image: Wikimedia Commons / CC BY-SA'
}
]
@@ -306,7 +309,8 @@ The post-Flash reality: **Adobe Flash Player retired on 31 December 2020**, kill
{
id: 'moq-transport',
title: 'MoQ Transport',
- synopsis: 'Sub-second live streaming over [[quic|QUIC]] β the first {{ietf|IETF}} media transport that intentionally is not [[rtp|RTP]].',
+ synopsis:
+ 'Sub-second live streaming over [[quic|QUIC]] β the first {{ietf|IETF}} media transport that intentionally is not [[rtp|RTP]].',
slots: [
{
kind: 'pull-quote',
@@ -363,7 +367,7 @@ The conservative alternative: **[[rtp|RTP]]-over-[[quic|QUIC]] (RoQ)**. \`draft-
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/3/3a/AT%26T_Picturephone_%2812721549765%29.jpg/500px-AT%26T_Picturephone_%2812721549765%29.jpg',
alt: 'The 1964 AT&T Picturephone β an early commercial video-call device.',
caption:
- 'The **AT&T Picturephone**, demonstrated at the 1964 World\'s Fair β the first commercial live video over a telecommunications network. Sixty years and four wholesale rewrites later (analog β ISDN β [[rtp|RTP]]/H.323 β [[webrtc|WebRTC]]), **MoQ over [[quic|QUIC]]** is the latest answer to the question the Picturephone asked: *how do you carry one-to-many live video at scale, in real time, over a network you do not own?* The current draft is `draft-{{ietf|ietf}}-moq-transport-17`; {{cloudflare|Cloudflare}} deployed MoQ relays across 330+ cities through 2025.',
+ "The **AT&T Picturephone**, demonstrated at the 1964 World's Fair β the first commercial live video over a telecommunications network. Sixty years and four wholesale rewrites later (analog β ISDN β [[rtp|RTP]]/H.323 β [[webrtc|WebRTC]]), **MoQ over [[quic|QUIC]]** is the latest answer to the question the Picturephone asked: *how do you carry one-to-many live video at scale, in real time, over a network you do not own?* The current draft is `draft-{{ietf|ietf}}-moq-transport-17`; {{cloudflare|Cloudflare}} deployed MoQ relays across 330+ cities through 2025.",
credit: 'Photo: AT&T Archives / Wikimedia Commons, public domain'
}
]
diff --git a/src/lib/data/book/parts/story-of-the-internet.ts b/src/lib/data/book/parts/story-of-the-internet.ts
index 233e44e..5d50c26 100644
--- a/src/lib/data/book/parts/story-of-the-internet.ts
+++ b/src/lib/data/book/parts/story-of-the-internet.ts
@@ -20,7 +20,8 @@ export const storyOfTheInternet: BookPart = {
{
id: 'before-the-internet',
title: 'Before the Internet',
- synopsis: '{{xerox-parc|Xerox PARC}}, {{arpanet|ARPANET}}, {{ncp|NCP}} β the three streams that flowed into [[tcp|TCP]]/[[ip|IP]].',
+ synopsis:
+ '{{xerox-parc|Xerox PARC}}, {{arpanet|ARPANET}}, {{ncp|NCP}} β the three streams that flowed into [[tcp|TCP]]/[[ip|IP]].',
slots: [
{
kind: 'pull-quote',
@@ -41,7 +42,7 @@ The third tradition was packet radio. ARPA's Packet Radio Network (PRNET, 1973)
},
{
type: 'callout',
- title: "Why three? Because the problem was three problems.",
+ title: 'Why three? Because the problem was three problems.',
text: 'Local fabric ([[ethernet|Ethernet]]), wide-area research backbone ({{arpanet|ARPANET}}), and unreliable wireless (PRNET/SATNET) each forced different design pressures. The architecture that won β [[tcp|TCP]]/[[ip|IP]] β is the one that took none of them as canonical and instead specified the **gluing** layer.'
}
]
@@ -62,7 +63,7 @@ The third tradition was packet radio. ARPA's Packet Radio Network (PRNET, 1973)
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/3/3d/Interface_Message_Processor_%28%22IMP%22%29_%282586235502%29.jpg/500px-Interface_Message_Processor_%28%22IMP%22%29_%282586235502%29.jpg',
alt: 'A BBN-built Interface Message Processor (IMP) on display at the Computer History Museum.',
caption:
- 'An original {{bbn|BBN}} {{imp|Interface Message Processor}} ({{imp|IMP}}) β the rugged minicomputer that served as {{arpanet|ARPANET}}\'s first router. The protocol that ran between IMPs is what [[tcp|TCP]]/[[ip|IP]] would later replace.',
+ "An original {{bbn|BBN}} {{imp|Interface Message Processor}} ({{imp|IMP}}) β the rugged minicomputer that served as {{arpanet|ARPANET}}'s first router. The protocol that ran between IMPs is what [[tcp|TCP]]/[[ip|IP]] would later replace.",
credit: 'Photo: Erik Pitti, CC BY 2.0, via Wikimedia Commons'
}
]
@@ -75,7 +76,8 @@ The third tradition was packet radio. ARPA's Packet Radio Network (PRNET, 1973)
{
id: 'the-1981-burst',
title: 'The 1981β83 Standardisation Burst',
- synopsis: '[[rfc:791|RFC 791]]/792/793, the {{arpanet|ARPANET}} {{flag-day-1983|flag day}}, and {{ieee-802-15-4|IEEE}} 802.3 ratified β three years that locked in the stack.',
+ synopsis:
+ '[[rfc:791|RFC 791]]/792/793, the {{arpanet|ARPANET}} {{flag-day-1983|flag day}}, and {{ieee-802-15-4|IEEE}} 802.3 ratified β three years that locked in the stack.',
slots: [
{
kind: 'prose',
@@ -123,7 +125,8 @@ This is the deepest principle of the era: **separate what changes together from
{
id: 'the-1986-collapse',
title: 'The 1986 Congestion Collapse',
- synopsis: '32 kbps to 40 bps in 400 yards β and [[pioneer:van-jacobson|Van Jacobson]]\'s six-algorithm fix.',
+ synopsis:
+ "32 kbps to 40 bps in 400 yards β and [[pioneer:van-jacobson|Van Jacobson]]'s six-algorithm fix.",
slots: [
{
kind: 'prose',
@@ -222,7 +225,7 @@ By 1995, {{osi-model|OSI}} was effectively dead in production networks. CLNP sur
sections: [
{
type: 'narrative',
- title: 'A Manager\'s Side Project',
+ title: "A Manager's Side Project",
text: `In March 1989, **[[pioneer:tim-berners-lee|Tim Berners-Lee]]** circulated a memo at {{cern|CERN}} titled **"Information Management: A Proposal."** His manager, Mike Sendall, scribbled "vague but exciting" on the cover. The proposal described a system where documents on different machines could link to each other through hypertext, retrieved by a uniform addressing scheme.
By Christmas 1990, on a NeXT workstation in his office, Berners-Lee had built the first **web server** (info.cern.ch), the first **web browser** (also a WYSIWYG editor), and the first three protocols he needed: {{http-method|HTTP}} for transport, {{html|HTML}} for markup, and URLs for addressing. The whole system rode on top of [[tcp|TCP]] β that was the entire architectural assumption. It did not have to invent transport, ordering, {{retransmission|retransmission}}, or addressing. The internet had already solved those.
@@ -253,14 +256,15 @@ The architectural lesson the web carried forward: an application that succeeds a
{
kind: 'pull-quote',
text: 'Vague but exciting.',
- attribution: 'Mike Sendall, on the cover of Berners-Lee\'s 1989 memo'
+ attribution: "Mike Sendall, on the cover of Berners-Lee's 1989 memo"
}
]
},
{
id: 'mobile-and-bufferbloat',
title: 'The Mobile and Bufferbloat Decade',
- synopsis: '3G, 4G, the iPhone, and why your home internet is {{bufferbloat|laggy under load}}.',
+ synopsis:
+ '3G, 4G, the iPhone, and why your home internet is {{bufferbloat|laggy under load}}.',
slots: [
{
kind: 'prose',
@@ -276,8 +280,9 @@ The fix took fifteen years. **{{aqm|Active queue management}}** (CoDel, fq_codel
},
{
type: 'callout',
- title: 'Bufferbloat is the canonical example of well-meaning engineering creating a network-wide pathology.',
- text: 'Adding more buffer seemed obviously good β bursts wouldn\'t cause loss. But [[tcp|TCP]]\'s congestion-control loop **needed** loss as its signal. The fix was to push buffers back down and add explicit signalling ({{ecn|ECN}}) instead.'
+ title:
+ 'Bufferbloat is the canonical example of well-meaning engineering creating a network-wide pathology.',
+ text: "Adding more buffer seemed obviously good β bursts wouldn't cause loss. But [[tcp|TCP]]'s congestion-control loop **needed** loss as its signal. The fix was to push buffers back down and add explicit signalling ({{ecn|ECN}}) instead."
},
{
type: 'image',
@@ -326,7 +331,7 @@ This is the structural lesson of the late-2010s protocol-design era: **{{encrypt
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/2/29/Google_Data_Center%2C_The_Dalles.jpg/500px-Google_Data_Center%2C_The_Dalles.jpg',
alt: 'Google data center in The Dalles, Oregon β where the gQUIC traffic was first deployed.',
caption:
- '{{google|Google}}\'s data center in **The Dalles, Oregon**. By 2014, every connection to *chrome.com* / *youtube.com* from a Chrome client was speaking experimental gQUIC over [[udp|UDP]] to one of these buildings. The fleet of users plus the fleet of servers is what gave {{google|Google}} the leverage to design a new transport β and the leverage to *iterate* on it monthly instead of waiting decades for kernel rollouts.',
+ "{{google|Google}}'s data center in **The Dalles, Oregon**. By 2014, every connection to *chrome.com* / *youtube.com* from a Chrome client was speaking experimental gQUIC over [[udp|UDP]] to one of these buildings. The fleet of users plus the fleet of servers is what gave {{google|Google}} the leverage to design a new transport β and the leverage to *iterate* on it monthly instead of waiting decades for kernel rollouts.",
credit: 'Photo: Tony Webster, CC BY 2.0, via Wikimedia Commons'
}
]
diff --git a/src/lib/data/book/parts/transport.ts b/src/lib/data/book/parts/transport.ts
index a31d184..c19a27e 100644
--- a/src/lib/data/book/parts/transport.ts
+++ b/src/lib/data/book/parts/transport.ts
@@ -20,7 +20,8 @@ export const transport: BookPart = {
{
id: 'tcp',
title: 'TCP',
- synopsis: '[[tcp|Reliable byte streams]], four decades of {{congestion-control|congestion control}}.',
+ synopsis:
+ '[[tcp|Reliable byte streams]], four decades of {{congestion-control|congestion control}}.',
slots: [
{
kind: 'pull-quote',
@@ -51,7 +52,7 @@ Forty-five years after [[rfc:9293|RFC 793]] (September 1981), [[tcp|TCP]] is sti
{
type: 'callout',
title: 'Three pre-existing security incidents from the 1990s',
- text: '**[[tcp|TCP]] sequence-prediction (Mitnick 1994)** exploited predictable initial {{sequence-number|sequence numbers}} from {{bsd|BSD}}\'s linear {{isn|ISN}} counter. [[rfc:1948|RFC 1948]] (1996) replaced it with a cryptographically-hashed function of the four-tuple. **{{syn-cookies|SYN}} floods (mid-1990s)** exhausted server connection tables before {{syn-cookies|SYN cookies}} (Bernstein, [[rfc:4987|RFC 4987]]) made them {{stateless|stateless}}. **Smurf attacks (1997)** abused [[ip|IP]] {{broadcast|broadcast}} to amplify {{tcp-rst|TCP RST}} floods. Modern stacks defeat all three; the design lessons are baked into [[rfc:9293|RFC 9293]]\'s security considerations.'
+ text: "**[[tcp|TCP]] sequence-prediction (Mitnick 1994)** exploited predictable initial {{sequence-number|sequence numbers}} from {{bsd|BSD}}'s linear {{isn|ISN}} counter. [[rfc:1948|RFC 1948]] (1996) replaced it with a cryptographically-hashed function of the four-tuple. **{{syn-cookies|SYN}} floods (mid-1990s)** exhausted server connection tables before {{syn-cookies|SYN cookies}} (Bernstein, [[rfc:4987|RFC 4987]]) made them {{stateless|stateless}}. **Smurf attacks (1997)** abused [[ip|IP]] {{broadcast|broadcast}} to amplify {{tcp-rst|TCP RST}} floods. Modern stacks defeat all three; the design lessons are baked into [[rfc:9293|RFC 9293]]'s security considerations."
},
{
type: 'narrative',
@@ -97,7 +98,8 @@ The vulnerability surface keeps producing CVEs. **{{cve|CVE}}-2019-11477 ({{sack
{
id: 'udp',
title: 'UDP',
- synopsis: '[[udp|Three pages of RFC]], no guarantees, ubiquitous β and the substrate beneath [[quic|QUIC]].',
+ synopsis:
+ '[[udp|Three pages of RFC]], no guarantees, ubiquitous β and the substrate beneath [[quic|QUIC]].',
slots: [
{
kind: 'pull-quote',
@@ -199,7 +201,7 @@ The deeper lesson [[sctp|SCTP]] teaches is the lesson [[quic|QUIC]] applied: **i
{
type: 'callout',
title: 'WebRTC Data Channels are SCTP under the hood',
- text: 'There is one place [[sctp|SCTP]] runs successfully on the open internet: **[[webrtc|WebRTC]] Data Channels**. [[rfc:8831|RFC 8831]] defines the data channel as **[[sctp|SCTP]] over {{dtls|DTLS}} over [[udp|UDP]]** β the [[sctp|SCTP]]-over-something-else trick [[quic|QUIC]] would later generalise. The browser implementations (libwebrtc, Firefox\'s networking stack) carry an [[sctp|SCTP]] stack in user space. [[webrtc|WebRTC]] is the largest production [[sctp|SCTP]] deployment by message count, even though almost nobody knows it.'
+ text: "There is one place [[sctp|SCTP]] runs successfully on the open internet: **[[webrtc|WebRTC]] Data Channels**. [[rfc:8831|RFC 8831]] defines the data channel as **[[sctp|SCTP]] over {{dtls|DTLS}} over [[udp|UDP]]** β the [[sctp|SCTP]]-over-something-else trick [[quic|QUIC]] would later generalise. The browser implementations (libwebrtc, Firefox's networking stack) carry an [[sctp|SCTP]] stack in user space. [[webrtc|WebRTC]] is the largest production [[sctp|SCTP]] deployment by message count, even though almost nobody knows it."
},
{
type: 'narrative',
@@ -328,7 +330,7 @@ The {{ietf|IETF}} [[quic|QUIC]] Working Group, formed in 2016, took {{google|Goo
},
{
type: 'narrative',
- title: 'What\'s On the Frontier',
+ title: "What's On the Frontier",
text: `The next ten years of transport innovation are all riding on [[quic|QUIC]].
**[[frontier:multipath-quic|Multipath QUIC]]** (\`draft-ietf-quic-multipath\`) entered IESG Last Call in December 2025. Inherits [[mptcp|MPTCP]]'s algorithmic ideas inside a transport that actually traverses middleboxes.
@@ -348,7 +350,7 @@ By 2026, **{{meta|Meta}} reports >75% of internet-facing traffic on [[quic|QUIC]
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/2/20/Google_Corkboard_Server_Rack.jpg/500px-Google_Corkboard_Server_Rack.jpg',
alt: 'Early Google "corkboard" server rack β bare motherboards mounted on cork backing, displayed at the Computer History Museum.',
caption:
- 'An early **{{google|Google}} corkboard server** β the company that designed [[quic|QUIC]] in 2012 because it could no longer ship [[tcp|TCP]] improvements through kernel rollouts fast enough for its fleet. [[pioneer:jim-roskind|Jim Roskind]]\'s answer was to put a brand-new transport in *user space* on top of [[udp|UDP]], where it could iterate monthly and middleboxes would forward it unchanged.',
+ "An early **{{google|Google}} corkboard server** β the company that designed [[quic|QUIC]] in 2012 because it could no longer ship [[tcp|TCP]] improvements through kernel rollouts fast enough for its fleet. [[pioneer:jim-roskind|Jim Roskind]]'s answer was to put a brand-new transport in *user space* on top of [[udp|UDP]], where it could iterate monthly and middleboxes would forward it unchanged.",
credit: 'Photo: Wikimedia Commons / CC BY-SA'
}
]
diff --git a/src/lib/data/book/parts/utilities-security.ts b/src/lib/data/book/parts/utilities-security.ts
index 4972c9b..16549b9 100644
--- a/src/lib/data/book/parts/utilities-security.ts
+++ b/src/lib/data/book/parts/utilities-security.ts
@@ -12,13 +12,15 @@ export const utilitiesSecurity: BookPart = {
id: 'utilities-security',
title: 'Utilities & Security',
label: 'IX',
- description: 'The invisible plumbing β [[tls|TLS]], [[ssh|SSH]], [[ntp|NTP]], the email stack, and authentication.',
+ description:
+ 'The invisible plumbing β [[tls|TLS]], [[ssh|SSH]], [[ntp|NTP]], the email stack, and authentication.',
chapters: [
// ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
{
id: 'tls',
title: 'TLS',
- synopsis: '[[tls|From SSL 1.0]] (never released) to post-quantum hybrid by default in iOS 26.',
+ synopsis:
+ '[[tls|From SSL 1.0]] (never released) to post-quantum hybrid by default in iOS 26.',
slots: [
{
kind: 'pull-quote',
@@ -40,7 +42,7 @@ In 1999 the {{ietf|IETF}} took ownership and renamed it [[tls|TLS]] 1.0 ([[rfc:2
{
type: 'callout',
title: 'TLS 1.3 has middlebox-compatibility hacks built in',
- text: 'The "everyone gets it wrong" wire fact: **[[tls|TLS]] 1.3 {{client-hello|ClientHello}}.legacy_version = 0x0303** ([[tls|TLS]] 1.2); the real version goes in the \`supported_versions\` extension. **legacy_session_id is non-empty** (faking {{session-resumption|session resumption}}). Both sides send a no-op **ChangeCipherSpec record** after their first flight. All of this is because middleboxes broke when they saw real [[tls|TLS]] 1.3 wire format. The protocol is technically clean; the wire encoding is a deliberate camouflage.'
+ text: 'The "everyone gets it wrong" wire fact: **[[tls|TLS]] 1.3 {{client-hello|ClientHello}}.legacy_version = 0x0303** ([[tls|TLS]] 1.2); the real version goes in the `supported_versions` extension. **legacy_session_id is non-empty** (faking {{session-resumption|session resumption}}). Both sides send a no-op **ChangeCipherSpec record** after their first flight. All of this is because middleboxes broke when they saw real [[tls|TLS]] 1.3 wire format. The protocol is technically clean; the wire encoding is a deliberate camouflage.'
},
{
type: 'narrative',
@@ -73,7 +75,7 @@ Two more historical incidents to name: **goto fail ({{cve|CVE}}-2014-1266)** β
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/9/95/Digital_certificates_chain_of_trust.png/500px-Digital_certificates_chain_of_trust.png',
alt: 'Digital certificate chain of trust diagram β root CA, intermediate CA, end-entity certificate.',
caption:
- 'A **[[tls|TLS]] {{certificate-chain|certificate chain}} of trust**: a root {{certificate-authority|CA}} signs an intermediate CA, which signs the end-entity {{certificate|certificate}} your browser actually sees. Every HTTPS connection ends at a chain like this; DigiNotar\'s August 2011 compromise (531 fraudulent certs for 344 domains) is what forced **{{certificate-transparency|Certificate Transparency}}** into existence as a structural fix. The current frontier is 47-day cert lifetimes, mandatory by 15 March 2029.',
+ "A **[[tls|TLS]] {{certificate-chain|certificate chain}} of trust**: a root {{certificate-authority|CA}} signs an intermediate CA, which signs the end-entity {{certificate|certificate}} your browser actually sees. Every HTTPS connection ends at a chain like this; DigiNotar's August 2011 compromise (531 fraudulent certs for 344 domains) is what forced **{{certificate-transparency|Certificate Transparency}}** into existence as a structural fix. The current frontier is 47-day cert lifetimes, mandatory by 15 March 2029.",
credit: 'Image: Wikimedia Commons / CC BY-SA'
}
]
@@ -92,7 +94,8 @@ Two more historical incidents to name: **goto fail ({{cve|CVE}}-2014-1266)** β
{
id: 'ssh',
title: 'SSH',
- synopsis: '[[ssh|Encrypted shells]], port forwards, and {{scp-copy|SCP}} β written by Tatu YlΓΆnen in Helsinki, July 1995.',
+ synopsis:
+ '[[ssh|Encrypted shells]], port forwards, and {{scp-copy|SCP}} β written by Tatu YlΓΆnen in Helsinki, July 1995.',
slots: [
{
kind: 'pull-quote',
@@ -160,7 +163,8 @@ The protocol uses **public-key cryptography** for host and user authentication,
{
id: 'ntp',
title: 'NTP',
- synopsis: '[[ntp|Why your timestamp is correct]] to within milliseconds β and the era rollover on 7 February 2036.',
+ synopsis:
+ '[[ntp|Why your timestamp is correct]] to within milliseconds β and the era rollover on 7 February 2036.',
slots: [
{
kind: 'pull-quote',
@@ -184,7 +188,7 @@ A client samples the {{rtt|round-trip time}} to a server (call it Ξ΄) and the ap
{
type: 'callout',
title: 'Era rollover: 7 February 2036 at 06:28:16 UTC',
- text: '[[ntp|NTP]]\'s 64-bit timestamp uses the **[[ntp|NTP]] prime epoch, 1900-01-01 00:00:00 {{utc-time|UTC}}** β older than {{arpanet|ARPANET}}, older than UNIX, older than every other timestamp standard in computing. Span = 2Β³Β² s = **136.19 years per era**. **Era rollover is 7 February 2036 at 06:28:16 {{utc-time|UTC}}.** The protocol handles eras correctly via 64-bit math; many client implementations assume 32-bit and will need fixes before 2036. The Y2036 work has been quietly underway since 2020.'
+ text: "[[ntp|NTP]]'s 64-bit timestamp uses the **[[ntp|NTP]] prime epoch, 1900-01-01 00:00:00 {{utc-time|UTC}}** β older than {{arpanet|ARPANET}}, older than UNIX, older than every other timestamp standard in computing. Span = 2Β³Β² s = **136.19 years per era**. **Era rollover is 7 February 2036 at 06:28:16 {{utc-time|UTC}}.** The protocol handles eras correctly via 64-bit math; many client implementations assume 32-bit and will need fixes before 2036. The Y2036 work has been quietly underway since 2020."
},
{
type: 'narrative',
@@ -217,7 +221,7 @@ A client samples the {{rtt|round-trip time}} to a server (call it Ξ΄) and the ap
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/8/8e/Nist-f1.jpg/500px-Nist-f1.jpg',
alt: 'NIST-F1 caesium fountain atomic clock β the US primary frequency standard.',
caption:
- '**{{nist|NIST}}-F1**, the caesium fountain atomic clock that has served as the US primary frequency standard since 1999. Accurate to about one second in 100 million years. [[pioneer:david-mills|David Mills]]\'s **[[ntp|NTP]]** (1985 β Mills died 17 January 2024) is the protocol that flows this kind of accuracy out to every laptop, phone, and server on the internet, with Marzullo\'s 1984 consensus algorithm picking a sane median from a flock of stratum-1 sources.',
+ "**{{nist|NIST}}-F1**, the caesium fountain atomic clock that has served as the US primary frequency standard since 1999. Accurate to about one second in 100 million years. [[pioneer:david-mills|David Mills]]'s **[[ntp|NTP]]** (1985 β Mills died 17 January 2024) is the protocol that flows this kind of accuracy out to every laptop, phone, and server on the internet, with Marzullo's 1984 consensus algorithm picking a sane median from a flock of stratum-1 sources.",
credit: 'Photo: NIST / public domain, via Wikimedia Commons'
}
]
@@ -231,7 +235,8 @@ A client samples the {{rtt|round-trip time}} to a server (call it Ξ΄) and the ap
{
id: 'oauth-and-jwt',
title: 'OAuth 2.1 and JWT',
- synopsis: '[[oauth2|How modern apps delegate access]] β and the most famous resignation in protocol history.',
+ synopsis:
+ '[[oauth2|How modern apps delegate access]] β and the most famous resignation in protocol history.',
slots: [
{
kind: 'pull-quote',
@@ -253,7 +258,7 @@ Before [[oauth2|OAuth]], an app that wanted access to your {{google|Google}} cal
{
type: 'callout',
title: 'The Road to Hell resignation',
- text: '**The "Road to Hell" resignation (26 July 2012)**: Eran Hammer published *"[[oauth2|OAuth]] 2.0 and the Road to Hell"* β most famous resignation in modern protocol history. His core line: *"WS-\* bad"* β shorthand among {{ietf|IETF}} veterans for any standard sunk by enterprise committee design. The "everyone gets it wrong" framework fact: **[[oauth2|OAuth]] 2.0 is technically a framework, not a protocol.** [[rfc:6749|RFC 6749]]\'s abstract itself warns *"this specification is likely to produce a wide range of non-interoperable implementations"* β language Hammer fought to insert.'
+ text: '**The "Road to Hell" resignation (26 July 2012)**: Eran Hammer published *"[[oauth2|OAuth]] 2.0 and the Road to Hell"* β most famous resignation in modern protocol history. His core line: *"WS-* bad"* β shorthand among {{ietf|IETF}} veterans for any standard sunk by enterprise committee design. The "everyone gets it wrong" framework fact: **[[oauth2|OAuth]] 2.0 is technically a framework, not a protocol.** [[rfc:6749|RFC 6749]]\'s abstract itself warns *"this specification is likely to produce a wide range of non-interoperable implementations"* β language Hammer fought to insert.'
},
{
type: 'narrative',
@@ -308,7 +313,8 @@ Before [[oauth2|OAuth]], an app that wanted access to your {{google|Google}} cal
{
id: 'email-stack',
title: 'The Email Stack',
- synopsis: '[[smtp|SMTP]] + [[imap|IMAP]], the protocol family that refused to die β and the new bulk-sender enforcement.',
+ synopsis:
+ '[[smtp|SMTP]] + [[imap|IMAP]], the protocol family that refused to die β and the new bulk-sender enforcement.',
slots: [
{
kind: 'pull-quote',
@@ -367,7 +373,7 @@ His "Ten Commandments of How to Write an [[imap|IMAP]] client" still circulates;
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/7/72/Email.svg/500px-Email.svg.png',
alt: 'Email envelope icon β stylised mail handler.',
caption:
- '**Email** β the longest-running application of the internet. Ray Tomlinson at {{bbn|BBN}} picked the **@** sign in 1971 modifying SNDMSG. [[pioneer:jon-postel|Jon Postel]] published [[rfc:5321|RFC 821]] on port 25 in August 1982. Forty-four years later [[smtp|SMTP]] still relays your mail, [[imap|IMAP]] still serves your folders, and **{{dmarc|DMARC}} enforcement** at {{google|Google}} + Yahoo (from 1 February 2024) finally killed the easy spoofed-From address. The protocol is older than {{arpanet|ARPANET}}\'s {{flag-day-1983|flag day}}; the standards work is not done.',
+ "**Email** β the longest-running application of the internet. Ray Tomlinson at {{bbn|BBN}} picked the **@** sign in 1971 modifying SNDMSG. [[pioneer:jon-postel|Jon Postel]] published [[rfc:5321|RFC 821]] on port 25 in August 1982. Forty-four years later [[smtp|SMTP]] still relays your mail, [[imap|IMAP]] still serves your folders, and **{{dmarc|DMARC}} enforcement** at {{google|Google}} + Yahoo (from 1 February 2024) finally killed the easy spoofed-From address. The protocol is older than {{arpanet|ARPANET}}'s {{flag-day-1983|flag day}}; the standards work is not done.",
credit: 'Image: Wikimedia Commons / public domain'
}
]
diff --git a/src/lib/data/book/parts/web-api.ts b/src/lib/data/book/parts/web-api.ts
index 529f048..c99bb82 100644
--- a/src/lib/data/book/parts/web-api.ts
+++ b/src/lib/data/book/parts/web-api.ts
@@ -57,7 +57,7 @@ That readability is the entire reason every developer can debug an HTTP problem
{
type: 'callout',
title: 'The 6-connection cap is why HTTP/2 exists',
- text: 'By 2009, web pages were averaging 90 requests across 15 origins. With 6 connections per origin, every page paid the cost of [[tcp|TCP]] setup repeatedly, and connections were {{imap-idle|idle}} most of the time. {{google|Google}}\'s {{spdy|SPDY}} experiment proposed {{multiplexing|multiplexing}} many requests over a single connection, with {{binary-framing|binary framing}}. {{spdy|SPDY}} became the seed of [[http2|HTTP/2]].'
+ text: "By 2009, web pages were averaging 90 requests across 15 origins. With 6 connections per origin, every page paid the cost of [[tcp|TCP]] setup repeatedly, and connections were {{imap-idle|idle}} most of the time. {{google|Google}}'s {{spdy|SPDY}} experiment proposed {{multiplexing|multiplexing}} many requests over a single connection, with {{binary-framing|binary framing}}. {{spdy|SPDY}} became the seed of [[http2|HTTP/2]]."
},
{
type: 'narrative',
@@ -75,7 +75,7 @@ That readability is the entire reason every developer can debug an HTTP problem
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/d/d5/HTTP_persistent_connection.svg/500px-HTTP_persistent_connection.svg.png',
alt: 'HTTP persistent connection diagram β multiple request/response pairs reusing the same TCP connection.',
caption:
- '**[[http1|HTTP/1.1]] persistent connections** β request, response, request, response, all on the *same* [[tcp|TCP]] socket. The default in [[http1|HTTP/1.1]] (1997), and a quiet revolution after [[http1|HTTP/1.0]]\'s one-connection-per-request model. The reason a 1990s page-load of 90 small assets did not have to pay 90 {{syn-cookies|SYN}}/{{syn-ack|SYN-ACK}}/{{ack|ACK}} handshakes.',
+ "**[[http1|HTTP/1.1]] persistent connections** β request, response, request, response, all on the *same* [[tcp|TCP]] socket. The default in [[http1|HTTP/1.1]] (1997), and a quiet revolution after [[http1|HTTP/1.0]]'s one-connection-per-request model. The reason a 1990s page-load of 90 small assets did not have to pay 90 {{syn-cookies|SYN}}/{{syn-ack|SYN-ACK}}/{{ack|ACK}} handshakes.",
credit: 'Image: Wikimedia Commons / CC BY-SA 3.0'
}
]
@@ -91,7 +91,8 @@ That readability is the entire reason every developer can debug an HTTP problem
{
id: 'http2',
title: 'HTTP/2',
- synopsis: '{{binary-framing|Binary framing}}, streams, {{hpack|HPACK}} β and the security saga that has not stopped.',
+ synopsis:
+ '{{binary-framing|Binary framing}}, streams, {{hpack|HPACK}} β and the security saga that has not stopped.',
slots: [
{
kind: 'pull-quote',
@@ -140,7 +141,7 @@ The pattern: each {{cve|CVE}} breaks an assumption that earlier mitigations had
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/1/19/HTTP_pipelining2.svg/500px-HTTP_pipelining2.svg.png',
alt: 'HTTP/1.1 pipelining vs HTTP/2 multiplexing diagram, showing how multiple streams share one connection.',
caption:
- '[[http1|HTTP/1.1]] {{pipelining|pipelining}} vs [[http2|HTTP/2]] {{multiplexing|multiplexing}}. The 6-connection cap on [[http1|HTTP/1.1]] meant browsers paid the cost of [[tcp|TCP]] setup repeatedly; [[http2|HTTP/2]]\'s many-streams-on-one-connection model dropped page loads 30-40% in real-world measurements. The trade-off: a single {{retransmission|TCP retransmit}} now stalls *all* streams β which is the {{head-of-line-blocking|head-of-line blocking}} problem [[http3|HTTP/3]] finally fixed.',
+ "[[http1|HTTP/1.1]] {{pipelining|pipelining}} vs [[http2|HTTP/2]] {{multiplexing|multiplexing}}. The 6-connection cap on [[http1|HTTP/1.1]] meant browsers paid the cost of [[tcp|TCP]] setup repeatedly; [[http2|HTTP/2]]'s many-streams-on-one-connection model dropped page loads 30-40% in real-world measurements. The trade-off: a single {{retransmission|TCP retransmit}} now stalls *all* streams β which is the {{head-of-line-blocking|head-of-line blocking}} problem [[http3|HTTP/3]] finally fixed.",
credit: 'Image: Wikimedia Commons / CC BY-SA 4.0'
}
]
@@ -213,7 +214,7 @@ The fix in flight is **in-kernel [[quic|QUIC]]**. Xin Long posted the first ~9,0
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/7/73/Full_TLS_1.3_Handshake.svg/500px-Full_TLS_1.3_Handshake.svg.png',
alt: 'TLS 1.3 full handshake diagram showing ClientHello, ServerHello, certificate, finished messages in one round-trip.',
caption:
- 'The **[[tls|TLS]] 1.3** {{handshake|handshake}} β one round-trip ([[rfc:8446|RFC 8446]], 2018), down from two in [[tls|TLS]] 1.2. [[http3|HTTP/3]]\'s headline win is *folding this entire {{handshake|handshake}} into the [[quic|QUIC]] transport {{handshake|handshake}}*, achieving **{{one-rtt|1-RTT}}** connection setup for new sessions and **{{zero-rtt|0-RTT}}** for resumption β a flat 1-2 round-trips eliminated from every page load on mobile, where {{latency|latency}}, not {{bandwidth|bandwidth}}, is the bottleneck.',
+ "The **[[tls|TLS]] 1.3** {{handshake|handshake}} β one round-trip ([[rfc:8446|RFC 8446]], 2018), down from two in [[tls|TLS]] 1.2. [[http3|HTTP/3]]'s headline win is *folding this entire {{handshake|handshake}} into the [[quic|QUIC]] transport {{handshake|handshake}}*, achieving **{{one-rtt|1-RTT}}** connection setup for new sessions and **{{zero-rtt|0-RTT}}** for resumption β a flat 1-2 round-trips eliminated from every page load on mobile, where {{latency|latency}}, not {{bandwidth|bandwidth}}, is the bottleneck.",
credit: 'Image: Wikimedia Commons / CC0'
}
]
@@ -231,7 +232,8 @@ The fix in flight is **in-kernel [[quic|QUIC]]**. Xin Long posted the first ~9,0
{
id: 'rest-and-graphql',
title: 'REST and GraphQL',
- synopsis: '[[rest|REST]] and [[graphql|GraphQL]] β two ways to model an {{api|API}}, and a 25-year argument over which one Fielding actually meant.',
+ synopsis:
+ '[[rest|REST]] and [[graphql|GraphQL]] β two ways to model an {{api|API}}, and a 25-year argument over which one Fielding actually meant.',
slots: [
{
kind: 'prose',
@@ -295,7 +297,8 @@ The choice between [[rest|REST]] and [[graphql|GraphQL]] is not strictly either/
{
id: 'grpc',
title: 'gRPC',
- synopsis: '[[grpc|Typed RPC]] over [[http2|HTTP/2]] β the microservices default for the controlled-both-sides case.',
+ synopsis:
+ '[[grpc|Typed RPC]] over [[http2|HTTP/2]] β the microservices default for the controlled-both-sides case.',
slots: [
{
kind: 'pull-quote',
@@ -340,7 +343,7 @@ Active 2024-2026 work in the [[grpc|gRPC]] working group includes: native [[http
src: 'https://upload.wikimedia.org/wikipedia/commons/1/18/RPC_overview.png',
alt: 'RPC overview diagram β client stub, network, server stub, marshalling and unmarshalling parameters.',
caption:
- 'The **{{rpc|RPC}}** model that [[grpc|gRPC]] inherits from a 40-year lineage of Sun {{rpc|RPC}} / DCE / CORBA / Thrift. The client *stub* serialises arguments, sends them over the network, and pretends to the caller that nothing happened. [[grpc|gRPC]]\'s contribution is **{{protocol-buffers|Protocol Buffers}}** (compact binary schema) + **[[http2|HTTP/2]] streams** as the transport. The model dominates service-to-service traffic inside every large engineering org since ~2019.',
+ "The **{{rpc|RPC}}** model that [[grpc|gRPC]] inherits from a 40-year lineage of Sun {{rpc|RPC}} / DCE / CORBA / Thrift. The client *stub* serialises arguments, sends them over the network, and pretends to the caller that nothing happened. [[grpc|gRPC]]'s contribution is **{{protocol-buffers|Protocol Buffers}}** (compact binary schema) + **[[http2|HTTP/2]] streams** as the transport. The model dominates service-to-service traffic inside every large engineering org since ~2019.",
credit: 'Image: Wikimedia Commons / CC BY-SA'
}
]
@@ -354,7 +357,8 @@ Active 2024-2026 work in the [[grpc|gRPC]] working group includes: native [[http
{
id: 'websockets-and-sse',
title: 'WebSockets and SSE',
- synopsis: '[[websockets|WebSockets]] and [[sse|SSE]] β {{server-push|server push}} two ways, and the [[sse|SSE]] renaissance via {{llm|LLM}} streaming.',
+ synopsis:
+ '[[websockets|WebSockets]] and [[sse|SSE]] β {{server-push|server push}} two ways, and the [[sse|SSE]] renaissance via {{llm|LLM}} streaming.',
slots: [
{
kind: 'pull-quote',
@@ -392,7 +396,7 @@ That changed when LLMs started streaming tokens. **OpenAI, {{anthropic|Anthropic
{
type: 'callout',
title: 'The 2024-2026 CVE wave for WebSocket',
- text: '[[rfc:6455|RFC 6455]] itself has not changed. The ecosystem has. Major CVEs in major implementations: **{{cve|CVE}}-2024-37890** in Node \`ws\`; **{{cve|CVE}}-2025-10148** in libcurl reviving the very cache-poisoning attack masking was designed to prevent; **{{cve|CVE}}-2025-43855** in tRPC; **{{cve|CVE}}-2025-5399** in libcurl. \`gorilla/websocket\` was archived in late 2022 and unarchived under community maintenance; \`nhooyr/websocket\` was renamed to \`coder/websocket\` in 2024. The protocol is stable; the implementations are not.'
+ text: '[[rfc:6455|RFC 6455]] itself has not changed. The ecosystem has. Major CVEs in major implementations: **{{cve|CVE}}-2024-37890** in Node `ws`; **{{cve|CVE}}-2025-10148** in libcurl reviving the very cache-poisoning attack masking was designed to prevent; **{{cve|CVE}}-2025-43855** in tRPC; **{{cve|CVE}}-2025-5399** in libcurl. `gorilla/websocket` was archived in late 2022 and unarchived under community maintenance; `nhooyr/websocket` was renamed to `coder/websocket` in 2024. The protocol is stable; the implementations are not.'
},
{
type: 'narrative',
@@ -424,7 +428,8 @@ The choice between [[websockets|WebSocket]], [[sse|SSE]], and {{webtransport|Web
{
id: 'mcp-and-a2a',
title: 'MCP and A2A',
- synopsis: 'The protocol layer for {{ai|AI}} agents β built deliberately boring on top of [[json-rpc|JSON-RPC]], {{http-method|HTTP}}, and [[sse|SSE]].',
+ synopsis:
+ 'The protocol layer for {{ai|AI}} agents β built deliberately boring on top of [[json-rpc|JSON-RPC]], {{http-method|HTTP}}, and [[sse|SSE]].',
slots: [
{
kind: 'pull-quote',
diff --git a/src/lib/data/book/parts/wireless.ts b/src/lib/data/book/parts/wireless.ts
index c77c204..26726cf 100644
--- a/src/lib/data/book/parts/wireless.ts
+++ b/src/lib/data/book/parts/wireless.ts
@@ -45,7 +45,7 @@ Wired networking is a problem with a known solution. Wireless networking is thre
},
{
type: 'narrative',
- title: "CSMA/CA β the bedrock trick",
+ title: 'CSMA/CA β the bedrock trick',
text: `Wired [[ethernet|Ethernet]] uses **{{csma-cd|CSMA/CD}}** (Collision *Detection*): a station listens while it transmits, and the moment another station's signal collides with its own on the wire, both back off and retry. That trick is **impossible on radio**. Your own transmitter saturates your own receiver β a wireless {{nic|NIC}} literally cannot hear another station while it is sending. Every wireless {{mac-address|MAC}} therefore uses **{{csma-ca|CSMA/CA}}** β listen *before* you talk, plus a randomised back-off if the channel was busy, plus a mandatory {{ack|ACK}} after every {{unicast|unicast}} frame so the sender knows whether it got through.
[[wifi|Wi-Fi]] calls it DCF (Distributed Coordination Function). Before each frame, a station senses the channel for a DIFS interval (28β34 Β΅s), picks a random slot from a contention window (initial CW = 15, doubled on collision up to 1023), and transmits if still {{imap-idle|idle}}. Every successful frame is ACKed after a SIFS gap (~10 Β΅s); no {{ack|ACK}} in time is presumed to mean collision and the sender retries from a larger window. The ratio of *protocol overhead* to *{{payload|payload}} bytes* on a busy [[wifi|802.11]] channel routinely exceeds 50% β which is why a Wi-Fi 6 {{access-point|access point}}'s nominal 9.6 Gbit/s shows up as 1β2 Gbit/s of real throughput in a crowded room.
@@ -55,7 +55,7 @@ Wired networking is a problem with a known solution. Wireless networking is thre
{
type: 'callout',
title: 'The hidden-terminal problem in one sentence',
- text: 'On a wired bus, every station hears every other station. On a radio, station A and station C may both hear {{access-point|AP}} B but **not each other** β so they both think the channel is clear, both transmit at once, and both collide at B. The **{{hidden-terminal|RTS/CTS}}** option exists because of this; so does [[bluetooth|BLE]]\'s master-clocked frequency hopping; so does every [[cellular|cellular]] {{ran|RAN}}\'s centralised uplink scheduler. The same physics ripples through every wireless protocol design.'
+ text: "On a wired bus, every station hears every other station. On a radio, station A and station C may both hear {{access-point|AP}} B but **not each other** β so they both think the channel is clear, both transmit at once, and both collide at B. The **{{hidden-terminal|RTS/CTS}}** option exists because of this; so does [[bluetooth|BLE]]'s master-clocked frequency hopping; so does every [[cellular|cellular]] {{ran|RAN}}'s centralised uplink scheduler. The same physics ripples through every wireless protocol design."
},
{
type: 'narrative',
@@ -109,7 +109,7 @@ They coexist by a series of small accommodations. **Modern combo chips** ({{appl
slots: [
{
kind: 'pull-quote',
- text: 'Wi-Fi 6\'s nominal 9.6 Gbit/s shows up as 1β2 Gbit/s of real throughput in a crowded room, because more than half of the {{airtime|airtime}} is spent on DIFS gaps, {{ack|ACK}} frames, beacons, and back-off. The headline number is a physics fact; the delivered number is an {{airtime|airtime}} budget.',
+ text: "Wi-Fi 6's nominal 9.6 Gbit/s shows up as 1β2 Gbit/s of real throughput in a crowded room, because more than half of the {{airtime|airtime}} is spent on DIFS gaps, {{ack|ACK}} frames, beacons, and back-off. The headline number is a physics fact; the delivered number is an {{airtime|airtime}} budget.",
attribution: 'Author'
},
{
@@ -126,7 +126,7 @@ If you read Part III's Wi-Fi chapter first, this one is the second pass. If you
},
{
type: 'narrative',
- title: "The CSMA/CA loop in real time",
+ title: 'The CSMA/CA loop in real time',
text: `Every [[wifi|802.11]] transmission begins with a station deciding the channel is {{imap-idle|idle}}. The procedure (DCF β Distributed Coordination Function) is mechanical: sense the channel for a **DIFS** interval of 28β34 Β΅s, pick a random slot from a contention window starting at CW = 15, count it down (each slot = 9 or 20 Β΅s depending on {{phy|PHY}}), and transmit if the channel is still idle when the counter hits zero. If two stations pick the same slot, they collide; both double their CW (up to 1023) and try again.
Every {{unicast|unicast}} frame must be {{ack|ACKed}} after a **SIFS** gap of ~10 Β΅s. No {{ack|ACK}} means assumed collision and retransmit from a larger CW. {{ack|ACK}} frames are themselves unprotected by CSMA β they fire SIFS-fast precisely so no other station has time to seize the channel between data and {{ack|ACK}}.
@@ -136,7 +136,7 @@ The visible cost is **{{airtime|airtime}} overhead**. Add up DIFS + SIFS + {{ack
{
type: 'callout',
title: 'RTS/CTS is the hidden-terminal escape hatch',
- text: 'When two stations cannot hear each other but both hear the {{access-point|AP}}, they need the {{hidden-terminal|hidden-terminal}} fix: send a tiny **Request To Send**, wait for the {{ap-access-point|AP}}\'s **Clear To Send** which every other station within range will also hear, then transmit during the announced duration. {{rts-cts|RTS/CTS}} is *optional* and trades {{latency|latency}} for {{airtime|airtime}} certainty β it adds two extra frames to every transmission, so it is on by default only for frames larger than a configurable threshold (often 2,346 bytes β i.e., never in practice). Networks that {{turn|turn}} it on aggressively tend to be airport halls and convention centres where dozens of clients are routinely behind a column from each other.'
+ text: "When two stations cannot hear each other but both hear the {{access-point|AP}}, they need the {{hidden-terminal|hidden-terminal}} fix: send a tiny **Request To Send**, wait for the {{ap-access-point|AP}}'s **Clear To Send** which every other station within range will also hear, then transmit during the announced duration. {{rts-cts|RTS/CTS}} is *optional* and trades {{latency|latency}} for {{airtime|airtime}} certainty β it adds two extra frames to every transmission, so it is on by default only for frames larger than a configurable threshold (often 2,346 bytes β i.e., never in practice). Networks that {{turn|turn}} it on aggressively tend to be airport halls and convention centres where dozens of clients are routinely behind a column from each other."
},
{
type: 'narrative',
@@ -161,7 +161,7 @@ The real headline feature of [[wifi|Wi-Fi]] 8 / 802.11bn is more honest about th
{
type: 'callout',
title: 'Power management is the hidden battery story',
- text: '802.11ax introduced **{{target-wake-time|Target Wake Time}}** β a client and {{access-point|AP}} pre-negotiate exact wake-up windows, so the client\'s radio stays deeply asleep between scheduled appointments. Originally aimed at low-power IoT (years on a coin cell), it is now what extends smartphone battery life on busy networks. **{{bss-coloring|BSS Coloring}}** added a 6-bit color field so a station can tell its own {{ap-access-point|AP}}\'s transmissions from a neighbour\'s on the same channel, and apply a relaxed clear-channel threshold β recovering {{airtime|airtime}} that classic carrier sense would have forfeited. Both features are why Wi-Fi 6/7 outperforms Wi-Fi 5 in *exactly the apartment buildings and shopping centres* where Wi-Fi 5 used to grind to a halt.'
+ text: "802.11ax introduced **{{target-wake-time|Target Wake Time}}** β a client and {{access-point|AP}} pre-negotiate exact wake-up windows, so the client's radio stays deeply asleep between scheduled appointments. Originally aimed at low-power IoT (years on a coin cell), it is now what extends smartphone battery life on busy networks. **{{bss-coloring|BSS Coloring}}** added a 6-bit color field so a station can tell its own {{ap-access-point|AP}}'s transmissions from a neighbour's on the same channel, and apply a relaxed clear-channel threshold β recovering {{airtime|airtime}} that classic carrier sense would have forfeited. Both features are why Wi-Fi 6/7 outperforms Wi-Fi 5 in *exactly the apartment buildings and shopping centres* where Wi-Fi 5 used to grind to a halt."
},
{
type: 'narrative',
@@ -261,7 +261,7 @@ The pattern is simple: BLE has the **right discovery + power profile** to be the
},
{
type: 'narrative',
- title: "LE Audio, Auracast, and the hearing-loop replacement story",
+ title: 'LE Audio, Auracast, and the hearing-loop replacement story',
text: `**{{le-audio|LE Audio}}** is the 2020+ rebuild of Bluetooth audio, defined across Core 5.2+ and a stack of profiles (BAP, PBP, TMAP, HAP). It runs over **Isochronous Channels** β Connected Isochronous Streams (CIS) for {{unicast|unicast}} earbuds and hearing aids, {{broadcast|Broadcast}} Isochronous Streams ({{bis-broadcast|BIS}}) for one-to-many. The mandatory {{codec|codec}} is **{{lc3|LC3}}** ({{sig|SIG}} + Fraunhofer IIS + Ericsson, January 2020), roughly 2Γ more battery-efficient than the 1990s SBC {{codec|codec}} at equivalent quality.
The cultural moment is **{{auracast|Auracast}}** β the {{sig|SIG}}'s brand for **{{broadcast|Broadcast}} Isochronous Streams** ({{bis-broadcast|BIS}}) over {{le-audio|LE Audio}} + {{lc3|LC3}}, one transmitter to unlimited listeners. Public venues replace analog hearing-loops with an {{auracast|Auracast}} {{broadcast|broadcast}}; nearby listeners scan, pick a stream, and tune in. **Frankfurt Airport became the first airport in the world to {{broadcast|broadcast}} all gate announcements over {{auracast|Auracast}} on 28 January 2026**. Cinemas, theatres, gyms, lecture halls, and houses of worship are deploying similar setups through 2026 and 2027.
@@ -296,7 +296,7 @@ The 2022 attack is the canonical case study for why every credential standard si
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/d/da/Bluetooth.svg/250px-Bluetooth.svg.png',
alt: 'The Bluetooth logo β a bind-rune combining Hagall and Bjarkan, the initials of Harald BlΓ₯tand.',
caption:
- 'The **[[bluetooth|Bluetooth]]** logo: a bind-rune combining **Hagall** (αΌ = H) and **Bjarkan** (α = B) β *Harald BlΓ₯tand*\'s initials in Younger Futhark. [[pioneer:jim-kardach|Jim Kardach]] of {{intel|Intel}} proposed the name on a Toronto pub crawl in 1997 after the 10th-century Danish king who united Denmark and Norway. It was supposed to be a placeholder.',
+ "The **[[bluetooth|Bluetooth]]** logo: a bind-rune combining **Hagall** (αΌ = H) and **Bjarkan** (α = B) β *Harald BlΓ₯tand*'s initials in Younger Futhark. [[pioneer:jim-kardach|Jim Kardach]] of {{intel|Intel}} proposed the name on a Toronto pub crawl in 1997 after the 10th-century Danish king who united Denmark and Norway. It was supposed to be a placeholder.",
credit: 'Image: Bluetooth SIG trademark, via Wikimedia Commons'
}
]
@@ -345,7 +345,7 @@ Read that sentence again. **The control plane of every 5G carrier on Earth is no
{
type: 'callout',
title: 'The largest enterprise IPsec deployment on Earth',
- text: 'Every interface between the [[cellular|cellular]] {{ran|radio access network}} and the core (N2/N3 in 5G, S1 in {{lte|LTE}}) is wrapped in [[ipsec|IPsec ESP]] per {{3gpp|3GPP}} {{ts-3gpp|TS}} 33.501. With ~9 billion subscribers and tens of millions of base stations worldwide, the [[cellular|cellular]] backhaul is the single largest production [[ipsec|IPsec]] deployment that exists. [[pioneer:andreas-steffen|Andreas Steffen]]\'s strongSwan, {{cisco|Cisco}} IOS, and Juniper {{junos|Junos}} run more [[ipsec|IPsec]] tunnels inside one [[cellular|cellular]] operator than the entire enterprise {{vpn|VPN}} market combined.'
+ text: "Every interface between the [[cellular|cellular]] {{ran|radio access network}} and the core (N2/N3 in 5G, S1 in {{lte|LTE}}) is wrapped in [[ipsec|IPsec ESP]] per {{3gpp|3GPP}} {{ts-3gpp|TS}} 33.501. With ~9 billion subscribers and tens of millions of base stations worldwide, the [[cellular|cellular]] backhaul is the single largest production [[ipsec|IPsec]] deployment that exists. [[pioneer:andreas-steffen|Andreas Steffen]]'s strongSwan, {{cisco|Cisco}} IOS, and Juniper {{junos|Junos}} run more [[ipsec|IPsec]] tunnels inside one [[cellular|cellular]] operator than the entire enterprise {{vpn|VPN}} market combined."
},
{
type: 'narrative',
@@ -409,7 +409,7 @@ The shape rhymes with the rest of this Part. Every wireless protocol's cryptogra
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/4/4a/Cellular_network_standards_and_generation_timeline.svg/500px-Cellular_network_standards_and_generation_timeline.svg.png',
alt: 'Timeline of cellular network standards from 1G through 5G, by generation.',
caption:
- '**Fifty years of [[cellular|cellular]]** β from 1G analog AMPS / TACS / NMT in the early 1980s through 2G {{gsm|GSM}} / IS-95, 3G {{wcdma|WCDMA}} / CDMA2000, 4G {{lte|LTE}}, and {{5g-nr|5G NR}}. Each generation redrew both the air interface and the core network on roughly a decade\'s cadence, while the {{3gpp|3GPP}} Release calendar kept ticking every ~18 months. **6G** is in pre-standardisation now; first commercial deployments expected around 2030.',
+ "**Fifty years of [[cellular|cellular]]** β from 1G analog AMPS / TACS / NMT in the early 1980s through 2G {{gsm|GSM}} / IS-95, 3G {{wcdma|WCDMA}} / CDMA2000, 4G {{lte|LTE}}, and {{5g-nr|5G NR}}. Each generation redrew both the air interface and the core network on roughly a decade's cadence, while the {{3gpp|3GPP}} Release calendar kept ticking every ~18 months. **6G** is in pre-standardisation now; first commercial deployments expected around 2030.",
credit: 'Image: Wikimedia Commons / CC BY-SA 4.0'
}
]
@@ -473,7 +473,7 @@ Seven APDUs, ~300 ms, and the latte is paid for.`
},
{
type: 'narrative',
- title: "Tokenisation β why your real card number never leaves the bank",
+ title: 'Tokenisation β why your real card number never leaves the bank',
text: `{{apple|Apple}}'s 9 September 2014 launch was not just "we added an [[nfc|NFC]] chip to the iPhone." It was a *tokenisation revolution* baked into the architecture. The cardholder's real **Funding {{pan-id|PAN}} (FPAN)** never reaches the device. The bank issues a **Device {{pan-id|PAN}} ({{dpan|DPAN}})** instead, provisioned via the Token Service Provider (Visa Token Service or Mastercard Digital Enablement Service) into the {{ese|embedded Secure Element}} or the {{hce|HCE}} keystore.
Every tap generates a per-transaction {{emv-cryptogram|cryptogram}} bound to the {{dpan|DPAN}}, the **{{atc|ATC}}** (Application Transaction Counter), and the **Unpredictable Number** from the terminal. A stolen {{dpan|DPAN}} is worthless without the keys in the {{se-secure-element|SE}}; a stolen cryptogram is worthless because the {{atc|ATC}} has already moved on. This is the reason **{{apple|Apple}} Pay fraud rates in 2026 are broadly in line with card-not-present rates** β much better than physical-card-present fraud at unattended terminals β despite the initial 2015 *"yellow path"* enrolment disaster where social-engineered phone agents over-approved fraudulent provisioning.
@@ -616,7 +616,7 @@ The unlock dance: {{ble|BLE}} advertising from the car β {{ble|BLE}} pairing +
},
{
type: 'narrative',
- title: "Regional masks, Japan, and the global-product problem",
+ title: 'Regional masks, Japan, and the global-product problem',
text: `{{fcc|FCC}} Part 15.519 caps average power-spectral-density at **β41.3 dBm/MHz** across 3.1β10.6 GHz. {{etsi|ETSI}} EN 302 065 in Europe is similar but with stricter Detect-and-Avoid requirements in some sub-bands. **Japan** applies a different mask with restrictions in 7.25β7.75 GHz that overlap Channel 9 β {{apple|Apple}}'s iPhone reduces or disables [[uwb|UWB]] features (Precision Finding, Find People) in Japan and a handful of other countries.
The practical effect for a global consumer product: **(a)** geo-fence [[uwb|UWB]] features based on locale, **(b)** default to **Channel 5** in Japan and a handful of other restricted jurisdictions, **(c)** support a *no-UWB* mode entirely for countries where [[uwb|UWB]] is not permitted (a few small markets). This is one of the underappreciated reasons [[uwb|UWB]] consumer adoption is slower than {{ble|BLE}} or [[wifi|Wi-Fi]] β *the regulatory map is fragmented*, and every iPhone software release ships a different list of countries where Precision Finding works.
@@ -628,7 +628,7 @@ The contrast with [[nfc|NFC]] is instructive: [[nfc|NFC]] operates in the global
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/2/2d/Apple_AirTag.svg/330px-Apple_AirTag.svg.png',
alt: 'An Apple AirTag β a small round white tracker with the Apple logo.',
caption:
- 'The **{{apple|Apple}} AirTag**, $29, shipped 30 April 2021. Inside: a battery, a {{ble|BLE}} radio, a speaker, and the **{{apple|Apple}} {{u1-chip|U1}} chip** β the [[uwb|UWB]] silicon that gave consumer [[uwb|UWB]] its first mass-market product. Precision Finding\'s arrow-and-distance display swept the world\'s awareness of [[uwb|UWB]] into one purchase. ABI projects [[uwb|UWB]] phone penetration rising from 27% in 2025 to 52% by 2030 β the same adoption curve [[nfc|NFC]] followed a decade earlier.',
+ "The **{{apple|Apple}} AirTag**, $29, shipped 30 April 2021. Inside: a battery, a {{ble|BLE}} radio, a speaker, and the **{{apple|Apple}} {{u1-chip|U1}} chip** β the [[uwb|UWB]] silicon that gave consumer [[uwb|UWB]] its first mass-market product. Precision Finding's arrow-and-distance display swept the world's awareness of [[uwb|UWB]] into one purchase. ABI projects [[uwb|UWB]] phone penetration rising from 27% in 2025 to 52% by 2030 β the same adoption curve [[nfc|NFC]] followed a decade earlier.",
credit: 'Image: Apple Inc. trademark / Wikimedia Commons'
}
]
@@ -651,7 +651,7 @@ The contrast with [[nfc|NFC]] is instructive: [[nfc|NFC]] operates in the global
slots: [
{
kind: 'pull-quote',
- text: "Philips Hue's 2012 {{apple|Apple}} Store launch never said \"Zigbee\" out loud. The press release mentioned ZigBee LightLink exactly once; the in-store materials, packaging, and iOS app strenuously avoided the term. The customer was sold *web-enabled* lighting. The canonical example of a successful protocol whose user-visible brand is the product, not the standard.",
+ text: 'Philips Hue\'s 2012 {{apple|Apple}} Store launch never said "Zigbee" out loud. The press release mentioned ZigBee LightLink exactly once; the in-store materials, packaging, and iOS app strenuously avoided the term. The customer was sold *web-enabled* lighting. The canonical example of a successful protocol whose user-visible brand is the product, not the standard.',
attribution: 'Author'
},
{
@@ -701,7 +701,7 @@ In 2026, **new device design has bifurcated**. Lighting and sensors are increasi
{
type: 'callout',
title: "Matter's commitment, in three sentences",
- text: 'The {{sig-bluetooth-acronym|CSA}} launched **{{matter|Matter}} 1.0 on 4 October 2022** as an {{ip-address|IP}}-native smart-home standard, running over [[wifi|Wi-Fi]], [[ethernet|Ethernet]], and {{thread|Thread}}. {{matter|Matter}} does **not** run over [[zigbee|Zigbee]] on the wire β but it reuses Zigbee\'s {{zcl|ZCL}} data model directly, which lets a *{{matter|Matter}} Bridge for non-{{matter|Matter}} devices* (Hue Bridge, Aqara Hub M3) translate {{matter|Matter}} operations to Zigbee one-to-one. Now at **v1.5 (20 November 2025)**, with camera streaming via RTSP, removing the last category that previously required Zigbee bridging.'
+ text: "The {{sig-bluetooth-acronym|CSA}} launched **{{matter|Matter}} 1.0 on 4 October 2022** as an {{ip-address|IP}}-native smart-home standard, running over [[wifi|Wi-Fi]], [[ethernet|Ethernet]], and {{thread|Thread}}. {{matter|Matter}} does **not** run over [[zigbee|Zigbee]] on the wire β but it reuses Zigbee's {{zcl|ZCL}} data model directly, which lets a *{{matter|Matter}} Bridge for non-{{matter|Matter}} devices* (Hue Bridge, Aqara Hub M3) translate {{matter|Matter}} operations to Zigbee one-to-one. Now at **v1.5 (20 November 2025)**, with camera streaming via RTSP, removing the last category that previously required Zigbee bridging."
},
{
type: 'narrative',
@@ -753,7 +753,7 @@ For the home-automation hobbyist, the **{{matter|Matter}} bridge** is the right
id: 'security-across-the-wireless-family',
title: 'Security across the wireless family',
synopsis:
- 'One arc covering {{krack|KRACK}}, {{knob-attack|KNOB}}/{{bias-attack|BIAS}}/{{bluffs-attack|BLUFFS}}, FragAttacks, {{mifare|MIFARE}} Crypto1, the 2022 Tesla [[bluetooth|BLE]] relay, the Ghost Peak [[uwb|UWB]] {{sts|STS}} attack, and the {{ss7|SS7}} / {{diameter|Diameter}} trust holdover β every wireless protocol\'s negotiation logic, broken on stage at least once.',
+ "One arc covering {{krack|KRACK}}, {{knob-attack|KNOB}}/{{bias-attack|BIAS}}/{{bluffs-attack|BLUFFS}}, FragAttacks, {{mifare|MIFARE}} Crypto1, the 2022 Tesla [[bluetooth|BLE]] relay, the Ghost Peak [[uwb|UWB]] {{sts|STS}} attack, and the {{ss7|SS7}} / {{diameter|Diameter}} trust holdover β every wireless protocol's negotiation logic, broken on stage at least once.",
slots: [
{
kind: 'pull-quote',
@@ -874,7 +874,7 @@ Every chapter in this Part has security stories. This chapter ties them together
slots: [
{
kind: 'pull-quote',
- text: '{{spectrum|Spectrum}} policy moves on a four-year clock; the technology runs ten years faster. Every wireless protocol\'s deployment is gated by a regulator nobody on the engineering team has met.',
+ text: "{{spectrum|Spectrum}} policy moves on a four-year clock; the technology runs ten years faster. Every wireless protocol's deployment is gated by a regulator nobody on the engineering team has met.",
attribution: 'Author'
},
{
@@ -903,7 +903,7 @@ The lower 6 GHz band (5.925β6.425 GHz) is **Low-Power Indoor (LPI)** β licen
{
type: 'callout',
title: 'CBRS and the three-tier sharing experiment',
- text: 'The US **{{cbrs|Citizens Broadband Radio Service}}** band β 3.55β3.7 GHz β is the US regulator\'s **experiment in dynamic {{spectrum|spectrum}} sharing**. Three tiers coexist: **Incumbent** (US Navy radars get absolute priority), **Priority Access Licensees** (PALs, auctioned in 2020 for ~$4.5B), and **General Authorized Access** (anyone with a certified device). A cloud service called the **{{spectrum|Spectrum}} Access System** arbitrates in real time β telling each device which channels and power levels it may use right now based on Navy radar activity. Powers Private 4G {{lte|LTE}} / 5G deployments at ports (Port of Long Beach), mines, hospitals, manufacturing plants, and stadiums. The largest production use of *database-arbitrated coexistence* anywhere on Earth. Europe has experimented with similar concepts (PMSE in the UK, {{lsa|LSA}} in some EU pilots) but has not deployed at {{cbrs|CBRS}} scale.'
+ text: "The US **{{cbrs|Citizens Broadband Radio Service}}** band β 3.55β3.7 GHz β is the US regulator's **experiment in dynamic {{spectrum|spectrum}} sharing**. Three tiers coexist: **Incumbent** (US Navy radars get absolute priority), **Priority Access Licensees** (PALs, auctioned in 2020 for ~$4.5B), and **General Authorized Access** (anyone with a certified device). A cloud service called the **{{spectrum|Spectrum}} Access System** arbitrates in real time β telling each device which channels and power levels it may use right now based on Navy radar activity. Powers Private 4G {{lte|LTE}} / 5G deployments at ports (Port of Long Beach), mines, hospitals, manufacturing plants, and stadiums. The largest production use of *database-arbitrated coexistence* anywhere on Earth. Europe has experimented with similar concepts (PMSE in the UK, {{lsa|LSA}} in some EU pilots) but has not deployed at {{cbrs|CBRS}} scale."
},
{
type: 'narrative',
@@ -961,7 +961,7 @@ Whether [[cellular|cellular]] {{ambient-iot|Ambient IoT}} actually displaces the
{
type: 'callout',
title: 'The four-year clock and the two-year clock',
- text: 'Two clocks set the pace of wireless. The first is the **{{wrc|World Radiocommunication Conference}}**, every 3β4 years, where the world\'s {{spectrum|spectrum}} allocations are renegotiated by treaty. **{{wrc|WRC-27}}** is the next major event β terahertz bands for 6G, harmonisation of {{direct-to-cell|Direct-to-Cell}} bands, the 6 GHz EU upper-band decision. The second is the **{{3gpp|3GPP}} Release cycle**, every ~18 months β Release 19 in flight, Release 20 (6G study items) kicking off. Together they decide what wireless protocols you can build, where, when. The {{ietf|IETF}} model β *rough consensus and running code, two-week sprints* β does not apply at this layer. {{spectrum|Spectrum}} and cellular standards run on geological time, and that is the constraint every wireless engineer eventually meets.'
+ text: "Two clocks set the pace of wireless. The first is the **{{wrc|World Radiocommunication Conference}}**, every 3β4 years, where the world's {{spectrum|spectrum}} allocations are renegotiated by treaty. **{{wrc|WRC-27}}** is the next major event β terahertz bands for 6G, harmonisation of {{direct-to-cell|Direct-to-Cell}} bands, the 6 GHz EU upper-band decision. The second is the **{{3gpp|3GPP}} Release cycle**, every ~18 months β Release 19 in flight, Release 20 (6G study items) kicking off. Together they decide what wireless protocols you can build, where, when. The {{ietf|IETF}} model β *rough consensus and running code, two-week sprints* β does not apply at this layer. {{spectrum|Spectrum}} and cellular standards run on geological time, and that is the constraint every wireless engineer eventually meets."
},
{
type: 'narrative',
diff --git a/src/lib/data/category-deep-dives.ts b/src/lib/data/category-deep-dives.ts
index 7c4617f..31f4dd9 100644
--- a/src/lib/data/category-deep-dives.ts
+++ b/src/lib/data/category-deep-dives.ts
@@ -246,7 +246,8 @@ Transport is pluggable: **{{stdio|stdio}}** for local processes (the server is a
{
type: 'diagram',
title: 'MCP Session Lifecycle',
- caption: 'The full [[mcp|MCP]] session from initialization through tool invocation. The three-step {{handshake|handshake}} establishes capabilities before any tool or resource access.',
+ caption:
+ 'The full [[mcp|MCP]] session from initialization through tool invocation. The three-step {{handshake|handshake}} establishes capabilities before any tool or resource access.',
definition: `graph TD
I["initialize request (client capabilities, version)"] --> IR["initialize response (server capabilities, tools, resources)"]
IR --> N["initialized {{notification|notification}} ({{handshake|handshake}} complete)"]
@@ -529,7 +530,7 @@ The numbers below are typical 2026 production values; spec maxima are higher, re
},
{
type: 'narrative',
- title: 'CSMA/CA β collision avoidance in a medium you can\'t monitor',
+ title: "CSMA/CA β collision avoidance in a medium you can't monitor",
text: `Wired [[ethernet|Ethernet]] uses **{{csma-cd|CSMA/CD}}** (Collision Detection): a station listens while it transmits and aborts the moment another station's signal collides with its own. That trick is impossible on radio β your own transmitter saturates your own receiver, so a wireless {{nic|NIC}} literally cannot hear another station while it is sending. Every wireless {{mac-address|MAC}} therefore uses **{{csma-ca|CSMA/CA}}** (Collision *Avoidance*): listen-before-talk, plus a randomised back-off if the channel was busy.
[[wifi|Wi-Fi]]'s flavour is DCF (Distributed Coordination Function). Before each {{frame|frame}}, the station senses the channel for a DIFS interval (28β34 Β΅s), then picks a random slot from a contention window (initial CW=15, doubled on collision up to 1023), then transmits if still {{imap-idle|idle}}. Every successful frame is {{ack|ACKed}} after a SIFS gap (~10 Β΅s); no {{ack|ACK}} in time = the sender assumes collision and {{retransmission|retransmits}} from a larger CW. {{rts-cts|RTS/CTS}} is the optional defence against hidden terminals: the sender first asks "may I?" with a tiny RTS, the receiver responds with CTS, and every station that heard either falls silent for the negotiated duration.
@@ -541,7 +542,7 @@ The cost of {{csma-ca|CSMA/CA}} is **{{airtime|airtime}} overhead**. At Wi-Fi 6'
{
type: 'callout',
title: 'The hidden-terminal problem in one sentence',
- text: 'On a wired bus, every station hears every other; on a radio, station A and station C may both hear {{ap-access-point|AP}} B but not each other β so they both think the channel is clear and both transmit at once, colliding at B. {{rts-cts|RTS/CTS}} exists because of this. The same physics motivates {{ble|BLE}}\'s frequency-hopping master clock, Zigbee\'s coordinator-led scheduling, and every cellular {{ran|RAN}}\'s centralised uplink scheduler.'
+ text: "On a wired bus, every station hears every other; on a radio, station A and station C may both hear {{ap-access-point|AP}} B but not each other β so they both think the channel is clear and both transmit at once, colliding at B. {{rts-cts|RTS/CTS}} exists because of this. The same physics motivates {{ble|BLE}}'s frequency-hopping master clock, Zigbee's coordinator-led scheduling, and every cellular {{ran|RAN}}'s centralised uplink scheduler."
},
{
type: 'narrative',
diff --git a/src/lib/data/category-stories/async-iot.ts b/src/lib/data/category-stories/async-iot.ts
index 1bf201f..4b2d500 100644
--- a/src/lib/data/category-stories/async-iot.ts
+++ b/src/lib/data/category-stories/async-iot.ts
@@ -122,7 +122,7 @@ export const asyncIotStory: CategoryStory = {
title: 'Messaging Visionary',
org: 'iMatix',
contribution:
- 'Built the first open-source [[amqp|AMQP]] broker (OpenAMQ) at iMatix and later created ZeroMQ, a brokerless messaging library. A passionate open-source advocate, though he grew critical of [[amqp|AMQP]]\'s complexity and eventually left the workgroup.',
+ "Built the first open-source [[amqp|AMQP]] broker (OpenAMQ) at iMatix and later created ZeroMQ, a brokerless messaging library. A passionate open-source advocate, though he grew critical of [[amqp|AMQP]]'s complexity and eventually left the workgroup.",
imagePath:
'https://upload.wikimedia.org/wikipedia/commons/thumb/d/d9/Pieter_Hintjens_at_EuroPython2014_%28cropped%29.jpg/330px-Pieter_Hintjens_at_EuroPython2014_%28cropped%29.jpg'
},
diff --git a/src/lib/data/category-stories/index.ts b/src/lib/data/category-stories/index.ts
index b055dda..8d05902 100644
--- a/src/lib/data/category-stories/index.ts
+++ b/src/lib/data/category-stories/index.ts
@@ -7,17 +7,17 @@ import { realtimeAvStory } from './realtime-av';
import { utilitiesStory } from './utilities';
import { wirelessStory } from './wireless';
-const storyMap = new Map(
- [
- networkFoundationsStory,
- transportStory,
- webApiStory,
- asyncIotStory,
- realtimeAvStory,
- utilitiesStory,
- wirelessStory
- ].map((s) => [s.categoryId, s])
-);
+export const categoryStories: CategoryStory[] = [
+ networkFoundationsStory,
+ transportStory,
+ webApiStory,
+ asyncIotStory,
+ realtimeAvStory,
+ utilitiesStory,
+ wirelessStory
+];
+
+const storyMap = new Map(categoryStories.map((s) => [s.categoryId, s]));
export function getCategoryStory(categoryId: string): CategoryStory | undefined {
return storyMap.get(categoryId);
diff --git a/src/lib/data/category-stories/network-foundations.ts b/src/lib/data/category-stories/network-foundations.ts
index 2218241..92c1c9f 100644
--- a/src/lib/data/category-stories/network-foundations.ts
+++ b/src/lib/data/category-stories/network-foundations.ts
@@ -2,7 +2,8 @@ import type { CategoryStory } from './types';
export const networkFoundationsStory: CategoryStory = {
categoryId: 'network-foundations',
- tagline: 'From {{xerox-parc|Xerox PARC}} to every connected device β how frames, addresses, and routes make the internet possible',
+ tagline:
+ 'From {{xerox-parc|Xerox PARC}} to every connected device β how frames, addresses, and routes make the internet possible',
sections: [
{
type: 'narrative',
@@ -206,7 +207,7 @@ That sketch became [[ethernet|Ethernet]], and it solved the first problem of net
year: 2026,
title: 'IPv6 Crosses 50% on Google',
description:
- 'On 28 March 2026, [[ipv6|IPv6]] carried 50.1% of {{google|Google}}\'s traffic for the first time β 28 years after [[rfc:2460|RFC 2460]]. {{cloudflare|Cloudflare}} and {{apnic|APNIC}} measure 40-43% from their vantage points, so the milestone is real but uneven.',
+ "On 28 March 2026, [[ipv6|IPv6]] carried 50.1% of {{google|Google}}'s traffic for the first time β 28 years after [[rfc:2460|RFC 2460]]. {{cloudflare|Cloudflare}} and {{apnic|APNIC}} measure 40-43% from their vantage points, so the milestone is real but uneven.",
protocolId: 'ipv6'
}
]
diff --git a/src/lib/data/category-stories/realtime-av.ts b/src/lib/data/category-stories/realtime-av.ts
index 2663bcd..9f88525 100644
--- a/src/lib/data/category-stories/realtime-av.ts
+++ b/src/lib/data/category-stories/realtime-av.ts
@@ -182,7 +182,8 @@ export const realtimeAvStory: CategoryStory = {
{
year: 2021,
title: 'WebRTC 1.0 \u2014 W3C Recommendation',
- description: 'After a decade of development, [[webrtc|WebRTC]] reaches official standard status.',
+ description:
+ 'After a decade of development, [[webrtc|WebRTC]] reaches official standard status.',
protocolId: 'webrtc'
}
]
diff --git a/src/lib/data/category-stories/types.ts b/src/lib/data/category-stories/types.ts
index 6ab8a99..7e96c7a 100644
--- a/src/lib/data/category-stories/types.ts
+++ b/src/lib/data/category-stories/types.ts
@@ -45,8 +45,15 @@ export type StorySection =
| { type: 'image'; src: string; alt: string; caption?: string; credit?: string; title?: string }
| { type: 'comparison'; title?: string; axes: string[]; rows: ComparisonRow[]; note?: string };
-export interface CategoryStory {
- categoryId: string;
+/** The shared shape of any story body β a tagline plus ordered sections.
+ * Both {@link CategoryStory} and `SubcategoryStory` extend this; components
+ * that only render the body (e.g. CategoryStoryView) should accept this
+ * rather than a specific parent type. */
+export interface StoryContent {
tagline: string;
sections: StorySection[];
}
+
+export interface CategoryStory extends StoryContent {
+ categoryId: string;
+}
diff --git a/src/lib/data/category-stories/utilities.ts b/src/lib/data/category-stories/utilities.ts
index 493c4d4..03d8965 100644
--- a/src/lib/data/category-stories/utilities.ts
+++ b/src/lib/data/category-stories/utilities.ts
@@ -75,7 +75,7 @@ export const utilitiesStory: CategoryStory = {
year: 1988,
title: 'IMAP Created β RFC 1064',
description:
- "Mark Crispin at Stanford invents the Internet Message Access Protocol. Unlike POP, mail stays on the server β a radical idea that enables multi-device access.",
+ 'Mark Crispin at Stanford invents the Internet Message Access Protocol. Unlike POP, mail stays on the server β a radical idea that enables multi-device access.',
protocolId: 'imap'
}
]
@@ -207,7 +207,7 @@ export const utilitiesStory: CategoryStory = {
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/6/69/Netscape_Navigator_2_Screenshot.png/500px-Netscape_Navigator_2_Screenshot.png',
alt: 'A screenshot of Netscape Navigator 2, the browser that introduced SSL encryption to the web',
caption:
- "Netscape Navigator β the browser that introduced {{ssl|SSL}} and the padlock icon, making encrypted web communication possible. This {{ui|UI}} convention persists in every browser today.",
+ 'Netscape Navigator β the browser that introduced {{ssl|SSL}} and the padlock icon, making encrypted web communication possible. This {{ui|UI}} convention persists in every browser today.',
credit: 'Screenshot: Indolering / CC0, via Wikimedia Commons'
},
{
diff --git a/src/lib/data/category-stories/web-api.ts b/src/lib/data/category-stories/web-api.ts
index fca85d6..4218a80 100644
--- a/src/lib/data/category-stories/web-api.ts
+++ b/src/lib/data/category-stories/web-api.ts
@@ -14,7 +14,7 @@ The first version, {{http-method|HTTP}}/0.9, supported just one command: GET. No
{
type: 'image',
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/d/d1/First_Web_Server.jpg/500px-First_Web_Server.jpg',
- alt: 'The NeXT computer used by Tim Berners-Lee at CERN, the world\'s first web server',
+ alt: "The NeXT computer used by Tim Berners-Lee at CERN, the world's first web server",
caption:
'The NeXT cube at {{cern|CERN}} β the first web server and web browser, built by [[pioneer:tim-berners-lee|Tim Berners-Lee]] in 1990. The handwritten label reads "This machine is a server. DO NOT POWER IT DOWN!!"',
credit: 'Photo: Coolcaesar / CC BY-SA 3.0, via Wikimedia Commons'
@@ -103,7 +103,7 @@ Meanwhile, {{google|Google}}'s internal {{rpc|RPC}} system 'Stubby' was handling
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/8/8d/Ginevra%2C_centro_visitatori_del_cern%2C_primo_server_della_storia_%281989%29%2C_02.JPG/500px-Ginevra%2C_centro_visitatori_del_cern%2C_primo_server_della_storia_%281989%29%2C_02.JPG',
alt: "Tim Berners-Lee's 1989 proposal 'Information Management: A Proposal' displayed at the CERN visitors center",
caption:
- "Berners-Lee's 1989 proposal on display at {{cern|CERN}} β the document his supervisor Mike Sendall marked \"Vague, but exciting.\" It described {{http-method|HTTP}}, {{html|HTML}}, and URLs before any of them existed.",
+ 'Berners-Lee\'s 1989 proposal on display at {{cern|CERN}} β the document his supervisor Mike Sendall marked "Vague, but exciting." It described {{http-method|HTTP}}, {{html|HTML}}, and URLs before any of them existed.',
credit: 'Photo: Sailko / CC BY 3.0, via Wikimedia Commons'
},
{
diff --git a/src/lib/data/category-stories/wireless.ts b/src/lib/data/category-stories/wireless.ts
index c5a5495..a7d7a42 100644
--- a/src/lib/data/category-stories/wireless.ts
+++ b/src/lib/data/category-stories/wireless.ts
@@ -36,7 +36,7 @@ Together β Wi-Fi for local broadband, Bluetooth for personal-area, Cellular fo
title: 'Viterbi algorithm; Qualcomm co-founder',
org: 'Qualcomm',
contribution:
- 'Invented the **Viterbi algorithm** in 1967 β used in every cellular phone, every disk-drive read channel, every {{gps|GPS}} receiver, and every speech recognizer. *On advice of a lawyer, Viterbi did not patent the algorithm.* Co-founded Qualcomm in 1985; led the company through the {{cdma|CDMA}}-vs-{{tdma|TDMA}} wars that culminated in {{cdma|CDMA}}\'s mathematical foundation becoming {{wcdma|WCDMA}} inside {{umts|UMTS}}. **{{ieee-802-15-4|IEEE}} Medal of Honor 2010**.'
+ "Invented the **Viterbi algorithm** in 1967 β used in every cellular phone, every disk-drive read channel, every {{gps|GPS}} receiver, and every speech recognizer. *On advice of a lawyer, Viterbi did not patent the algorithm.* Co-founded Qualcomm in 1985; led the company through the {{cdma|CDMA}}-vs-{{tdma|TDMA}} wars that culminated in {{cdma|CDMA}}'s mathematical foundation becoming {{wcdma|WCDMA}} inside {{umts|UMTS}}. **{{ieee-802-15-4|IEEE}} Medal of Honor 2010**."
},
{
name: 'Vic Hayes',
@@ -52,7 +52,7 @@ Together β Wi-Fi for local broadband, Bluetooth for personal-area, Cellular fo
title: 'Inventor of Bluetooth',
org: 'Ericsson Mobile (Lund) / Plantronics',
contribution:
- "Dutch engineer who designed the [[bluetooth|Bluetooth]] radio at Ericsson Lund in 1994β97. Tasked with replacing the RS-232 cable to a mobile-phone headset; his frequency-hopping {{piconet|piconet}} design became the foundation of every [[bluetooth|Bluetooth]] chip ever made. European Inventor Award Lifetime Achievement finalist (2015)."
+ 'Dutch engineer who designed the [[bluetooth|Bluetooth]] radio at Ericsson Lund in 1994β97. Tasked with replacing the RS-232 cable to a mobile-phone headset; his frequency-hopping {{piconet|piconet}} design became the foundation of every [[bluetooth|Bluetooth]] chip ever made. European Inventor Award Lifetime Achievement finalist (2015).'
},
{
name: 'Sven Mattisson',
@@ -60,7 +60,7 @@ Together β Wi-Fi for local broadband, Bluetooth for personal-area, Cellular fo
title: 'Co-inventor of Bluetooth',
org: 'Ericsson Research / Sony Mobile',
contribution:
- 'Swedish engineer who owned the analog RF and CMOS implementation work that paired with Jaap Haartsen\'s digital baseband. The IC-level decisions that made [[bluetooth|Bluetooth]] manufacturable at consumer price points.'
+ "Swedish engineer who owned the analog RF and CMOS implementation work that paired with Jaap Haartsen's digital baseband. The IC-level decisions that made [[bluetooth|Bluetooth]] manufacturable at consumer price points."
},
{
name: 'Jim Kardach',
@@ -85,7 +85,7 @@ Together β Wi-Fi for local broadband, Bluetooth for personal-area, Cellular fo
year: 1973,
title: 'First handheld cellular call β Motorola DynaTAC',
description:
- "Marty Cooper of Motorola dials Joel Engel at AT&T Bell Labs from Sixth Avenue, Manhattan: *\"Joel, this is Marty. I'm calling you from a cell phone, a real handheld portable cell phone.\"* The DynaTAC weighs 2.5 lb and gets 35 minutes of talk after 10 hours of charging.",
+ 'Marty Cooper of Motorola dials Joel Engel at AT&T Bell Labs from Sixth Avenue, Manhattan: *"Joel, this is Marty. I\'m calling you from a cell phone, a real handheld portable cell phone."* The DynaTAC weighs 2.5 lb and gets 35 minutes of talk after 10 hours of charging.',
protocolId: 'cellular'
},
{
@@ -127,7 +127,7 @@ Together β Wi-Fi for local broadband, Bluetooth for personal-area, Cellular fo
year: 2010,
title: 'Bluetooth 4.0 / BLE',
description:
- '[[bluetooth|Bluetooth]] Core 4.0 (December 2009 β 2010 products) adds **Bluetooth Low Energy** (originally Nokia\'s *Wibree*). Different radio, different framing ({{l2cap|L2CAP}}/{{att-mtu|ATT}}/{{gatt|GATT}}) β wearables, beacons, AirTag-class trackers all sit on top of this layer.',
+ "[[bluetooth|Bluetooth]] Core 4.0 (December 2009 β 2010 products) adds **Bluetooth Low Energy** (originally Nokia's *Wibree*). Different radio, different framing ({{l2cap|L2CAP}}/{{att-mtu|ATT}}/{{gatt|GATT}}) β wearables, beacons, AirTag-class trackers all sit on top of this layer.",
protocolId: 'bluetooth'
},
{
@@ -148,7 +148,7 @@ Together β Wi-Fi for local broadband, Bluetooth for personal-area, Cellular fo
year: 2018,
title: '5G NR Release 15 freeze',
description:
- "{{3gpp|3GPP}} Release 15 β the **first {{5g-nr|5G NR}} specification** β is frozen on 14 June 2018. Service-based {{5g-core|5G Core}}, flexible numerology, {{mmwave|mmWave}} (FR2) support, network slicing. First commercial 5G networks light up in 2019; first 5G-Standalone (no {{lte|LTE}} anchor) deployments arrive in 2020β2021.",
+ '{{3gpp|3GPP}} Release 15 β the **first {{5g-nr|5G NR}} specification** β is frozen on 14 June 2018. Service-based {{5g-core|5G Core}}, flexible numerology, {{mmwave|mmWave}} (FR2) support, network slicing. First commercial 5G networks light up in 2019; first 5G-Standalone (no {{lte|LTE}} anchor) deployments arrive in 2020β2021.',
protocolId: 'cellular'
},
{
@@ -176,7 +176,7 @@ Together β Wi-Fi for local broadband, Bluetooth for personal-area, Cellular fo
year: 2025,
title: 'T-Mobile + SpaceX Direct-to-Cell launches commercially',
description:
- "The first commercial **satellite-to-cell** service. Standard band n25/n26 phones {{mqtt-connect|connect}} to low-Earth-orbit {{starlink|Starlink}} satellites for {{sms|SMS}} and emergency. {{apple|Apple}}\'s Globalstar partnership and AT&T's AST SpaceMobile follow similar patterns. Reshapes \"coverage\" as a concept: \"no signal\" no longer means *no signal*.",
+ 'The first commercial **satellite-to-cell** service. Standard band n25/n26 phones {{mqtt-connect|connect}} to low-Earth-orbit {{starlink|Starlink}} satellites for {{sms|SMS}} and emergency. {{apple|Apple}}\'s Globalstar partnership and AT&T\'s AST SpaceMobile follow similar patterns. Reshapes "coverage" as a concept: "no signal" no longer means *no signal*.',
protocolId: 'cellular'
}
]
diff --git a/src/lib/data/comparison/pairs.ts b/src/lib/data/comparison/pairs.ts
index 400bb6c..b305f6d 100644
--- a/src/lib/data/comparison/pairs.ts
+++ b/src/lib/data/comparison/pairs.ts
@@ -13,11 +13,23 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[tcp|TCP]] guarantees every byte arrives in order at the cost of {{latency|latency}}; [[udp|UDP]] prioritizes speed by skipping reliability guarantees entirely.',
keyDifferences: [
- { aspect: 'Connection model', left: '{{connection-oriented|Connection-oriented}} (3-way handshake)', right: '{{connectionless|Connectionless}} (fire-and-forget)' },
- { aspect: 'Reliability', left: 'Guaranteed delivery with retransmission', right: 'Best-effort, no retransmission' },
+ {
+ aspect: 'Connection model',
+ left: '{{connection-oriented|Connection-oriented}} (3-way handshake)',
+ right: '{{connectionless|Connectionless}} (fire-and-forget)'
+ },
+ {
+ aspect: 'Reliability',
+ left: 'Guaranteed delivery with retransmission',
+ right: 'Best-effort, no retransmission'
+ },
{ aspect: 'Ordering', left: 'Strict in-order delivery', right: 'No ordering guarantees' },
{ aspect: 'Header size', left: '20-60 bytes', right: '8 bytes' },
- { aspect: 'Overhead', left: 'Higher (ACKs, {{flow-control|flow control}}, congestion)', right: 'Minimal (just send and hope)' }
+ {
+ aspect: 'Overhead',
+ left: 'Higher (ACKs, {{flow-control|flow control}}, congestion)',
+ right: 'Minimal (just send and hope)'
+ }
],
useLeftWhen: [
'You need guaranteed delivery (file transfer, web pages, email)',
@@ -38,11 +50,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'Standard [[tcp|TCP]] uses a single network path; [[mptcp|MPTCP]] spreads traffic across multiple paths (e.g. [[wifi|Wi-Fi]] + cellular) for better throughput and seamless {{failover|failover}}.',
keyDifferences: [
- { aspect: 'Connection model', left: 'Multiple subflows across interfaces', right: 'Single path, single interface' },
- { aspect: 'Redundancy', left: 'Seamless failover between paths', right: 'Connection drops if path fails' },
- { aspect: 'Throughput', left: 'Aggregate bandwidth of all paths', right: 'Limited to single path bandwidth' },
- { aspect: 'Complexity', left: 'Complex path management and scheduling', right: 'Simple, well-understood behavior' },
- { aspect: 'Ecosystem', left: 'Growing support (Apple, Linux 5.6+)', right: 'Universal support everywhere' }
+ {
+ aspect: 'Connection model',
+ left: 'Multiple subflows across interfaces',
+ right: 'Single path, single interface'
+ },
+ {
+ aspect: 'Redundancy',
+ left: 'Seamless failover between paths',
+ right: 'Connection drops if path fails'
+ },
+ {
+ aspect: 'Throughput',
+ left: 'Aggregate bandwidth of all paths',
+ right: 'Limited to single path bandwidth'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Complex path management and scheduling',
+ right: 'Simple, well-understood behavior'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Growing support (Apple, Linux 5.6+)',
+ right: 'Universal support everywhere'
+ }
],
useLeftWhen: [
'Devices have multiple network interfaces (mobile with [[wifi|Wi-Fi]] + cellular)',
@@ -63,11 +95,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[tcp|TCP]] delivers a single ordered byte stream; [[sctp|SCTP]] delivers multiple independent message streams over one association with built-in {{multi-homing|multi-homing}}.',
keyDifferences: [
- { aspect: 'Data format', left: 'Message-oriented (preserves boundaries)', right: 'Byte-stream (no message boundaries)' },
- { aspect: 'Multiplexing', left: 'Multiple independent streams', right: 'Single stream ({{head-of-line-blocking|head-of-line blocking}})' },
- { aspect: 'Redundancy', left: 'Built-in multi-homing (multiple IPs)', right: 'Single [[ip|IP]] per connection' },
- { aspect: 'Connection model', left: '4-way handshake with cookie (DoS-resistant)', right: '3-way handshake' },
- { aspect: 'Ecosystem', left: 'Limited (telecom, [[webrtc|WebRTC]] data channels)', right: 'Universal support' }
+ {
+ aspect: 'Data format',
+ left: 'Message-oriented (preserves boundaries)',
+ right: 'Byte-stream (no message boundaries)'
+ },
+ {
+ aspect: 'Multiplexing',
+ left: 'Multiple independent streams',
+ right: 'Single stream ({{head-of-line-blocking|head-of-line blocking}})'
+ },
+ {
+ aspect: 'Redundancy',
+ left: 'Built-in multi-homing (multiple IPs)',
+ right: 'Single [[ip|IP]] per connection'
+ },
+ {
+ aspect: 'Connection model',
+ left: '4-way handshake with cookie (DoS-resistant)',
+ right: '3-way handshake'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Limited (telecom, [[webrtc|WebRTC]] data channels)',
+ right: 'Universal support'
+ }
],
useLeftWhen: [
'You need multiple independent streams without {{head-of-line-blocking|head-of-line blocking}}',
@@ -88,11 +140,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'Raw [[udp|UDP]] is a minimal, unreliable datagram service; [[quic|QUIC]] builds reliability, {{multiplexing|multiplexing}}, and {{encryption|encryption}} on top of [[udp|UDP]] to replace [[tcp|TCP]]+[[tls|TLS]].',
keyDifferences: [
- { aspect: 'Reliability', left: 'Reliable delivery with retransmission', right: 'Best-effort, no guarantees' },
- { aspect: 'Encryption', left: 'Built-in [[tls|TLS]] 1.3 (always encrypted)', right: 'None (plaintext datagrams)' },
- { aspect: 'Multiplexing', left: 'Multiple independent streams', right: 'Single datagram, no streams' },
- { aspect: 'Connection model', left: '{{zero-rtt|0-RTT}}/{{one-rtt|1-RTT}} handshake', right: 'No connection setup' },
- { aspect: 'Complexity', left: 'Full transport protocol (congestion, {{flow-control|flow control}})', right: 'Minimal 8-byte header' }
+ {
+ aspect: 'Reliability',
+ left: 'Reliable delivery with retransmission',
+ right: 'Best-effort, no guarantees'
+ },
+ {
+ aspect: 'Encryption',
+ left: 'Built-in [[tls|TLS]] 1.3 (always encrypted)',
+ right: 'None (plaintext datagrams)'
+ },
+ {
+ aspect: 'Multiplexing',
+ left: 'Multiple independent streams',
+ right: 'Single datagram, no streams'
+ },
+ {
+ aspect: 'Connection model',
+ left: '{{zero-rtt|0-RTT}}/{{one-rtt|1-RTT}} handshake',
+ right: 'No connection setup'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Full transport protocol (congestion, {{flow-control|flow control}})',
+ right: 'Minimal 8-byte header'
+ }
],
useLeftWhen: [
'You need reliable delivery but want to avoid [[tcp|TCP]] {{head-of-line-blocking|head-of-line blocking}}',
@@ -104,7 +176,7 @@ const vsPairs: ProtocolPair[] = [
'Your protocol handles its own reliability ([[dns|DNS]], [[ntp|NTP]], custom game protocols)',
'Absolute minimum overhead per packet is critical',
'You are sending single-shot messages that do not need stream semantics',
- 'Simplicity and universality outweigh [[quic|QUIC]]\'s features'
+ "Simplicity and universality outweigh [[quic|QUIC]]'s features"
]
},
@@ -116,11 +188,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[http1|[[http1|HTTP/1]].1]] sends requests sequentially over separate connections; [[http2|HTTP/2]] multiplexes many requests over a single connection with header compression and {{server-push|server push}}.',
keyDifferences: [
- { aspect: 'Multiplexing', left: 'One request per connection at a time', right: 'Many concurrent streams on one connection' },
- { aspect: 'Data format', left: 'Text-based headers', right: '{{binary-framing|Binary framing}} with {{hpack|HPACK}} compression' },
- { aspect: 'Header size', left: 'Repetitive, uncompressed headers', right: 'Compressed via {{hpack|HPACK}} (up to 90% smaller)' },
- { aspect: 'Direction', left: 'Client-initiated only', right: '{{server-push|Server push}} (proactive resource delivery)' },
- { aspect: 'Connection model', left: 'Multiple [[tcp|TCP]] connections (6 per domain)', right: 'Single [[tcp|TCP]] connection per origin' }
+ {
+ aspect: 'Multiplexing',
+ left: 'One request per connection at a time',
+ right: 'Many concurrent streams on one connection'
+ },
+ {
+ aspect: 'Data format',
+ left: 'Text-based headers',
+ right: '{{binary-framing|Binary framing}} with {{hpack|HPACK}} compression'
+ },
+ {
+ aspect: 'Header size',
+ left: 'Repetitive, uncompressed headers',
+ right: 'Compressed via {{hpack|HPACK}} (up to 90% smaller)'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Client-initiated only',
+ right: '{{server-push|Server push}} (proactive resource delivery)'
+ },
+ {
+ aspect: 'Connection model',
+ left: 'Multiple [[tcp|TCP]] connections (6 per domain)',
+ right: 'Single [[tcp|TCP]] connection per origin'
+ }
],
useLeftWhen: [
'You are supporting very old clients or constrained devices that lack [[http2|HTTP/2]]',
@@ -141,11 +233,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[http2|HTTP/2]] runs over [[tcp|TCP]] and suffers from [[tcp|TCP]]-level {{head-of-line-blocking|head-of-line blocking}}; [[http3|HTTP/3]] runs over [[quic|QUIC]] ([[udp|UDP]]-based) eliminating this and adding faster connection setup.',
keyDifferences: [
- { aspect: 'Transport', left: '[[tcp|TCP]] + [[tls|TLS]] 1.2/1.3 (separate layers)', right: '[[quic|QUIC]] ([[udp|UDP]]-based, [[tls|TLS]] 1.3 built-in)' },
- { aspect: 'Multiplexing', left: 'Streams share [[tcp|TCP]] ({{head-of-line-blocking|head-of-line blocking}})', right: 'Streams independent (no cross-stream blocking)' },
- { aspect: 'Connection model', left: '{{one-rtt|1-RTT}} [[tcp|TCP]] + {{one-rtt|1-RTT}} [[tls|TLS]] = 2+ {{rtt|RTT}}', right: '{{one-rtt|1-RTT}} or {{zero-rtt|0-RTT}} (combined transport+crypto)' },
- { aspect: 'Header size', left: '{{hpack|HPACK}} compression', right: 'QPACK compression (designed for [[quic|QUIC]])' },
- { aspect: 'Ecosystem', left: 'Mature, universal support', right: 'Growing rapidly, most modern browsers support it' }
+ {
+ aspect: 'Transport',
+ left: '[[tcp|TCP]] + [[tls|TLS]] 1.2/1.3 (separate layers)',
+ right: '[[quic|QUIC]] ([[udp|UDP]]-based, [[tls|TLS]] 1.3 built-in)'
+ },
+ {
+ aspect: 'Multiplexing',
+ left: 'Streams share [[tcp|TCP]] ({{head-of-line-blocking|head-of-line blocking}})',
+ right: 'Streams independent (no cross-stream blocking)'
+ },
+ {
+ aspect: 'Connection model',
+ left: '{{one-rtt|1-RTT}} [[tcp|TCP]] + {{one-rtt|1-RTT}} [[tls|TLS]] = 2+ {{rtt|RTT}}',
+ right: '{{one-rtt|1-RTT}} or {{zero-rtt|0-RTT}} (combined transport+crypto)'
+ },
+ {
+ aspect: 'Header size',
+ left: '{{hpack|HPACK}} compression',
+ right: 'QPACK compression (designed for [[quic|QUIC]])'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Mature, universal support',
+ right: 'Growing rapidly, most modern browsers support it'
+ }
],
useLeftWhen: [
'Maximum compatibility with existing infrastructure is required',
@@ -166,11 +278,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rest|REST]] uses human-readable {{json|JSON}} over {{http-method|HTTP}} for broad compatibility; [[grpc|gRPC]] uses binary Protobuf over [[http2|HTTP/2]] for high-performance, strongly-typed service communication.',
keyDifferences: [
- { aspect: 'Data format', left: 'Binary ({{protocol-buffers|Protocol Buffers}})', right: 'Text ({{json|JSON}}, {{xml|XML}})' },
- { aspect: 'Transport', left: '[[http2|HTTP/2]] only (multiplexed streams)', right: 'Any HTTP version' },
- { aspect: 'Direction', left: 'Bidirectional streaming natively', right: '{{request-response|Request-response}} only (streaming via workarounds)' },
- { aspect: 'Browser support', left: 'Requires grpc-web proxy', right: 'Native in all browsers' },
- { aspect: 'Complexity', left: 'Schema-first (.proto files, codegen)', right: 'Schema-optional, ad-hoc design common' }
+ {
+ aspect: 'Data format',
+ left: 'Binary ({{protocol-buffers|Protocol Buffers}})',
+ right: 'Text ({{json|JSON}}, {{xml|XML}})'
+ },
+ {
+ aspect: 'Transport',
+ left: '[[http2|HTTP/2]] only (multiplexed streams)',
+ right: 'Any HTTP version'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Bidirectional streaming natively',
+ right: '{{request-response|Request-response}} only (streaming via workarounds)'
+ },
+ {
+ aspect: 'Browser support',
+ left: 'Requires grpc-web proxy',
+ right: 'Native in all browsers'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Schema-first (.proto files, codegen)',
+ right: 'Schema-optional, ad-hoc design common'
+ }
],
useLeftWhen: [
'Services communicate internally (microservice-to-microservice)',
@@ -191,11 +323,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rest|REST]] exposes fixed endpoints that return predetermined data shapes; [[graphql|GraphQL]] exposes a single endpoint where clients query exactly the fields they need.',
keyDifferences: [
- { aspect: 'Data format', left: 'Client-specified query shapes', right: 'Server-defined resource shapes' },
- { aspect: 'Caching', left: 'Complex (query-level, requires tooling)', right: 'Simple (HTTP caching per URL)' },
- { aspect: 'Overhead', left: 'No over-fetching, but query parsing cost', right: 'Often over-fetches or under-fetches data' },
- { aspect: 'Direction', left: 'Queries + mutations + subscriptions', right: 'CRUD mapped to HTTP methods' },
- { aspect: 'Complexity', left: 'Schema required, resolver architecture', right: 'Simpler, convention-based' }
+ {
+ aspect: 'Data format',
+ left: 'Client-specified query shapes',
+ right: 'Server-defined resource shapes'
+ },
+ {
+ aspect: 'Caching',
+ left: 'Complex (query-level, requires tooling)',
+ right: 'Simple (HTTP caching per URL)'
+ },
+ {
+ aspect: 'Overhead',
+ left: 'No over-fetching, but query parsing cost',
+ right: 'Often over-fetches or under-fetches data'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Queries + mutations + subscriptions',
+ right: 'CRUD mapped to HTTP methods'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Schema required, resolver architecture',
+ right: 'Simpler, convention-based'
+ }
],
useLeftWhen: [
'Clients need different slices of data (mobile vs desktop vs watch)',
@@ -216,10 +368,26 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[websockets|WebSocket]] provides {{full-duplex|full-duplex}} bidirectional communication; [[sse|SSE]] provides server-to-client streaming over plain {{http-method|HTTP}} with automatic reconnection.',
keyDifferences: [
- { aspect: 'Direction', left: 'Server-to-client only', right: '{{full-duplex|Full-duplex}} bidirectional' },
- { aspect: 'Transport', left: 'Standard HTTP (works with proxies, CDNs)', right: 'Upgraded connection (custom framing)' },
- { aspect: 'Complexity', left: 'Simple (EventSource API, text-based)', right: 'More complex (handshake, binary frames)' },
- { aspect: 'Reliability', left: 'Built-in auto-reconnection and last-event-ID', right: 'Manual reconnection logic needed' },
+ {
+ aspect: 'Direction',
+ left: 'Server-to-client only',
+ right: '{{full-duplex|Full-duplex}} bidirectional'
+ },
+ {
+ aspect: 'Transport',
+ left: 'Standard HTTP (works with proxies, CDNs)',
+ right: 'Upgraded connection (custom framing)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Simple (EventSource API, text-based)',
+ right: 'More complex (handshake, binary frames)'
+ },
+ {
+ aspect: 'Reliability',
+ left: 'Built-in auto-reconnection and last-event-ID',
+ right: 'Manual reconnection logic needed'
+ },
{ aspect: 'Data format', left: 'Text only (UTF-8)', right: 'Text and binary frames' }
],
useLeftWhen: [
@@ -241,11 +409,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[graphql|GraphQL]] lets clients flexibly query for exactly the data they need over {{http-method|HTTP}}; [[grpc|gRPC]] provides high-performance, schema-strict {{rpc|RPC}} with bidirectional streaming.',
keyDifferences: [
- { aspect: 'Data format', left: '{{json|JSON}} response, query language', right: 'Binary {{protocol-buffers|Protocol Buffers}}' },
- { aspect: 'Direction', left: '{{request-response|Request-response}} + subscriptions', right: 'Unary, server/client/bidirectional streaming' },
- { aspect: 'Browser support', left: 'Native (standard HTTP POST)', right: 'Requires grpc-web proxy' },
- { aspect: 'Complexity', left: 'Schema + resolvers, flexible queries', right: 'Schema + codegen, strict contracts' },
- { aspect: 'Overhead', left: '{{json|JSON}} text (human-readable)', right: 'Binary (compact, ~5-10x smaller)' }
+ {
+ aspect: 'Data format',
+ left: '{{json|JSON}} response, query language',
+ right: 'Binary {{protocol-buffers|Protocol Buffers}}'
+ },
+ {
+ aspect: 'Direction',
+ left: '{{request-response|Request-response}} + subscriptions',
+ right: 'Unary, server/client/bidirectional streaming'
+ },
+ {
+ aspect: 'Browser support',
+ left: 'Native (standard HTTP POST)',
+ right: 'Requires grpc-web proxy'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Schema + resolvers, flexible queries',
+ right: 'Schema + codegen, strict contracts'
+ },
+ {
+ aspect: 'Overhead',
+ left: '{{json|JSON}} text (human-readable)',
+ right: 'Binary (compact, ~5-10x smaller)'
+ }
],
useLeftWhen: [
'Clients need flexible, ad-hoc queries over complex data graphs',
@@ -266,11 +454,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[http1|[[http1|HTTP/1]].1]] is the text-based, universally supported baseline; [[http3|HTTP/3]] is the latest evolution running over [[quic|QUIC]] with {{multiplexing|multiplexing}}, {{zero-rtt|0-RTT}}, and built-in {{encryption|encryption}}.',
keyDifferences: [
- { aspect: 'Transport', left: '[[tcp|TCP]] (1+ {{rtt|RTT}} handshake)', right: '[[quic|QUIC]] over [[udp|UDP]] ({{zero-rtt|0-RTT}} possible)' },
- { aspect: 'Multiplexing', left: 'No multiplexing (one request per connection)', right: 'Full stream multiplexing (no {{head-of-line-blocking|head-of-line blocking}})' },
- { aspect: 'Header size', left: 'Uncompressed text headers', right: 'QPACK compressed binary headers' },
- { aspect: 'Encryption', left: 'Optional (HTTP or HTTPS)', right: 'Always encrypted ([[tls|TLS]] 1.3 built into [[quic|QUIC]])' },
- { aspect: 'Ecosystem', left: 'Universal β every device and proxy supports it', right: 'Modern browsers and CDNs; some firewalls block [[udp|UDP]]' }
+ {
+ aspect: 'Transport',
+ left: '[[tcp|TCP]] (1+ {{rtt|RTT}} handshake)',
+ right: '[[quic|QUIC]] over [[udp|UDP]] ({{zero-rtt|0-RTT}} possible)'
+ },
+ {
+ aspect: 'Multiplexing',
+ left: 'No multiplexing (one request per connection)',
+ right: 'Full stream multiplexing (no {{head-of-line-blocking|head-of-line blocking}})'
+ },
+ {
+ aspect: 'Header size',
+ left: 'Uncompressed text headers',
+ right: 'QPACK compressed binary headers'
+ },
+ {
+ aspect: 'Encryption',
+ left: 'Optional (HTTP or HTTPS)',
+ right: 'Always encrypted ([[tls|TLS]] 1.3 built into [[quic|QUIC]])'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Universal β every device and proxy supports it',
+ right: 'Modern browsers and CDNs; some firewalls block [[udp|UDP]]'
+ }
],
useLeftWhen: [
'Maximum backward compatibility is the top priority',
@@ -291,11 +499,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[http2|HTTP/2]] provides multiplexed {{request-response|request-response}} with {{server-push|server push}} over a single connection; [[websockets|WebSocket]] provides a persistent, {{full-duplex|full-duplex}} message channel.',
keyDifferences: [
- { aspect: 'Direction', left: '{{request-response|Request-response}} + {{server-push|server push}}', right: '{{full-duplex|Full-duplex}} persistent channel' },
- { aspect: 'Data format', left: 'HTTP semantics (headers, status codes)', right: 'Raw frames (text or binary)' },
- { aspect: 'Multiplexing', left: 'Many concurrent request/response streams', right: 'Single bidirectional channel' },
- { aspect: 'Caching', left: 'Standard HTTP caching works', right: 'No HTTP caching (custom protocol)' },
- { aspect: 'Complexity', left: 'Standard HTTP (works with existing tooling)', right: 'Requires upgrade handshake, custom framing' }
+ {
+ aspect: 'Direction',
+ left: '{{request-response|Request-response}} + {{server-push|server push}}',
+ right: '{{full-duplex|Full-duplex}} persistent channel'
+ },
+ {
+ aspect: 'Data format',
+ left: 'HTTP semantics (headers, status codes)',
+ right: 'Raw frames (text or binary)'
+ },
+ {
+ aspect: 'Multiplexing',
+ left: 'Many concurrent request/response streams',
+ right: 'Single bidirectional channel'
+ },
+ {
+ aspect: 'Caching',
+ left: 'Standard HTTP caching works',
+ right: 'No HTTP caching (custom protocol)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Standard HTTP (works with existing tooling)',
+ right: 'Requires upgrade handshake, custom framing'
+ }
],
useLeftWhen: [
'Your communication follows {{request-response|request-response}} patterns (APIs, page loads)',
@@ -316,11 +544,27 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rest|REST]] follows a {{stateless|stateless}} {{request-response|request-response}} model ideal for {{crud|CRUD}} operations; [[websockets|WebSocket]] maintains a persistent connection for real-time bidirectional communication.',
keyDifferences: [
- { aspect: 'Statefulness', left: '{{stateless|Stateless}} (each request is independent)', right: '{{stateful|Stateful}} (persistent connection)' },
- { aspect: 'Direction', left: 'Client-initiated requests only', right: '{{full-duplex|Full-duplex}} (either side can send anytime)' },
+ {
+ aspect: 'Statefulness',
+ left: '{{stateless|Stateless}} (each request is independent)',
+ right: '{{stateful|Stateful}} (persistent connection)'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Client-initiated requests only',
+ right: '{{full-duplex|Full-duplex}} (either side can send anytime)'
+ },
{ aspect: 'Caching', left: 'Built-in HTTP caching', right: 'No caching (real-time stream)' },
- { aspect: 'Overhead', left: 'Full HTTP headers per request', right: 'Minimal framing after handshake (2-14 bytes)' },
- { aspect: 'Complexity', left: 'Simple, well-understood conventions', right: 'Requires connection management and reconnection logic' }
+ {
+ aspect: 'Overhead',
+ left: 'Full HTTP headers per request',
+ right: 'Minimal framing after handshake (2-14 bytes)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Simple, well-understood conventions',
+ right: 'Requires connection management and reconnection logic'
+ }
],
useLeftWhen: [
'Your operations are CRUD-style (create, read, update, delete)',
@@ -341,9 +585,21 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[graphql|GraphQL]] lets clients query exactly the data they need via flexible queries; [[sse|SSE]] provides a simple server-push stream for real-time updates over {{http-method|HTTP}}.',
keyDifferences: [
- { aspect: 'Direction', left: '{{request-response|Request-response}} + subscriptions', right: 'Server-to-client push only' },
- { aspect: 'Data format', left: 'Client-defined query shapes ({{json|JSON}})', right: 'Server-defined event stream (text)' },
- { aspect: 'Complexity', left: 'Schema, resolvers, query parsing', right: 'Simple EventSource API' },
+ {
+ aspect: 'Direction',
+ left: '{{request-response|Request-response}} + subscriptions',
+ right: 'Server-to-client push only'
+ },
+ {
+ aspect: 'Data format',
+ left: 'Client-defined query shapes ({{json|JSON}})',
+ right: 'Server-defined event stream (text)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Schema, resolvers, query parsing',
+ right: 'Simple EventSource API'
+ },
{ aspect: 'Caching', left: 'Complex (query-level)', right: 'HTTP-level caching possible' },
{ aspect: 'Browser support', left: 'Requires fetch/library', right: 'Native EventSource API' }
],
@@ -366,11 +622,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rest|REST]] is an architectural style defining how to structure APIs; [[http2|HTTP/2]] is a transport protocol that improves how {{http-method|HTTP}} requests are delivered β they operate at different levels and are not direct alternatives. They are complementary: [[rest|REST]] APIs can (and commonly do) run over [[http2|HTTP/2]], gaining {{multiplexing|multiplexing}}, header compression, and {{server-push|server push}} without any changes to {{api|API}} design.',
keyDifferences: [
- { aspect: 'Multiplexing', left: 'Multiple concurrent streams natively', right: 'One request per connection (uses multiple connections)' },
- { aspect: 'Direction', left: '{{server-push|Server push}} for proactive delivery', right: 'Client-initiated requests only' },
- { aspect: 'Header size', left: '{{hpack|HPACK}} compressed (binary)', right: 'Full text headers repeated per request' },
- { aspect: 'Data format', left: '{{binary-framing|Binary framing}} layer', right: 'Text-based HTTP semantics' },
- { aspect: 'Complexity', left: 'Requires [[tls|TLS]] in practice, binary debugging', right: 'Simple, human-readable, curl-friendly' }
+ {
+ aspect: 'Multiplexing',
+ left: 'Multiple concurrent streams natively',
+ right: 'One request per connection (uses multiple connections)'
+ },
+ {
+ aspect: 'Direction',
+ left: '{{server-push|Server push}} for proactive delivery',
+ right: 'Client-initiated requests only'
+ },
+ {
+ aspect: 'Header size',
+ left: '{{hpack|HPACK}} compressed (binary)',
+ right: 'Full text headers repeated per request'
+ },
+ {
+ aspect: 'Data format',
+ left: '{{binary-framing|Binary framing}} layer',
+ right: 'Text-based HTTP semantics'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Requires [[tls|TLS]] in practice, binary debugging',
+ right: 'Simple, human-readable, curl-friendly'
+ }
],
useLeftWhen: [
'Many resources are loaded concurrently (web pages with dozens of assets)',
@@ -394,11 +670,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[mqtt|MQTT]] is ultra-lightweight pub/sub designed for constrained IoT devices; [[amqp|AMQP]] is a feature-rich {{broker|message broker}} protocol for enterprise messaging with routing, transactions, and delivery guarantees.',
keyDifferences: [
- { aspect: 'Overhead', left: 'Feature-rich (higher overhead)', right: 'Minimal (2-byte header possible)' },
- { aspect: 'Data format', left: 'Binary with rich semantics', right: 'Binary with simple topic-based pub/sub' },
- { aspect: 'Reliability', left: 'Transactions, dead-lettering, acknowledgments', right: 'QoS 0/1/2 (fire-forget to exactly-once)' },
- { aspect: 'Complexity', left: 'Exchanges, queues, bindings, routing keys', right: 'Simple topic hierarchy with wildcards' },
- { aspect: 'Ecosystem', left: 'RabbitMQ, enterprise integration', right: 'Mosquitto, AWS IoT, Azure IoT Hub' }
+ {
+ aspect: 'Overhead',
+ left: 'Feature-rich (higher overhead)',
+ right: 'Minimal (2-byte header possible)'
+ },
+ {
+ aspect: 'Data format',
+ left: 'Binary with rich semantics',
+ right: 'Binary with simple topic-based pub/sub'
+ },
+ {
+ aspect: 'Reliability',
+ left: 'Transactions, dead-lettering, acknowledgments',
+ right: 'QoS 0/1/2 (fire-forget to exactly-once)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Exchanges, queues, bindings, routing keys',
+ right: 'Simple topic hierarchy with wildcards'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'RabbitMQ, enterprise integration',
+ right: 'Mosquitto, AWS IoT, Azure IoT Hub'
+ }
],
useLeftWhen: [
'You need complex routing (topic, direct, fanout, headers exchange)',
@@ -419,11 +715,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[amqp|AMQP]] is a binary, feature-complete {{broker|message broker}} protocol; [[stomp|STOMP]] is a text-based, deliberately simple messaging protocol designed for easy client implementation.',
keyDifferences: [
- { aspect: 'Data format', left: 'Binary with rich type system', right: 'Text-based (like HTTP, human-readable)' },
- { aspect: 'Complexity', left: 'Exchanges, queues, bindings, routing', right: 'Simple SEND/SUBSCRIBE/UNSUBSCRIBE' },
- { aspect: 'Reliability', left: 'Transactions, publisher confirms, dead-lettering', right: 'Basic acknowledgments only' },
- { aspect: 'Browser support', left: 'Requires [[amqp|AMQP]] client library', right: 'Easy over [[websockets|WebSocket]] (text protocol)' },
- { aspect: 'Ecosystem', left: 'RabbitMQ, Qpid, Azure Service Bus', right: 'ActiveMQ, RabbitMQ ([[stomp|STOMP]] plugin)' }
+ {
+ aspect: 'Data format',
+ left: 'Binary with rich type system',
+ right: 'Text-based (like HTTP, human-readable)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Exchanges, queues, bindings, routing',
+ right: 'Simple SEND/SUBSCRIBE/UNSUBSCRIBE'
+ },
+ {
+ aspect: 'Reliability',
+ left: 'Transactions, publisher confirms, dead-lettering',
+ right: 'Basic acknowledgments only'
+ },
+ {
+ aspect: 'Browser support',
+ left: 'Requires [[amqp|AMQP]] client library',
+ right: 'Easy over [[websockets|WebSocket]] (text protocol)'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'RabbitMQ, Qpid, Azure Service Bus',
+ right: 'ActiveMQ, RabbitMQ ([[stomp|STOMP]] plugin)'
+ }
],
useLeftWhen: [
'You need advanced routing, transactions, and delivery guarantees',
@@ -444,11 +760,27 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[mqtt|MQTT]] is a pub/sub protocol connecting many devices through a central broker; [[coap|CoAP]] is a {{request-response|request-response}} protocol for direct device-to-device communication modeled after {{http-method|HTTP}}.',
keyDifferences: [
- { aspect: 'Connection model', left: '{{request-response|Request-response}} (like HTTP)', right: 'Publish-subscribe via broker' },
- { aspect: 'Transport', left: '[[udp|UDP]] (connectionless)', right: '[[tcp|TCP]] (persistent connection to broker)' },
- { aspect: 'Direction', left: 'Client-server (device to device)', right: 'Many-to-many via central broker' },
+ {
+ aspect: 'Connection model',
+ left: '{{request-response|Request-response}} (like HTTP)',
+ right: 'Publish-subscribe via broker'
+ },
+ {
+ aspect: 'Transport',
+ left: '[[udp|UDP]] (connectionless)',
+ right: '[[tcp|TCP]] (persistent connection to broker)'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Client-server (device to device)',
+ right: 'Many-to-many via central broker'
+ },
{ aspect: 'Overhead', left: '4-byte header, compact binary', right: '2-byte minimum header' },
- { aspect: 'Complexity', left: '[[rest|REST]]-like (GET, PUT, POST, DELETE)', right: 'Pub/sub (CONNECT, PUBLISH, SUBSCRIBE)' }
+ {
+ aspect: 'Complexity',
+ left: '[[rest|REST]]-like (GET, PUT, POST, DELETE)',
+ right: 'Pub/sub (CONNECT, PUBLISH, SUBSCRIBE)'
+ }
],
useLeftWhen: [
'Devices communicate directly without a central broker',
@@ -469,11 +801,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[stomp|STOMP]] is a minimal text-based messaging protocol for queue/{{topic|topic}} messaging; [[xmpp|XMPP]] is a rich {{xml|XML}}-based protocol for presence-aware, federated real-time communication.',
keyDifferences: [
- { aspect: 'Data format', left: 'Simple text frames (like HTTP)', right: '{{xml|XML}} stanzas (verbose but extensible)' },
- { aspect: 'Complexity', left: 'Minimal (SEND, SUBSCRIBE, {{ack|ACK}})', right: 'Rich (presence, roster, multi-user chat, extensions)' },
- { aspect: 'Direction', left: 'Queue/topic messaging via broker', right: '{{peer-to-peer|Peer-to-peer}} with optional server federation' },
- { aspect: 'Ecosystem', left: 'ActiveMQ, RabbitMQ [[stomp|STOMP]] plugin', right: 'ejabberd, Prosody, Openfire' },
- { aspect: 'Standardization', left: 'Simple spec, few extensions', right: 'Hundreds of XEPs (extension protocols)' }
+ {
+ aspect: 'Data format',
+ left: 'Simple text frames (like HTTP)',
+ right: '{{xml|XML}} stanzas (verbose but extensible)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Minimal (SEND, SUBSCRIBE, {{ack|ACK}})',
+ right: 'Rich (presence, roster, multi-user chat, extensions)'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Queue/topic messaging via broker',
+ right: '{{peer-to-peer|Peer-to-peer}} with optional server federation'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'ActiveMQ, RabbitMQ [[stomp|STOMP]] plugin',
+ right: 'ejabberd, Prosody, Openfire'
+ },
+ {
+ aspect: 'Standardization',
+ left: 'Simple spec, few extensions',
+ right: 'Hundreds of XEPs (extension protocols)'
+ }
],
useLeftWhen: [
'You need simple, lightweight queue or topic messaging',
@@ -494,11 +846,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[amqp|AMQP]] brokers (like RabbitMQ) route individual messages with rich delivery semantics; [[kafka|Kafka]] is a distributed log that persists ordered event streams for replay and high-throughput processing.',
keyDifferences: [
- { aspect: 'Data format', left: '{{broker|Message broker}} (consume = delete)', right: 'Append-only log (consume = read offset)' },
- { aspect: 'Ordering', left: 'Per-queue ordering', right: 'Per-partition ordering (scalable)' },
- { aspect: 'Reliability', left: 'Per-message acknowledgments', right: '{{offset|Offset}}-based consumer tracking' },
- { aspect: 'Complexity', left: 'Rich routing (exchanges, bindings)', right: 'Simple topic/partition model' },
- { aspect: 'Throughput', left: 'Lower (routing overhead per message)', right: 'Very high (sequential I/O, batching)' }
+ {
+ aspect: 'Data format',
+ left: '{{broker|Message broker}} (consume = delete)',
+ right: 'Append-only log (consume = read offset)'
+ },
+ {
+ aspect: 'Ordering',
+ left: 'Per-queue ordering',
+ right: 'Per-partition ordering (scalable)'
+ },
+ {
+ aspect: 'Reliability',
+ left: 'Per-message acknowledgments',
+ right: '{{offset|Offset}}-based consumer tracking'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Rich routing (exchanges, bindings)',
+ right: 'Simple topic/partition model'
+ },
+ {
+ aspect: 'Throughput',
+ left: 'Lower (routing overhead per message)',
+ right: 'Very high (sequential I/O, batching)'
+ }
],
useLeftWhen: [
'You need complex message routing (fanout, topic, header-based)',
@@ -520,13 +892,29 @@ const vsPairs: ProtocolPair[] = [
ids: ['dash', 'hls'],
type: 'vs',
summary:
- '[[hls|HLS]] is {{apple|Apple}}\'s {{http-method|HTTP}}-based adaptive streaming protocol with near-universal player support; [[dash|DASH]] is the open, {{codec|codec}}-agnostic {{mpeg-org|MPEG}} standard for adaptive streaming.',
+ "[[hls|HLS]] is {{apple|Apple}}'s {{http-method|HTTP}}-based adaptive streaming protocol with near-universal player support; [[dash|DASH]] is the open, {{codec|codec}}-agnostic {{mpeg-org|MPEG}} standard for adaptive streaming.",
keyDifferences: [
- { aspect: 'Standardization', left: 'Open MPEG standard (ISO/IEC 23009)', right: 'Apple proprietary (widely adopted)' },
+ {
+ aspect: 'Standardization',
+ left: 'Open MPEG standard (ISO/IEC 23009)',
+ right: 'Apple proprietary (widely adopted)'
+ },
{ aspect: 'Data format', left: 'MPD manifest ({{xml|XML}})', right: 'M3U8 playlist (text)' },
- { aspect: 'Complexity', left: 'Codec-agnostic, more flexible', right: 'Simpler, opinionated defaults' },
- { aspect: 'Browser support', left: 'Requires MSE/JavaScript player', right: 'Native in Safari/iOS, MSE elsewhere' },
- { aspect: 'Ecosystem', left: 'YouTube, Netflix, Disney+', right: 'Apple TV+, Twitch, most live streams' }
+ {
+ aspect: 'Complexity',
+ left: 'Codec-agnostic, more flexible',
+ right: 'Simpler, opinionated defaults'
+ },
+ {
+ aspect: 'Browser support',
+ left: 'Requires MSE/JavaScript player',
+ right: 'Native in Safari/iOS, MSE elsewhere'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'YouTube, Netflix, Disney+',
+ right: 'Apple TV+, Twitch, most live streams'
+ }
],
useLeftWhen: [
'You need codec flexibility (AV1, VP9) beyond H.264/H.265',
@@ -547,11 +935,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rtp|RTP]] delivers real-time audio/video over [[udp|UDP]] for interactive communication; [[rtmp|RTMP]] delivers live streams over [[tcp|TCP]] for broadcasting to media servers.',
keyDifferences: [
- { aspect: 'Transport', left: '[[udp|UDP]] (low latency, tolerates loss)', right: '[[tcp|TCP]] (reliable, higher latency)' },
- { aspect: 'Direction', left: '{{peer-to-peer|Peer-to-peer}} or multicast', right: 'Client-to-server (ingest)' },
- { aspect: 'Overhead', left: 'Minimal [[rtp|RTP]] header (12 bytes)', right: 'Chunked message format with handshake' },
- { aspect: 'Complexity', left: 'Paired with {{rtcp|RTCP}} for feedback', right: 'Self-contained streaming protocol' },
- { aspect: 'Ecosystem', left: '[[webrtc|WebRTC]], VoIP, video conferencing', right: 'OBS, Twitch ingest, Facebook Live' }
+ {
+ aspect: 'Transport',
+ left: '[[udp|UDP]] (low latency, tolerates loss)',
+ right: '[[tcp|TCP]] (reliable, higher latency)'
+ },
+ {
+ aspect: 'Direction',
+ left: '{{peer-to-peer|Peer-to-peer}} or multicast',
+ right: 'Client-to-server (ingest)'
+ },
+ {
+ aspect: 'Overhead',
+ left: 'Minimal [[rtp|RTP]] header (12 bytes)',
+ right: 'Chunked message format with handshake'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Paired with {{rtcp|RTCP}} for feedback',
+ right: 'Self-contained streaming protocol'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: '[[webrtc|WebRTC]], VoIP, video conferencing',
+ right: 'OBS, Twitch ingest, Facebook Live'
+ }
],
useLeftWhen: [
'You are building interactive audio/video (calls, conferences)',
@@ -572,11 +980,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[sip|SIP]] is the traditional telephony {{signaling|signaling}} protocol for {{voip|VoIP}} and video calls; [[webrtc|WebRTC]] provides browser-native {{peer-to-peer|peer-to-peer}} real-time communication without plugins.',
keyDifferences: [
- { aspect: 'Browser support', left: 'Requires [[sip|SIP]] client/softphone', right: 'Native in all modern browsers' },
- { aspect: 'Connection model', left: 'Client-server via [[sip|SIP]] proxy/registrar', right: '{{peer-to-peer|Peer-to-peer}} with STUN/TURN fallback' },
- { aspect: 'Complexity', left: 'Mature telecom stack ([[sip|SIP]]/[[sdp|SDP]]/[[rtp|RTP]])', right: 'Integrated (ICE, {{dtls|DTLS}}-{{srtp|SRTP}}, [[sctp|SCTP]])' },
- { aspect: 'Ecosystem', left: 'Asterisk, FreeSWITCH, telecom carriers', right: 'Browsers, Twilio, Daily, Jitsi' },
- { aspect: 'Standardization', left: '{{ietf|IETF}} [[rfc:3261|RFC 3261]] (telecom-oriented)', right: '{{w3c|W3C}} + {{ietf|IETF}} (web-oriented)' }
+ {
+ aspect: 'Browser support',
+ left: 'Requires [[sip|SIP]] client/softphone',
+ right: 'Native in all modern browsers'
+ },
+ {
+ aspect: 'Connection model',
+ left: 'Client-server via [[sip|SIP]] proxy/registrar',
+ right: '{{peer-to-peer|Peer-to-peer}} with STUN/TURN fallback'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Mature telecom stack ([[sip|SIP]]/[[sdp|SDP]]/[[rtp|RTP]])',
+ right: 'Integrated (ICE, {{dtls|DTLS}}-{{srtp|SRTP}}, [[sctp|SCTP]])'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Asterisk, FreeSWITCH, telecom carriers',
+ right: 'Browsers, Twilio, Daily, Jitsi'
+ },
+ {
+ aspect: 'Standardization',
+ left: '{{ietf|IETF}} [[rfc:3261|RFC 3261]] (telecom-oriented)',
+ right: '{{w3c|W3C}} + {{ietf|IETF}} (web-oriented)'
+ }
],
useLeftWhen: [
'You are integrating with existing telephony infrastructure (PBX, PSTN)',
@@ -597,11 +1025,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rtmp|RTMP]] is used for live stream ingest from encoders to servers; [[hls|HLS]] is used for delivery from servers to viewers via {{http-method|HTTP}}-based adaptive streaming.',
keyDifferences: [
- { aspect: 'Transport', left: 'HTTP (segment-based delivery)', right: '[[tcp|TCP]] (persistent chunked stream)' },
- { aspect: 'Direction', left: 'Server-to-viewer (playback)', right: 'Encoder-to-server (ingest/publish)' },
- { aspect: 'Overhead', left: 'Segment-based (~2-6s chunks)', right: 'Low-latency continuous stream' },
- { aspect: 'Browser support', left: 'Native in Safari, MSE elsewhere', right: 'No browser support (Flash deprecated)' },
- { aspect: 'Ecosystem', left: 'Viewers: all devices and CDNs', right: 'Ingest: OBS, Wirecast, FFmpeg' }
+ {
+ aspect: 'Transport',
+ left: 'HTTP (segment-based delivery)',
+ right: '[[tcp|TCP]] (persistent chunked stream)'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Server-to-viewer (playback)',
+ right: 'Encoder-to-server (ingest/publish)'
+ },
+ {
+ aspect: 'Overhead',
+ left: 'Segment-based (~2-6s chunks)',
+ right: 'Low-latency continuous stream'
+ },
+ {
+ aspect: 'Browser support',
+ left: 'Native in Safari, MSE elsewhere',
+ right: 'No browser support (Flash deprecated)'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Viewers: all devices and CDNs',
+ right: 'Ingest: OBS, Wirecast, FFmpeg'
+ }
],
useLeftWhen: [
'You are delivering video to end viewers (playback side)',
@@ -622,11 +1070,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rtmp|RTMP]] is a persistent [[tcp|TCP]]-based protocol for live stream ingest; [[dash|DASH]] is an {{http-method|HTTP}}-based adaptive streaming protocol for scalable video delivery to viewers.',
keyDifferences: [
- { aspect: 'Transport', left: 'HTTP (segment downloads)', right: '[[tcp|TCP]] (persistent connection)' },
- { aspect: 'Direction', left: 'Server-to-viewer (delivery)', right: 'Encoder-to-server (ingest)' },
- { aspect: 'Standardization', left: 'Open MPEG standard', right: 'Originally Adobe (now open)' },
- { aspect: 'Complexity', left: 'Adaptive bitrate with MPD manifests', right: 'Simple publish/play model' },
- { aspect: 'Browser support', left: 'Via MSE/JavaScript player', right: 'No browser support (Flash deprecated)' }
+ {
+ aspect: 'Transport',
+ left: 'HTTP (segment downloads)',
+ right: '[[tcp|TCP]] (persistent connection)'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Server-to-viewer (delivery)',
+ right: 'Encoder-to-server (ingest)'
+ },
+ {
+ aspect: 'Standardization',
+ left: 'Open MPEG standard',
+ right: 'Originally Adobe (now open)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Adaptive bitrate with MPD manifests',
+ right: 'Simple publish/play model'
+ },
+ {
+ aspect: 'Browser support',
+ left: 'Via MSE/JavaScript player',
+ right: 'No browser support (Flash deprecated)'
+ }
],
useLeftWhen: [
'You are building the viewer-facing delivery pipeline',
@@ -650,11 +1118,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[tls|TLS]] secures arbitrary application protocols transparently (HTTPS, SMTPS); [[ssh|SSH]] provides an encrypted channel specifically for remote shell access, file transfer, and {{port-forwarding|port forwarding}}.',
keyDifferences: [
- { aspect: 'Connection model', left: 'Interactive shell + channels (multiplex)', right: 'Transparent wrapper around any protocol' },
- { aspect: 'Complexity', left: 'Built-in auth, shell, file transfer, tunneling', right: 'Pure encryption/auth layer (no application features)' },
- { aspect: 'Data format', left: 'Channel-based (shell, SCP, SFTP, port forward)', right: 'Stream encryption (application handles framing)' },
- { aspect: 'Ecosystem', left: 'OpenSSH, PuTTY, remote administration', right: 'Web browsers, email servers, API gateways' },
- { aspect: 'Browser support', left: 'No browser support (terminal clients)', right: 'Native in all browsers (HTTPS)' }
+ {
+ aspect: 'Connection model',
+ left: 'Interactive shell + channels (multiplex)',
+ right: 'Transparent wrapper around any protocol'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Built-in auth, shell, file transfer, tunneling',
+ right: 'Pure encryption/auth layer (no application features)'
+ },
+ {
+ aspect: 'Data format',
+ left: 'Channel-based (shell, SCP, SFTP, port forward)',
+ right: 'Stream encryption (application handles framing)'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'OpenSSH, PuTTY, remote administration',
+ right: 'Web browsers, email servers, API gateways'
+ },
+ {
+ aspect: 'Browser support',
+ left: 'No browser support (terminal clients)',
+ right: 'Native in all browsers (HTTPS)'
+ }
],
useLeftWhen: [
'You need remote shell access or command execution on servers',
@@ -666,7 +1154,7 @@ const vsPairs: ProtocolPair[] = [
'You are securing a web protocol (HTTP, [[smtp|SMTP]], [[ftp|FTP]], [[mqtt|MQTT]])',
'Browser clients must connect securely without special software',
'Your application needs transparent encryption without changing its protocol',
- 'Certificate-based trust via public CAs (Let\'s Encrypt) is preferred'
+ "Certificate-based trust via public CAs (Let's Encrypt) is preferred"
]
},
@@ -696,7 +1184,8 @@ const vsPairs: ProtocolPair[] = [
{
aspect: 'Command format',
left: 'Tagged commands (A001 {{imap-select|SELECT}} INBOX) β enables {{pipelining|pipelining}}',
- right: 'Sequential commands ({{ehlo|EHLO}} β {{smtp-mail-from|MAIL FROM}} β {{smtp-data|DATA}})'
+ right:
+ 'Sequential commands ({{ehlo|EHLO}} β {{smtp-mail-from|MAIL FROM}} β {{smtp-data|DATA}})'
},
{
aspect: 'Default port',
@@ -726,11 +1215,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[ethernet|Ethernet]] uses cables for reliable, high-speed {{lan|LAN}} connectivity; [[wifi|Wi-Fi]] uses radio waves for wireless flexibility at the cost of shared {{airtime|airtime}} and lower throughput.',
keyDifferences: [
- { aspect: 'Medium', left: 'Copper/fiber cables (dedicated per link)', right: 'Radio waves (shared airtime)' },
- { aspect: 'Access control', left: 'Full duplex on switched links (no collisions)', right: 'CSMA/{{certificate-authority|CA}} β collision avoidance on shared medium' },
- { aspect: 'Speed (typical)', left: '1-100 Gbps', right: '100 Mbpsβ9.6 Gbps ([[wifi|Wi-Fi]] 6E/7)' },
- { aspect: 'Security', left: 'Physical access required (inherently private)', right: '{{encryption|Encryption}} mandatory (WPA2/WPA3)' },
- { aspect: 'Addressing', left: '2 MAC addresses per frame (src, dst)', right: '3-4 MAC addresses per frame (RA, TA, DA, SA)' }
+ {
+ aspect: 'Medium',
+ left: 'Copper/fiber cables (dedicated per link)',
+ right: 'Radio waves (shared airtime)'
+ },
+ {
+ aspect: 'Access control',
+ left: 'Full duplex on switched links (no collisions)',
+ right: 'CSMA/{{certificate-authority|CA}} β collision avoidance on shared medium'
+ },
+ {
+ aspect: 'Speed (typical)',
+ left: '1-100 Gbps',
+ right: '100 Mbpsβ9.6 Gbps ([[wifi|Wi-Fi]] 6E/7)'
+ },
+ {
+ aspect: 'Security',
+ left: 'Physical access required (inherently private)',
+ right: '{{encryption|Encryption}} mandatory (WPA2/WPA3)'
+ },
+ {
+ aspect: 'Addressing',
+ left: '2 MAC addresses per frame (src, dst)',
+ right: '3-4 MAC addresses per frame (RA, TA, DA, SA)'
+ }
],
useLeftWhen: [
'Maximum speed and minimum latency are required (data centers, server rooms)',
@@ -752,11 +1261,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[ip|IPv4]] uses 32-bit addresses (4.3 billion) and has served since 1981; [[ipv6|IPv6]] uses 128-bit addresses (340 undecillion) with a simplified header and no {{nat|NAT}} needed.',
keyDifferences: [
- { aspect: 'Address size', left: '32-bit (192.168.1.1) β 4.3 billion addresses', right: '128-bit (2001:db8::1) β 340 undecillion addresses' },
- { aspect: 'Header', left: 'Variable 20-60 bytes, header checksum, options', right: 'Fixed 40 bytes, no checksum, extension header chain' },
- { aspect: 'Fragmentation', left: 'Routers and hosts can fragment', right: 'Only source host fragments ({{path-mtu-discovery|Path MTU Discovery}})' },
- { aspect: 'Address resolution', left: '[[arp|ARP]] broadcasts (FF:FF:FF:FF:FF:FF)', right: '{{ndp|NDP}} solicited-node multicast (far more efficient)' },
- { aspect: 'Auto-configuration', left: 'Requires [[dhcp|DHCP]] server', right: '{{slaac|SLAAC}} β hosts self-configure from router prefix' }
+ {
+ aspect: 'Address size',
+ left: '32-bit (192.168.1.1) β 4.3 billion addresses',
+ right: '128-bit (2001:db8::1) β 340 undecillion addresses'
+ },
+ {
+ aspect: 'Header',
+ left: 'Variable 20-60 bytes, header checksum, options',
+ right: 'Fixed 40 bytes, no checksum, extension header chain'
+ },
+ {
+ aspect: 'Fragmentation',
+ left: 'Routers and hosts can fragment',
+ right: 'Only source host fragments ({{path-mtu-discovery|Path MTU Discovery}})'
+ },
+ {
+ aspect: 'Address resolution',
+ left: '[[arp|ARP]] broadcasts (FF:FF:FF:FF:FF:FF)',
+ right: '{{ndp|NDP}} solicited-node multicast (far more efficient)'
+ },
+ {
+ aspect: 'Auto-configuration',
+ left: 'Requires [[dhcp|DHCP]] server',
+ right: '{{slaac|SLAAC}} β hosts self-configure from router prefix'
+ }
],
useLeftWhen: [
'You are operating in legacy environments where [[ipv6|IPv6]] is not yet supported',
@@ -780,11 +1309,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[soap|SOAP]] provides formal {{xml|XML}} contracts and enterprise features (transactions, security); [[rest|REST]] favors simplicity with {{json|JSON}} over {{http-method|HTTP}} and standard methods.',
keyDifferences: [
- { aspect: 'Data format', left: '{{xml|XML}} only (strict schema)', right: '{{json|JSON}}, {{xml|XML}}, or any format (flexible)' },
- { aspect: 'Contract', left: 'WSDL β formal, machine-readable service definition', right: 'OpenAPI/Swagger β optional, documentation-oriented' },
- { aspect: 'Transport', left: 'HTTP POST only (protocol-agnostic in theory)', right: 'Full HTTP semantics (GET, POST, PUT, DELETE)' },
- { aspect: 'Error handling', left: '[[soap|SOAP]] Fault β structured {{xml|XML}} error envelopes', right: 'HTTP status codes (404, 500, etc.)' },
- { aspect: 'Ecosystem', left: 'WS-Security, WS-ReliableMessaging, WS-AtomicTransaction', right: 'Lightweight β use [[tls|TLS]], retries, saga pattern separately' }
+ {
+ aspect: 'Data format',
+ left: '{{xml|XML}} only (strict schema)',
+ right: '{{json|JSON}}, {{xml|XML}}, or any format (flexible)'
+ },
+ {
+ aspect: 'Contract',
+ left: 'WSDL β formal, machine-readable service definition',
+ right: 'OpenAPI/Swagger β optional, documentation-oriented'
+ },
+ {
+ aspect: 'Transport',
+ left: 'HTTP POST only (protocol-agnostic in theory)',
+ right: 'Full HTTP semantics (GET, POST, PUT, DELETE)'
+ },
+ {
+ aspect: 'Error handling',
+ left: '[[soap|SOAP]] Fault β structured {{xml|XML}} error envelopes',
+ right: 'HTTP status codes (404, 500, etc.)'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'WS-Security, WS-ReliableMessaging, WS-AtomicTransaction',
+ right: 'Lightweight β use [[tls|TLS]], retries, saga pattern separately'
+ }
],
useLeftWhen: [
'You need formal service contracts with strict schema validation (banking, insurance)',
@@ -805,11 +1354,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'Both use strict contracts and code generation, but [[soap|SOAP]] wraps calls in verbose {{xml|XML}} envelopes while [[grpc|gRPC]] uses compact binary Protobuf over [[http2|HTTP/2]].',
keyDifferences: [
- { aspect: 'Serialization', left: '{{xml|XML}} (text-based, verbose)', right: '{{protocol-buffers|Protocol Buffers}} (binary, compact)' },
- { aspect: 'Contract', left: 'WSDL ({{xml|XML}} Schema)', right: '.proto files ({{protocol-buffers|Protocol Buffers}} IDL)' },
- { aspect: 'Transport', left: '[[http1|HTTP/1.1]] POST', right: '[[http2|HTTP/2]] with multiplexing and streaming' },
- { aspect: 'Streaming', left: 'Not supported natively', right: 'Bidirectional streaming built-in' },
- { aspect: 'Ecosystem', left: 'Mature enterprise (Java, .NET)', right: 'Modern polyglot (Go, Rust, Python, Java, JS)' }
+ {
+ aspect: 'Serialization',
+ left: '{{xml|XML}} (text-based, verbose)',
+ right: '{{protocol-buffers|Protocol Buffers}} (binary, compact)'
+ },
+ {
+ aspect: 'Contract',
+ left: 'WSDL ({{xml|XML}} Schema)',
+ right: '.proto files ({{protocol-buffers|Protocol Buffers}} IDL)'
+ },
+ {
+ aspect: 'Transport',
+ left: '[[http1|HTTP/1.1]] POST',
+ right: '[[http2|HTTP/2]] with multiplexing and streaming'
+ },
+ {
+ aspect: 'Streaming',
+ left: 'Not supported natively',
+ right: 'Bidirectional streaming built-in'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Mature enterprise (Java, .NET)',
+ right: 'Modern polyglot (Go, Rust, Python, Java, JS)'
+ }
],
useLeftWhen: [
'You are in a regulated industry requiring WSDL-based formal contracts',
@@ -830,11 +1399,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[soap|SOAP]] defines rigid operations via {{wsdl|WSDL}}; [[graphql|GraphQL]] lets clients specify exactly the data they need in a single flexible query.',
keyDifferences: [
- { aspect: 'Query model', left: 'Fixed operations defined in WSDL', right: 'Client specifies exact fields and relationships' },
- { aspect: 'Data format', left: '{{xml|XML}} envelopes with {{xml|XML}} Schema', right: '{{json|JSON}} responses with typed schema' },
- { aspect: 'Over/under-fetching', left: 'Returns entire operation result (over-fetching)', right: 'Returns exactly requested fields (precise)' },
- { aspect: 'Versioning', left: 'WSDL versioning (breaking changes)', right: 'Schema evolution (additive, non-breaking)' },
- { aspect: 'Introspection', left: 'WSDL document download', right: 'Built-in schema introspection queries' }
+ {
+ aspect: 'Query model',
+ left: 'Fixed operations defined in WSDL',
+ right: 'Client specifies exact fields and relationships'
+ },
+ {
+ aspect: 'Data format',
+ left: '{{xml|XML}} envelopes with {{xml|XML}} Schema',
+ right: '{{json|JSON}} responses with typed schema'
+ },
+ {
+ aspect: 'Over/under-fetching',
+ left: 'Returns entire operation result (over-fetching)',
+ right: 'Returns exactly requested fields (precise)'
+ },
+ {
+ aspect: 'Versioning',
+ left: 'WSDL versioning (breaking changes)',
+ right: 'Schema evolution (additive, non-breaking)'
+ },
+ {
+ aspect: 'Introspection',
+ left: 'WSDL document download',
+ right: 'Built-in schema introspection queries'
+ }
],
useLeftWhen: [
'You need formal, validated contracts for enterprise integration',
@@ -858,11 +1447,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[oauth2|OAuth 2.0]] handles authorization (who can access what); [[tls|TLS]] handles {{encryption|encryption}} (protecting data in {{transit|transit}}). Different problems, complementary solutions β [[oauth2|OAuth]] requires [[tls|TLS]].',
keyDifferences: [
- { aspect: 'Problem solved', left: 'Authorization β delegated access to resources', right: '{{encryption|Encryption}} β confidentiality and integrity of data in transit' },
- { aspect: 'OSI layer', left: 'Application layer (HTTP redirects, tokens)', right: 'Session/transport layer (encrypts byte streams)' },
- { aspect: 'Scope', left: 'Per-resource access control (scopes, tokens)', right: 'Per-connection encryption (entire data stream)' },
- { aspect: 'User involvement', left: 'User consents to grant access', right: 'Transparent to the user (lock icon in browser)' },
- { aspect: 'Dependency', left: 'Requires [[tls|TLS]] for security (tokens in cleartext = disaster)', right: 'Independent β works without [[oauth2|OAuth]]' }
+ {
+ aspect: 'Problem solved',
+ left: 'Authorization β delegated access to resources',
+ right: '{{encryption|Encryption}} β confidentiality and integrity of data in transit'
+ },
+ {
+ aspect: 'OSI layer',
+ left: 'Application layer (HTTP redirects, tokens)',
+ right: 'Session/transport layer (encrypts byte streams)'
+ },
+ {
+ aspect: 'Scope',
+ left: 'Per-resource access control (scopes, tokens)',
+ right: 'Per-connection encryption (entire data stream)'
+ },
+ {
+ aspect: 'User involvement',
+ left: 'User consents to grant access',
+ right: 'Transparent to the user (lock icon in browser)'
+ },
+ {
+ aspect: 'Dependency',
+ left: 'Requires [[tls|TLS]] for security (tokens in cleartext = disaster)',
+ right: 'Independent β works without [[oauth2|OAuth]]'
+ }
],
useLeftWhen: [
'Third-party apps need access to user resources without passwords',
@@ -886,11 +1495,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rest|REST]] maps operations to {{http-method|HTTP}} verbs and multiple resource URLs; [[json-rpc|JSON-RPC]] sends method names to a single endpoint. [[rest|REST]] is resource-oriented, [[json-rpc|JSON-RPC]] is action-oriented.',
keyDifferences: [
- { aspect: 'Data format', left: 'Method name + params in {{json|JSON}} body', right: 'HTTP verbs + resource URLs' },
- { aspect: 'Caching', left: 'Not cacheable (all POSTs)', right: 'HTTP-level caching (GET is cacheable)' },
- { aspect: 'Complexity', left: 'Minimal spec, single endpoint', right: 'Convention-heavy, multiple endpoints' },
- { aspect: 'Ecosystem', left: 'Growing (blockchain, AI agents)', right: 'Dominant (most public APIs)' },
- { aspect: 'Overhead', left: 'Batch requests reduce round trips', right: 'One HTTP request per operation' }
+ {
+ aspect: 'Data format',
+ left: 'Method name + params in {{json|JSON}} body',
+ right: 'HTTP verbs + resource URLs'
+ },
+ {
+ aspect: 'Caching',
+ left: 'Not cacheable (all POSTs)',
+ right: 'HTTP-level caching (GET is cacheable)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Minimal spec, single endpoint',
+ right: 'Convention-heavy, multiple endpoints'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Growing (blockchain, AI agents)',
+ right: 'Dominant (most public APIs)'
+ },
+ {
+ aspect: 'Overhead',
+ left: 'Batch requests reduce round trips',
+ right: 'One HTTP request per operation'
+ }
],
useLeftWhen: [
'Your API is action-oriented rather than resource-oriented (execute, calculate, query)',
@@ -911,11 +1540,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[grpc|gRPC]] uses binary {{protocol-buffers|Protocol Buffers}} and [[http2|HTTP/2]] for maximum performance with code generation; [[json-rpc|JSON-RPC]] uses human-readable {{json|JSON}} over any transport for maximum simplicity.',
keyDifferences: [
- { aspect: 'Data format', left: 'Binary ({{protocol-buffers|Protocol Buffers}})', right: 'Text ({{json|JSON}})' },
- { aspect: 'Transport', left: '[[http2|HTTP/2]] only', right: 'Any (HTTP, [[websockets|WebSocket]], stdio, [[tcp|TCP]])' },
- { aspect: 'Direction', left: 'Unary + bidirectional streaming', right: '{{request-response|Request-response}} + notifications' },
- { aspect: 'Complexity', left: '.proto files + code generation', right: 'No schema, no build step' },
- { aspect: 'Ecosystem', left: 'Mature (Google-backed, 11 languages)', right: 'Lightweight (blockchain, AI, editors)' }
+ {
+ aspect: 'Data format',
+ left: 'Binary ({{protocol-buffers|Protocol Buffers}})',
+ right: 'Text ({{json|JSON}})'
+ },
+ {
+ aspect: 'Transport',
+ left: '[[http2|HTTP/2]] only',
+ right: 'Any (HTTP, [[websockets|WebSocket]], stdio, [[tcp|TCP]])'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Unary + bidirectional streaming',
+ right: '{{request-response|Request-response}} + notifications'
+ },
+ {
+ aspect: 'Complexity',
+ left: '.proto files + code generation',
+ right: 'No schema, no build step'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Mature (Google-backed, 11 languages)',
+ right: 'Lightweight (blockchain, AI, editors)'
+ }
],
useLeftWhen: [
'You need maximum throughput between internal microservices',
@@ -936,11 +1585,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[graphql|GraphQL]] lets clients {{imap-select|select}} exactly which fields they need via a query language; [[json-rpc|JSON-RPC]] calls methods by name and returns whatever the method returns β no field selection.',
keyDifferences: [
- { aspect: 'Data format', left: 'Query language with field selection', right: 'Method name + params, fixed response' },
- { aspect: 'Complexity', left: 'Schema, resolvers, query parsing', right: 'No schema, direct method dispatch' },
- { aspect: 'Overhead', left: 'Query parsing + validation per request', right: 'Minimal β {{json|JSON}} parse + method lookup' },
- { aspect: 'Direction', left: '{{request-response|Request-response}} + subscriptions', right: '{{request-response|Request-response}} + notifications' },
- { aspect: 'Ecosystem', left: 'Web frontends, mobile apps', right: 'Infrastructure, blockchain, AI agents' }
+ {
+ aspect: 'Data format',
+ left: 'Query language with field selection',
+ right: 'Method name + params, fixed response'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'Schema, resolvers, query parsing',
+ right: 'No schema, direct method dispatch'
+ },
+ {
+ aspect: 'Overhead',
+ left: 'Query parsing + validation per request',
+ right: 'Minimal β {{json|JSON}} parse + method lookup'
+ },
+ {
+ aspect: 'Direction',
+ left: '{{request-response|Request-response}} + subscriptions',
+ right: '{{request-response|Request-response}} + notifications'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Web frontends, mobile apps',
+ right: 'Infrastructure, blockchain, AI agents'
+ }
],
useLeftWhen: [
'Clients have varied data needs and over-fetching is a problem',
@@ -961,11 +1630,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[soap|SOAP]] wraps {{rpc|RPC}} calls in verbose {{xml|XML}} envelopes with formal {{wsdl|WSDL}} contracts and {{ws-star|WS-*}} extensions; [[json-rpc|JSON-RPC]] does the same thing in a few lines of {{json|JSON}} with no ceremony.',
keyDifferences: [
- { aspect: 'Data format', left: '{{json|JSON}} (lightweight text)', right: '{{xml|XML}} (verbose, structured envelopes)' },
- { aspect: 'Complexity', left: 'One-page spec, no schema required', right: 'WSDL, XSD, WS-* extensions' },
- { aspect: 'Overhead', left: '~60 bytes for a simple call', right: '500+ bytes for the same call in {{xml|XML}}' },
- { aspect: 'Standardization', left: 'Community spec (jsonrpc.org)', right: '{{w3c|W3C}} standard with enterprise extensions' },
- { aspect: 'Ecosystem', left: 'Modern infrastructure and AI', right: 'Enterprise banking, healthcare, government' }
+ {
+ aspect: 'Data format',
+ left: '{{json|JSON}} (lightweight text)',
+ right: '{{xml|XML}} (verbose, structured envelopes)'
+ },
+ {
+ aspect: 'Complexity',
+ left: 'One-page spec, no schema required',
+ right: 'WSDL, XSD, WS-* extensions'
+ },
+ {
+ aspect: 'Overhead',
+ left: '~60 bytes for a simple call',
+ right: '500+ bytes for the same call in {{xml|XML}}'
+ },
+ {
+ aspect: 'Standardization',
+ left: 'Community spec (jsonrpc.org)',
+ right: '{{w3c|W3C}} standard with enterprise extensions'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'Modern infrastructure and AI',
+ right: 'Enterprise banking, healthcare, government'
+ }
],
useLeftWhen: [
'You want RPC without the overhead of {{xml|XML}} and WSDL',
@@ -989,11 +1678,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[mcp|MCP]] connects an {{ai|AI}} agent to tools and data sources; [[a2a|A2A]] connects {{ai|AI}} agents to each other for multi-agent collaboration. They are complementary, not competing.',
keyDifferences: [
- { aspect: 'Purpose', left: 'Agent-to-agent collaboration', right: 'Agent-to-tool integration' },
- { aspect: 'Discovery', left: 'Agent Cards at /.well-known/agent.json', right: 'Capabilities handshake (initialize)' },
- { aspect: 'Transparency', left: 'Opaque (skills only, no internals)', right: 'Transparent (tool schemas, resource URIs)' },
- { aspect: 'Unit of work', left: 'Task with lifecycle (stateful)', right: 'Tool call (stateless {{request-response|request-response}})' },
- { aspect: 'Transport', left: 'HTTP, [[sse|SSE]], webhooks, [[grpc|gRPC]]', right: 'stdio, Streamable HTTP' }
+ {
+ aspect: 'Purpose',
+ left: 'Agent-to-agent collaboration',
+ right: 'Agent-to-tool integration'
+ },
+ {
+ aspect: 'Discovery',
+ left: 'Agent Cards at /.well-known/agent.json',
+ right: 'Capabilities handshake (initialize)'
+ },
+ {
+ aspect: 'Transparency',
+ left: 'Opaque (skills only, no internals)',
+ right: 'Transparent (tool schemas, resource URIs)'
+ },
+ {
+ aspect: 'Unit of work',
+ left: 'Task with lifecycle (stateful)',
+ right: 'Tool call (stateless {{request-response|request-response}})'
+ },
+ {
+ aspect: 'Transport',
+ left: 'HTTP, [[sse|SSE]], webhooks, [[grpc|gRPC]]',
+ right: 'stdio, Streamable HTTP'
+ }
],
useLeftWhen: [
'You need multiple AI agents to collaborate on complex tasks',
@@ -1014,11 +1723,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rest|REST]] is a general-purpose {{api|API}} style for any client; [[a2a|A2A]] is specifically designed for {{ai|AI}} agent communication with discovery, task lifecycle, and streaming built in.',
keyDifferences: [
- { aspect: 'Purpose', left: 'AI agent-to-agent collaboration', right: 'General-purpose API access' },
- { aspect: 'Discovery', left: 'Agent Cards with skills and auth', right: 'OpenAPI/Swagger documentation' },
- { aspect: 'Statefulness', left: '{{stateful|Stateful}} tasks with lifecycle', right: '{{stateless|Stateless}} {{request-response|request-response}}' },
- { aspect: 'Direction', left: 'Bidirectional ([[sse|SSE]], webhooks)', right: 'Client-initiated only' },
- { aspect: 'Data format', left: '[[json-rpc|JSON-RPC]] methods + Parts/Artifacts', right: 'HTTP verbs + resource URLs' }
+ {
+ aspect: 'Purpose',
+ left: 'AI agent-to-agent collaboration',
+ right: 'General-purpose API access'
+ },
+ {
+ aspect: 'Discovery',
+ left: 'Agent Cards with skills and auth',
+ right: 'OpenAPI/Swagger documentation'
+ },
+ {
+ aspect: 'Statefulness',
+ left: '{{stateful|Stateful}} tasks with lifecycle',
+ right: '{{stateless|Stateless}} {{request-response|request-response}}'
+ },
+ {
+ aspect: 'Direction',
+ left: 'Bidirectional ([[sse|SSE]], webhooks)',
+ right: 'Client-initiated only'
+ },
+ {
+ aspect: 'Data format',
+ left: '[[json-rpc|JSON-RPC]] methods + Parts/Artifacts',
+ right: 'HTTP verbs + resource URLs'
+ }
],
useLeftWhen: [
'You are building multi-agent AI systems that need to delegate and coordinate',
@@ -1039,11 +1768,27 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[rest|REST]] exposes resources via {{http-method|HTTP}} for any client; [[mcp|MCP]] exposes tools, resources, and prompts specifically for {{ai|AI}} applications with {{llm|LLM}}-native semantics like {{sampling|sampling}} and tool schemas.',
keyDifferences: [
- { aspect: 'Purpose', left: 'AI-native tool and data access', right: 'General-purpose API access' },
- { aspect: 'Discovery', left: 'Dynamic capability negotiation', right: 'Static OpenAPI documentation' },
- { aspect: 'Data format', left: '[[json-rpc|JSON-RPC]] methods (tools/call)', right: 'HTTP verbs + resource URLs' },
+ {
+ aspect: 'Purpose',
+ left: 'AI-native tool and data access',
+ right: 'General-purpose API access'
+ },
+ {
+ aspect: 'Discovery',
+ left: 'Dynamic capability negotiation',
+ right: 'Static OpenAPI documentation'
+ },
+ {
+ aspect: 'Data format',
+ left: '[[json-rpc|JSON-RPC]] methods (tools/call)',
+ right: 'HTTP verbs + resource URLs'
+ },
{ aspect: 'Transport', left: 'stdio + Streamable HTTP', right: 'HTTP only' },
- { aspect: 'Ecosystem', left: 'AI apps (Claude, ChatGPT, Cursor)', right: 'Universal (any HTTP client)' }
+ {
+ aspect: 'Ecosystem',
+ left: 'AI apps (Claude, ChatGPT, Cursor)',
+ right: 'Universal (any HTTP client)'
+ }
],
useLeftWhen: [
'You are building tools for AI applications to consume (not human developers)',
@@ -1064,11 +1809,31 @@ const vsPairs: ProtocolPair[] = [
summary:
'[[grpc|gRPC]] is a general-purpose {{rpc|RPC}} framework for microservices; [[a2a|A2A]] is specifically designed for {{ai|AI}} agent communication with agent discovery, task lifecycle, and opaque collaboration.',
keyDifferences: [
- { aspect: 'Purpose', left: 'AI agent collaboration', right: 'General-purpose microservice RPC' },
- { aspect: 'Discovery', left: 'Agent Cards with skills', right: 'Protobuf service reflection' },
- { aspect: 'Data format', left: '[[json-rpc|JSON-RPC]] 2.0 (text)', right: '{{protocol-buffers|Protocol Buffers}} (binary)' },
- { aspect: 'Statefulness', left: '{{stateful|Stateful}} tasks with lifecycle', right: '{{stateless|Stateless}} unary or streaming calls' },
- { aspect: 'Ecosystem', left: 'AI agents (Google, Salesforce, SAP)', right: 'Microservices (Kubernetes, {{service-mesh|service mesh}})' }
+ {
+ aspect: 'Purpose',
+ left: 'AI agent collaboration',
+ right: 'General-purpose microservice RPC'
+ },
+ {
+ aspect: 'Discovery',
+ left: 'Agent Cards with skills',
+ right: 'Protobuf service reflection'
+ },
+ {
+ aspect: 'Data format',
+ left: '[[json-rpc|JSON-RPC]] 2.0 (text)',
+ right: '{{protocol-buffers|Protocol Buffers}} (binary)'
+ },
+ {
+ aspect: 'Statefulness',
+ left: '{{stateful|Stateful}} tasks with lifecycle',
+ right: '{{stateless|Stateless}} unary or streaming calls'
+ },
+ {
+ aspect: 'Ecosystem',
+ left: 'AI agents (Google, Salesforce, SAP)',
+ right: 'Microservices (Kubernetes, {{service-mesh|service mesh}})'
+ }
],
useLeftWhen: [
'You are orchestrating opaque AI agents that need to discover and delegate tasks',
@@ -1100,7 +1865,8 @@ const relationshipPairs: ProtocolPair[] = [
howTheyWork:
'[[tcp|TCP]] first establishes a reliable connection via its 3-way {{handshake|handshake}}. Then [[tls|TLS]] performs its own {{handshake|handshake}} on top of that [[tcp|TCP]] connection, negotiating cipher suites and exchanging keys. Once both handshakes complete, all application data flows through [[tls|TLS]] {{encryption|encryption}} over the [[tcp|TCP]] stream.',
leftRole: '[[tcp|TCP]] provides reliable, ordered byte-stream delivery between endpoints.',
- rightRole: '[[tls|TLS]] provides confidentiality, integrity, and authentication for the data [[tcp|TCP]] carries.'
+ rightRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and authentication for the data [[tcp|TCP]] carries.'
},
{
ids: ['amqp', 'tcp'],
@@ -1108,9 +1874,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[amqp|AMQP]] runs over [[tcp|TCP]], relying on its reliable byte stream to guarantee that messages, acknowledgments, and routing commands between clients and brokers are never lost or reordered.',
howTheyWork:
- 'An [[amqp|AMQP]] client opens a [[tcp|TCP]] connection to the broker (typically port 5672) and performs the [[amqp|AMQP]] protocol {{handshake|handshake}} to negotiate capabilities. [[amqp|AMQP]] then multiplexes multiple logical channels over this single [[tcp|TCP]] connection, using [[tcp|TCP]]\'s reliability to ensure every published message, acknowledgment, and broker command arrives intact and in order.',
- leftRole: '[[amqp|AMQP]] provides message routing, queuing, acknowledgment, and delivery guarantee semantics.',
- rightRole: '[[tcp|TCP]] provides the reliable, ordered byte-stream transport that [[amqp|AMQP]] frames are carried over.'
+ "An [[amqp|AMQP]] client opens a [[tcp|TCP]] connection to the broker (typically port 5672) and performs the [[amqp|AMQP]] protocol {{handshake|handshake}} to negotiate capabilities. [[amqp|AMQP]] then multiplexes multiple logical channels over this single [[tcp|TCP]] connection, using [[tcp|TCP]]'s reliability to ensure every published message, acknowledgment, and broker command arrives intact and in order.",
+ leftRole:
+ '[[amqp|AMQP]] provides message routing, queuing, acknowledgment, and delivery guarantee semantics.',
+ rightRole:
+ '[[tcp|TCP]] provides the reliable, ordered byte-stream transport that [[amqp|AMQP]] frames are carried over.'
},
{
ids: ['dns', 'tcp'],
@@ -1119,8 +1887,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[dns|DNS]] falls back to [[tcp|TCP]] when responses exceed the 512-byte [[udp|UDP]] limit or when zone transfers require reliable delivery of complete [[dns|DNS]] records.',
howTheyWork:
'When a [[dns|DNS]] response is too large for a single [[udp|UDP]] datagram (common with {{dnssec|DNSSEC}} or many records), the server signals truncation and the client retries over [[tcp|TCP]] port 53. Zone transfers (AXFR/IXFR) between authoritative servers always use [[tcp|TCP]] to ensure the complete zone dataset is delivered reliably without loss or reordering.',
- leftRole: '[[dns|DNS]] defines the query/response protocol for name resolution and zone transfer operations.',
- rightRole: '[[tcp|TCP]] provides reliable delivery for large [[dns|DNS]] responses and complete zone transfers that exceed [[udp|UDP]]\'s practical limits.'
+ leftRole:
+ '[[dns|DNS]] defines the query/response protocol for name resolution and zone transfer operations.',
+ rightRole:
+ "[[tcp|TCP]] provides reliable delivery for large [[dns|DNS]] responses and complete zone transfers that exceed [[udp|UDP]]'s practical limits."
},
{
ids: ['ftp', 'tcp'],
@@ -1128,19 +1898,23 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[ftp|FTP]] uses [[tcp|TCP]] for both its control channel (commands and responses) and its separate data channel (file transfers), relying on reliable delivery to ensure files arrive intact.',
howTheyWork:
- '[[ftp|FTP]] establishes a [[tcp|TCP]] control connection on port 21 for exchanging commands (LIST, RETR, STOR) and status replies. For each file transfer, a separate [[tcp|TCP]] data connection is opened β either from server to client (active mode) or client to server (passive mode). [[tcp|TCP]]\'s reliability guarantees that transferred files are complete and uncorrupted.',
- leftRole: '[[ftp|FTP]] provides the command protocol for file listing, upload, download, and directory navigation.',
- rightRole: '[[tcp|TCP]] provides reliable, ordered delivery for both the [[ftp|FTP]] control channel and file data transfers.'
+ "[[ftp|FTP]] establishes a [[tcp|TCP]] control connection on port 21 for exchanging commands (LIST, RETR, STOR) and status replies. For each file transfer, a separate [[tcp|TCP]] data connection is opened β either from server to client (active mode) or client to server (passive mode). [[tcp|TCP]]'s reliability guarantees that transferred files are complete and uncorrupted.",
+ leftRole:
+ '[[ftp|FTP]] provides the command protocol for file listing, upload, download, and directory navigation.',
+ rightRole:
+ '[[tcp|TCP]] provides reliable, ordered delivery for both the [[ftp|FTP]] control channel and file data transfers.'
},
{
ids: ['http1', 'tcp'],
type: 'relationship',
summary:
- '[[http1|[[http1|HTTP/1]].1]] sends requests and responses as plaintext over [[tcp|TCP]] connections, relying on [[tcp|TCP]]\'s reliable delivery to ensure every header and body byte arrives in order.',
+ "[[http1|[[http1|HTTP/1]].1]] sends requests and responses as plaintext over [[tcp|TCP]] connections, relying on [[tcp|TCP]]'s reliable delivery to ensure every header and body byte arrives in order.",
howTheyWork:
- 'The client opens a [[tcp|TCP]] connection (typically port 80 or 443 with [[tls|TLS]]) and sends an {{http-method|HTTP}} request as a text stream. The server responds over the same connection, which can be reused for subsequent requests via {{keep-alive|keep-alive}}. Each {{request-response|request-response}} pair is serialized on the connection, meaning [[http1|[[http1|HTTP/1]].1]] inherits [[tcp|TCP]]\'s {{head-of-line-blocking|head-of-line blocking}}.',
- leftRole: '[[http1|[[http1|HTTP/1]].1]] provides the {{request-response|request-response}} semantics, headers, methods, and status codes for web communication.',
- rightRole: '[[tcp|TCP]] provides the reliable, ordered byte stream that [[http1|[[http1|HTTP/1]].1]] messages are transmitted over.'
+ "The client opens a [[tcp|TCP]] connection (typically port 80 or 443 with [[tls|TLS]]) and sends an {{http-method|HTTP}} request as a text stream. The server responds over the same connection, which can be reused for subsequent requests via {{keep-alive|keep-alive}}. Each {{request-response|request-response}} pair is serialized on the connection, meaning [[http1|[[http1|HTTP/1]].1]] inherits [[tcp|TCP]]'s {{head-of-line-blocking|head-of-line blocking}}.",
+ leftRole:
+ '[[http1|[[http1|HTTP/1]].1]] provides the {{request-response|request-response}} semantics, headers, methods, and status codes for web communication.',
+ rightRole:
+ '[[tcp|TCP]] provides the reliable, ordered byte stream that [[http1|[[http1|HTTP/1]].1]] messages are transmitted over.'
},
{
ids: ['http2', 'tcp'],
@@ -1149,8 +1923,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[http2|HTTP/2]] multiplexes many {{request-response|request-response}} streams over a single [[tcp|TCP]] connection, gaining efficiency but inheriting [[tcp|TCP]]-level {{head-of-line-blocking|head-of-line blocking}} when packets are lost.',
howTheyWork:
'[[http2|HTTP/2]] opens one [[tcp|TCP]] connection per origin and sends all requests as interleaved binary frames across independent logical streams. [[tcp|TCP]] sees this as a single byte stream and guarantees ordered delivery. If any [[tcp|TCP]] segment is lost, all [[http2|HTTP/2]] streams stall until {{retransmission|retransmission}} completes β this [[tcp|TCP]]-level {{head-of-line-blocking|head-of-line blocking}} is what [[http3|HTTP/3]] ([[quic|QUIC]]) was designed to solve.',
- leftRole: '[[http2|HTTP/2]] provides {{binary-framing|binary framing}}, multiplexed streams, header compression, and {{server-push|server push}}.',
- rightRole: '[[tcp|TCP]] provides the single reliable byte stream over which all [[http2|HTTP/2]] frames are delivered.'
+ leftRole:
+ '[[http2|HTTP/2]] provides {{binary-framing|binary framing}}, multiplexed streams, header compression, and {{server-push|server push}}.',
+ rightRole:
+ '[[tcp|TCP]] provides the single reliable byte stream over which all [[http2|HTTP/2]] frames are delivered.'
},
{
ids: ['kafka', 'tcp'],
@@ -1158,19 +1934,23 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[kafka|Kafka]] uses persistent [[tcp|TCP]] connections between producers, consumers, and brokers to reliably stream high-throughput event data with ordering guarantees.',
howTheyWork:
- '[[kafka|Kafka]] clients open long-lived [[tcp|TCP]] connections to brokers (default port 9092) and use [[kafka|Kafka]]\'s binary protocol to produce and consume messages in batches. [[tcp|TCP]]\'s reliable delivery ensures that large batches of events, {{offset|offset}} commits, and metadata requests are never lost or reordered. Clients maintain connections to multiple brokers for {{partition|partition}}-aware routing.',
- leftRole: '[[kafka|Kafka]] provides distributed log storage, partitioned {{topic|topic}} streaming, and {{consumer-group|consumer group}} coordination.',
- rightRole: '[[tcp|TCP]] provides the reliable, persistent connections needed for high-throughput event delivery between [[kafka|Kafka]] clients and brokers.'
+ "[[kafka|Kafka]] clients open long-lived [[tcp|TCP]] connections to brokers (default port 9092) and use [[kafka|Kafka]]'s binary protocol to produce and consume messages in batches. [[tcp|TCP]]'s reliable delivery ensures that large batches of events, {{offset|offset}} commits, and metadata requests are never lost or reordered. Clients maintain connections to multiple brokers for {{partition|partition}}-aware routing.",
+ leftRole:
+ '[[kafka|Kafka]] provides distributed log storage, partitioned {{topic|topic}} streaming, and {{consumer-group|consumer group}} coordination.',
+ rightRole:
+ '[[tcp|TCP]] provides the reliable, persistent connections needed for high-throughput event delivery between [[kafka|Kafka]] clients and brokers.'
},
{
ids: ['mqtt', 'tcp'],
type: 'relationship',
summary:
- '[[mqtt|MQTT]] uses [[tcp|TCP]] as its default transport, relying on [[tcp|TCP]]\'s reliable delivery to carry lightweight pub/sub messages between IoT devices and brokers.',
+ "[[mqtt|MQTT]] uses [[tcp|TCP]] as its default transport, relying on [[tcp|TCP]]'s reliable delivery to carry lightweight pub/sub messages between IoT devices and brokers.",
howTheyWork:
- 'An [[mqtt|MQTT]] client opens a [[tcp|TCP]] connection to the broker (typically port 1883, or 8883 with [[tls|TLS]]) and sends a {{mqtt-connect|CONNECT}} packet to establish the session. [[tcp|TCP]]\'s reliability ensures that {{mqtt-publish|PUBLISH}}, {{mqtt-subscribe|SUBSCRIBE}}, and acknowledgment packets arrive intact, which [[mqtt|MQTT]] layers its own QoS levels on top of. The persistent [[tcp|TCP]] connection also enables the broker to push messages to clients at any time.',
- leftRole: '[[mqtt|MQTT]] provides lightweight {{mqtt-publish|publish}}-{{mqtt-subscribe|subscribe}} messaging with QoS levels, retained messages, and last-will semantics.',
- rightRole: '[[tcp|TCP]] provides the reliable, persistent connection that [[mqtt|MQTT]] uses to deliver messages between clients and the broker.'
+ "An [[mqtt|MQTT]] client opens a [[tcp|TCP]] connection to the broker (typically port 1883, or 8883 with [[tls|TLS]]) and sends a {{mqtt-connect|CONNECT}} packet to establish the session. [[tcp|TCP]]'s reliability ensures that {{mqtt-publish|PUBLISH}}, {{mqtt-subscribe|SUBSCRIBE}}, and acknowledgment packets arrive intact, which [[mqtt|MQTT]] layers its own QoS levels on top of. The persistent [[tcp|TCP]] connection also enables the broker to push messages to clients at any time.",
+ leftRole:
+ '[[mqtt|MQTT]] provides lightweight {{mqtt-publish|publish}}-{{mqtt-subscribe|subscribe}} messaging with QoS levels, retained messages, and last-will semantics.',
+ rightRole:
+ '[[tcp|TCP]] provides the reliable, persistent connection that [[mqtt|MQTT]] uses to deliver messages between clients and the broker.'
},
{
ids: ['rtmp', 'tcp'],
@@ -1178,9 +1958,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[rtmp|RTMP]] runs over persistent [[tcp|TCP]] connections to reliably deliver live audio, video, and data streams from encoders to media servers.',
howTheyWork:
- '[[rtmp|RTMP]] establishes a [[tcp|TCP]] connection (default port 1935) and performs its own {{handshake|handshake}} to negotiate the session. It then multiplexes audio, video, and command messages as interleaved chunks over this single [[tcp|TCP]] connection. [[tcp|TCP]]\'s reliable delivery ensures no media chunks are lost, which is critical since [[rtmp|RTMP]]\'s chunk-based protocol cannot recover from gaps.',
- leftRole: '[[rtmp|RTMP]] provides the media chunking, {{multiplexing|multiplexing}}, and stream control protocol for live streaming.',
- rightRole: '[[tcp|TCP]] provides the reliable, persistent connection that ensures every media chunk is delivered in order.'
+ "[[rtmp|RTMP]] establishes a [[tcp|TCP]] connection (default port 1935) and performs its own {{handshake|handshake}} to negotiate the session. It then multiplexes audio, video, and command messages as interleaved chunks over this single [[tcp|TCP]] connection. [[tcp|TCP]]'s reliable delivery ensures no media chunks are lost, which is critical since [[rtmp|RTMP]]'s chunk-based protocol cannot recover from gaps.",
+ leftRole:
+ '[[rtmp|RTMP]] provides the media chunking, {{multiplexing|multiplexing}}, and stream control protocol for live streaming.',
+ rightRole:
+ '[[tcp|TCP]] provides the reliable, persistent connection that ensures every media chunk is delivered in order.'
},
{
ids: ['sip', 'tcp'],
@@ -1189,8 +1971,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[sip|SIP]] can use [[tcp|TCP]] for {{signaling|signaling}} when messages are too large for [[udp|UDP]] datagrams or when reliable delivery of call setup and teardown is required.',
howTheyWork:
'[[sip|SIP]] operates over [[tcp|TCP]] (port 5060, or 5061 with [[tls|TLS]]) when message sizes exceed the {{mtu|MTU}} or when the deployment requires guaranteed delivery of {{sip-invite|INVITE}}, BYE, and REGISTER transactions. [[tcp|TCP]] ensures that large [[sip|SIP]] messages with [[sdp|SDP]] bodies, authentication headers, or multiple Via hops are delivered complete and in order.',
- leftRole: '[[sip|SIP]] provides the {{signaling|signaling}} protocol for initiating, modifying, and terminating multimedia sessions.',
- rightRole: '[[tcp|TCP]] provides reliable delivery for [[sip|SIP]] messages that are too large for [[udp|UDP]] or require guaranteed transport.'
+ leftRole:
+ '[[sip|SIP]] provides the {{signaling|signaling}} protocol for initiating, modifying, and terminating multimedia sessions.',
+ rightRole:
+ '[[tcp|TCP]] provides reliable delivery for [[sip|SIP]] messages that are too large for [[udp|UDP]] or require guaranteed transport.'
},
{
ids: ['smtp', 'tcp'],
@@ -1198,9 +1982,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[smtp|SMTP]] uses [[tcp|TCP]] to reliably deliver email messages and commands between mail clients and servers, ensuring no message data is lost in {{transit|transit}}.',
howTheyWork:
- 'An [[smtp|SMTP]] client opens a [[tcp|TCP]] connection to the mail server on port 25 (or 587 for submission) and exchanges text commands ({{ehlo|EHLO}}, {{smtp-mail-from|MAIL FROM}}, {{smtp-rcpt-to|RCPT TO}}, {{smtp-data|DATA}}) in a synchronous dialogue. [[tcp|TCP]]\'s reliable delivery guarantees that every command, response code, and email body byte arrives in order, which is essential since [[smtp|SMTP]] has no mechanism to recover from lost data at the application layer.',
- leftRole: '[[smtp|SMTP]] provides the command protocol for routing and delivering email messages between servers.',
- rightRole: '[[tcp|TCP]] provides the reliable, ordered connection that [[smtp|SMTP]]\'s synchronous command-response dialogue requires.'
+ "An [[smtp|SMTP]] client opens a [[tcp|TCP]] connection to the mail server on port 25 (or 587 for submission) and exchanges text commands ({{ehlo|EHLO}}, {{smtp-mail-from|MAIL FROM}}, {{smtp-rcpt-to|RCPT TO}}, {{smtp-data|DATA}}) in a synchronous dialogue. [[tcp|TCP]]'s reliable delivery guarantees that every command, response code, and email body byte arrives in order, which is essential since [[smtp|SMTP]] has no mechanism to recover from lost data at the application layer.",
+ leftRole:
+ '[[smtp|SMTP]] provides the command protocol for routing and delivering email messages between servers.',
+ rightRole:
+ "[[tcp|TCP]] provides the reliable, ordered connection that [[smtp|SMTP]]'s synchronous command-response dialogue requires."
},
{
ids: ['ssh', 'tcp'],
@@ -1208,19 +1994,23 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[ssh|SSH]] runs over [[tcp|TCP]] to provide encrypted remote shell access, file transfer, and {{port-forwarding|port forwarding}} over a reliable transport.',
howTheyWork:
- '[[ssh|SSH]] opens a [[tcp|TCP]] connection (default port 22) and immediately begins its own key {{exchange|exchange}} and authentication {{handshake|handshake}}. Once the encrypted tunnel is established, [[ssh|SSH]] multiplexes multiple channels (shell sessions, port forwards, file transfers) over the single [[tcp|TCP]] connection. [[tcp|TCP]]\'s reliability is essential because [[ssh|SSH]]\'s encrypted stream cannot tolerate missing or reordered bytes.',
- leftRole: '[[ssh|SSH]] provides encrypted channels for remote shell access, file transfer, and {{port-forwarding|port forwarding}}.',
- rightRole: '[[tcp|TCP]] provides the reliable, ordered byte stream that [[ssh|SSH]]\'s encrypted tunnel requires to function correctly.'
+ "[[ssh|SSH]] opens a [[tcp|TCP]] connection (default port 22) and immediately begins its own key {{exchange|exchange}} and authentication {{handshake|handshake}}. Once the encrypted tunnel is established, [[ssh|SSH]] multiplexes multiple channels (shell sessions, port forwards, file transfers) over the single [[tcp|TCP]] connection. [[tcp|TCP]]'s reliability is essential because [[ssh|SSH]]'s encrypted stream cannot tolerate missing or reordered bytes.",
+ leftRole:
+ '[[ssh|SSH]] provides encrypted channels for remote shell access, file transfer, and {{port-forwarding|port forwarding}}.',
+ rightRole:
+ "[[tcp|TCP]] provides the reliable, ordered byte stream that [[ssh|SSH]]'s encrypted tunnel requires to function correctly."
},
{
ids: ['stomp', 'tcp'],
type: 'relationship',
summary:
- '[[stomp|STOMP]] sends its text-based messaging frames over [[tcp|TCP]] connections, relying on [[tcp|TCP]]\'s reliability to ensure message commands and acknowledgments are delivered intact.',
+ "[[stomp|STOMP]] sends its text-based messaging frames over [[tcp|TCP]] connections, relying on [[tcp|TCP]]'s reliability to ensure message commands and acknowledgments are delivered intact.",
howTheyWork:
'A [[stomp|STOMP]] client opens a [[tcp|TCP]] connection to the broker and sends a {{mqtt-connect|CONNECT}} frame to initiate the session. All subsequent SEND, {{mqtt-subscribe|SUBSCRIBE}}, and {{ack|ACK}} frames are transmitted as text over this [[tcp|TCP]] connection. [[tcp|TCP]] guarantees that these frames arrive complete and in order, which [[stomp|STOMP]] depends on since its simple text framing has no built-in {{retransmission|retransmission}} or reordering logic.',
- leftRole: '[[stomp|STOMP]] provides a simple, text-based messaging protocol with SEND, {{mqtt-subscribe|SUBSCRIBE}}, and {{ack|ACK}} commands.',
- rightRole: '[[tcp|TCP]] provides the reliable transport that ensures [[stomp|STOMP]]\'s text frames are delivered without loss or reordering.'
+ leftRole:
+ '[[stomp|STOMP]] provides a simple, text-based messaging protocol with SEND, {{mqtt-subscribe|SUBSCRIBE}}, and {{ack|ACK}} commands.',
+ rightRole:
+ "[[tcp|TCP]] provides the reliable transport that ensures [[stomp|STOMP]]'s text frames are delivered without loss or reordering."
},
{
ids: ['tcp', 'websockets'],
@@ -1228,9 +2018,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[websockets|WebSocket]] runs over [[tcp|TCP]], using an {{http-method|HTTP}} upgrade {{handshake|handshake}} to establish a persistent, {{full-duplex|full-duplex}} message channel over a reliable transport.',
howTheyWork:
- 'The client sends an [[http1|[[http1|HTTP/1]].1]] Upgrade request over an existing [[tcp|TCP]] connection, and the server responds with 101 Switching Protocols. From that point, the [[tcp|TCP]] connection carries [[websockets|WebSocket]] frames instead of {{http-method|HTTP}}. [[tcp|TCP]]\'s reliable, ordered delivery ensures that [[websockets|WebSocket]] messages β which can be fragmented across multiple frames β are reassembled correctly on both sides.',
- leftRole: '[[tcp|TCP]] provides the reliable, persistent connection that [[websockets|WebSocket]] frames are transmitted over.',
- rightRole: '[[websockets|WebSocket]] provides {{full-duplex|full-duplex}}, message-oriented communication with lightweight framing over the [[tcp|TCP]] connection.'
+ "The client sends an [[http1|[[http1|HTTP/1]].1]] Upgrade request over an existing [[tcp|TCP]] connection, and the server responds with 101 Switching Protocols. From that point, the [[tcp|TCP]] connection carries [[websockets|WebSocket]] frames instead of {{http-method|HTTP}}. [[tcp|TCP]]'s reliable, ordered delivery ensures that [[websockets|WebSocket]] messages β which can be fragmented across multiple frames β are reassembled correctly on both sides.",
+ leftRole:
+ '[[tcp|TCP]] provides the reliable, persistent connection that [[websockets|WebSocket]] frames are transmitted over.',
+ rightRole:
+ '[[websockets|WebSocket]] provides {{full-duplex|full-duplex}}, message-oriented communication with lightweight framing over the [[tcp|TCP]] connection.'
},
{
ids: ['tcp', 'xmpp'],
@@ -1238,9 +2030,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[xmpp|XMPP]] maintains long-lived [[tcp|TCP]] connections to stream {{xml|XML}} stanzas between clients and servers, relying on [[tcp|TCP]] for reliable delivery of presence, messages, and IQ queries.',
howTheyWork:
- 'An [[xmpp|XMPP]] client opens a persistent [[tcp|TCP]] connection (default port 5222, with {{starttls|STARTTLS}} upgrade) and begins an {{xml|XML}} stream. All communication β presence updates, chat messages, and IQ stanzas β flows as {{xml|XML}} fragments over this single [[tcp|TCP]] connection. [[tcp|TCP]]\'s reliability ensures that {{xml|XML}} stanzas are never lost or reordered, which is critical since [[xmpp|XMPP]]\'s {{xml|XML}} parser requires a well-formed, sequential byte stream.',
- leftRole: '[[tcp|TCP]] provides the persistent, reliable connection that carries [[xmpp|XMPP]]\'s continuous {{xml|XML}} stream.',
- rightRole: '[[xmpp|XMPP]] provides real-time messaging, presence, and extensible communication semantics via {{xml|XML}} stanzas over the [[tcp|TCP]] stream.'
+ "An [[xmpp|XMPP]] client opens a persistent [[tcp|TCP]] connection (default port 5222, with {{starttls|STARTTLS}} upgrade) and begins an {{xml|XML}} stream. All communication β presence updates, chat messages, and IQ stanzas β flows as {{xml|XML}} fragments over this single [[tcp|TCP]] connection. [[tcp|TCP]]'s reliability ensures that {{xml|XML}} stanzas are never lost or reordered, which is critical since [[xmpp|XMPP]]'s {{xml|XML}} parser requires a well-formed, sequential byte stream.",
+ leftRole:
+ "[[tcp|TCP]] provides the persistent, reliable connection that carries [[xmpp|XMPP]]'s continuous {{xml|XML}} stream.",
+ rightRole:
+ '[[xmpp|XMPP]] provides real-time messaging, presence, and extensible communication semantics via {{xml|XML}} stanzas over the [[tcp|TCP]] stream.'
},
// ββ UDP as transport βββββββββββββββββββββββββββββββββββββββββ
@@ -1252,18 +2046,22 @@ const relationshipPairs: ProtocolPair[] = [
'[[dns|DNS]] uses [[udp|UDP]] as its primary transport for fast, single-packet query-response lookups, keeping name resolution lightweight and low-{{latency|latency}}.',
howTheyWork:
'A [[dns|DNS]] client sends a query as a single [[udp|UDP]] datagram (typically under 512 bytes) to a resolver on port 53. The resolver responds with another [[udp|UDP]] datagram containing the answer. No connection setup is needed, making lookups fast. For responses exceeding 512 bytes or requiring reliability, [[dns|DNS]] falls back to [[tcp|TCP]].',
- leftRole: '[[dns|DNS]] defines the query/response format for translating domain names to [[ip|IP]] addresses.',
- rightRole: '[[udp|UDP]] provides the fast, {{connectionless|connectionless}} transport that makes single-packet [[dns|DNS]] lookups efficient.'
+ leftRole:
+ '[[dns|DNS]] defines the query/response format for translating domain names to [[ip|IP]] addresses.',
+ rightRole:
+ '[[udp|UDP]] provides the fast, {{connectionless|connectionless}} transport that makes single-packet [[dns|DNS]] lookups efficient.'
},
{
ids: ['coap', 'udp'],
type: 'relationship',
summary:
- '[[coap|CoAP]] runs over [[udp|UDP]] to provide a lightweight [[rest|REST]]-like {{request-response|request-response}} model for constrained IoT devices that cannot afford [[tcp|TCP]]\'s overhead.',
+ "[[coap|CoAP]] runs over [[udp|UDP]] to provide a lightweight [[rest|REST]]-like {{request-response|request-response}} model for constrained IoT devices that cannot afford [[tcp|TCP]]'s overhead.",
howTheyWork:
- '[[coap|CoAP]] sends compact binary messages as [[udp|UDP]] datagrams, using a 4-byte fixed header and message IDs for optional reliability via confirmable messages. The client sends a [[coap|CoAP]] request (GET, PUT, POST, DELETE) in a single [[udp|UDP]] packet to the server, which replies with a response in another datagram. [[coap|CoAP]] adds its own simple {{retransmission|retransmission}} over [[udp|UDP]] rather than requiring [[tcp|TCP]]\'s full connection management.',
- leftRole: '[[coap|CoAP]] provides RESTful resource semantics (methods, URIs, {{content-negotiation|content negotiation}}) optimized for constrained networks.',
- rightRole: '[[udp|UDP]] provides the minimal, {{connectionless|connectionless}} transport that keeps [[coap|CoAP]] lightweight enough for battery-powered sensors.'
+ "[[coap|CoAP]] sends compact binary messages as [[udp|UDP]] datagrams, using a 4-byte fixed header and message IDs for optional reliability via confirmable messages. The client sends a [[coap|CoAP]] request (GET, PUT, POST, DELETE) in a single [[udp|UDP]] packet to the server, which replies with a response in another datagram. [[coap|CoAP]] adds its own simple {{retransmission|retransmission}} over [[udp|UDP]] rather than requiring [[tcp|TCP]]'s full connection management.",
+ leftRole:
+ '[[coap|CoAP]] provides RESTful resource semantics (methods, URIs, {{content-negotiation|content negotiation}}) optimized for constrained networks.',
+ rightRole:
+ '[[udp|UDP]] provides the minimal, {{connectionless|connectionless}} transport that keeps [[coap|CoAP]] lightweight enough for battery-powered sensors.'
},
{
ids: ['dhcp', 'udp'],
@@ -1271,29 +2069,35 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[dhcp|DHCP]] uses [[udp|UDP]] for automatic [[ip|IP]] address assignment, since clients cannot establish [[tcp|TCP]] connections before they have an [[ip|IP]] address.',
howTheyWork:
- 'A [[dhcp|DHCP]] client broadcasts a DISCOVER message from port 68 as a [[udp|UDP]] datagram because it has no [[ip|IP]] address yet and cannot perform [[tcp|TCP]]\'s {{handshake|handshake}}. The [[dhcp|DHCP]] server listens on port 67 and responds with an OFFER, also via [[udp|UDP]] {{broadcast|broadcast}} or {{unicast|unicast}}. This bootstrap problem makes [[udp|UDP]] the only viable transport β [[tcp|TCP]] requires an established [[ip|IP]] address on both sides before communication can begin.',
- leftRole: '[[dhcp|DHCP]] provides the protocol logic for discovering servers, requesting leases, and assigning [[ip|IP]] configuration.',
- rightRole: '[[udp|UDP]] provides the {{connectionless|connectionless}} transport necessary for communication before a client has an [[ip|IP]] address.'
+ "A [[dhcp|DHCP]] client broadcasts a DISCOVER message from port 68 as a [[udp|UDP]] datagram because it has no [[ip|IP]] address yet and cannot perform [[tcp|TCP]]'s {{handshake|handshake}}. The [[dhcp|DHCP]] server listens on port 67 and responds with an OFFER, also via [[udp|UDP]] {{broadcast|broadcast}} or {{unicast|unicast}}. This bootstrap problem makes [[udp|UDP]] the only viable transport β [[tcp|TCP]] requires an established [[ip|IP]] address on both sides before communication can begin.",
+ leftRole:
+ '[[dhcp|DHCP]] provides the protocol logic for discovering servers, requesting leases, and assigning [[ip|IP]] configuration.',
+ rightRole:
+ '[[udp|UDP]] provides the {{connectionless|connectionless}} transport necessary for communication before a client has an [[ip|IP]] address.'
},
{
ids: ['http3', 'udp'],
type: 'relationship',
summary:
- '[[http3|HTTP/3]] runs over [[quic|QUIC]], which itself runs over [[udp|UDP]], giving [[http3|HTTP/3]] multiplexed streams without [[tcp|TCP]]\'s {{head-of-line-blocking|head-of-line blocking}} while remaining deployable on existing networks.',
+ "[[http3|HTTP/3]] runs over [[quic|QUIC]], which itself runs over [[udp|UDP]], giving [[http3|HTTP/3]] multiplexed streams without [[tcp|TCP]]'s {{head-of-line-blocking|head-of-line blocking}} while remaining deployable on existing networks.",
howTheyWork:
- '[[udp|UDP]] carries [[quic|QUIC]] packets, which in turn carry [[http3|HTTP/3]] frames. [[quic|QUIC]] builds reliable, encrypted, multiplexed streams on top of [[udp|UDP]] datagrams, and [[http3|HTTP/3]] maps its {{request-response|request-response}} semantics onto those [[quic|QUIC]] streams. [[udp|UDP]]\'s universal {{nat|NAT}} and {{firewall|firewall}} traversal makes [[quic|QUIC]] deployable without changes to network infrastructure.',
- leftRole: '[[http3|HTTP/3]] provides the application-layer {{request-response|request-response}} semantics, header compression ({{qpack|QPACK}}), and {{server-push|server push}}.',
- rightRole: '[[udp|UDP]] provides the underlying datagram delivery that allows [[quic|QUIC]] and [[http3|HTTP/3]] to bypass [[tcp|TCP]]\'s {{head-of-line-blocking|head-of-line blocking}}.'
+ "[[udp|UDP]] carries [[quic|QUIC]] packets, which in turn carry [[http3|HTTP/3]] frames. [[quic|QUIC]] builds reliable, encrypted, multiplexed streams on top of [[udp|UDP]] datagrams, and [[http3|HTTP/3]] maps its {{request-response|request-response}} semantics onto those [[quic|QUIC]] streams. [[udp|UDP]]'s universal {{nat|NAT}} and {{firewall|firewall}} traversal makes [[quic|QUIC]] deployable without changes to network infrastructure.",
+ leftRole:
+ '[[http3|HTTP/3]] provides the application-layer {{request-response|request-response}} semantics, header compression ({{qpack|QPACK}}), and {{server-push|server push}}.',
+ rightRole:
+ "[[udp|UDP]] provides the underlying datagram delivery that allows [[quic|QUIC]] and [[http3|HTTP/3]] to bypass [[tcp|TCP]]'s {{head-of-line-blocking|head-of-line blocking}}."
},
{
ids: ['ntp', 'udp'],
type: 'relationship',
summary:
- '[[ntp|NTP]] uses [[udp|UDP]] for clock synchronization because accurate timekeeping requires minimal, predictable {{latency|latency}} that [[tcp|TCP]]\'s {{handshake|handshake}} and retransmissions would distort.',
+ "[[ntp|NTP]] uses [[udp|UDP]] for clock synchronization because accurate timekeeping requires minimal, predictable {{latency|latency}} that [[tcp|TCP]]'s {{handshake|handshake}} and retransmissions would distort.",
howTheyWork:
- 'An [[ntp|NTP]] client sends a small [[udp|UDP]] datagram (48 bytes) to a time server on port 123, recording its send timestamp. The server stamps the packet with its receive and transmit times, then replies via [[udp|UDP]]. The client uses all four timestamps to calculate network delay and clock {{offset|offset}}. [[tcp|TCP]]\'s variable {{latency|latency}} from connection setup and {{retransmission|retransmission}} would corrupt these precise timing measurements.',
- leftRole: '[[ntp|NTP]] provides the timestamping protocol and algorithms for calculating clock {{offset|offset}} and drift.',
- rightRole: '[[udp|UDP]] provides the lightweight, fixed-overhead transport that preserves the timing accuracy [[ntp|NTP]] requires.'
+ "An [[ntp|NTP]] client sends a small [[udp|UDP]] datagram (48 bytes) to a time server on port 123, recording its send timestamp. The server stamps the packet with its receive and transmit times, then replies via [[udp|UDP]]. The client uses all four timestamps to calculate network delay and clock {{offset|offset}}. [[tcp|TCP]]'s variable {{latency|latency}} from connection setup and {{retransmission|retransmission}} would corrupt these precise timing measurements.",
+ leftRole:
+ '[[ntp|NTP]] provides the timestamping protocol and algorithms for calculating clock {{offset|offset}} and drift.',
+ rightRole:
+ '[[udp|UDP]] provides the lightweight, fixed-overhead transport that preserves the timing accuracy [[ntp|NTP]] requires.'
},
{
ids: ['rtp', 'udp'],
@@ -1301,9 +2105,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[rtp|RTP]] carries real-time audio and video over [[udp|UDP]], accepting occasional packet loss in {{exchange|exchange}} for the low {{latency|latency}} that interactive media demands.',
howTheyWork:
- '[[rtp|RTP]] adds a 12-byte header to each media packet with sequence numbers, timestamps, and {{payload|payload}} type identifiers, then sends them as [[udp|UDP]] datagrams. The receiver uses sequence numbers to detect loss and reorder packets, and timestamps to synchronize playback. [[udp|UDP]]\'s lack of {{retransmission|retransmission}} is a feature here β retransmitting a dropped video frame would arrive too late to be useful.',
- leftRole: '[[rtp|RTP]] provides media framing, sequencing, timestamping, and {{payload|payload}} identification for audio/video streams.',
- rightRole: '[[udp|UDP]] provides the low-{{latency|latency}}, no-{{retransmission|retransmission}} transport that real-time media playback requires.'
+ "[[rtp|RTP]] adds a 12-byte header to each media packet with sequence numbers, timestamps, and {{payload|payload}} type identifiers, then sends them as [[udp|UDP]] datagrams. The receiver uses sequence numbers to detect loss and reorder packets, and timestamps to synchronize playback. [[udp|UDP]]'s lack of {{retransmission|retransmission}} is a feature here β retransmitting a dropped video frame would arrive too late to be useful.",
+ leftRole:
+ '[[rtp|RTP]] provides media framing, sequencing, timestamping, and {{payload|payload}} identification for audio/video streams.',
+ rightRole:
+ '[[udp|UDP]] provides the low-{{latency|latency}}, no-{{retransmission|retransmission}} transport that real-time media playback requires.'
},
{
ids: ['sctp', 'udp'],
@@ -1312,18 +2118,22 @@ const relationshipPairs: ProtocolPair[] = [
'[[sctp|SCTP]] can be encapsulated inside [[udp|UDP]] datagrams to traverse NATs and firewalls that would otherwise block native [[sctp|SCTP]] packets.',
howTheyWork:
'Since most {{nat|NAT}} devices and firewalls only understand [[tcp|TCP]] and [[udp|UDP]], [[sctp|SCTP]] packets are wrapped inside [[udp|UDP]] datagrams ([[rfc:6951|RFC 6951]]) to pass through unmodified network infrastructure. The [[udp|UDP]] header provides the {{nat|NAT}}-traversal capability while [[sctp|SCTP]] inside provides multi-streaming, message boundaries, and {{multi-homing|multi-homing}}. This {{encapsulation|encapsulation}} is how [[webrtc|WebRTC]] data channels deliver [[sctp|SCTP]] over the public internet.',
- leftRole: '[[sctp|SCTP]] provides multi-stream, message-oriented reliable delivery with built-in {{multi-homing|multi-homing}}.',
- rightRole: '[[udp|UDP]] provides the {{nat|NAT}}-traversable envelope that lets [[sctp|SCTP]] packets cross firewalls and middleboxes on the public internet.'
+ leftRole:
+ '[[sctp|SCTP]] provides multi-stream, message-oriented reliable delivery with built-in {{multi-homing|multi-homing}}.',
+ rightRole:
+ '[[udp|UDP]] provides the {{nat|NAT}}-traversable envelope that lets [[sctp|SCTP]] packets cross firewalls and middleboxes on the public internet.'
},
{
ids: ['sip', 'udp'],
type: 'relationship',
summary:
- '[[sip|SIP]] commonly uses [[udp|UDP]] for {{voip|VoIP}} call {{signaling|signaling}} because its short, independent messages benefit from [[udp|UDP]]\'s low overhead and fast delivery.',
+ "[[sip|SIP]] commonly uses [[udp|UDP]] for {{voip|VoIP}} call {{signaling|signaling}} because its short, independent messages benefit from [[udp|UDP]]'s low overhead and fast delivery.",
howTheyWork:
- '[[sip|SIP]] sends {{signaling|signaling}} messages ({{sip-invite|INVITE}}, {{ack|ACK}}, BYE) as [[udp|UDP]] datagrams, typically on port 5060. Each [[sip|SIP]] message is self-contained and fits within a single datagram, making [[tcp|TCP]]\'s connection overhead unnecessary for most call setups. [[sip|SIP]] includes its own application-layer {{retransmission|retransmission}} timers for reliability, re-sending requests if no response arrives within the timeout period.',
- leftRole: '[[sip|SIP]] provides the {{signaling|signaling}} protocol for initiating, modifying, and terminating multimedia sessions.',
- rightRole: '[[udp|UDP]] provides the fast, {{connectionless|connectionless}} transport that keeps call setup {{latency|latency}} low for {{voip|VoIP}} {{signaling|signaling}}.'
+ "[[sip|SIP]] sends {{signaling|signaling}} messages ({{sip-invite|INVITE}}, {{ack|ACK}}, BYE) as [[udp|UDP]] datagrams, typically on port 5060. Each [[sip|SIP]] message is self-contained and fits within a single datagram, making [[tcp|TCP]]'s connection overhead unnecessary for most call setups. [[sip|SIP]] includes its own application-layer {{retransmission|retransmission}} timers for reliability, re-sending requests if no response arrives within the timeout period.",
+ leftRole:
+ '[[sip|SIP]] provides the {{signaling|signaling}} protocol for initiating, modifying, and terminating multimedia sessions.',
+ rightRole:
+ '[[udp|UDP]] provides the fast, {{connectionless|connectionless}} transport that keeps call setup {{latency|latency}} low for {{voip|VoIP}} {{signaling|signaling}}.'
},
{
ids: ['udp', 'webrtc'],
@@ -1331,9 +2141,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[webrtc|WebRTC]] uses [[udp|UDP]] as its primary transport for {{peer-to-peer|peer-to-peer}} audio, video, and data channels, prioritizing low {{latency|latency}} over guaranteed delivery.',
howTheyWork:
- '[[webrtc|WebRTC]]\'s media stack sends {{srtp|SRTP}}-encrypted audio/video packets as [[udp|UDP]] datagrams between peers, using {{ice|ICE}} for {{nat|NAT}} traversal via {{stun|STUN}}/{{turn|TURN}}. Data channels use [[sctp|SCTP]] encapsulated in {{dtls|DTLS}} over [[udp|UDP]]. The entire [[webrtc|WebRTC]] transport is built on [[udp|UDP]] because interactive communication requires packets to arrive quickly or not at all β [[tcp|TCP]]\'s {{retransmission|retransmission}} would add unacceptable delay.',
- leftRole: '[[udp|UDP]] provides the low-{{latency|latency}} datagram transport that all [[webrtc|WebRTC]] media and data channels are built upon.',
- rightRole: '[[webrtc|WebRTC]] provides the {{peer-to-peer|peer-to-peer}} media framework, {{encryption|encryption}} ({{dtls|DTLS}}/{{srtp|SRTP}}), {{nat|NAT}} traversal ({{ice|ICE}}), and data channels on top.'
+ "[[webrtc|WebRTC]]'s media stack sends {{srtp|SRTP}}-encrypted audio/video packets as [[udp|UDP]] datagrams between peers, using {{ice|ICE}} for {{nat|NAT}} traversal via {{stun|STUN}}/{{turn|TURN}}. Data channels use [[sctp|SCTP]] encapsulated in {{dtls|DTLS}} over [[udp|UDP]]. The entire [[webrtc|WebRTC]] transport is built on [[udp|UDP]] because interactive communication requires packets to arrive quickly or not at all β [[tcp|TCP]]'s {{retransmission|retransmission}} would add unacceptable delay.",
+ leftRole:
+ '[[udp|UDP]] provides the low-{{latency|latency}} datagram transport that all [[webrtc|WebRTC]] media and data channels are built upon.',
+ rightRole:
+ '[[webrtc|WebRTC]] provides the {{peer-to-peer|peer-to-peer}} media framework, {{encryption|encryption}} ({{dtls|DTLS}}/{{srtp|SRTP}}), {{nat|NAT}} traversal ({{ice|ICE}}), and data channels on top.'
},
// ββ TLS encryption βββββββββββββββββββββββββββββββββββββββββββ
@@ -1345,8 +2157,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[tls|TLS]] wraps [[amqp|AMQP]] connections to create AMQPS, encrypting all {{broker|message broker}} communication between clients and servers.',
howTheyWork:
'An [[amqp|AMQP]] client connects to port 5671 (AMQPS) and performs a [[tls|TLS]] {{handshake|handshake}} before any [[amqp|AMQP]] protocol negotiation begins. Once [[tls|TLS]] is established, the standard [[amqp|AMQP]] {{handshake|handshake}} and all subsequent message publishing, consuming, and acknowledgments flow through the encrypted channel. Without [[tls|TLS]], credentials and message payloads travel in plaintext on the default port 5672.',
- leftRole: '[[amqp|AMQP]] provides the {{broker|message broker}} semantics β exchanges, queues, bindings, and delivery guarantees.',
- rightRole: '[[tls|TLS]] provides confidentiality, integrity, and authentication for all [[amqp|AMQP]] traffic.'
+ leftRole:
+ '[[amqp|AMQP]] provides the {{broker|message broker}} semantics β exchanges, queues, bindings, and delivery guarantees.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and authentication for all [[amqp|AMQP]] traffic.'
},
{
ids: ['dash', 'tls'],
@@ -1355,8 +2169,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[dash|DASH]] delivers adaptive streaming segments over HTTPS, relying on [[tls|TLS]] to protect video content and {{drm|DRM}} license exchanges in {{transit|transit}}.',
howTheyWork:
'A [[dash|DASH]] player fetches the {{mpd|MPD}} {{manifest|manifest}} and all media segments via HTTPS requests, each secured by [[tls|TLS]]. The [[tls|TLS]] layer encrypts segment downloads and prevents tampering, which is especially critical when {{drm|DRM}} license acquisition URLs are embedded in the {{manifest|manifest}}.',
- leftRole: '[[dash|DASH]] defines the {{adaptive-bitrate|adaptive bitrate streaming}} logic, {{manifest|manifest}} format, and segment request pattern.',
- rightRole: '[[tls|TLS]] provides confidentiality and integrity for {{manifest|manifest}} and segment downloads over HTTPS.'
+ leftRole:
+ '[[dash|DASH]] defines the {{adaptive-bitrate|adaptive bitrate streaming}} logic, {{manifest|manifest}} format, and segment request pattern.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality and integrity for {{manifest|manifest}} and segment downloads over HTTPS.'
},
{
ids: ['dns', 'tls'],
@@ -1365,8 +2181,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[dns|DNS]] over [[tls|TLS]] (DoT) encrypts [[dns|DNS]] queries by wrapping them in a [[tls|TLS]] connection on port 853, preventing eavesdropping and manipulation of name resolution.',
howTheyWork:
'A [[dns|DNS]] client establishes a [[tls|TLS]] connection to a resolver on port 853 ([[rfc:7858|RFC 7858]]) before sending any [[dns|DNS]] queries. Each query and response travels through the encrypted [[tls|TLS]] channel, preventing network observers from seeing which domains are being resolved. Without DoT, standard [[dns|DNS]] queries on port 53 are sent in plaintext and are trivially observable or spoofable.',
- leftRole: '[[dns|DNS]] provides the query/response protocol for translating domain names to [[ip|IP]] addresses.',
- rightRole: '[[tls|TLS]] provides confidentiality and integrity, preventing eavesdropping and tampering of [[dns|DNS]] lookups.'
+ leftRole:
+ '[[dns|DNS]] provides the query/response protocol for translating domain names to [[ip|IP]] addresses.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality and integrity, preventing eavesdropping and tampering of [[dns|DNS]] lookups.'
},
{
ids: ['ftp', 'tls'],
@@ -1375,8 +2193,10 @@ const relationshipPairs: ProtocolPair[] = [
'{{ftps|FTPS}} adds [[tls|TLS]] {{encryption|encryption}} to [[ftp|FTP]], securing both the control channel (commands and credentials) and data channel (file transfers).',
howTheyWork:
'In explicit {{ftps|FTPS}}, the client connects to port 21 and issues an {{smtp-auth|AUTH}} [[tls|TLS]] command to upgrade the control connection to [[tls|TLS]] before sending credentials. In implicit {{ftps|FTPS}}, the client connects directly to port 990 where [[tls|TLS]] is required from the start. Both modes can also encrypt the data channel, ensuring file contents are protected in {{transit|transit}}.',
- leftRole: '[[ftp|FTP]] provides the file transfer commands, directory listing, and data channel negotiation.',
- rightRole: '[[tls|TLS]] provides confidentiality, integrity, and authentication for [[ftp|FTP]] control and data channels.'
+ leftRole:
+ '[[ftp|FTP]] provides the file transfer commands, directory listing, and data channel negotiation.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and authentication for [[ftp|FTP]] control and data channels.'
},
{
ids: ['grpc', 'tls'],
@@ -1385,8 +2205,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[grpc|gRPC]] strongly recommends [[tls|TLS]] for all connections, and most deployments require it to authenticate services and encrypt Protobuf payloads in {{transit|transit}}.',
howTheyWork:
'[[grpc|gRPC]] runs over [[http2|HTTP/2]], which in practice requires [[tls|TLS]]. The [[tls|TLS]] {{handshake|handshake}} authenticates the server (and optionally the client via mutual [[tls|TLS]]) before any {{rpc|RPC}} calls are made. [[grpc|gRPC]] channel credentials are configured with [[tls|TLS]] certificates, and the framework rejects insecure connections by default in production configurations.',
- leftRole: '[[grpc|gRPC]] provides the {{rpc|RPC}} framework, Protobuf {{serialization|serialization}}, and service definition layer.',
- rightRole: '[[tls|TLS]] provides confidentiality, integrity, and mutual authentication for [[grpc|gRPC]] channels.'
+ leftRole:
+ '[[grpc|gRPC]] provides the {{rpc|RPC}} framework, Protobuf {{serialization|serialization}}, and service definition layer.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and mutual authentication for [[grpc|gRPC]] channels.'
},
{
ids: ['hls', 'tls'],
@@ -1395,8 +2217,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[hls|HLS]] delivers adaptive streaming playlists and media segments over HTTPS, relying on [[tls|TLS]] to protect content and {{encryption|encryption}} keys in {{transit|transit}}.',
howTheyWork:
'An [[hls|HLS]] player fetches M3U8 playlists and .ts/.fmp4 segments via HTTPS, with [[tls|TLS]] encrypting every request. This is critical because [[hls|HLS]] playlists often reference {{aes-128|AES-128}} key URIs for content protection β without [[tls|TLS]], these decryption keys could be intercepted. {{apple|Apple}} requires HTTPS for all [[hls|HLS]] content in App Transport Security.',
- leftRole: '[[hls|HLS]] defines the playlist format, segment structure, and adaptive bitrate switching logic.',
- rightRole: '[[tls|TLS]] provides confidentiality and integrity for playlist, segment, and {{encryption|encryption}} key downloads.'
+ leftRole:
+ '[[hls|HLS]] defines the playlist format, segment structure, and adaptive bitrate switching logic.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality and integrity for playlist, segment, and {{encryption|encryption}} key downloads.'
},
{
ids: ['http1', 'tls'],
@@ -1405,8 +2229,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[tls|TLS]] encrypts [[http1|[[http1|HTTP/1]].1]] connections to create HTTPS, the foundational secure web protocol serving the majority of internet traffic on port 443.',
howTheyWork:
'A client connects to port 443 and completes a [[tls|TLS]] {{handshake|handshake}}, authenticating the server via its {{certificate|certificate}} and negotiating {{encryption|encryption}} keys. Once the [[tls|TLS]] channel is established, standard [[http1|[[http1|HTTP/1]].1]] requests and responses flow through it with full {{encryption|encryption}}. Without [[tls|TLS]], [[http1|[[http1|HTTP/1]].1]] on port 80 transmits headers, cookies, and body content in plaintext.',
- leftRole: '[[http1|[[http1|HTTP/1]].1]] provides the {{request-response|request-response}} semantics, methods, headers, and {{content-negotiation|content negotiation}}.',
- rightRole: '[[tls|TLS]] provides confidentiality, integrity, and server authentication for all {{http-method|HTTP}} traffic.'
+ leftRole:
+ '[[http1|[[http1|HTTP/1]].1]] provides the {{request-response|request-response}} semantics, methods, headers, and {{content-negotiation|content negotiation}}.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and server authentication for all {{http-method|HTTP}} traffic.'
},
{
ids: ['http2', 'tls'],
@@ -1415,8 +2241,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[http2|HTTP/2]] effectively requires [[tls|TLS]] in practice, using the {{alpn|ALPN}} extension during the [[tls|TLS]] {{handshake|handshake}} to negotiate the h2 protocol without an extra round trip.',
howTheyWork:
'Although [[http2|HTTP/2]] technically allows cleartext (h2c), all major browsers only support [[http2|HTTP/2]] over [[tls|TLS]]. During the [[tls|TLS]] {{handshake|handshake}}, the client advertises "h2" via {{alpn|ALPN}} ({{alpn|Application-Layer Protocol Negotiation}}), and the server selects it. This eliminates the need for an {{http-method|HTTP}} Upgrade dance and ensures the multiplexed binary connection is always encrypted.',
- leftRole: '[[http2|HTTP/2]] provides multiplexed streams, header compression, and {{server-push|server push}} over a single connection.',
- rightRole: '[[tls|TLS]] provides {{encryption|encryption}} and enables h2 protocol negotiation via the {{alpn|ALPN}} extension.'
+ leftRole:
+ '[[http2|HTTP/2]] provides multiplexed streams, header compression, and {{server-push|server push}} over a single connection.',
+ rightRole:
+ '[[tls|TLS]] provides {{encryption|encryption}} and enables h2 protocol negotiation via the {{alpn|ALPN}} extension.'
},
{
ids: ['http3', 'tls'],
@@ -1425,8 +2253,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[http3|HTTP/3]] integrates [[tls|TLS]] 1.3 directly into the [[quic|QUIC]] transport layer, making {{encryption|encryption}} mandatory and reducing connection setup to a single round trip.',
howTheyWork:
'Unlike [[http1|[[http1|HTTP/1]].1]] and [[http2|HTTP/2]] where [[tls|TLS]] is a separate layer on top of [[tcp|TCP]], [[quic|QUIC]] embeds the [[tls|TLS]] 1.3 {{handshake|handshake}} into its own transport {{handshake|handshake}}. Cryptographic key negotiation happens simultaneously with connection establishment, achieving {{one-rtt|1-RTT}} setup (or {{zero-rtt|0-RTT}} for resumed connections). Every [[quic|QUIC]] packet is authenticated and encrypted β there is no unencrypted [[http3|HTTP/3]].',
- leftRole: '[[http3|HTTP/3]] provides multiplexed {{request-response|request-response}} streams over [[quic|QUIC]] without {{head-of-line-blocking|head-of-line blocking}}.',
- rightRole: '[[tls|TLS]] 1.3 provides the cryptographic {{handshake|handshake}} and {{encryption|encryption}} integrated directly into [[quic|QUIC]].'
+ leftRole:
+ '[[http3|HTTP/3]] provides multiplexed {{request-response|request-response}} streams over [[quic|QUIC]] without {{head-of-line-blocking|head-of-line blocking}}.',
+ rightRole:
+ '[[tls|TLS]] 1.3 provides the cryptographic {{handshake|handshake}} and {{encryption|encryption}} integrated directly into [[quic|QUIC]].'
},
{
ids: ['kafka', 'tls'],
@@ -1435,8 +2265,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[kafka|Kafka]] supports [[tls|TLS]] to encrypt all communication between producers, consumers, and brokers, as well as inter-broker replication traffic.',
howTheyWork:
'[[kafka|Kafka]] listeners can be configured with {{ssl|SSL}}/[[tls|TLS]] security, requiring clients to perform a [[tls|TLS]] {{handshake|handshake}} when connecting to brokers. [[tls|TLS]] encrypts produce requests, {{imap-fetch|fetch}} responses, and metadata exchanges. Combined with {{sasl|SASL}} authentication, [[tls|TLS]] also enables mutual authentication between clients and brokers and secures inter-broker replication across data centers.',
- leftRole: '[[kafka|Kafka]] provides the distributed log, {{topic|topic}} partitioning, consumer groups, and replication.',
- rightRole: '[[tls|TLS]] provides confidentiality, integrity, and optional mutual authentication for [[kafka|Kafka]] connections.'
+ leftRole:
+ '[[kafka|Kafka]] provides the distributed log, {{topic|topic}} partitioning, consumer groups, and replication.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and optional mutual authentication for [[kafka|Kafka]] connections.'
},
{
ids: ['mptcp', 'tls'],
@@ -1445,8 +2277,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[tls|TLS]] encrypts [[mptcp|MPTCP]] connections just as it does standard [[tcp|TCP]], securing data flowing across multiple network paths simultaneously.',
howTheyWork:
'[[mptcp|MPTCP]] establishes multiple [[tcp|TCP]] subflows across different network interfaces (e.g., [[wifi|Wi-Fi]] and cellular). [[tls|TLS]] operates on the [[mptcp|MPTCP]] connection as a whole, performing its {{handshake|handshake}} once over the initial {{subflow|subflow}}. The encrypted [[tls|TLS]] session then transparently spans all subflows, so data remains protected regardless of which network path carries it.',
- leftRole: '[[mptcp|MPTCP]] provides multi-path transport, aggregating {{bandwidth|bandwidth}} and enabling seamless {{failover|failover}}.',
- rightRole: '[[tls|TLS]] provides confidentiality, integrity, and authentication across all [[mptcp|MPTCP]] subflows.'
+ leftRole:
+ '[[mptcp|MPTCP]] provides multi-path transport, aggregating {{bandwidth|bandwidth}} and enabling seamless {{failover|failover}}.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and authentication across all [[mptcp|MPTCP]] subflows.'
},
{
ids: ['mqtt', 'tls'],
@@ -1455,8 +2289,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[tls|TLS]] wraps [[mqtt|MQTT]] connections to create MQTTS, encrypting all pub/sub messaging between IoT devices and the broker on port 8883.',
howTheyWork:
'An [[mqtt|MQTT]] client connects to the broker on port 8883 (MQTTS) and completes a [[tls|TLS]] {{handshake|handshake}} before sending the [[mqtt|MQTT]] {{mqtt-connect|CONNECT}} packet. All subsequent {{mqtt-publish|PUBLISH}}, {{mqtt-subscribe|SUBSCRIBE}}, and acknowledgment packets are encrypted. This is critical for IoT deployments where sensor data and device credentials traverse untrusted networks.',
- leftRole: '[[mqtt|MQTT]] provides lightweight pub/sub messaging with {{topic|topic}} hierarchies and QoS levels.',
- rightRole: '[[tls|TLS]] provides confidentiality, integrity, and authentication for all [[mqtt|MQTT]] broker communication.'
+ leftRole:
+ '[[mqtt|MQTT]] provides lightweight pub/sub messaging with {{topic|topic}} hierarchies and QoS levels.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and authentication for all [[mqtt|MQTT]] broker communication.'
},
{
ids: ['quic', 'tls'],
@@ -1465,8 +2301,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[quic|QUIC]] deeply integrates [[tls|TLS]] 1.3 into its transport {{handshake|handshake}}, making {{encryption|encryption}} inseparable from connection establishment rather than an optional add-on layer.',
howTheyWork:
'[[quic|QUIC]] embeds the [[tls|TLS]] 1.3 {{handshake|handshake}} within its own transport {{handshake|handshake}} messages, combining cryptographic negotiation with connection setup in a single round trip. [[tls|TLS]] provides the key {{exchange|exchange}} and cipher negotiation, while [[quic|QUIC]] uses the derived keys to encrypt every packet including most header fields. Unlike [[tcp|TCP]]+[[tls|TLS]], there is no unencrypted [[quic|QUIC]] β the protocols are fused by design.',
- leftRole: '[[quic|QUIC]] provides multiplexed streams, {{congestion-control|congestion control}}, and {{connection-migration|connection migration}} over [[udp|UDP]].',
- rightRole: '[[tls|TLS]] 1.3 provides the cryptographic {{handshake|handshake}}, key derivation, and {{cipher-suite|cipher suite}} negotiation within [[quic|QUIC]].'
+ leftRole:
+ '[[quic|QUIC]] provides multiplexed streams, {{congestion-control|congestion control}}, and {{connection-migration|connection migration}} over [[udp|UDP]].',
+ rightRole:
+ '[[tls|TLS]] 1.3 provides the cryptographic {{handshake|handshake}}, key derivation, and {{cipher-suite|cipher suite}} negotiation within [[quic|QUIC]].'
},
{
ids: ['rtmp', 'tls'],
@@ -1475,8 +2313,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[tls|TLS]] wraps [[rtmp|RTMP]] connections to create RTMPS, encrypting live stream ingest traffic between encoders and media servers on port 443.',
howTheyWork:
'An encoder (e.g., OBS) connects to the media server on port 443 and performs a [[tls|TLS]] {{handshake|handshake}} before beginning the [[rtmp|RTMP]] {{handshake|handshake}}. All subsequent [[rtmp|RTMP]] chunks β including the stream key, audio, and video data β flow through the encrypted channel. RTMPS is now required by major platforms like Facebook Live and YouTube Live for stream ingest.',
- leftRole: '[[rtmp|RTMP]] provides the live streaming protocol for publishing audio/video chunks to media servers.',
- rightRole: '[[tls|TLS]] provides confidentiality and integrity, protecting stream keys and media content in {{transit|transit}}.'
+ leftRole:
+ '[[rtmp|RTMP]] provides the live streaming protocol for publishing audio/video chunks to media servers.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality and integrity, protecting stream keys and media content in {{transit|transit}}.'
},
{
ids: ['sip', 'tls'],
@@ -1485,8 +2325,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[tls|TLS]] secures [[sip|SIP]] {{signaling|signaling}} to create SIPS, encrypting call setup, authentication, and routing between {{voip|VoIP}} endpoints and proxies.',
howTheyWork:
'A [[sip|SIP]] client connects to a proxy or registrar over [[tls|TLS]] (typically port 5061), encrypting all {{signaling|signaling}} messages including REGISTER, {{sip-invite|INVITE}}, and BYE requests. The SIPS {{uri|URI}} scheme (sips:) mandates [[tls|TLS]] hop-by-hop across the {{signaling|signaling}} path. Without [[tls|TLS]], [[sip|SIP]] headers expose caller identity, credentials, and call routing in plaintext.',
- leftRole: '[[sip|SIP]] provides the {{signaling|signaling}} protocol for establishing, modifying, and terminating voice/video sessions.',
- rightRole: '[[tls|TLS]] provides confidentiality and integrity for [[sip|SIP]] {{signaling|signaling}}, protecting credentials and call metadata.'
+ leftRole:
+ '[[sip|SIP]] provides the {{signaling|signaling}} protocol for establishing, modifying, and terminating voice/video sessions.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality and integrity for [[sip|SIP]] {{signaling|signaling}}, protecting credentials and call metadata.'
},
{
ids: ['smtp', 'tls'],
@@ -1495,8 +2337,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[tls|TLS]] secures [[smtp|SMTP]] email delivery via {{starttls|STARTTLS}} (opportunistic upgrade on port 587) or SMTPS (implicit [[tls|TLS]] on port 465), encrypting messages between mail servers.',
howTheyWork:
'An [[smtp|SMTP]] client connects to a mail server and issues the {{starttls|STARTTLS}} command to upgrade the plaintext connection to [[tls|TLS]] before sending credentials or message content. Alternatively, implicit [[tls|TLS]] on port 465 establishes {{encryption|encryption}} immediately. {{mta|MTA}}-{{sts|STS}} and DANE policies can enforce [[tls|TLS]] to prevent downgrade attacks between mail servers.',
- leftRole: '[[smtp|SMTP]] provides the email delivery protocol for routing messages between mail transfer agents.',
- rightRole: '[[tls|TLS]] provides confidentiality and integrity for email content and authentication credentials in {{transit|transit}}.'
+ leftRole:
+ '[[smtp|SMTP]] provides the email delivery protocol for routing messages between mail transfer agents.',
+ rightRole:
+ '[[tls|TLS]] provides confidentiality and integrity for email content and authentication credentials in {{transit|transit}}.'
},
{
ids: ['tls', 'websockets'],
@@ -1505,8 +2349,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[tls|TLS]] secures [[websockets|WebSocket]] connections to create WSS (wss://), encrypting the {{full-duplex|full-duplex}} message channel between browsers and servers.',
howTheyWork:
'A client connects to port 443, completes a [[tls|TLS]] {{handshake|handshake}}, and then performs the [[websockets|WebSocket]] {{http-method|HTTP}} Upgrade over the encrypted connection. Once upgraded, all [[websockets|WebSocket]] frames β both text and binary β flow through the [[tls|TLS]] channel. WSS is effectively required in production because most browsers block mixed content and many proxies interfere with unencrypted [[websockets|WebSocket]] connections.',
- leftRole: '[[tls|TLS]] provides confidentiality, integrity, and authentication for the [[websockets|WebSocket]] connection.',
- rightRole: '[[websockets|WebSocket]] provides persistent, {{full-duplex|full-duplex}}, message-oriented communication over the secure channel.'
+ leftRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and authentication for the [[websockets|WebSocket]] connection.',
+ rightRole:
+ '[[websockets|WebSocket]] provides persistent, {{full-duplex|full-duplex}}, message-oriented communication over the secure channel.'
},
{
ids: ['tls', 'webrtc'],
@@ -1515,8 +2361,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[webrtc|WebRTC]] uses {{dtls|DTLS}} (Datagram [[tls|TLS]]) to perform key {{exchange|exchange}} over [[udp|UDP]], establishing the {{encryption|encryption}} keys used by {{srtp|SRTP}} to protect real-time media streams.',
howTheyWork:
'After {{ice|ICE}} connectivity checks establish a [[udp|UDP]] path between peers, a {{dtls|DTLS}} {{handshake|handshake}} occurs over that path to authenticate both endpoints and derive shared {{encryption|encryption}} keys. These keys are then used by {{srtp|SRTP}} to encrypt audio/video media and by [[sctp|SCTP]] (tunneled over {{dtls|DTLS}}) to encrypt data channel messages. Without {{dtls|DTLS}}, [[webrtc|WebRTC]] peers could not establish trust or derive {{encryption|encryption}} keys over {{connectionless|connectionless}} [[udp|UDP]].',
- leftRole: '[[tls|TLS]] (as {{dtls|DTLS}}) provides the key {{exchange|exchange}}, peer authentication, and key derivation over [[udp|UDP]].',
- rightRole: '[[webrtc|WebRTC]] uses {{dtls|DTLS}}-derived keys for {{srtp|SRTP}} media {{encryption|encryption}} and [[sctp|SCTP]] data channel security.'
+ leftRole:
+ '[[tls|TLS]] (as {{dtls|DTLS}}) provides the key {{exchange|exchange}}, peer authentication, and key derivation over [[udp|UDP]].',
+ rightRole:
+ '[[webrtc|WebRTC]] uses {{dtls|DTLS}}-derived keys for {{srtp|SRTP}} media {{encryption|encryption}} and [[sctp|SCTP]] data channel security.'
},
{
ids: ['tls', 'xmpp'],
@@ -1525,8 +2373,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[xmpp|XMPP]] uses {{starttls|STARTTLS}} to upgrade client-to-server and server-to-server connections to [[tls|TLS]], encrypting all messaging, presence, and roster data.',
howTheyWork:
'After opening an {{xml|XML}} stream, an [[xmpp|XMPP]] client or server sends a {{starttls|STARTTLS}} request to upgrade the connection. Once the [[tls|TLS]] {{handshake|handshake}} completes, a new {{xml|XML}} stream is opened over the encrypted channel. Modern [[xmpp|XMPP]] deployments mandate [[tls|TLS]], and XEP-0368 defines direct [[tls|TLS]] connections on port 5223 as an alternative to the {{starttls|STARTTLS}} upgrade mechanism.',
- leftRole: '[[tls|TLS]] provides confidentiality, integrity, and authentication for all [[xmpp|XMPP]] communication.',
- rightRole: '[[xmpp|XMPP]] provides the messaging, presence, and roster protocol operating over the encrypted channel.'
+ leftRole:
+ '[[tls|TLS]] provides confidentiality, integrity, and authentication for all [[xmpp|XMPP]] communication.',
+ rightRole:
+ '[[xmpp|XMPP]] provides the messaging, presence, and roster protocol operating over the encrypted channel.'
},
// ββ HTTP as transport ββββββββββββββββββββββββββββββββββββββββ
@@ -1537,9 +2387,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[grpc|gRPC]] uses [[http2|HTTP/2]] as its transport layer, leveraging its multiplexed streams and {{binary-framing|binary framing}} to deliver high-performance remote procedure calls.',
howTheyWork:
- '[[grpc|gRPC]] maps each {{rpc|RPC}} call to an [[http2|HTTP/2]] stream, using [[http2|HTTP/2]] headers for metadata (method, status, {{content-type|content-type}}) and {{smtp-data|DATA}} frames for serialized Protocol Buffer payloads. [[http2|HTTP/2]]\'s {{multiplexing|multiplexing}} allows many concurrent RPCs over a single [[tcp|TCP]] connection without {{head-of-line-blocking|head-of-line blocking}} at the {{http-method|HTTP}} level.',
- leftRole: '[[http2|HTTP/2]] provides multiplexed {{binary-framing|binary framing}}, {{flow-control|flow control}}, and header compression as the transport.',
- rightRole: '[[grpc|gRPC]] provides the {{rpc|RPC}} semantics, Protobuf {{serialization|serialization}}, and service definition framework on top.'
+ "[[grpc|gRPC]] maps each {{rpc|RPC}} call to an [[http2|HTTP/2]] stream, using [[http2|HTTP/2]] headers for metadata (method, status, {{content-type|content-type}}) and {{smtp-data|DATA}} frames for serialized Protocol Buffer payloads. [[http2|HTTP/2]]'s {{multiplexing|multiplexing}} allows many concurrent RPCs over a single [[tcp|TCP]] connection without {{head-of-line-blocking|head-of-line blocking}} at the {{http-method|HTTP}} level.",
+ leftRole:
+ '[[http2|HTTP/2]] provides multiplexed {{binary-framing|binary framing}}, {{flow-control|flow control}}, and header compression as the transport.',
+ rightRole:
+ '[[grpc|gRPC]] provides the {{rpc|RPC}} semantics, Protobuf {{serialization|serialization}}, and service definition framework on top.'
},
{
ids: ['dash', 'http1'],
@@ -1548,8 +2400,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[dash|DASH]] delivers adaptive video by requesting media segments over [[http1|[[http1|HTTP/1]].1]], using standard web infrastructure for scalable streaming delivery.',
howTheyWork:
'The [[dash|DASH]] client fetches an {{mpd|MPD}} {{manifest|manifest}} over [[http1|[[http1|HTTP/1]].1]], then requests individual media segments as standard {{http-method|HTTP}} GET requests. Each segment is a separate [[http1|[[http1|HTTP/1]].1]] {{request-response|request-response}} cycle, which means multiple [[tcp|TCP]] connections are used in parallel to {{imap-fetch|fetch}} video and audio segments at the appropriate bitrate.',
- leftRole: '[[dash|DASH]] defines the {{manifest|manifest}} format, segment addressing, and adaptive bitrate switching logic.',
- rightRole: '[[http1|[[http1|HTTP/1]].1]] provides the {{request-response|request-response}} transport for fetching manifests and media segments.'
+ leftRole:
+ '[[dash|DASH]] defines the {{manifest|manifest}} format, segment addressing, and adaptive bitrate switching logic.',
+ rightRole:
+ '[[http1|[[http1|HTTP/1]].1]] provides the {{request-response|request-response}} transport for fetching manifests and media segments.'
},
{
ids: ['dash', 'http2'],
@@ -1557,9 +2411,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[dash|DASH]] delivers adaptive video over [[http2|HTTP/2]], benefiting from multiplexed streams to {{imap-fetch|fetch}} manifests and media segments more efficiently on a single connection.',
howTheyWork:
- 'The [[dash|DASH]] client fetches the {{mpd|MPD}} {{manifest|manifest}} and subsequent media segments as [[http2|HTTP/2]] requests multiplexed over a single [[tcp|TCP]] connection. [[http2|HTTP/2]]\'s stream {{multiplexing|multiplexing}} eliminates the need for multiple parallel connections, and header compression reduces the overhead of repeated segment requests to the same origin.',
- leftRole: '[[dash|DASH]] defines the {{manifest|manifest}} format, segment addressing, and adaptive bitrate switching logic.',
- rightRole: '[[http2|HTTP/2]] provides multiplexed, header-compressed transport for efficient parallel segment delivery.'
+ "The [[dash|DASH]] client fetches the {{mpd|MPD}} {{manifest|manifest}} and subsequent media segments as [[http2|HTTP/2]] requests multiplexed over a single [[tcp|TCP]] connection. [[http2|HTTP/2]]'s stream {{multiplexing|multiplexing}} eliminates the need for multiple parallel connections, and header compression reduces the overhead of repeated segment requests to the same origin.",
+ leftRole:
+ '[[dash|DASH]] defines the {{manifest|manifest}} format, segment addressing, and adaptive bitrate switching logic.',
+ rightRole:
+ '[[http2|HTTP/2]] provides multiplexed, header-compressed transport for efficient parallel segment delivery.'
},
{
ids: ['graphql', 'http1'],
@@ -1568,8 +2424,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[graphql|GraphQL]] sends queries and mutations as [[http1|[[http1|HTTP/1]].1]] POST requests to a single endpoint, using standard {{http-method|HTTP}} as its most common transport.',
howTheyWork:
'The client sends a [[graphql|GraphQL]] query as a {{json|JSON}} {{payload|payload}} in an [[http1|[[http1|HTTP/1]].1]] POST request to a single endpoint (typically /graphql). The server parses the query, resolves the requested fields, and returns a {{json|JSON}} response. Each query-response cycle is an independent [[http1|[[http1|HTTP/1]].1]] request, making it compatible with existing {{http-method|HTTP}} infrastructure.',
- leftRole: '[[graphql|GraphQL]] defines the query language, schema, and resolver execution model.',
- rightRole: '[[http1|[[http1|HTTP/1]].1]] provides the {{request-response|request-response}} transport for sending queries and receiving results.'
+ leftRole:
+ '[[graphql|GraphQL]] defines the query language, schema, and resolver execution model.',
+ rightRole:
+ '[[http1|[[http1|HTTP/1]].1]] provides the {{request-response|request-response}} transport for sending queries and receiving results.'
},
{
ids: ['graphql', 'http2'],
@@ -1578,8 +2436,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[graphql|GraphQL]] queries are sent over [[http2|HTTP/2]], benefiting from multiplexed streams when clients issue multiple queries or when responses are large with compressed headers.',
howTheyWork:
'[[graphql|GraphQL]] queries are sent as [[http2|HTTP/2]] POST requests to a single endpoint, just as with [[http1|[[http1|HTTP/1]].1]], but [[http2|HTTP/2]] multiplexes concurrent queries over a single connection. This is especially beneficial when a client fires multiple [[graphql|GraphQL]] queries in parallel, as they share one connection with compressed headers instead of requiring separate [[tcp|TCP]] connections.',
- leftRole: '[[graphql|GraphQL]] defines the query language, schema, and resolver execution model.',
- rightRole: '[[http2|HTTP/2]] provides multiplexed, header-compressed transport for concurrent query delivery.'
+ leftRole:
+ '[[graphql|GraphQL]] defines the query language, schema, and resolver execution model.',
+ rightRole:
+ '[[http2|HTTP/2]] provides multiplexed, header-compressed transport for concurrent query delivery.'
},
{
ids: ['graphql', 'websockets'],
@@ -1588,8 +2448,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[graphql|GraphQL]] subscriptions use [[websockets|WebSocket]] as a persistent transport to push real-time data updates from the server to subscribed clients.',
howTheyWork:
'The client establishes a [[websockets|WebSocket]] connection to the [[graphql|GraphQL]] server and sends subscription queries using a sub-protocol like graphql-ws. The server keeps the connection open and pushes data whenever the subscribed fields change. This complements the {{http-method|HTTP}}-based query/mutation model by adding server-initiated real-time updates.',
- leftRole: '[[graphql|GraphQL]] defines the subscription query syntax and the data pushed when subscribed fields change.',
- rightRole: '[[websockets|WebSocket]] provides the persistent, bidirectional channel needed for real-time subscription delivery.'
+ leftRole:
+ '[[graphql|GraphQL]] defines the subscription query syntax and the data pushed when subscribed fields change.',
+ rightRole:
+ '[[websockets|WebSocket]] provides the persistent, bidirectional channel needed for real-time subscription delivery.'
},
{
ids: ['hls', 'http1'],
@@ -1598,8 +2460,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[hls|HLS]] delivers adaptive video by serving M3U8 playlists and media segments as standard [[http1|[[http1|HTTP/1]].1]] file downloads, leveraging existing web infrastructure and CDNs.',
howTheyWork:
'The [[hls|HLS]] client fetches an M3U8 playlist over [[http1|[[http1|HTTP/1]].1]] to discover available bitrates and segment URLs. It then requests individual media segments as standard {{http-method|HTTP}} GET requests. Each segment is a self-contained file served like any static asset, making [[hls|HLS]] fully compatible with {{http-method|HTTP}} caches, CDNs, and standard web servers.',
- leftRole: '[[hls|HLS]] defines the playlist format, segment structure, and adaptive bitrate selection algorithm.',
- rightRole: '[[http1|[[http1|HTTP/1]].1]] provides the file-serving transport for delivering playlist and segment files.'
+ leftRole:
+ '[[hls|HLS]] defines the playlist format, segment structure, and adaptive bitrate selection algorithm.',
+ rightRole:
+ '[[http1|[[http1|HTTP/1]].1]] provides the file-serving transport for delivering playlist and segment files.'
},
{
ids: ['hls', 'http2'],
@@ -1608,8 +2472,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[hls|HLS]] delivers adaptive video over [[http2|HTTP/2]], where multiplexed streams allow playlist refreshes and segment fetches to share a single connection efficiently.',
howTheyWork:
'The [[hls|HLS]] client fetches M3U8 playlists and media segments over [[http2|HTTP/2]], {{multiplexing|multiplexing}} requests on a single connection instead of opening multiple parallel [[tcp|TCP]] connections. For live streams, this is especially beneficial since frequent playlist refreshes and segment requests can interleave without {{head-of-line-blocking|head-of-line blocking}} at the {{http-method|HTTP}} layer.',
- leftRole: '[[hls|HLS]] defines the playlist format, segment structure, and adaptive bitrate selection algorithm.',
- rightRole: '[[http2|HTTP/2]] provides multiplexed transport for efficient parallel delivery of playlists and segments.'
+ leftRole:
+ '[[hls|HLS]] defines the playlist format, segment structure, and adaptive bitrate selection algorithm.',
+ rightRole:
+ '[[http2|HTTP/2]] provides multiplexed transport for efficient parallel delivery of playlists and segments.'
},
{
ids: ['http1', 'rest'],
@@ -1618,8 +2484,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[rest|REST]] APIs are most commonly served over [[http1|[[http1|HTTP/1]].1]], using its methods (GET, POST, PUT, DELETE), status codes, and headers to implement resource-oriented APIs.',
howTheyWork:
'[[rest|REST]] maps {{crud|CRUD}} operations to [[http1|[[http1|HTTP/1]].1]] methods: GET for reading, POST for creating, PUT/PATCH for updating, and DELETE for removing resources. [[http1|[[http1|HTTP/1]].1]] status codes communicate outcomes, headers handle {{content-negotiation|content negotiation}} and caching, and URLs identify resources. [[http1|[[http1|HTTP/1]].1]] provides all the semantics [[rest|REST]] relies on as an architectural style.',
- leftRole: '[[http1|[[http1|HTTP/1]].1]] provides the methods, status codes, headers, and {{url|URL}} structure that [[rest|REST]] builds upon.',
- rightRole: '[[rest|REST]] defines the architectural conventions for mapping resource operations onto {{http-method|HTTP}} semantics.'
+ leftRole:
+ '[[http1|[[http1|HTTP/1]].1]] provides the methods, status codes, headers, and {{url|URL}} structure that [[rest|REST]] builds upon.',
+ rightRole:
+ '[[rest|REST]] defines the architectural conventions for mapping resource operations onto {{http-method|HTTP}} semantics.'
},
{
ids: ['http1', 'websockets'],
@@ -1628,8 +2496,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[websockets|WebSocket]] connections begin with an [[http1|[[http1|HTTP/1]].1]] Upgrade {{handshake|handshake}}, then switch to a persistent, bidirectional {{binary-framing|binary framing}} protocol.',
howTheyWork:
'The client sends an [[http1|[[http1|HTTP/1]].1]] GET request with Upgrade: websocket and Connection: Upgrade headers, plus a Sec-[[websockets|WebSocket]]-Key. If the server accepts, it responds with 101 Switching Protocols and the connection transitions from {{http-method|HTTP}} to [[websockets|WebSocket]] framing. After the upgrade, the [[tcp|TCP]] connection carries [[websockets|WebSocket]] frames instead of {{http-method|HTTP}} messages.',
- leftRole: '[[http1|[[http1|HTTP/1]].1]] provides the initial {{handshake|handshake}} and Upgrade mechanism to establish the connection.',
- rightRole: '[[websockets|WebSocket]] provides the persistent, {{full-duplex|full-duplex}} message framing protocol after the upgrade completes.'
+ leftRole:
+ '[[http1|[[http1|HTTP/1]].1]] provides the initial {{handshake|handshake}} and Upgrade mechanism to establish the connection.',
+ rightRole:
+ '[[websockets|WebSocket]] provides the persistent, {{full-duplex|full-duplex}} message framing protocol after the upgrade completes.'
},
{
ids: ['http2', 'sse'],
@@ -1638,8 +2508,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[sse|SSE]] streams server-pushed events over [[http2|HTTP/2]], where {{multiplexing|multiplexing}} allows multiple [[sse|SSE]] streams to share a single connection without blocking other requests.',
howTheyWork:
'The client opens an [[sse|SSE]] connection by sending a GET request with Accept: text/event-stream. Over [[http2|HTTP/2]], this [[sse|SSE]] stream becomes one of many multiplexed streams on a single connection, so other {{api|API}} requests proceed in parallel without being blocked. This eliminates the browser connection limit problem that restricts [[sse|SSE]] to six concurrent streams per origin on [[http1|[[http1|HTTP/1]].1]].',
- leftRole: '[[http2|HTTP/2]] provides multiplexed streams that let [[sse|SSE]] connections coexist with other requests on one connection.',
- rightRole: '[[sse|SSE]] provides the text/event-stream format and {{eventsource|EventSource API}} for server-to-client push.'
+ leftRole:
+ '[[http2|HTTP/2]] provides multiplexed streams that let [[sse|SSE]] connections coexist with other requests on one connection.',
+ rightRole:
+ '[[sse|SSE]] provides the text/event-stream format and {{eventsource|EventSource API}} for server-to-client push.'
},
{
ids: ['http3', 'rest'],
@@ -1648,8 +2520,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[rest|REST]] APIs can be served over [[http3|HTTP/3]], gaining faster connection setup, independent stream {{multiplexing|multiplexing}}, and built-in {{encryption|encryption}} from the [[quic|QUIC]] transport.',
howTheyWork:
'[[rest|REST]] semantics (methods, status codes, headers, URLs) work identically over [[http3|HTTP/3]] as they do over [[http1|[[http1|HTTP/1]].1]] or [[http2|HTTP/2]] β only the transport changes. [[http3|HTTP/3]] runs over [[quic|QUIC]], providing {{zero-rtt|0-RTT}} connection establishment, stream-level independence (no {{head-of-line-blocking|head-of-line blocking}}), and mandatory [[tls|TLS]] 1.3. [[rest|REST]] APIs benefit automatically without any changes to {{api|API}} design.',
- leftRole: '[[http3|HTTP/3]] provides the [[quic|QUIC]]-based transport with {{zero-rtt|0-RTT}} setup and independent stream {{multiplexing|multiplexing}}.',
- rightRole: '[[rest|REST]] defines the resource-oriented {{api|API}} architecture that rides on [[http3|HTTP/3]] semantics.'
+ leftRole:
+ '[[http3|HTTP/3]] provides the [[quic|QUIC]]-based transport with {{zero-rtt|0-RTT}} setup and independent stream {{multiplexing|multiplexing}}.',
+ rightRole:
+ '[[rest|REST]] defines the resource-oriented {{api|API}} architecture that rides on [[http3|HTTP/3]] semantics.'
},
// ββ WebSocket as transport βββββββββββββββββββββββββββββββββββ
@@ -1661,8 +2535,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[amqp|AMQP]] can be tunneled over [[websockets|WebSocket]] to allow browser-based clients to {{mqtt-connect|connect}} to message brokers without direct [[tcp|TCP]] access.',
howTheyWork:
'The browser establishes a [[websockets|WebSocket]] connection to the {{broker|message broker}} (or a gateway), then speaks the [[amqp|AMQP]] protocol over that [[websockets|WebSocket]] channel. The [[websockets|WebSocket]] connection wraps [[amqp|AMQP]] frames so they can traverse {{http-method|HTTP}} proxies and firewalls that would otherwise block raw [[tcp|TCP]] [[amqp|AMQP]] connections on port 5672.',
- leftRole: '[[amqp|AMQP]] provides the messaging semantics β exchanges, queues, bindings, and delivery guarantees.',
- rightRole: '[[websockets|WebSocket]] provides the browser-compatible transport tunnel that carries [[amqp|AMQP]] frames over {{http-method|HTTP}}.'
+ leftRole:
+ '[[amqp|AMQP]] provides the messaging semantics β exchanges, queues, bindings, and delivery guarantees.',
+ rightRole:
+ '[[websockets|WebSocket]] provides the browser-compatible transport tunnel that carries [[amqp|AMQP]] frames over {{http-method|HTTP}}.'
},
{
ids: ['mqtt', 'websockets'],
@@ -1671,18 +2547,22 @@ const relationshipPairs: ProtocolPair[] = [
'[[mqtt|MQTT]] over [[websockets|WebSocket]] enables browser-based IoT dashboards and web apps to {{mqtt-subscribe|subscribe}} to [[mqtt|MQTT]] topics directly from the browser.',
howTheyWork:
'The browser opens a [[websockets|WebSocket]] connection to the [[mqtt|MQTT]] broker (typically on port 8083/8084). [[mqtt|MQTT]] packets are sent as [[websockets|WebSocket]] binary frames, allowing the browser to {{mqtt-publish|publish}}, {{mqtt-subscribe|subscribe}}, and receive messages using standard [[mqtt|MQTT]] semantics. This avoids the need for a custom [[rest|REST]] bridge between the browser and the [[mqtt|MQTT]] broker.',
- leftRole: '[[mqtt|MQTT]] provides the lightweight pub/sub messaging protocol with {{topic|topic}} hierarchy and QoS levels.',
- rightRole: '[[websockets|WebSocket]] provides the browser-accessible transport that carries [[mqtt|MQTT]] packets over {{http-method|HTTP}}.'
+ leftRole:
+ '[[mqtt|MQTT]] provides the lightweight pub/sub messaging protocol with {{topic|topic}} hierarchy and QoS levels.',
+ rightRole:
+ '[[websockets|WebSocket]] provides the browser-accessible transport that carries [[mqtt|MQTT]] packets over {{http-method|HTTP}}.'
},
{
ids: ['stomp', 'websockets'],
type: 'relationship',
summary:
- '[[stomp|STOMP]] over [[websockets|WebSocket]] allows browser clients to {{mqtt-connect|connect}} to message brokers using [[stomp|STOMP]]\'s simple text-based messaging commands.',
+ "[[stomp|STOMP]] over [[websockets|WebSocket]] allows browser clients to {{mqtt-connect|connect}} to message brokers using [[stomp|STOMP]]'s simple text-based messaging commands.",
howTheyWork:
- 'The browser establishes a [[websockets|WebSocket]] connection to the {{broker|message broker}} (e.g., RabbitMQ with [[stomp|STOMP]] plugin, or Spring\'s [[stomp|STOMP]] broker). [[stomp|STOMP]] text frames ({{mqtt-connect|CONNECT}}, SEND, {{mqtt-subscribe|SUBSCRIBE}}, MESSAGE) are sent as [[websockets|WebSocket]] text messages. [[stomp|STOMP]]\'s {{http-method|HTTP}}-like text format makes it especially natural to carry over [[websockets|WebSocket]], requiring minimal client-side code.',
- leftRole: '[[stomp|STOMP]] provides the text-based messaging commands for sending, subscribing, and acknowledging messages.',
- rightRole: '[[websockets|WebSocket]] provides the browser-compatible bidirectional channel that carries [[stomp|STOMP]] frames.'
+ "The browser establishes a [[websockets|WebSocket]] connection to the {{broker|message broker}} (e.g., RabbitMQ with [[stomp|STOMP]] plugin, or Spring's [[stomp|STOMP]] broker). [[stomp|STOMP]] text frames ({{mqtt-connect|CONNECT}}, SEND, {{mqtt-subscribe|SUBSCRIBE}}, MESSAGE) are sent as [[websockets|WebSocket]] text messages. [[stomp|STOMP]]'s {{http-method|HTTP}}-like text format makes it especially natural to carry over [[websockets|WebSocket]], requiring minimal client-side code.",
+ leftRole:
+ '[[stomp|STOMP]] provides the text-based messaging commands for sending, subscribing, and acknowledging messages.',
+ rightRole:
+ '[[websockets|WebSocket]] provides the browser-compatible bidirectional channel that carries [[stomp|STOMP]] frames.'
},
{
ids: ['websockets', 'xmpp'],
@@ -1691,8 +2571,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[xmpp|XMPP]] over [[websockets|WebSocket]] enables browser-based chat clients to participate in the [[xmpp|XMPP]] network without long-polling hacks like BOSH.',
howTheyWork:
'The browser opens a [[websockets|WebSocket]] connection to the [[xmpp|XMPP]] server using the [[xmpp|XMPP]] sub-protocol ([[rfc:7395|RFC 7395]]). [[xmpp|XMPP]] stanzas (message, presence, iq) are sent as [[websockets|WebSocket]] text frames, providing the same real-time {{xml|XML}} stream as a native [[tcp|TCP]] [[xmpp|XMPP]] connection. This replaces the older BOSH (Bidirectional-streams Over Synchronous {{http-method|HTTP}}) approach with a cleaner, lower-{{latency|latency}} transport.',
- leftRole: '[[websockets|WebSocket]] provides the persistent, low-{{latency|latency}} bidirectional transport between browser and [[xmpp|XMPP]] server.',
- rightRole: '[[xmpp|XMPP]] provides the messaging semantics β presence, roster, stanzas, and {{federation|federation}}.'
+ leftRole:
+ '[[websockets|WebSocket]] provides the persistent, low-{{latency|latency}} bidirectional transport between browser and [[xmpp|XMPP]] server.',
+ rightRole:
+ '[[xmpp|XMPP]] provides the messaging semantics β presence, roster, stanzas, and {{federation|federation}}.'
},
// ββ Real-time A/V ββββββββββββββββββββββββββββββββββββββββββββ
@@ -1704,8 +2586,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[sdp|SDP]] describes the parameters of an [[rtp|RTP]] session β codecs, {{payload|payload}} types, ports, and addresses β so both endpoints agree on how to send and receive media.',
howTheyWork:
'Before [[rtp|RTP]] media can flow, endpoints {{exchange|exchange}} [[sdp|SDP]] descriptions (via [[sip|SIP]], [[webrtc|WebRTC]] {{signaling|signaling}}, or other means) that specify the [[ip|IP]] addresses, port numbers, codecs, and {{payload|payload}} type mappings for each media stream. [[rtp|RTP]] then uses these negotiated parameters to deliver audio and video packets between the endpoints.',
- leftRole: '[[rtp|RTP]] carries the actual audio and video media packets using parameters negotiated by [[sdp|SDP]].',
- rightRole: '[[sdp|SDP]] describes the session parameters (codecs, ports, addresses) that configure the [[rtp|RTP]] streams.'
+ leftRole:
+ '[[rtp|RTP]] carries the actual audio and video media packets using parameters negotiated by [[sdp|SDP]].',
+ rightRole:
+ '[[sdp|SDP]] describes the session parameters (codecs, ports, addresses) that configure the [[rtp|RTP]] streams.'
},
{
ids: ['rtp', 'sip'],
@@ -1714,8 +2598,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[sip|SIP]] establishes and manages call sessions (ringing, answering, hanging up), while [[rtp|RTP]] carries the actual audio and video media during the call.',
howTheyWork:
'[[sip|SIP]] handles call {{signaling|signaling}} β {{sip-invite|INVITE}} to initiate, 200 OK to accept, BYE to terminate β and carries [[sdp|SDP]] in its message bodies to negotiate media parameters. Once the [[sip|SIP]] {{signaling|signaling}} establishes a session, [[rtp|RTP]] streams flow directly between the media endpoints on the ports and codecs specified by [[sdp|SDP]]. [[sip|SIP]] manages the call lifecycle; [[rtp|RTP]] handles the media.',
- leftRole: '[[rtp|RTP]] carries the real-time audio and video streams between endpoints during the call.',
- rightRole: '[[sip|SIP]] provides the {{signaling|signaling}} to establish, modify, and tear down the call session.'
+ leftRole:
+ '[[rtp|RTP]] carries the real-time audio and video streams between endpoints during the call.',
+ rightRole:
+ '[[sip|SIP]] provides the {{signaling|signaling}} to establish, modify, and tear down the call session.'
},
{
ids: ['rtp', 'webrtc'],
@@ -1724,8 +2610,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[webrtc|WebRTC]] uses {{srtp|SRTP}} (Secure [[rtp|RTP]]) as its media transport, encrypting all audio and video packets with {{dtls|DTLS}}-derived keys for secure {{peer-to-peer|peer-to-peer}} communication.',
howTheyWork:
'[[webrtc|WebRTC]] establishes a peer connection using {{ice|ICE}} for {{nat|NAT}} traversal and {{dtls|DTLS}} for key {{exchange|exchange}}. Once the secure channel is established, audio and video are transmitted as {{srtp|SRTP}} packets β [[rtp|RTP]] with {{aes|AES}} {{encryption|encryption}}. [[webrtc|WebRTC]] mandates {{srtp|SRTP}} (not plain [[rtp|RTP]]) to ensure all media is encrypted end-to-end by default.',
- leftRole: '[[rtp|RTP]] (as {{srtp|SRTP}}) carries the encrypted audio and video packets between [[webrtc|WebRTC]] peers.',
- rightRole: '[[webrtc|WebRTC]] provides the peer connection framework, {{ice|ICE}} negotiation, and {{dtls|DTLS}} key {{exchange|exchange}} around {{srtp|SRTP}}.'
+ leftRole:
+ '[[rtp|RTP]] (as {{srtp|SRTP}}) carries the encrypted audio and video packets between [[webrtc|WebRTC]] peers.',
+ rightRole:
+ '[[webrtc|WebRTC]] provides the peer connection framework, {{ice|ICE}} negotiation, and {{dtls|DTLS}} key {{exchange|exchange}} around {{srtp|SRTP}}.'
},
{
ids: ['sctp', 'webrtc'],
@@ -1733,9 +2621,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[webrtc|WebRTC]] data channels use [[sctp|SCTP]] tunneled over {{dtls|DTLS}} to provide reliable, ordered, and configurable message delivery between peers.',
howTheyWork:
- '[[webrtc|WebRTC]] establishes a {{dtls|DTLS}} connection over the {{ice|ICE}}-negotiated path, then runs [[sctp|SCTP]] on top of that {{dtls|DTLS}} tunnel. Each data channel maps to an [[sctp|SCTP]] stream, and [[sctp|SCTP]]\'s multi-stream support allows independent channels without {{head-of-line-blocking|head-of-line blocking}}. Channels can be configured as reliable/ordered or unreliable/unordered per-channel.',
- leftRole: '[[sctp|SCTP]] provides the multi-stream, message-oriented transport with configurable reliability for each data channel.',
- rightRole: '[[webrtc|WebRTC]] provides the peer connection, {{dtls|DTLS}} {{encryption|encryption}}, and {{ice|ICE}} traversal that [[sctp|SCTP]] runs over.'
+ "[[webrtc|WebRTC]] establishes a {{dtls|DTLS}} connection over the {{ice|ICE}}-negotiated path, then runs [[sctp|SCTP]] on top of that {{dtls|DTLS}} tunnel. Each data channel maps to an [[sctp|SCTP]] stream, and [[sctp|SCTP]]'s multi-stream support allows independent channels without {{head-of-line-blocking|head-of-line blocking}}. Channels can be configured as reliable/ordered or unreliable/unordered per-channel.",
+ leftRole:
+ '[[sctp|SCTP]] provides the multi-stream, message-oriented transport with configurable reliability for each data channel.',
+ rightRole:
+ '[[webrtc|WebRTC]] provides the peer connection, {{dtls|DTLS}} {{encryption|encryption}}, and {{ice|ICE}} traversal that [[sctp|SCTP]] runs over.'
},
{
ids: ['sdp', 'sip'],
@@ -1744,8 +2634,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[sip|SIP]] carries [[sdp|SDP]] payloads in its {{sip-invite|INVITE}} and response messages to negotiate the media parameters (codecs, ports, addresses) for a call session.',
howTheyWork:
'When a [[sip|SIP]] client sends an {{sip-invite|INVITE}}, it includes an [[sdp|SDP]] offer in the message body describing its supported codecs, [[ip|IP]] address, and port. The callee responds with a [[sip|SIP]] 200 OK containing an [[sdp|SDP]] answer with its own media capabilities. This offer/answer {{exchange|exchange}} within [[sip|SIP]] messages establishes the agreed-upon parameters for the subsequent [[rtp|RTP]] media streams.',
- leftRole: '[[sdp|SDP]] provides the session description format that specifies codecs, ports, and media parameters.',
- rightRole: '[[sip|SIP]] provides the {{signaling|signaling}} protocol that carries [[sdp|SDP]] offers and answers in its messages.'
+ leftRole:
+ '[[sdp|SDP]] provides the session description format that specifies codecs, ports, and media parameters.',
+ rightRole:
+ '[[sip|SIP]] provides the {{signaling|signaling}} protocol that carries [[sdp|SDP]] offers and answers in its messages.'
},
{
ids: ['sdp', 'webrtc'],
@@ -1754,8 +2646,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[webrtc|WebRTC]] uses [[sdp|SDP]] in its offer/answer model to negotiate media capabilities, {{ice|ICE}} candidates, and {{dtls|DTLS}} fingerprints between peers.',
howTheyWork:
'When a [[webrtc|WebRTC]] peer connection is created, the browser generates an [[sdp|SDP]] offer describing supported codecs, {{ice|ICE}} candidates, {{dtls|DTLS}} fingerprints, and media directions. This [[sdp|SDP]] is sent to the remote peer via an application-defined {{signaling|signaling}} channel. The remote peer generates an [[sdp|SDP]] answer, and both sides apply the negotiated parameters to configure their media and data channels.',
- leftRole: '[[sdp|SDP]] describes the session parameters β codecs, {{ice|ICE}} candidates, and {{dtls|DTLS}} fingerprints β for [[webrtc|WebRTC]] negotiation.',
- rightRole: '[[webrtc|WebRTC]] provides the peer connection {{api|API}} that generates, exchanges, and applies [[sdp|SDP]] descriptions.'
+ leftRole:
+ '[[sdp|SDP]] describes the session parameters β codecs, {{ice|ICE}} candidates, and {{dtls|DTLS}} fingerprints β for [[webrtc|WebRTC]] negotiation.',
+ rightRole:
+ '[[webrtc|WebRTC]] provides the peer connection {{api|API}} that generates, exchanges, and applies [[sdp|SDP]] descriptions.'
},
// ββ Utility / Other ββββββββββββββββββββββββββββββββββββββββββ
@@ -1767,8 +2661,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[dhcp|DHCP]] provides [[dns|DNS]] server addresses to clients as part of network configuration, telling devices where to send their [[dns|DNS]] queries.',
howTheyWork:
'When a device joins a network, [[dhcp|DHCP]] assigns it an [[ip|IP]] address along with other configuration including the [[dns|DNS]] server addresses (option 6 in DHCPv4). The client then uses these [[dns|DNS]] server addresses for all subsequent name resolution. Without [[dhcp|DHCP]] providing this information, clients would need manually configured [[dns|DNS]] servers.',
- leftRole: '[[dhcp|DHCP]] provides network configuration including the [[dns|DNS]] server addresses clients should use.',
- rightRole: '[[dns|DNS]] provides name resolution services at the server addresses distributed by [[dhcp|DHCP]].'
+ leftRole:
+ '[[dhcp|DHCP]] provides network configuration including the [[dns|DNS]] server addresses clients should use.',
+ rightRole:
+ '[[dns|DNS]] provides name resolution services at the server addresses distributed by [[dhcp|DHCP]].'
},
{
ids: ['dns', 'smtp'],
@@ -1777,8 +2673,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[smtp|SMTP]] relies on [[dns|DNS]] {{mx-record|MX}} (Mail Exchanger) records to determine which mail server should receive email for a given domain.',
howTheyWork:
'When an [[smtp|SMTP]] server needs to deliver mail to user@example.com, it queries [[dns|DNS]] for the {{mx-record|MX}} records of example.com. [[dns|DNS]] returns one or more mail server hostnames with priority values. The [[smtp|SMTP]] server then resolves those hostnames to [[ip|IP]] addresses (A/{{aaaa-record|AAAA}} records) and connects to the highest-priority server to deliver the message.',
- leftRole: '[[dns|DNS]] provides the {{mx-record|MX record}} lookups that map email domains to their mail server hostnames.',
- rightRole: '[[smtp|SMTP]] uses {{mx-record|MX}} records from [[dns|DNS]] to route and deliver email to the correct destination mail server.'
+ leftRole:
+ '[[dns|DNS]] provides the {{mx-record|MX record}} lookups that map email domains to their mail server hostnames.',
+ rightRole:
+ '[[smtp|SMTP]] uses {{mx-record|MX}} records from [[dns|DNS]] to route and deliver email to the correct destination mail server.'
},
{
ids: ['ftp', 'ssh'],
@@ -1787,18 +2685,22 @@ const relationshipPairs: ProtocolPair[] = [
'{{sftp|SFTP}} ([[ssh|SSH]] File Transfer Protocol) runs entirely within an [[ssh|SSH]] channel, providing encrypted file transfer with strong authentication as a secure replacement for [[ftp|FTP]].',
howTheyWork:
'{{sftp|SFTP}} is a subsystem of [[ssh|SSH]], not a variant of [[ftp|FTP]] β it uses a completely different binary protocol. The client establishes an [[ssh|SSH]] connection with key-based or password authentication, then opens an {{sftp|SFTP}} subsystem channel. All file operations (list, upload, download, rename, delete) are sent as binary {{sftp|SFTP}} packets within the encrypted [[ssh|SSH]] tunnel on a single port (22).',
- leftRole: '[[ftp|FTP]]-style file operations (list, get, put, delete) are provided by the {{sftp|SFTP}} subsystem within [[ssh|SSH]].',
- rightRole: '[[ssh|SSH]] provides the encrypted tunnel, authentication, and channel {{multiplexing|multiplexing}} that {{sftp|SFTP}} runs inside.'
+ leftRole:
+ '[[ftp|FTP]]-style file operations (list, get, put, delete) are provided by the {{sftp|SFTP}} subsystem within [[ssh|SSH]].',
+ rightRole:
+ '[[ssh|SSH]] provides the encrypted tunnel, authentication, and channel {{multiplexing|multiplexing}} that {{sftp|SFTP}} runs inside.'
},
{
ids: ['http3', 'quic'],
type: 'relationship',
summary:
- '[[http3|HTTP/3]] is the first major protocol built specifically for [[quic|QUIC]], mapping {{http-method|HTTP}} semantics onto [[quic|QUIC]]\'s multiplexed, encrypted streams for head-of-line-blocking-free web delivery.',
+ "[[http3|HTTP/3]] is the first major protocol built specifically for [[quic|QUIC]], mapping {{http-method|HTTP}} semantics onto [[quic|QUIC]]'s multiplexed, encrypted streams for head-of-line-blocking-free web delivery.",
howTheyWork:
'[[http3|HTTP/3]] maps each {{request-response|request-response}} {{exchange|exchange}} to an independent [[quic|QUIC]] stream. [[quic|QUIC]] provides reliable, ordered delivery per-stream with [[tls|TLS]] 1.3 {{encryption|encryption}}, {{connection-migration|connection migration}}, and {{zero-rtt|0-RTT}} resumption. Unlike [[http2|HTTP/2]] over [[tcp|TCP]], losing a packet on one stream does not block others β each [[quic|QUIC]] stream is independently reliable.',
- leftRole: '[[http3|HTTP/3]] provides the {{http-method|HTTP}} semantics (methods, headers, status codes) and {{qpack|QPACK}} header compression.',
- rightRole: '[[quic|QUIC]] provides the multiplexed, encrypted transport with per-stream reliability and fast connection setup.'
+ leftRole:
+ '[[http3|HTTP/3]] provides the {{http-method|HTTP}} semantics (methods, headers, status codes) and {{qpack|QPACK}} header compression.',
+ rightRole:
+ '[[quic|QUIC]] provides the multiplexed, encrypted transport with per-stream reliability and fast connection setup.'
},
{
ids: ['quic', 'tcp'],
@@ -1806,9 +2708,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[quic|QUIC]] is designed as a modern replacement for the [[tcp|TCP]]+[[tls|TLS]] stack, providing reliable, multiplexed, encrypted transport over [[udp|UDP]] with faster connection setup.',
howTheyWork:
- '[[quic|QUIC]] implements the reliability, ordering, and {{congestion-control|congestion control}} features of [[tcp|TCP]] but runs over [[udp|UDP]] datagrams to avoid kernel-level [[tcp|TCP]] limitations and middlebox interference. It integrates [[tls|TLS]] 1.3 directly into its {{handshake|handshake}} (achieving {{one-rtt|1-RTT}} or {{zero-rtt|0-RTT}} setup) and provides independent stream {{multiplexing|multiplexing}} that eliminates [[tcp|TCP]]\'s {{head-of-line-blocking|head-of-line blocking}} problem.',
- leftRole: '[[quic|QUIC]] provides the modern multiplexed, encrypted transport that aims to supersede [[tcp|TCP]]+[[tls|TLS]].',
- rightRole: '[[tcp|TCP]] provides the traditional reliable transport that [[quic|QUIC]] was designed to replace and improve upon.'
+ "[[quic|QUIC]] implements the reliability, ordering, and {{congestion-control|congestion control}} features of [[tcp|TCP]] but runs over [[udp|UDP]] datagrams to avoid kernel-level [[tcp|TCP]] limitations and middlebox interference. It integrates [[tls|TLS]] 1.3 directly into its {{handshake|handshake}} (achieving {{one-rtt|1-RTT}} or {{zero-rtt|0-RTT}} setup) and provides independent stream {{multiplexing|multiplexing}} that eliminates [[tcp|TCP]]'s {{head-of-line-blocking|head-of-line blocking}} problem.",
+ leftRole:
+ '[[quic|QUIC]] provides the modern multiplexed, encrypted transport that aims to supersede [[tcp|TCP]]+[[tls|TLS]].',
+ rightRole:
+ '[[tcp|TCP]] provides the traditional reliable transport that [[quic|QUIC]] was designed to replace and improve upon.'
},
{
ids: ['rest', 'sse'],
@@ -1816,9 +2720,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[sse|SSE]] is commonly used within [[rest|REST]] APIs to add a server-push capability, streaming real-time updates to clients over a standard {{http-method|HTTP}} connection.',
howTheyWork:
- 'A [[rest|REST]] {{api|API}} exposes an [[sse|SSE]] endpoint (e.g., GET /events) that returns a text/event-stream response. The client connects using the {{eventsource|EventSource API}} and receives server-pushed events as they occur, while continuing to use regular [[rest|REST]] endpoints for queries and mutations. [[sse|SSE]] complements [[rest|REST]]\'s {{request-response|request-response}} model by adding unidirectional real-time updates.',
- leftRole: '[[rest|REST]] provides the {{request-response|request-response}} {{api|API}} structure that [[sse|SSE]] endpoints are integrated into.',
- rightRole: '[[sse|SSE]] provides the server-push streaming mechanism that extends [[rest|REST]] with real-time event delivery.'
+ "A [[rest|REST]] {{api|API}} exposes an [[sse|SSE]] endpoint (e.g., GET /events) that returns a text/event-stream response. The client connects using the {{eventsource|EventSource API}} and receives server-pushed events as they occur, while continuing to use regular [[rest|REST]] endpoints for queries and mutations. [[sse|SSE]] complements [[rest|REST]]'s {{request-response|request-response}} model by adding unidirectional real-time updates.",
+ leftRole:
+ '[[rest|REST]] provides the {{request-response|request-response}} {{api|API}} structure that [[sse|SSE]] endpoints are integrated into.',
+ rightRole:
+ '[[sse|SSE]] provides the server-push streaming mechanism that extends [[rest|REST]] with real-time event delivery.'
},
// ββ BGP relationships βββββββββββββββββββββββββββββββββββββββ
@@ -1827,9 +2733,9 @@ const relationshipPairs: ProtocolPair[] = [
ids: ['bgp', 'tcp'],
type: 'relationship',
summary:
- '[[bgp|BGP]] runs over [[tcp|TCP]] port 179, relying on [[tcp|TCP]]\'s reliable delivery to guarantee that routing updates are never lost, duplicated, or reordered between autonomous systems.',
+ "[[bgp|BGP]] runs over [[tcp|TCP]] port 179, relying on [[tcp|TCP]]'s reliable delivery to guarantee that routing updates are never lost, duplicated, or reordered between autonomous systems.",
howTheyWork:
- '[[bgp|BGP]] peers establish a [[tcp|TCP]] connection on port 179 before exchanging OPEN messages. All subsequent {{bgp-update|UPDATE}}, {{bgp-keepalive|KEEPALIVE}}, and {{notification|NOTIFICATION}} messages flow over this persistent [[tcp|TCP]] connection. [[tcp|TCP]]\'s reliability is critical because a lost route announcement could create routing loops or black holes in the internet.',
+ "[[bgp|BGP]] peers establish a [[tcp|TCP]] connection on port 179 before exchanging OPEN messages. All subsequent {{bgp-update|UPDATE}}, {{bgp-keepalive|KEEPALIVE}}, and {{notification|NOTIFICATION}} messages flow over this persistent [[tcp|TCP]] connection. [[tcp|TCP]]'s reliability is critical because a lost route announcement could create routing loops or black holes in the internet.",
leftRole:
'[[bgp|BGP]] provides the routing logic β path selection, {{autonomous-system|AS}} path attributes, and network reachability advertisements between autonomous systems.',
rightRole:
@@ -1839,7 +2745,7 @@ const relationshipPairs: ProtocolPair[] = [
ids: ['bgp', 'dns'],
type: 'relationship',
summary:
- '[[bgp|BGP]] determines how [[ip|IP]] packets are routed between networks, while [[dns|DNS]] translates domain names to the [[ip|IP]] addresses that [[bgp|BGP]] routes. Together they form the internet\'s addressing and reachability system.',
+ "[[bgp|BGP]] determines how [[ip|IP]] packets are routed between networks, while [[dns|DNS]] translates domain names to the [[ip|IP]] addresses that [[bgp|BGP]] routes. Together they form the internet's addressing and reachability system.",
howTheyWork:
'[[dns|DNS]] resolves domain names to [[ip|IP]] addresses, and [[bgp|BGP]] determines how to reach those [[ip|IP]] addresses across {{autonomous-system|autonomous system}} boundaries. When a [[dns|DNS]] query returns an [[ip|IP]], the packets follow [[bgp|BGP]]-established routes to reach it. [[dns|DNS]] {{anycast|anycast}} relies on [[bgp|BGP]] to advertise the same [[ip|IP]] prefix from multiple geographic locations.',
leftRole:
@@ -1868,7 +2774,7 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[icmp|ICMP]] reports network-level errors for [[tcp|TCP]] connections β when a [[tcp|TCP]] segment cannot be delivered, an [[icmp|ICMP]] Destination Unreachable message tells the sender why.',
howTheyWork:
- 'When a [[tcp|TCP]] {{syn-cookies|SYN}} reaches a host with no listening service, the host sends back [[icmp|ICMP]] Port Unreachable (Type 3, Code 3). When a router can\'t forward a [[tcp|TCP]] packet, it sends [[icmp|ICMP]] Network Unreachable. [[tcp|TCP]] {{path-mtu-discovery|Path MTU Discovery}} relies on [[icmp|ICMP]] Packet Too Big messages to determine the {{mss|maximum segment size}} without {{fragmentation|fragmentation}}.',
+ "When a [[tcp|TCP]] {{syn-cookies|SYN}} reaches a host with no listening service, the host sends back [[icmp|ICMP]] Port Unreachable (Type 3, Code 3). When a router can't forward a [[tcp|TCP]] packet, it sends [[icmp|ICMP]] Network Unreachable. [[tcp|TCP]] {{path-mtu-discovery|Path MTU Discovery}} relies on [[icmp|ICMP]] Packet Too Big messages to determine the {{mss|maximum segment size}} without {{fragmentation|fragmentation}}.",
leftRole:
'[[icmp|ICMP]] provides error reporting and diagnostics β notifying [[tcp|TCP]] of unreachable destinations, {{ttl|TTL}} expiry, and {{mtu|MTU}} constraints.',
rightRole:
@@ -1883,11 +2789,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[imap|IMAP]] uses [[tcp|TCP]] for reliable delivery of email commands, message data, and mailbox state synchronization between clients and servers.',
howTheyWork:
- 'An [[imap|IMAP]] client opens a [[tcp|TCP]] connection to the mail server on port 993 (with [[tls|TLS]]) or 143 (plaintext). The tagged command-response protocol requires [[tcp|TCP]]\'s reliable, ordered delivery to ensure command tags match responses correctly. [[imap|IMAP]]\'s {{imap-idle|IDLE}} mode keeps the [[tcp|TCP]] connection open for real-time server-push notifications.',
+ "An [[imap|IMAP]] client opens a [[tcp|TCP]] connection to the mail server on port 993 (with [[tls|TLS]]) or 143 (plaintext). The tagged command-response protocol requires [[tcp|TCP]]'s reliable, ordered delivery to ensure command tags match responses correctly. [[imap|IMAP]]'s {{imap-idle|IDLE}} mode keeps the [[tcp|TCP]] connection open for real-time server-push notifications.",
leftRole:
'[[imap|IMAP]] provides the email retrieval protocol β mailbox selection, message fetching, searching, and flag management.',
rightRole:
- '[[tcp|TCP]] provides the reliable, persistent connection that [[imap|IMAP]]\'s {{stateful|stateful}}, tagged command-response dialogue requires.'
+ "[[tcp|TCP]] provides the reliable, persistent connection that [[imap|IMAP]]'s {{stateful|stateful}}, tagged command-response dialogue requires."
},
{
ids: ['imap', 'tls'],
@@ -1910,7 +2816,7 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[arp|ARP]] resolves [[ip|IP]] addresses to {{mac-address|MAC}} addresses so that [[ethernet|Ethernet]] frames can be addressed correctly on the local network.',
howTheyWork:
- 'When a host needs to send an [[ip|IP]] packet to a local destination, it first checks its [[arp|ARP]] cache for the destination\'s {{mac-address|MAC address}}. On a cache miss, it broadcasts an [[arp|ARP]] Request (EtherType 0x0806) to all devices on the [[ethernet|Ethernet]] segment. The target host replies with its {{mac-address|MAC address}}, which is cached for future [[ethernet|Ethernet]] frame construction.',
+ "When a host needs to send an [[ip|IP]] packet to a local destination, it first checks its [[arp|ARP]] cache for the destination's {{mac-address|MAC address}}. On a cache miss, it broadcasts an [[arp|ARP]] Request (EtherType 0x0806) to all devices on the [[ethernet|Ethernet]] segment. The target host replies with its {{mac-address|MAC address}}, which is cached for future [[ethernet|Ethernet]] frame construction.",
leftRole:
'[[arp|ARP]] provides the [[ip|IP]]-to-{{mac-address|MAC}} resolution mechanism that makes [[ethernet|Ethernet]] delivery possible for [[ip|IP]] traffic.',
rightRole:
@@ -1924,7 +2830,7 @@ const relationshipPairs: ProtocolPair[] = [
howTheyWork:
'[[ip|IP]] provides logical addressing for routing packets across networks, but the last hop to the destination requires a physical {{mac-address|MAC address}}. [[arp|ARP]] translates the destination [[ip|IP]] address to the corresponding {{mac-address|MAC address}} on the local segment. Without [[arp|ARP]], [[ip|IP]] packets could be routed to the correct network but never delivered to the correct host.',
leftRole:
- '[[arp|ARP]] resolves [[ip|IP]]\'s logical addresses to the hardware addresses needed for local delivery.',
+ "[[arp|ARP]] resolves [[ip|IP]]'s logical addresses to the hardware addresses needed for local delivery.",
rightRole:
'[[ip|IP]] provides the logical addressing that [[arp|ARP]] resolves β every [[arp|ARP]] request asks "who has this [[ip|IP]] address?"'
},
@@ -1932,13 +2838,13 @@ const relationshipPairs: ProtocolPair[] = [
ids: ['ip', 'ethernet'],
type: 'relationship',
summary:
- '[[ip|IP]] packets are encapsulated inside [[ethernet|Ethernet]] frames for delivery on local networks β [[ethernet|Ethernet]] is [[ip|IP]]\'s Layer 2 carrier on wired LANs.',
+ "[[ip|IP]] packets are encapsulated inside [[ethernet|Ethernet]] frames for delivery on local networks β [[ethernet|Ethernet]] is [[ip|IP]]'s Layer 2 carrier on wired LANs.",
howTheyWork:
- 'When an [[ip|IP]] packet needs to traverse a local [[ethernet|Ethernet]] segment, it is placed inside an [[ethernet|Ethernet]] frame (EtherType 0x0800 for [[ip|IPv4]]). The [[ethernet|Ethernet]] frame\'s destination {{mac-address|MAC}} is either the final host (if local) or the {{default-gateway|default gateway}} router. At each router hop, the [[ip|IP]] header stays the same but the [[ethernet|Ethernet]] frame is stripped and rebuilt with new {{mac-address|MAC}} addresses.',
+ "When an [[ip|IP]] packet needs to traverse a local [[ethernet|Ethernet]] segment, it is placed inside an [[ethernet|Ethernet]] frame (EtherType 0x0800 for [[ip|IPv4]]). The [[ethernet|Ethernet]] frame's destination {{mac-address|MAC}} is either the final host (if local) or the {{default-gateway|default gateway}} router. At each router hop, the [[ip|IP]] header stays the same but the [[ethernet|Ethernet]] frame is stripped and rebuilt with new {{mac-address|MAC}} addresses.",
leftRole:
'[[ip|IP]] provides logical addressing, routing decisions, and {{ttl|TTL}} management for end-to-end packet delivery.',
rightRole:
- '[[ethernet|Ethernet]] provides the physical framing and {{mac-address|MAC}}-based delivery for each hop of the [[ip|IP]] packet\'s journey.'
+ "[[ethernet|Ethernet]] provides the physical framing and {{mac-address|MAC}}-based delivery for each hop of the [[ip|IP]] packet's journey."
},
{
ids: ['ip', 'wifi'],
@@ -1956,13 +2862,13 @@ const relationshipPairs: ProtocolPair[] = [
ids: ['ip', 'tcp'],
type: 'relationship',
summary:
- '[[tcp|TCP]] provides reliable, ordered streams on top of [[ip|IP]]\'s best-effort packet delivery β together they form [[tcp|TCP]]/[[ip|IP]], the foundation of the internet.',
+ "[[tcp|TCP]] provides reliable, ordered streams on top of [[ip|IP]]'s best-effort packet delivery β together they form [[tcp|TCP]]/[[ip|IP]], the foundation of the internet.",
howTheyWork:
'[[ip|IP]] handles addressing and routing packets between {{hosts-bare|hosts}}, but provides no guarantees about delivery, ordering, or duplication. [[tcp|TCP]] adds reliability on top: sequence numbers track byte order, acknowledgments confirm delivery, and {{retransmission|retransmission}} recovers lost packets. Every [[tcp|TCP]] segment is encapsulated in an [[ip|IP]] packet (protocol number 6).',
leftRole:
'[[ip|IP]] provides the addressing and hop-by-hop routing that delivers packets across networks.',
rightRole:
- '[[tcp|TCP]] provides reliable, ordered, {{connection-oriented|connection-oriented}} byte streams over [[ip|IP]]\'s unreliable datagram service.'
+ "[[tcp|TCP]] provides reliable, ordered, {{connection-oriented|connection-oriented}} byte streams over [[ip|IP]]'s unreliable datagram service."
},
{
ids: ['ip', 'udp'],
@@ -1980,13 +2886,13 @@ const relationshipPairs: ProtocolPair[] = [
ids: ['ip', 'icmp'],
type: 'relationship',
summary:
- '[[icmp|ICMP]] is [[ip|IP]]\'s diagnostic companion β it reports routing errors, measures reachability, and discovers path {{mtu|MTU}}, all encapsulated directly in [[ip|IP]] packets.',
+ "[[icmp|ICMP]] is [[ip|IP]]'s diagnostic companion β it reports routing errors, measures reachability, and discovers path {{mtu|MTU}}, all encapsulated directly in [[ip|IP]] packets.",
howTheyWork:
- '[[icmp|ICMP]] messages are encapsulated in [[ip|IP]] packets with protocol number 1 (not [[tcp|TCP]] or [[udp|UDP]]). When a router can\'t deliver an [[ip|IP]] packet ({{ttl|TTL}} expired, destination unreachable, {{fragmentation|fragmentation}} needed), it sends an [[icmp|ICMP]] message back to the sender. Ping ({{echo-request|Echo Request}}/Reply) and {{traceroute|traceroute}} ({{ttl|TTL}}-based hop discovery) are the most common [[icmp|ICMP]] operations.',
+ "[[icmp|ICMP]] messages are encapsulated in [[ip|IP]] packets with protocol number 1 (not [[tcp|TCP]] or [[udp|UDP]]). When a router can't deliver an [[ip|IP]] packet ({{ttl|TTL}} expired, destination unreachable, {{fragmentation|fragmentation}} needed), it sends an [[icmp|ICMP]] message back to the sender. Ping ({{echo-request|Echo Request}}/Reply) and {{traceroute|traceroute}} ({{ttl|TTL}}-based hop discovery) are the most common [[icmp|ICMP]] operations.",
leftRole:
'[[ip|IP]] provides the packet delivery that [[icmp|ICMP]] both rides on and diagnoses problems within.',
rightRole:
- '[[icmp|ICMP]] provides error reporting and diagnostics for [[ip|IP]]\'s routing infrastructure.'
+ "[[icmp|ICMP]] provides error reporting and diagnostics for [[ip|IP]]'s routing infrastructure."
},
// ββ JSON-RPC relationships ββββββββββββββββββββββββββββββββββ
@@ -1998,8 +2904,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[json-rpc|JSON-RPC]] commonly rides over [[http1|HTTP]] POST β the {{http-method|HTTP}} layer handles transport while [[json-rpc|JSON-RPC]] defines the structured method-call semantics inside the body.',
howTheyWork:
'The client sends a [[json-rpc|JSON-RPC]] request as the body of an [[http1|HTTP]] POST to a single endpoint (e.g., /rpc). The {{content-type|Content-Type}} is application/json. The server processes the [[json-rpc|JSON-RPC]] call and returns the result in the {{http-method|HTTP}} response body. Unlike [[rest|REST]], the {{http-method|HTTP method}} is always POST and the {{url|URL}} is always the same β all routing happens via the method field inside the {{json|JSON}}.',
- leftRole: '[[http1|HTTP]] provides the {{request-response|request-response}} transport, connection management, and [[tls|TLS]] {{encryption|encryption}} for [[json-rpc|JSON-RPC]] calls.',
- rightRole: '[[json-rpc|JSON-RPC]] provides the method dispatch, parameter passing, error handling, and batch semantics inside the {{http-method|HTTP}} body.'
+ leftRole:
+ '[[http1|HTTP]] provides the {{request-response|request-response}} transport, connection management, and [[tls|TLS]] {{encryption|encryption}} for [[json-rpc|JSON-RPC]] calls.',
+ rightRole:
+ '[[json-rpc|JSON-RPC]] provides the method dispatch, parameter passing, error handling, and batch semantics inside the {{http-method|HTTP}} body.'
},
{
ids: ['json-rpc', 'websockets'],
@@ -2008,18 +2916,22 @@ const relationshipPairs: ProtocolPair[] = [
'[[json-rpc|JSON-RPC]] over [[websockets|WebSockets]] enables bidirectional {{rpc|RPC}} β both client and server can initiate method calls and send notifications over the persistent connection.',
howTheyWork:
'After the [[websockets|WebSocket]] {{handshake|handshake}} upgrades the {{http-method|HTTP}} connection, both sides can send [[json-rpc|JSON-RPC]] messages at any time. The client sends requests; the server responds. But the server can also send notifications (no id) or even its own requests to the client β something impossible over plain {{http-method|HTTP}}. This is how {{lsp|Language Server Protocol}} (LSP) sends diagnostics and how [[mcp|MCP]] servers push progress updates.',
- leftRole: '[[json-rpc|JSON-RPC]] provides the structured call semantics β method names, parameters, results, errors, and notifications.',
- rightRole: '[[websockets|WebSockets]] provides the persistent, {{full-duplex|full-duplex}} transport that enables server-initiated [[json-rpc|JSON-RPC]] messages.'
+ leftRole:
+ '[[json-rpc|JSON-RPC]] provides the structured call semantics β method names, parameters, results, errors, and notifications.',
+ rightRole:
+ '[[websockets|WebSockets]] provides the persistent, {{full-duplex|full-duplex}} transport that enables server-initiated [[json-rpc|JSON-RPC]] messages.'
},
{
ids: ['json-rpc', 'sse'],
type: 'relationship',
summary:
- '[[json-rpc|JSON-RPC]] can use [[sse|SSE]] for streaming server responses β the client sends requests via {{http-method|HTTP}} POST and receives streamed results as server-sent events, as used by [[mcp|MCP]]\'s Streamable {{http-method|HTTP}} transport.',
+ "[[json-rpc|JSON-RPC]] can use [[sse|SSE]] for streaming server responses β the client sends requests via {{http-method|HTTP}} POST and receives streamed results as server-sent events, as used by [[mcp|MCP]]'s Streamable {{http-method|HTTP}} transport.",
howTheyWork:
- 'In [[mcp|MCP]]\'s Streamable {{http-method|HTTP}} transport, a client sends a [[json-rpc|JSON-RPC]] request as an {{http-method|HTTP}} POST. The server can respond with a normal {{json|JSON}} response or upgrade to an [[sse|SSE]] stream ({{content-type|Content-Type}}: text/event-stream), sending incremental results and notifications as events. This gives [[json-rpc|JSON-RPC]] streaming capabilities without requiring a full [[websockets|WebSocket]] connection.',
- leftRole: '[[json-rpc|JSON-RPC]] provides the method-call structure and request/response correlation via the id field.',
- rightRole: '[[sse|SSE]] provides the server-push streaming mechanism for delivering incremental [[json-rpc|JSON-RPC]] results and notifications.'
+ "In [[mcp|MCP]]'s Streamable {{http-method|HTTP}} transport, a client sends a [[json-rpc|JSON-RPC]] request as an {{http-method|HTTP}} POST. The server can respond with a normal {{json|JSON}} response or upgrade to an [[sse|SSE]] stream ({{content-type|Content-Type}}: text/event-stream), sending incremental results and notifications as events. This gives [[json-rpc|JSON-RPC]] streaming capabilities without requiring a full [[websockets|WebSocket]] connection.",
+ leftRole:
+ '[[json-rpc|JSON-RPC]] provides the method-call structure and request/response correlation via the id field.',
+ rightRole:
+ '[[sse|SSE]] provides the server-push streaming mechanism for delivering incremental [[json-rpc|JSON-RPC]] results and notifications.'
},
// ββ MCP relationships ββββββββββββββββββββββββββββββββββββββ
@@ -2030,29 +2942,35 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[mcp|MCP]] uses [[json-rpc|JSON-RPC]] 2.0 as its wire format β every [[mcp|MCP]] message (initialize, tools/call, notifications) is a [[json-rpc|JSON-RPC]] request, response, or {{notification|notification}}.',
howTheyWork:
- '[[mcp|MCP]] defines the method names (initialize, tools/list, tools/call, resources/read) and their parameter schemas, while [[json-rpc|JSON-RPC]] provides the framing β the id field for {{request-response|request-response}} correlation, the error object format, and the {{notification|notification}} pattern (no id = no response). [[mcp|MCP]]\'s three-step {{handshake|handshake}} is three [[json-rpc|JSON-RPC]] messages: a request, a response, and a {{notification|notification}}.',
- leftRole: '[[json-rpc|JSON-RPC]] provides the wire format β request/response correlation, error codes, notifications, and transport-agnostic framing.',
- rightRole: '[[mcp|MCP]] defines the semantic methods (tools, resources, prompts, {{sampling|sampling}}) and their parameter schemas on top of [[json-rpc|JSON-RPC]].'
+ "[[mcp|MCP]] defines the method names (initialize, tools/list, tools/call, resources/read) and their parameter schemas, while [[json-rpc|JSON-RPC]] provides the framing β the id field for {{request-response|request-response}} correlation, the error object format, and the {{notification|notification}} pattern (no id = no response). [[mcp|MCP]]'s three-step {{handshake|handshake}} is three [[json-rpc|JSON-RPC]] messages: a request, a response, and a {{notification|notification}}.",
+ leftRole:
+ '[[json-rpc|JSON-RPC]] provides the wire format β request/response correlation, error codes, notifications, and transport-agnostic framing.',
+ rightRole:
+ '[[mcp|MCP]] defines the semantic methods (tools, resources, prompts, {{sampling|sampling}}) and their parameter schemas on top of [[json-rpc|JSON-RPC]].'
},
{
ids: ['http1', 'mcp'],
type: 'relationship',
summary:
- '[[mcp|MCP]]\'s Streamable {{http-method|HTTP}} transport uses [[http1|HTTP]] POST for sending [[json-rpc|JSON-RPC]] messages, with optional [[sse|SSE]] upgrade for streaming responses.',
+ "[[mcp|MCP]]'s Streamable {{http-method|HTTP}} transport uses [[http1|HTTP]] POST for sending [[json-rpc|JSON-RPC]] messages, with optional [[sse|SSE]] upgrade for streaming responses.",
howTheyWork:
'In Streamable {{http-method|HTTP}} mode, the [[mcp|MCP]] client sends [[json-rpc|JSON-RPC]] requests as [[http1|HTTP]] POST bodies to a single endpoint (e.g., /mcp). The server can respond with a plain {{json|JSON}} response or upgrade to an [[sse|SSE]] stream for incremental results. The server assigns a session {{id-identifier|ID}} via the Mcp-Session-Id header for {{stateful|stateful}} session management.',
- leftRole: '[[http1|HTTP]] provides the {{request-response|request-response}} transport and connection management for remote [[mcp|MCP]] servers.',
- rightRole: '[[mcp|MCP]] defines the [[json-rpc|JSON-RPC]] methods and session semantics carried inside {{http-method|HTTP}} requests.'
+ leftRole:
+ '[[http1|HTTP]] provides the {{request-response|request-response}} transport and connection management for remote [[mcp|MCP]] servers.',
+ rightRole:
+ '[[mcp|MCP]] defines the [[json-rpc|JSON-RPC]] methods and session semantics carried inside {{http-method|HTTP}} requests.'
},
{
ids: ['mcp', 'sse'],
type: 'relationship',
summary:
- '[[mcp|MCP]]\'s Streamable {{http-method|HTTP}} transport uses [[sse|SSE]] to stream incremental tool results and server notifications back to the client.',
+ "[[mcp|MCP]]'s Streamable {{http-method|HTTP}} transport uses [[sse|SSE]] to stream incremental tool results and server notifications back to the client.",
howTheyWork:
- 'When an [[mcp|MCP]] server needs to stream results (e.g., a long-running tool or progress updates), it responds to the client\'s {{http-method|HTTP}} POST with {{content-type|Content-Type}}: text/event-stream instead of application/json. The server then sends [[json-rpc|JSON-RPC]] responses and notifications as [[sse|SSE]] events. This gives [[mcp|MCP]] streaming capabilities without requiring a persistent [[websockets|WebSocket]] connection.',
- leftRole: '[[mcp|MCP]] defines the [[json-rpc|JSON-RPC]] messages (progress notifications, partial results) that are streamed as events.',
- rightRole: '[[sse|SSE]] provides the {{http-method|HTTP}}-based streaming mechanism that delivers incremental [[mcp|MCP]] results to the client.'
+ "When an [[mcp|MCP]] server needs to stream results (e.g., a long-running tool or progress updates), it responds to the client's {{http-method|HTTP}} POST with {{content-type|Content-Type}}: text/event-stream instead of application/json. The server then sends [[json-rpc|JSON-RPC]] responses and notifications as [[sse|SSE]] events. This gives [[mcp|MCP]] streaming capabilities without requiring a persistent [[websockets|WebSocket]] connection.",
+ leftRole:
+ '[[mcp|MCP]] defines the [[json-rpc|JSON-RPC]] messages (progress notifications, partial results) that are streamed as events.',
+ rightRole:
+ '[[sse|SSE]] provides the {{http-method|HTTP}}-based streaming mechanism that delivers incremental [[mcp|MCP]] results to the client.'
},
// ββ A2A relationships ββββββββββββββββββββββββββββββββββββββ
@@ -2063,9 +2981,11 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[a2a|A2A]] uses [[json-rpc|JSON-RPC]] 2.0 as its wire format β agent messages (message/send, message/stream) are [[json-rpc|JSON-RPC]] requests, and task results are [[json-rpc|JSON-RPC]] responses.',
howTheyWork:
- '[[a2a|A2A]] defines the method names (message/send, message/stream) and their parameter schemas, while [[json-rpc|JSON-RPC]] provides the wire framing. The [[a2a|A2A]] client sends a [[json-rpc|JSON-RPC]] request with a user message, and the server responds with a Task object containing status and artifacts. [[json-rpc|JSON-RPC]]\'s id field correlates multi-turn conversations.',
- leftRole: '[[a2a|A2A]] defines the agent communication semantics β messages, tasks, parts, artifacts, and the task lifecycle state machine.',
- rightRole: '[[json-rpc|JSON-RPC]] provides the request/response framing, error handling, and {{notification|notification}} support for [[a2a|A2A]] messages.'
+ "[[a2a|A2A]] defines the method names (message/send, message/stream) and their parameter schemas, while [[json-rpc|JSON-RPC]] provides the wire framing. The [[a2a|A2A]] client sends a [[json-rpc|JSON-RPC]] request with a user message, and the server responds with a Task object containing status and artifacts. [[json-rpc|JSON-RPC]]'s id field correlates multi-turn conversations.",
+ leftRole:
+ '[[a2a|A2A]] defines the agent communication semantics β messages, tasks, parts, artifacts, and the task lifecycle state machine.',
+ rightRole:
+ '[[json-rpc|JSON-RPC]] provides the request/response framing, error handling, and {{notification|notification}} support for [[a2a|A2A]] messages.'
},
{
ids: ['a2a', 'http1'],
@@ -2074,8 +2994,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[a2a|A2A]] runs entirely over [[http1|HTTP]] β agent discovery (GET /.well-known/agent.json), task communication (POST), and push notifications (webhooks) all use standard {{http-method|HTTP}}.',
howTheyWork:
'Agent Cards are served as static {{json|JSON}} at the well-known {{http-method|HTTP}} {{url|URL}}. Task messages are sent as [[json-rpc|JSON-RPC]] payloads in {{http-method|HTTP}} POST requests. For streaming, the server responds with {{content-type|Content-Type}}: text/event-stream ([[sse|SSE]]). Push notifications use {{http-method|HTTP}} POST to a client-provided webhook {{url|URL}}. All communication is standard {{http-method|HTTP}} that works through proxies, load balancers, and CDNs.',
- leftRole: '[[a2a|A2A]] defines the agent discovery, task management, and collaboration semantics layered on {{http-method|HTTP}}.',
- rightRole: '[[http1|HTTP]] provides the universal transport β GET for discovery, POST for messages, [[sse|SSE]] for streaming, webhooks for push.'
+ leftRole:
+ '[[a2a|A2A]] defines the agent discovery, task management, and collaboration semantics layered on {{http-method|HTTP}}.',
+ rightRole:
+ '[[http1|HTTP]] provides the universal transport β GET for discovery, POST for messages, [[sse|SSE]] for streaming, webhooks for push.'
},
{
ids: ['a2a', 'sse'],
@@ -2084,8 +3006,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[a2a|A2A]] uses [[sse|SSE]] to stream task status updates and artifact delivery in real-time via the message/stream method.',
howTheyWork:
'When a client calls message/stream instead of message/send, the [[a2a|A2A]] server responds with a text/event-stream. As the agent works, it pushes TaskStatusUpdateEvent (state changes like "working" β "completed") and TaskArtifactUpdateEvent (incremental results) as [[sse|SSE]] events. This allows clients to show real-time progress without polling.',
- leftRole: '[[a2a|A2A]] defines the event types (TaskStatusUpdate, TaskArtifactUpdate) that are streamed to the client.',
- rightRole: '[[sse|SSE]] provides the {{http-method|HTTP}}-based streaming transport for delivering real-time [[a2a|A2A]] task updates.'
+ leftRole:
+ '[[a2a|A2A]] defines the event types (TaskStatusUpdate, TaskArtifactUpdate) that are streamed to the client.',
+ rightRole:
+ '[[sse|SSE]] provides the {{http-method|HTTP}}-based streaming transport for delivering real-time [[a2a|A2A]] task updates.'
},
{
ids: ['a2a', 'mcp'],
@@ -2094,8 +3018,10 @@ const relationshipPairs: ProtocolPair[] = [
'[[mcp|MCP]] equips individual agents with tool access; [[a2a|A2A]] enables those equipped agents to collaborate. Together they form the two-protocol foundation of agentic {{ai|AI}}.',
howTheyWork:
'In a multi-agent system, [[a2a|A2A]] handles high-level coordination β Agent A uses message/send to delegate a sub-task to Agent B. Agent B then uses [[mcp|MCP]] internally to call database tools, read file resources, or invoke APIs to fulfill the task. Agent B returns results to Agent A via [[a2a|A2A]] artifacts. [[mcp|MCP]] is vertical (agent-to-tools), [[a2a|A2A]] is horizontal (agent-to-agent).',
- leftRole: '[[a2a|A2A]] provides the inter-agent communication layer β discovery, delegation, task lifecycle, and result delivery.',
- rightRole: '[[mcp|MCP]] provides the tool integration layer β each agent uses [[mcp|MCP]] to access the tools and data it needs to fulfill tasks.'
+ leftRole:
+ '[[a2a|A2A]] provides the inter-agent communication layer β discovery, delegation, task lifecycle, and result delivery.',
+ rightRole:
+ '[[mcp|MCP]] provides the tool integration layer β each agent uses [[mcp|MCP]] to access the tools and data it needs to fulfill tasks.'
},
// ββ SOAP relationships ββββββββββββββββββββββββββββββββββββββ
@@ -2158,7 +3084,7 @@ const relationshipPairs: ProtocolPair[] = [
ids: ['dns', 'ip'],
type: 'relationship',
summary:
- '[[dns|DNS]] is the phone book for [[ip|IP]]\'s address space β it translates human-readable names into the 32-bit or 128-bit addresses that [[ip|IP]] needs to route packets.',
+ "[[dns|DNS]] is the phone book for [[ip|IP]]'s address space β it translates human-readable names into the 32-bit or 128-bit addresses that [[ip|IP]] needs to route packets.",
howTheyWork:
'When an application needs to {{mqtt-connect|connect}} to a hostname, it queries [[dns|DNS]], which returns one or more [[ip|IP]] addresses. The operating system then uses [[ip|IP]] to construct packets with the resolved destination address. Without [[dns|DNS]], users would need to memorize numerical addresses; without [[ip|IP]], the resolved addresses would have nowhere to route to.',
leftRole:
@@ -2184,7 +3110,7 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'Production [[soap|SOAP]] services run over HTTPS, with [[tls|TLS]] encrypting the {{xml|XML}} envelopes in {{transit|transit}}. [[soap|SOAP]] also has its own WS-Security layer for message-level {{encryption|encryption}} and signing.',
howTheyWork:
- '[[tls|TLS]] provides transport-level {{encryption|encryption}} for [[soap|SOAP]] messages sent over HTTPS β protecting the entire {{http-method|HTTP}} request including the {{xml|XML}} envelope. For end-to-end security through intermediaries, [[soap|SOAP]]\'s WS-Security standard adds message-level {{encryption|encryption}} and digital signatures within the [[soap|SOAP]] Header, allowing parts of the message to remain encrypted even when [[tls|TLS]] terminates at a load balancer.',
+ "[[tls|TLS]] provides transport-level {{encryption|encryption}} for [[soap|SOAP]] messages sent over HTTPS β protecting the entire {{http-method|HTTP}} request including the {{xml|XML}} envelope. For end-to-end security through intermediaries, [[soap|SOAP]]'s WS-Security standard adds message-level {{encryption|encryption}} and digital signatures within the [[soap|SOAP]] Header, allowing parts of the message to remain encrypted even when [[tls|TLS]] terminates at a load balancer.",
leftRole:
'[[soap|SOAP]] defines the {{xml|XML}} message format and can add message-level security via WS-Security headers for end-to-end protection.',
rightRole:
@@ -2235,7 +3161,7 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[tcp|TCP]] runs identically over [[ipv6|IPv6]] as over [[ip|IPv4]] β the same reliable byte-stream delivery, but [[ipv6|IPv6]] mandates that [[tcp|TCP]] perform {{checksum|checksum}} computation ([[ipv6|IPv6]] has no header {{checksum|checksum}}).',
howTheyWork:
- '[[tcp|TCP]] segments are encapsulated in [[ipv6|IPv6]] packets with Next Header value 6. The key difference from [[ip|IPv4]]: since [[ipv6|IPv6]] has no header {{checksum|checksum}}, the [[tcp|TCP]] {{checksum|checksum}} is mandatory (not optional). [[tcp|TCP]]\'s pseudo-header for {{checksum|checksum}} computation uses 128-bit addresses instead of 32-bit ones. Otherwise the connection setup, {{flow-control|flow control}}, and congestion algorithms are identical.',
+ "[[tcp|TCP]] segments are encapsulated in [[ipv6|IPv6]] packets with Next Header value 6. The key difference from [[ip|IPv4]]: since [[ipv6|IPv6]] has no header {{checksum|checksum}}, the [[tcp|TCP]] {{checksum|checksum}} is mandatory (not optional). [[tcp|TCP]]'s pseudo-header for {{checksum|checksum}} computation uses 128-bit addresses instead of 32-bit ones. Otherwise the connection setup, {{flow-control|flow control}}, and congestion algorithms are identical.",
leftRole:
'[[ipv6|IPv6]] provides 128-bit addressing and routing, carrying [[tcp|TCP]] segments in its {{payload|payload}} with Next Header=6.',
rightRole:
@@ -2247,7 +3173,7 @@ const relationshipPairs: ProtocolPair[] = [
summary:
'[[udp|UDP]] datagrams ride over [[ipv6|IPv6]] just as over [[ip|IPv4]], but with one key difference: the [[udp|UDP]] {{checksum|checksum}} is mandatory in [[ipv6|IPv6]] (it was optional in [[ip|IPv4]]).',
howTheyWork:
- '[[udp|UDP]] datagrams are carried in [[ipv6|IPv6]] packets with Next Header value 17. Because [[ipv6|IPv6]] eliminated the [[ip|IP]]-layer header {{checksum|checksum}}, [[udp|UDP]]\'s {{checksum|checksum}} became mandatory to ensure minimum integrity coverage. The {{checksum|checksum}} pseudo-header uses the full 128-bit source and destination addresses. Applications like [[dns|DNS]], [[dhcp|DHCPv6]], and real-time media use [[udp|UDP]] over [[ipv6|IPv6]].',
+ "[[udp|UDP]] datagrams are carried in [[ipv6|IPv6]] packets with Next Header value 17. Because [[ipv6|IPv6]] eliminated the [[ip|IP]]-layer header {{checksum|checksum}}, [[udp|UDP]]'s {{checksum|checksum}} became mandatory to ensure minimum integrity coverage. The {{checksum|checksum}} pseudo-header uses the full 128-bit source and destination addresses. Applications like [[dns|DNS]], [[dhcp|DHCPv6]], and real-time media use [[udp|UDP]] over [[ipv6|IPv6]].",
leftRole:
'[[ipv6|IPv6]] routes [[udp|UDP]] datagrams across networks using 128-bit addresses and Next Header=17.',
rightRole:
@@ -2307,12 +3233,13 @@ const relationshipPairs: ProtocolPair[] = [
// LOOKUP
// ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
-const allPairs: ProtocolPair[] = [...vsPairs, ...relationshipPairs];
+export const allPairs: ProtocolPair[] = [...vsPairs, ...relationshipPairs];
/** Map for O(1) lookup by canonical key "idA:idB" (alphabetically sorted). */
const pairMap = new Map();
for (const pair of allPairs) {
- const key = pair.ids[0] < pair.ids[1] ? `${pair.ids[0]}:${pair.ids[1]}` : `${pair.ids[1]}:${pair.ids[0]}`;
+ const key =
+ pair.ids[0] < pair.ids[1] ? `${pair.ids[0]}:${pair.ids[1]}` : `${pair.ids[1]}:${pair.ids[0]}`;
pairMap.set(key, pair);
}
@@ -2323,7 +3250,10 @@ export function getPair(idA: string, idB: string): ProtocolPair | null {
}
/** Get all pairs involving a given protocol, separated by type. */
-export function getPairsForProtocol(id: string): { vs: ProtocolPair[]; relationships: ProtocolPair[] } {
+export function getPairsForProtocol(id: string): {
+ vs: ProtocolPair[];
+ relationships: ProtocolPair[];
+} {
const vs: ProtocolPair[] = [];
const relationships: ProtocolPair[] = [];
for (const pair of allPairs) {
diff --git a/src/lib/data/concept-foundations.ts b/src/lib/data/concept-foundations.ts
index ddc1b92..0ce1f0c 100644
--- a/src/lib/data/concept-foundations.ts
+++ b/src/lib/data/concept-foundations.ts
@@ -29,7 +29,8 @@ The deeper trick is that protocols are **public**. They are described in plain t
A -->|"3. {{ack|ACK}}"| B
A -->|"4. Request"| B
B -->|"5. Response"| A`,
- caption: '[[tcp|TCP]] requires a {{three-way-handshake|three-way handshake}} before any data can flow. The order matters β both sides have to confirm the connection in writing before either can speak its mind.'
+ caption:
+ '[[tcp|TCP]] requires a {{three-way-handshake|three-way handshake}} before any data can flow. The order matters β both sides have to confirm the connection in writing before either can speak its mind.'
},
{
type: 'image',
@@ -74,7 +75,7 @@ The {{ietf|IETF}}'s job is not to invent these protocols. It is to **document th
title: 'Co-author of TCP/IP',
org: 'Stanford β DARPA β Google',
contribution:
- "With [[pioneer:bob-kahn|Bob Kahn]], the 1974 paper that coined the word \"internet\" and described a single protocol they would later split into [[tcp|TCP]] + [[ip|IP]]. Stewards of the protocol's growth across the next four decades.",
+ 'With [[pioneer:bob-kahn|Bob Kahn]], the 1974 paper that coined the word "internet" and described a single protocol they would later split into [[tcp|TCP]] + [[ip|IP]]. Stewards of the protocol\'s growth across the next four decades.',
imagePath:
'https://upload.wikimedia.org/wikipedia/commons/thumb/a/ae/Dr_Vint_Cerf_ForMemRS_%28cropped%29.jpg/330px-Dr_Vint_Cerf_ForMemRS_%28cropped%29.jpg'
},
@@ -188,7 +189,7 @@ The win was never about elegance β {{osi-model|OSI}}'s seven layers are arguab
{
type: 'callout',
title: 'Rough Consensus and Running Code',
- text: 'David Clark\'s 1992 {{ietf|IETF}} quote is the closest thing the internet community has to a national anthem. It says: standards are documents about behavior we have already shipped, not theories we hope someone will adopt. It is the reason new protocols appear as Internet Drafts with reference implementations, not as {{iso|ISO}} documents. And it is why β even in 2026 β every protocol in this lab traces back to a draft someone could install and run.'
+ text: "David Clark's 1992 {{ietf|IETF}} quote is the closest thing the internet community has to a national anthem. It says: standards are documents about behavior we have already shipped, not theories we hope someone will adopt. It is the reason new protocols appear as Internet Drafts with reference implementations, not as {{iso|ISO}} documents. And it is why β even in 2026 β every protocol in this lab traces back to a draft someone could install and run."
},
{
type: 'narrative',
@@ -240,7 +241,8 @@ Together: [[dns|DNS]] resolves the hostname β [[ip|IP]] routes the packet to t
[[dns|DNS]] -->|"[[dns|DNS]] resolves"| {{ip-address|IP}}
{{ip-address|IP}} -->|"[[arp|ARP]] / {{ndp|NDP}} resolves"| {{mac-address|MAC}}
{{mac-address|MAC}} -->|"{{os|OS}} demuxes"| Port`,
- caption: 'Each address layer answers a different question. [[dns|DNS]]: who. [[ip|IP]]: where. {{mac-address|MAC}}: which port on this switch. Port: which program.'
+ caption:
+ 'Each address layer answers a different question. [[dns|DNS]]: who. [[ip|IP]]: where. {{mac-address|MAC}}: which port on this switch. Port: which program.'
},
{
type: 'narrative',
@@ -288,7 +290,7 @@ This division of labour β [[ip|IP]] for end-to-end identity, MAC for hop-to-ho
{
type: 'callout',
title: 'Why an IP looks like four numbers',
- text: '[[ip|IPv4]] addresses are 32 bits, conventionally written as four decimal numbers separated by dots: \`192.0.2.5\` is just \`11000000.00000010.00000000.00000101\` in dotted-decimal. The notation is for humans. The router only sees the bits. When you write a {{cidr|CIDR}} prefix like \`192.0.2.0/24\`, the \`/24\` says "the first 24 bits are the network; the last 8 are the host" β a {{routing-table|routing table}} lookup compares those leading bits against its prefix entries to pick the next {{hop|hop}}.'
+ text: '[[ip|IPv4]] addresses are 32 bits, conventionally written as four decimal numbers separated by dots: `192.0.2.5` is just `11000000.00000010.00000000.00000101` in dotted-decimal. The notation is for humans. The router only sees the bits. When you write a {{cidr|CIDR}} prefix like `192.0.2.0/24`, the `/24` says "the first 24 bits are the network; the last 8 are the host" β a {{routing-table|routing table}} lookup compares those leading bits against its prefix entries to pick the next {{hop|hop}}.'
}
]
},
@@ -316,7 +318,8 @@ A {{packet|packet}} is a **self-contained unit** with a **header** (control info
D -->|"[[tcp|TCP]] wraps"| S
S -->|"{{ip-address|IP}} wraps"| P
P -->|"[[ethernet|Ethernet]] wraps"| F`,
- caption: 'Each layer adds its own header around the {{payload|payload}} from above. At the destination, headers are stripped in reverse order, and the original {{http-method|HTTP}} request is delivered to the application.'
+ caption:
+ 'Each layer adds its own header around the {{payload|payload}} from above. At the destination, headers are stripped in reverse order, and the original {{http-method|HTTP}} request is delivered to the application.'
},
{
type: 'image',
@@ -391,7 +394,8 @@ Three conventional ranges. **Well-known ports** (0β1023) are reserved for stan
{{os|OS}} -->|":443"| S["HTTPS Server"]
{{os|OS}} -->|":22"| [[ssh|SSH]]["[[ssh|SSH]] Daemon"]
OS -->|":5432"| DB["Database"]`,
- caption: 'The {{os|OS}} uses the destination port to deliver each packet to the right process. Multiple services share one [[ip|IP]] address; the port disambiguates.'
+ caption:
+ 'The {{os|OS}} uses the destination port to deliver each packet to the right process. Multiple services share one [[ip|IP]] address; the port disambiguates.'
},
{
type: 'image',
@@ -435,7 +439,7 @@ This is also why [[quic|QUIC]] runs over [[udp|UDP]] port 443 ([[http3|HTTP/3]])
{
type: 'callout',
title: 'How a load balancer works at the port level',
- text: 'A load balancer like nginx or HAProxy binds to port 443, accepts the inbound [[tcp|TCP]]/[[tls|TLS]] connection, then opens a **separate** outbound connection to one of N backend servers. From the client\'s perspective there is one connection; from the backends\' perspective there are many. The two connections are stitched together in user space. This is why the source [[ip|IP]] at the backend is the load balancer\'s, not the original client\'s, unless you explicitly forward it via the **PROXY protocol** or an {{header|HTTP header}} like \`X-Forwarded-For\`.'
+ text: "A load balancer like nginx or HAProxy binds to port 443, accepts the inbound [[tcp|TCP]]/[[tls|TLS]] connection, then opens a **separate** outbound connection to one of N backend servers. From the client's perspective there is one connection; from the backends' perspective there are many. The two connections are stitched together in user space. This is why the source [[ip|IP]] at the backend is the load balancer's, not the original client's, unless you explicitly forward it via the **PROXY protocol** or an {{header|HTTP header}} like `X-Forwarded-For`."
}
]
},
@@ -460,7 +464,8 @@ This tradeoff drives the entire protocol ecosystem. Web pages need reliability
definition: `graph LR
[[udp|UDP]]["[[udp|UDP]] No guarantees 8-byte header"] ---|"+ {{encryption|encryption}} + {{multiplexing|multiplexing}}"| [[quic|QUIC]]["[[quic|QUIC]] Per-stream reliability 0/{{one-rtt|1-RTT}} {{handshake|handshake}}"]
[[quic|QUIC]] ---|"+ ordered byte stream"| [[tcp|TCP]]["[[tcp|TCP]] Full reliability {{one-rtt|1-RTT}} {{handshake|handshake}}"]`,
- caption: 'Protocols sit on a {{spectrum|spectrum}} from raw speed ([[udp|UDP]]) to guaranteed delivery ([[tcp|TCP]]). [[quic|QUIC]] sits in between by giving each multiplexed stream its own reliability β so a lost packet only blocks one stream.'
+ caption:
+ 'Protocols sit on a {{spectrum|spectrum}} from raw speed ([[udp|UDP]]) to guaranteed delivery ([[tcp|TCP]]). [[quic|QUIC]] sits in between by giving each multiplexed stream its own reliability β so a lost packet only blocks one stream.'
},
{
type: 'narrative',
@@ -499,7 +504,8 @@ The principle they articulated β **conservation of packets** β has held up f
RC -->|"new {{ack|ACK}}"| CA
CA -->|"loss detected"| FR
CA -->|"timeout"| S0`,
- caption: 'The four-phase loop every [[tcp|TCP]] {{congestion-control|congestion controller}} has used since 1988. Modern algorithms ({{cubic|CUBIC}}, {{bbr|BBR}}) replace the linear growth in {{congestion-avoidance|Congestion Avoidance}} with their own curves, but the overall shape is unchanged.'
+ caption:
+ 'The four-phase loop every [[tcp|TCP]] {{congestion-control|congestion controller}} has used since 1988. Modern algorithms ({{cubic|CUBIC}}, {{bbr|BBR}}) replace the linear growth in {{congestion-avoidance|Congestion Avoidance}} with their own curves, but the overall shape is unchanged.'
},
{
type: 'narrative',
@@ -546,7 +552,8 @@ BBRv1 hit ~4% mean throughput improvement on YouTube globally, more than 14% in
C2021 --> C2023a["2023 {{bbrv3|BBRv3}} default for {{google|google}}.com / YouTube"]
C2021 --> C2023b["Jan 2023 {{l4s|L4S}} [[rfc:9330|RFC 9330]]/9331/9332"]
C2023b --> C2025["Jan 2025 Comcast {{l4s|L4S}} in production"]`,
- caption: 'Every [[tcp|TCP]] congestion controller is a chapter in the story Jacobson started. Modern transports β {{cubic|CUBIC}}, {{bbr|BBR}}, {{l4s|L4S}}, RACK-TLP β are each refinements of the same conservation-of-packets principle, adapted to different network realities.'
+ caption:
+ 'Every [[tcp|TCP]] congestion controller is a chapter in the story Jacobson started. Modern transports β {{cubic|CUBIC}}, {{bbr|BBR}}, {{l4s|L4S}}, RACK-TLP β are each refinements of the same conservation-of-packets principle, adapted to different network realities.'
},
{
type: 'narrative',
@@ -592,7 +599,8 @@ Second, **trust is concentrated**. The server can be hardened, audited, monitore
P3 <--> P1
end
CS ~~~ P2P`,
- caption: 'Client-server centralises control through one authority. {{peer-to-peer|P2P}} connects nodes directly β more resilient but harder to coordinate.'
+ caption:
+ 'Client-server centralises control through one authority. {{peer-to-peer|P2P}} connects nodes directly β more resilient but harder to coordinate.'
},
{
type: 'image',
@@ -668,9 +676,9 @@ The combination is what makes the modern web tractable. You use slow asymmetric
{
type: 'image',
src: 'https://upload.wikimedia.org/wikipedia/commons/thumb/f/fb/Asymmetric_Cryptography.svg/500px-Asymmetric_Cryptography.svg.png',
- alt: 'Public-key cryptography: sender encrypts with the recipient\'s public key; recipient decrypts with their matching private key.',
+ alt: "Public-key cryptography: sender encrypts with the recipient's public key; recipient decrypts with their matching private key.",
caption:
- '{{public-key|Public-key}} cryptography. Anyone can {{encryption|encrypt}} a message using the recipient\'s {{public-key|public key}} (which is shared openly). Only the recipient β the holder of the matching {{private-key|private key}} β can decrypt it. This solves the key-distribution problem that defeated symmetric ciphers for centuries.',
+ "{{public-key|Public-key}} cryptography. Anyone can {{encryption|encrypt}} a message using the recipient's {{public-key|public key}} (which is shared openly). Only the recipient β the holder of the matching {{private-key|private key}} β can decrypt it. This solves the key-distribution problem that defeated symmetric ciphers for centuries.",
credit: 'Diagram: Wikimedia Commons / public domain'
},
{
@@ -685,7 +693,8 @@ The combination is what makes the modern web tractable. You use slow asymmetric
C2["Client"] <-->|"{{aes|AES}} / ChaCha20 encrypted"| S2["Server"]
end
{{handshake|Handshake}} -->|"shared secret"| Data`,
- caption: '[[tls|TLS]] uses slow {{asymmetric-encryption|asymmetric crypto}} to safely {{exchange|exchange}} a session key, then switches to fast {{symmetric-encryption|symmetric encryption}} for all data. The {{handshake|handshake}} is a few hundred bytes; the data can be gigabytes.'
+ caption:
+ '[[tls|TLS]] uses slow {{asymmetric-encryption|asymmetric crypto}} to safely {{exchange|exchange}} a session key, then switches to fast {{symmetric-encryption|symmetric encryption}} for all data. The {{handshake|handshake}} is a few hundred bytes; the data can be gigabytes.'
},
{
type: 'image',
@@ -751,7 +760,8 @@ In April 2025, {{google|Google}} published **Agent-to-Agent Protocol** β [[a2a
{{stdio|STDIO}}["{{stdio|stdio}} (local)"]
end
Wire -.-> Transport`,
- caption: '{{ai|AI}} protocols sit at the application layer, using [[json-rpc|JSON-RPC]] 2.0 as their wire format and {{http-method|HTTP}} (or {{stdio|stdio}}) as their transport. [[mcp|MCP]] connects agents to tools; [[a2a|A2A]] connects agents to each other.'
+ caption:
+ '{{ai|AI}} protocols sit at the application layer, using [[json-rpc|JSON-RPC]] 2.0 as their wire format and {{http-method|HTTP}} (or {{stdio|stdio}}) as their transport. [[mcp|MCP]] connects agents to tools; [[a2a|A2A]] connects agents to each other.'
},
{
type: 'narrative',
diff --git a/src/lib/data/concepts.ts b/src/lib/data/concepts.ts
index f658cbe..77dae1f 100644
--- a/src/lib/data/concepts.ts
+++ b/src/lib/data/concepts.ts
@@ -41,7 +41,7 @@ export const concepts: Concept[] = [
id: 'imp',
term: 'IMP (Interface Message Processor)',
definition:
- "The refrigerator-sized minicomputers (modified Honeywell DDP-516s) built by {{bbn|BBN}} that served as {{arpanet|ARPANET}}'s first routers. The IMP at UCLA processed the very first ARPANET message on October 29, 1969 β the network's \"Hello World.\"",
+ 'The refrigerator-sized minicomputers (modified Honeywell DDP-516s) built by {{bbn|BBN}} that served as {{arpanet|ARPANET}}\'s first routers. The IMP at UCLA processed the very first ARPANET message on October 29, 1969 β the network\'s "Hello World."',
analogy:
'The original router, but the size of a wardrobe and humming loud enough to fill a room.',
wikiUrl: 'https://en.wikipedia.org/wiki/Interface_Message_Processor',
@@ -71,7 +71,7 @@ export const concepts: Concept[] = [
id: 'bbn',
term: 'BBN (Bolt, Beranek and Newman)',
definition:
- "The Cambridge, Mass. consultancy that won the {{arpanet|ARPANET}} hardware contract in 1968 and built the {{imp|IMPs}}. BBN also wrote the first @-sign email program ([[pioneer:ray-tomlinson|Ray Tomlinson]], 1971) and much of the early internet plumbing. Now part of RTX (Raytheon Technologies).",
+ 'The Cambridge, Mass. consultancy that won the {{arpanet|ARPANET}} hardware contract in 1968 and built the {{imp|IMPs}}. BBN also wrote the first @-sign email program ([[pioneer:ray-tomlinson|Ray Tomlinson]], 1971) and much of the early internet plumbing. Now part of RTX (Raytheon Technologies).',
analogy:
'The Skunk Works of early networking β small team, contract by contract, no glamour, all of the foundations.',
wikiUrl: 'https://en.wikipedia.org/wiki/BBN_Technologies',
@@ -82,8 +82,7 @@ export const concepts: Concept[] = [
term: 'IANA (Internet Assigned Numbers Authority)',
definition:
'The function (not an organization) responsible for assigning unique numbers used by internet protocols β [[ip|IP]] address blocks, AS numbers, well-known port numbers, MIME types, character sets. Run single-handedly by [[pioneer:jon-postel|Jon Postel]] from his ISI office for over a decade; now operated by {{icann|ICANN}}.',
- analogy:
- 'The phone directory that prevents two countries from claiming the same area code.',
+ analogy: 'The phone directory that prevents two countries from claiming the same area code.',
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority',
category: 'infrastructure'
},
@@ -102,8 +101,7 @@ export const concepts: Concept[] = [
term: 'W3C (World Wide Web Consortium)',
definition:
'The standards body for the web, founded by [[pioneer:tim-berners-lee|Tim Berners-Lee]] in 1994 and hosted by MIT (and partners). Publishes the specs for HTML, CSS, the DOM, and dozens of related web technologies. Where the {{ietf|IETF}} does wire formats, the W3C does the layers above HTTP.',
- analogy:
- '{{ietf|IETF}} runs the rails, W3C runs the trains.',
+ analogy: '{{ietf|IETF}} runs the rails, W3C runs the trains.',
wikiUrl: 'https://en.wikipedia.org/wiki/World_Wide_Web_Consortium',
category: 'web'
},
@@ -112,8 +110,7 @@ export const concepts: Concept[] = [
term: 'ISOC (Internet Society)',
definition:
'Non-profit founded in 1992 to provide an organizational home for the {{ietf|IETF}} and to advocate for open internet policy worldwide. Funds the IETF Trust, supports the IRTF research arm, and runs programs on internet access, encryption, and routing security.',
- analogy:
- 'The fiscal sponsor and policy lobby for the people who actually write the protocols.',
+ analogy: 'The fiscal sponsor and policy lobby for the people who actually write the protocols.',
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Society',
category: 'infrastructure'
},
@@ -313,7 +310,8 @@ export const concepts: Concept[] = [
term: 'Connectionless',
definition:
'A communication mode where each packet is sent independently with no prior setup or guaranteed delivery (e.g., [[udp|UDP]]). Faster and simpler, but no ordering or reliability guarantees.',
- analogy: 'Like sending postcards β each one travels independently and might arrive out of order.',
+ analogy:
+ 'Like sending postcards β each one travels independently and might arrive out of order.',
wikiUrl: 'https://en.wikipedia.org/wiki/Connectionless_communication',
category: 'networking-basics'
},
@@ -468,8 +466,7 @@ export const concepts: Concept[] = [
term: 'Encryption',
definition:
'The process of converting readable data (plaintext) into unreadable data (ciphertext) using an algorithm and a key. Only someone with the correct key can decrypt it back.',
- analogy:
- 'Like writing a message in a secret code that only your friend knows how to decode.',
+ analogy: 'Like writing a message in a secret code that only your friend knows how to decode.',
wikiUrl: 'https://en.wikipedia.org/wiki/Encryption',
category: 'security'
},
@@ -538,7 +535,7 @@ export const concepts: Concept[] = [
id: 'certificate-authority',
term: 'Certificate Authority (CA)',
definition:
- 'An organisation trusted to issue digital certificates. CAs sign certificates after verifying the requester controls a domain (DV), an organisation (OV), or has been extended-validated (EV). Root CAs are pre-installed in browsers and operating systems; intermediate CAs sign on their behalf so the root key can stay offline. Let\'s Encrypt, DigiCert, Sectigo, GoDaddy, and Google Trust Services issue most public-web certificates.',
+ "An organisation trusted to issue digital certificates. CAs sign certificates after verifying the requester controls a domain (DV), an organisation (OV), or has been extended-validated (EV). Root CAs are pre-installed in browsers and operating systems; intermediate CAs sign on their behalf so the root key can stay offline. Let's Encrypt, DigiCert, Sectigo, GoDaddy, and Google Trust Services issue most public-web certificates.",
analogy:
'Like a notary public β a third party that the issuing world has agreed to trust, so a stamp from them means the document is what it claims to be.',
wikiUrl: 'https://en.wikipedia.org/wiki/Certificate_authority',
@@ -724,7 +721,7 @@ export const concepts: Concept[] = [
id: 'mtu',
term: 'MTU (Maximum Transmission Unit)',
definition:
- 'The largest packet size (in bytes) that a network link can carry. [[ethernet|Ethernet]] defaults to 1500 bytes. Packets larger than the MTU must be fragmented or dropped (if the Don\'t Fragment flag is set). Path MTU Discovery finds the smallest MTU along a route.',
+ "The largest packet size (in bytes) that a network link can carry. [[ethernet|Ethernet]] defaults to 1500 bytes. Packets larger than the MTU must be fragmented or dropped (if the Don't Fragment flag is set). Path MTU Discovery finds the smallest MTU along a route.",
analogy:
'Like the maximum box size a conveyor belt can handle β anything bigger must be split into smaller boxes.',
wikiUrl: 'https://en.wikipedia.org/wiki/Maximum_transmission_unit',
@@ -742,7 +739,7 @@ export const concepts: Concept[] = [
id: 'checksum',
term: 'Checksum',
definition:
- 'A small value computed from a block of data to detect transmission errors. [[tcp|TCP]], [[udp|UDP]], and [[ip|IP]] each include checksums in their headers. The receiver recomputes the checksum and drops the packet if it doesn\'t match.',
+ "A small value computed from a block of data to detect transmission errors. [[tcp|TCP]], [[udp|UDP]], and [[ip|IP]] each include checksums in their headers. The receiver recomputes the checksum and drops the packet if it doesn't match.",
analogy:
'Like a check digit on a credit card number β a quick math test that catches accidental typos.',
wikiUrl: 'https://en.wikipedia.org/wiki/Checksum',
@@ -752,7 +749,7 @@ export const concepts: Concept[] = [
id: 'proxy',
term: 'Proxy / Reverse Proxy',
definition:
- 'A proxy sits between client and server, forwarding requests on the client\'s behalf (hiding the client). A reverse proxy sits in front of servers, distributing incoming requests (hiding the servers). Used for caching, load balancing, and security.',
+ "A proxy sits between client and server, forwarding requests on the client's behalf (hiding the client). A reverse proxy sits in front of servers, distributing incoming requests (hiding the servers). Used for caching, load balancing, and security.",
analogy:
'A forward proxy is like a personal assistant making calls for you. A reverse proxy is like a receptionist directing visitors to the right office.',
wikiUrl: 'https://en.wikipedia.org/wiki/Reverse_proxy',
@@ -788,9 +785,9 @@ export const concepts: Concept[] = [
id: 'forward-secrecy',
term: 'Forward Secrecy',
definition:
- 'A property of key exchange protocols (like ECDHE) where compromising the server\'s long-term private key does not compromise past session keys. Each session generates unique ephemeral keys that are discarded after use.',
+ "A property of key exchange protocols (like ECDHE) where compromising the server's long-term private key does not compromise past session keys. Each session generates unique ephemeral keys that are discarded after use.",
analogy:
- 'Like using a different lock combination for every package β even if someone learns today\'s code, they cannot open yesterday\'s packages.',
+ "Like using a different lock combination for every package β even if someone learns today's code, they cannot open yesterday's packages.",
wikiUrl: 'https://en.wikipedia.org/wiki/Forward_secrecy',
category: 'security'
},
@@ -798,7 +795,7 @@ export const concepts: Concept[] = [
id: 'dtls',
term: 'DTLS (Datagram TLS)',
definition:
- 'A variant of [[tls|TLS]] designed for datagram protocols like [[udp|UDP]]. Provides the same encryption, authentication, and integrity guarantees as [[tls|TLS]], but handles packet loss and reordering that [[udp|UDP]] doesn\'t prevent. Used by [[webrtc|WebRTC]] and [[coap|CoAP]].',
+ "A variant of [[tls|TLS]] designed for datagram protocols like [[udp|UDP]]. Provides the same encryption, authentication, and integrity guarantees as [[tls|TLS]], but handles packet loss and reordering that [[udp|UDP]] doesn't prevent. Used by [[webrtc|WebRTC]] and [[coap|CoAP]].",
wikiUrl: 'https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security',
category: 'security'
},
@@ -870,8 +867,7 @@ export const concepts: Concept[] = [
term: 'Broadcast',
definition:
'A one-to-all transmission sent to every device on a local network segment. [[arp|ARP]] uses broadcast to find MAC addresses. [[ipv6|IPv6]] eliminates broadcast entirely, replacing it with multicast. Excessive broadcast traffic causes "broadcast storms."',
- analogy:
- 'Like a PA announcement in a building β everyone hears it, whether they care or not.',
+ analogy: 'Like a PA announcement in a building β everyone hears it, whether they care or not.',
wikiUrl: 'https://en.wikipedia.org/wiki/Broadcasting_(networking)',
category: 'networking-basics'
},
@@ -925,7 +921,7 @@ export const concepts: Concept[] = [
id: 'opacity',
term: 'Opacity (Agent Design)',
definition:
- 'A design principle where an agent\'s internal reasoning, tool usage, and prompt chains are hidden from external observers. In [[a2a|A2A]], agents are opaque β you see their skills and outputs (artifacts), not how they arrive at results. This enables agents from different vendors to interoperate without exposing proprietary logic.',
+ "A design principle where an agent's internal reasoning, tool usage, and prompt chains are hidden from external observers. In [[a2a|A2A]], agents are opaque β you see their skills and outputs (artifacts), not how they arrive at results. This enables agents from different vendors to interoperate without exposing proprietary logic.",
wikiUrl: 'https://a2a-protocol.org/latest/topics/key-concepts/',
category: 'protocol-mechanics'
},
@@ -1111,7 +1107,7 @@ export const concepts: Concept[] = [
id: 'tunnel',
term: 'Tunnel / Tunneling',
definition:
- 'Encapsulating one {{protocol|protocol}} inside another to carry traffic across a network that doesn\'t natively support it. For example, [[ssh|SSH]] tunnels wrap [[tcp|TCP]] traffic inside an encrypted [[ssh|SSH]] connection, and VPNs tunnel all traffic through an encrypted link. The outer protocol handles delivery; the inner protocol rides along as {{payload|payload}}.',
+ "Encapsulating one {{protocol|protocol}} inside another to carry traffic across a network that doesn't natively support it. For example, [[ssh|SSH]] tunnels wrap [[tcp|TCP]] traffic inside an encrypted [[ssh|SSH]] connection, and VPNs tunnel all traffic through an encrypted link. The outer protocol handles delivery; the inner protocol rides along as {{payload|payload}}.",
analogy:
'Like putting a letter inside a letter β the outer envelope gets it through the postal system, and the inner envelope carries the real message.',
wikiUrl: 'https://en.wikipedia.org/wiki/Tunneling_protocol',
@@ -1121,9 +1117,9 @@ export const concepts: Concept[] = [
id: 'vpn',
term: 'VPN (Virtual Private Network)',
definition:
- 'A technology that creates an encrypted {{tunnel|tunnel}} between your device and a VPN server, making all your traffic appear to originate from the server\'s [[ip|IP]] address. Used for privacy (hiding traffic from ISPs), security (protecting data on public [[wifi|Wi-Fi]]), and accessing remote networks (corporate VPNs). Common protocols include WireGuard, OpenVPN, and IPsec.',
+ "A technology that creates an encrypted {{tunnel|tunnel}} between your device and a VPN server, making all your traffic appear to originate from the server's [[ip|IP]] address. Used for privacy (hiding traffic from ISPs), security (protecting data on public [[wifi|Wi-Fi]]), and accessing remote networks (corporate VPNs). Common protocols include WireGuard, OpenVPN, and IPsec.",
analogy:
- 'Like a secret underground passage between two buildings β outsiders can\'t see what you\'re carrying or where you\'re really going.',
+ "Like a secret underground passage between two buildings β outsiders can't see what you're carrying or where you're really going.",
wikiUrl: 'https://en.wikipedia.org/wiki/Virtual_private_network',
category: 'security'
},
@@ -1179,7 +1175,7 @@ export const concepts: Concept[] = [
id: 'man-in-the-middle',
term: 'Man-in-the-Middle Attack (MITM)',
definition:
- 'An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are talking directly to each other. {{spoofing|ARP spoofing}} on a local network is a classic MITM vector. [[tls|TLS]] {{certificate|certificates}} prevent MITM by authenticating the server\'s identity.',
+ "An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are talking directly to each other. {{spoofing|ARP spoofing}} on a local network is a classic MITM vector. [[tls|TLS]] {{certificate|certificates}} prevent MITM by authenticating the server's identity.",
analogy:
'Like a postal worker secretly opening, reading, and resealing your letters β both you and the recipient think the envelope was never touched.',
wikiUrl: 'https://en.wikipedia.org/wiki/Man-in-the-middle_attack',
@@ -1339,7 +1335,7 @@ export const concepts: Concept[] = [
id: 'bdp',
term: 'BDP (Bandwidth-Delay Product)',
definition:
- 'The amount of data needed in flight to fully utilise a network path: bandwidth Γ round-trip time. The natural target size for a sender\'s congestion window. A 100 ms Γ 1 Gbps path has a 12.5 MB BDP.',
+ "The amount of data needed in flight to fully utilise a network path: bandwidth Γ round-trip time. The natural target size for a sender's congestion window. A 100 ms Γ 1 Gbps path has a 12.5 MB BDP.",
analogy:
'Like the volume of water needed to fill a hose end-to-end before flow becomes steady β short hose or low pressure means less water; long hose or high pressure means more.',
wikiUrl: 'https://en.wikipedia.org/wiki/Bandwidth-delay_product',
@@ -1357,7 +1353,7 @@ export const concepts: Concept[] = [
id: 'cubic',
term: 'CUBIC',
definition:
- 'The [[tcp|TCP]] congestion control algorithm that has been the Linux default since 2.6.19 (2006), Windows default since 2017, and is now Standards Track as [[rfc:9438|RFC 9438]] (2023). Replaces AIMD\'s linear ramp with a cubic function of time since the last loss β much friendlier to long fat pipes.',
+ "The [[tcp|TCP]] congestion control algorithm that has been the Linux default since 2.6.19 (2006), Windows default since 2017, and is now Standards Track as [[rfc:9438|RFC 9438]] (2023). Replaces AIMD's linear ramp with a cubic function of time since the last loss β much friendlier to long fat pipes.",
wikiUrl: 'https://en.wikipedia.org/wiki/CUBIC_TCP',
category: 'protocol-mechanics'
},
@@ -1365,7 +1361,7 @@ export const concepts: Concept[] = [
id: 'bbr',
term: 'BBR (Bottleneck Bandwidth and Round-trip)',
definition:
- 'Google\'s 2016 model-based congestion control. Instead of treating loss as the only signal, BBR estimates the path\'s bottleneck bandwidth and minimum RTT and paces packets to fully use the bandwidth without filling buffers. BBRv3 has been the default for google.com and YouTube since 2023.',
+ "Google's 2016 model-based congestion control. Instead of treating loss as the only signal, BBR estimates the path's bottleneck bandwidth and minimum RTT and paces packets to fully use the bandwidth without filling buffers. BBRv3 has been the default for google.com and YouTube since 2023.",
wikiUrl: 'https://en.wikipedia.org/wiki/TCP_congestion_control#TCP_BBR',
category: 'protocol-mechanics'
},
@@ -1389,7 +1385,7 @@ export const concepts: Concept[] = [
id: 'aqm',
term: 'AQM (Active Queue Management)',
definition:
- 'Algorithms that drop or mark packets in a router\'s queue *before* the queue fills up, signaling senders to slow down early instead of buffering data into seconds of latency. CoDel, FQ-CoDel, PIE, and the L4S DualQ Coupled AQM are modern examples; their absence is why bufferbloat exists.',
+ "Algorithms that drop or mark packets in a router's queue *before* the queue fills up, signaling senders to slow down early instead of buffering data into seconds of latency. CoDel, FQ-CoDel, PIE, and the L4S DualQ Coupled AQM are modern examples; their absence is why bufferbloat exists.",
wikiUrl: 'https://en.wikipedia.org/wiki/Active_queue_management',
category: 'protocol-mechanics'
},
@@ -1430,7 +1426,8 @@ export const concepts: Concept[] = [
term: 'Session Resumption',
definition:
"A handshake shortcut where a returning client and server skip the full key exchange by reusing parameters from a previous session, identified by a session ID or session ticket. Saves an entire round-trip and the cost of asymmetric crypto. Underpins [[tls|TLS]] 1.3's 1-RTT and 0-RTT resumption.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Transport_Layer_Security#Session_IDs_and_session_tickets',
+ wikiUrl:
+ 'https://en.wikipedia.org/wiki/Transport_Layer_Security#Session_IDs_and_session_tickets',
category: 'protocol-mechanics'
},
{
@@ -1537,7 +1534,7 @@ export const concepts: Concept[] = [
id: 'syn-flood',
term: 'SYN Flood',
definition:
- 'A denial-of-service attack that sends many [[tcp|TCP]] SYN packets without completing the handshake, exhausting the server\'s half-open-connection table. The attack first hit the public internet at Panix in September 1996 and motivated D. J. Bernstein to invent SYN cookies within days.',
+ "A denial-of-service attack that sends many [[tcp|TCP]] SYN packets without completing the handshake, exhausting the server's half-open-connection table. The attack first hit the public internet at Panix in September 1996 and motivated D. J. Bernstein to invent SYN cookies within days.",
wikiUrl: 'https://en.wikipedia.org/wiki/SYN_flood',
category: 'security'
},
@@ -1555,7 +1552,7 @@ export const concepts: Concept[] = [
id: 'same-origin-policy',
term: 'Same-Origin Policy',
definition:
- 'The browser\'s foundational security boundary: scripts loaded from one origin (scheme + host + port) cannot read responses from another origin without that origin\'s explicit consent. CORS, document.domain, postMessage, and Cookie SameSite are the carve-outs and escape valves built around it.',
+ "The browser's foundational security boundary: scripts loaded from one origin (scheme + host + port) cannot read responses from another origin without that origin's explicit consent. CORS, document.domain, postMessage, and Cookie SameSite are the carve-outs and escape valves built around it.",
wikiUrl: 'https://en.wikipedia.org/wiki/Same-origin_policy',
category: 'web'
},
@@ -1647,7 +1644,7 @@ export const concepts: Concept[] = [
definition:
'The property that you can answer arbitrary questions about a running system from the outside β typically by combining three signal types: *metrics* (numerical aggregates over time), *logs* (timestamped events), and *traces* (causally-linked spans across services). OpenTelemetry is the standard wire format.',
analogy:
- 'Like the difference between a car\'s dashboard (metrics: a few numbers you watch) and a black-box flight recorder (traces: a complete record you query after the fact). Observability is having both.',
+ "Like the difference between a car's dashboard (metrics: a few numbers you watch) and a black-box flight recorder (traces: a complete record you query after the fact). Observability is having both.",
wikiUrl: 'https://en.wikipedia.org/wiki/Observability_(software)',
category: 'infrastructure'
},
@@ -1673,7 +1670,7 @@ export const concepts: Concept[] = [
id: 'peering',
term: 'Peering',
definition:
- 'A bilateral interconnection between two networks where each agrees to exchange traffic destined for the other (and the other\'s customers) at no cost. Distinct from *transit*, where one network pays another for access to the rest of the internet. Public peering happens at IXPs; private peering is direct fibre between two AS edges.',
+ "A bilateral interconnection between two networks where each agrees to exchange traffic destined for the other (and the other's customers) at no cost. Distinct from *transit*, where one network pays another for access to the rest of the internet. Public peering happens at IXPs; private peering is direct fibre between two AS edges.",
wikiUrl: 'https://en.wikipedia.org/wiki/Peering',
category: 'networking-basics'
},
@@ -1689,7 +1686,7 @@ export const concepts: Concept[] = [
id: 'ixp',
term: 'IXP (Internet Exchange Point)',
definition:
- 'A neutral facility where many autonomous systems meet on a shared layer-2 fabric (typically [[ethernet|Ethernet]]) to exchange traffic via [[bgp|BGP]] without paying transit. AMS-IX, DE-CIX, and LINX move terabits per second. The IXP itself doesn\'t move traffic β it provides the meet-me room and the switch.',
+ "A neutral facility where many autonomous systems meet on a shared layer-2 fabric (typically [[ethernet|Ethernet]]) to exchange traffic via [[bgp|BGP]] without paying transit. AMS-IX, DE-CIX, and LINX move terabits per second. The IXP itself doesn't move traffic β it provides the meet-me room and the switch.",
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_exchange_point',
category: 'networking-basics'
},
@@ -1712,7 +1709,7 @@ export const concepts: Concept[] = [
id: 'ndp',
term: 'NDP (Neighbor Discovery Protocol)',
definition:
- "[[ipv6|IPv6]]'s replacement for [[arp|ARP]] plus router discovery, prefix discovery, and Duplicate Address Detection ([[rfc:4861|RFC 4861]]). Runs over ICMPv6 multicast on the local link. Where [[arp|ARP]] broadcasts \"who has 192.0.2.7?\", NDP sends a Neighbor Solicitation to a solicited-node multicast group β much more efficient.",
+ '[[ipv6|IPv6]]\'s replacement for [[arp|ARP]] plus router discovery, prefix discovery, and Duplicate Address Detection ([[rfc:4861|RFC 4861]]). Runs over ICMPv6 multicast on the local link. Where [[arp|ARP]] broadcasts "who has 192.0.2.7?", NDP sends a Neighbor Solicitation to a solicited-node multicast group β much more efficient.',
wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
category: 'networking-basics'
},
@@ -1721,7 +1718,8 @@ export const concepts: Concept[] = [
term: 'SLAAC (Stateless Address Autoconfiguration)',
definition:
"[[ipv6|IPv6]]'s mechanism ([[rfc:4862|RFC 4862]]) for hosts to generate their own globally-unique addresses without a [[dhcp|DHCP]] server. The router advertises a prefix; the host appends an interface identifier (EUI-64 or RFC 7217 stable-private). No server, no lease, no central state.",
- wikiUrl: 'https://en.wikipedia.org/wiki/[[ipv6|IPv6]]#Stateless_address_autoconfiguration_(SLAAC)',
+ wikiUrl:
+ 'https://en.wikipedia.org/wiki/[[ipv6|IPv6]]#Stateless_address_autoconfiguration_(SLAAC)',
category: 'networking-basics'
},
{
@@ -1736,7 +1734,7 @@ export const concepts: Concept[] = [
id: 'four-six-four-xlat',
term: '464XLAT',
definition:
- "An [[ipv6|IPv6]] transition mechanism ([[rfc:6877|RFC 6877]]) that lets [[ip|IPv4]]-only applications run on [[ipv6|IPv6]]-only access networks. A CLAT on the host translates [[ip|IPv4]] β [[ipv6|IPv6]]; a PLAT (NAT64) at the carrier edge translates [[ipv6|IPv6]] β [[ip|IPv4]]. Modern Android, iOS, macOS, and Windows 11 ship CLAT natively. Why your phone can be [[ipv6|IPv6]]-only without breaking ancient apps.",
+ 'An [[ipv6|IPv6]] transition mechanism ([[rfc:6877|RFC 6877]]) that lets [[ip|IPv4]]-only applications run on [[ipv6|IPv6]]-only access networks. A CLAT on the host translates [[ip|IPv4]] β [[ipv6|IPv6]]; a PLAT (NAT64) at the carrier edge translates [[ipv6|IPv6]] β [[ip|IPv4]]. Modern Android, iOS, macOS, and Windows 11 ship CLAT natively. Why your phone can be [[ipv6|IPv6]]-only without breaking ancient apps.',
wikiUrl: 'https://en.wikipedia.org/wiki/464XLAT',
category: 'networking-basics'
},
@@ -1754,7 +1752,7 @@ export const concepts: Concept[] = [
id: 'tcp-fin',
term: 'TCP FIN',
definition:
- "A [[tcp|TCP]] packet with the FIN flag set, signalling \"I'm done sending data β but I'll keep listening.\" The graceful counterpart to RST. A clean [[tcp|TCP]] close is a four-way exchange: FIN, ACK, FIN, ACK, with both sides able to half-close independently.",
+ 'A [[tcp|TCP]] packet with the FIN flag set, signalling "I\'m done sending data β but I\'ll keep listening." The graceful counterpart to RST. A clean [[tcp|TCP]] close is a four-way exchange: FIN, ACK, FIN, ACK, with both sides able to half-close independently.',
wikiUrl: 'https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_termination',
category: 'protocol-mechanics'
},
@@ -1762,15 +1760,16 @@ export const concepts: Concept[] = [
id: 'sack',
term: 'SACK (Selective Acknowledgment)',
definition:
- "A [[tcp|TCP]] option ([[rfc:2018|RFC 2018]], 1996) that lets the receiver tell the sender exactly which non-contiguous byte ranges have arrived β instead of the cumulative ACK only saying \"I have everything up to byte N.\" Lets the sender retransmit only what's missing, dramatically improving recovery on lossy paths. Universally supported.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Selective_acknowledgments',
+ 'A [[tcp|TCP]] option ([[rfc:2018|RFC 2018]], 1996) that lets the receiver tell the sender exactly which non-contiguous byte ranges have arrived β instead of the cumulative ACK only saying "I have everything up to byte N." Lets the sender retransmit only what\'s missing, dramatically improving recovery on lossy paths. Universally supported.',
+ wikiUrl:
+ 'https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Selective_acknowledgments',
category: 'protocol-mechanics'
},
{
id: 'window-scale',
term: 'Window Scale',
definition:
- "A [[tcp|TCP]] option ([[rfc:7323|RFC 7323]]) that lets the 16-bit receive window field represent values up to 2Β³β° bytes by left-shifting it during the handshake. Without window scale, a single [[tcp|TCP]] connection caps at 64 KB in flight β fine in 1981, far too little for a 10 Gbps Γ 100 ms BDP. Negotiated only in the SYN handshake, never midstream.",
+ 'A [[tcp|TCP]] option ([[rfc:7323|RFC 7323]]) that lets the 16-bit receive window field represent values up to 2Β³β° bytes by left-shifting it during the handshake. Without window scale, a single [[tcp|TCP]] connection caps at 64 KB in flight β fine in 1981, far too little for a 10 Gbps Γ 100 ms BDP. Negotiated only in the SYN handshake, never midstream.',
wikiUrl: 'https://en.wikipedia.org/wiki/TCP_window_scale_option',
category: 'protocol-mechanics'
},
@@ -1778,7 +1777,7 @@ export const concepts: Concept[] = [
id: 'nagle',
term: "Nagle's Algorithm",
definition:
- "A 1984 sender-side rule (RFC 896) that holds back small writes until either the previous data is ACKed or a full segment is ready, to avoid flooding the network with tiny packets. Saved early networks; today it interacts pathologically with delayed ACKs and is the reason TCP_NODELAY exists.",
+ 'A 1984 sender-side rule (RFC 896) that holds back small writes until either the previous data is ACKed or a full segment is ready, to avoid flooding the network with tiny packets. Saved early networks; today it interacts pathologically with delayed ACKs and is the reason TCP_NODELAY exists.',
wikiUrl: 'https://en.wikipedia.org/wiki/Nagle%27s_algorithm',
category: 'protocol-mechanics'
},
@@ -1810,7 +1809,7 @@ export const concepts: Concept[] = [
id: 'pacing',
term: 'Pacing',
definition:
- "Spreading outgoing packets evenly over time instead of sending them in a burst. BBR paces every send to exactly the estimated bottleneck bandwidth, which avoids triggering AQM drops and minimises queue buildup. Linux pacing is implemented in the FQ qdisc β BBR depends on it.",
+ 'Spreading outgoing packets evenly over time instead of sending them in a burst. BBR paces every send to exactly the estimated bottleneck bandwidth, which avoids triggering AQM drops and minimises queue buildup. Linux pacing is implemented in the FQ qdisc β BBR depends on it.',
category: 'protocol-mechanics'
},
{
@@ -1826,7 +1825,7 @@ export const concepts: Concept[] = [
id: 'salt',
term: 'Salt',
definition:
- "Random data mixed with a password before hashing so identical passwords produce different stored hashes β defeating precomputed rainbow tables. Modern password hashing (argon2, bcrypt, scrypt) salts internally. Distinct from a *nonce*, which prevents key reuse rather than precomputation.",
+ 'Random data mixed with a password before hashing so identical passwords produce different stored hashes β defeating precomputed rainbow tables. Modern password hashing (argon2, bcrypt, scrypt) salts internally. Distinct from a *nonce*, which prevents key reuse rather than precomputation.',
wikiUrl: 'https://en.wikipedia.org/wiki/Salt_(cryptography)',
category: 'security'
},
@@ -1842,7 +1841,7 @@ export const concepts: Concept[] = [
id: 'iv',
term: 'IV (Initialization Vector)',
definition:
- "A non-secret value that randomises the starting state of a block cipher mode so encrypting the same plaintext twice produces different ciphertext. CBC requires an unpredictable IV; GCM uses a 96-bit nonce as IV. Reusing an IV under the same key in GCM is catastrophic (it leaks the authentication key).",
+ 'A non-secret value that randomises the starting state of a block cipher mode so encrypting the same plaintext twice produces different ciphertext. CBC requires an unpredictable IV; GCM uses a 96-bit nonce as IV. Reusing an IV under the same key in GCM is catastrophic (it leaks the authentication key).',
wikiUrl: 'https://en.wikipedia.org/wiki/Initialization_vector',
category: 'security'
},
@@ -1850,7 +1849,7 @@ export const concepts: Concept[] = [
id: 'ocsp-crl',
term: 'OCSP / CRL (Certificate Revocation)',
definition:
- "Two mechanisms for telling clients a certificate has been revoked before its expiry. CRLs are large signed lists the client downloads periodically; OCSP (RFC 6960) is a per-certificate online query. Both are unreliable in practice β clients soft-fail when the responder is unreachable β which is why short certificate lifetimes are replacing revocation as the primary defence.",
+ 'Two mechanisms for telling clients a certificate has been revoked before its expiry. CRLs are large signed lists the client downloads periodically; OCSP (RFC 6960) is a per-certificate online query. Both are unreliable in practice β clients soft-fail when the responder is unreachable β which is why short certificate lifetimes are replacing revocation as the primary defence.',
wikiUrl: 'https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol',
category: 'security'
},
@@ -1882,15 +1881,16 @@ export const concepts: Concept[] = [
id: 'rov',
term: 'ROV (Route Origin Validation)',
definition:
- "The runtime check a router performs against RPKI: for each [[bgp|BGP]] UPDATE, verify that the originating AS is authorised to announce the prefix. Result is *Valid*, *Invalid*, or *NotFound*. Most large transit providers drop *Invalid*. Pairs with RPKI as the deployment mechanism that stopped the YouTube-class hijack.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Resource_Public_Key_Infrastructure#Route_Origin_Validation',
+ 'The runtime check a router performs against RPKI: for each [[bgp|BGP]] UPDATE, verify that the originating AS is authorised to announce the prefix. Result is *Valid*, *Invalid*, or *NotFound*. Most large transit providers drop *Invalid*. Pairs with RPKI as the deployment mechanism that stopped the YouTube-class hijack.',
+ wikiUrl:
+ 'https://en.wikipedia.org/wiki/Resource_Public_Key_Infrastructure#Route_Origin_Validation',
category: 'security'
},
{
id: 'aspa',
term: 'ASPA (Autonomous System Provider Authorization)',
definition:
- "An emerging RPKI extension (draft-ietf-sidrops-aspa-verification, expected to publish 2026) where each AS publishes a signed list of its upstream providers. Routers can then detect path hijacks and route leaks by checking that each AS_PATH segment matches the customer-provider hierarchy. The pragmatic alternative to BGPsec.",
+ 'An emerging RPKI extension (draft-ietf-sidrops-aspa-verification, expected to publish 2026) where each AS publishes a signed list of its upstream providers. Routers can then detect path hijacks and route leaks by checking that each AS_PATH segment matches the customer-provider hierarchy. The pragmatic alternative to BGPsec.',
wikiUrl: 'https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/',
category: 'security'
},
@@ -1924,7 +1924,7 @@ export const concepts: Concept[] = [
id: 'cookie',
term: 'Cookie',
definition:
- "A small key-value pair the server stores on the client via Set-Cookie and the client returns on every subsequent request to the same origin. Modern attributes: Secure (HTTPS only), HttpOnly (not visible to JavaScript), SameSite (Strict/Lax/None β controls cross-site sending), Domain, Path, Max-Age. Cookies underpin sessions, auth, tracking, and most XSS/CSRF concerns.",
+ 'A small key-value pair the server stores on the client via Set-Cookie and the client returns on every subsequent request to the same origin. Modern attributes: Secure (HTTPS only), HttpOnly (not visible to JavaScript), SameSite (Strict/Lax/None β controls cross-site sending), Domain, Path, Max-Age. Cookies underpin sessions, auth, tracking, and most XSS/CSRF concerns.',
wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies',
category: 'web'
},
@@ -1932,7 +1932,7 @@ export const concepts: Concept[] = [
id: 'hsts',
term: 'HSTS (HTTP Strict Transport Security)',
definition:
- "A response header (RFC 6797) that tells the browser \"only ever connect to this domain over HTTPS, for the next N seconds.\" After the first visit, plaintext HTTP requests are upgraded automatically β defeating SSL-stripping attacks. Browsers also ship a preload list (hstspreload.org) so the very first visit is protected too.",
+ 'A response header (RFC 6797) that tells the browser "only ever connect to this domain over HTTPS, for the next N seconds." After the first visit, plaintext HTTP requests are upgraded automatically β defeating SSL-stripping attacks. Browsers also ship a preload list (hstspreload.org) so the very first visit is protected too.',
wikiUrl: 'https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security',
category: 'web'
},
@@ -1956,7 +1956,7 @@ export const concepts: Concept[] = [
id: 'webtransport',
term: 'WebTransport',
definition:
- "A modern client-server transport API for browsers (W3C Working Draft, IETF draft-ietf-webtrans-http3) running over [[http3|HTTP/3]]. Provides multiplexed reliable streams plus unreliable datagrams β what [[websockets|WebSocket]] would look like if redesigned in 2024. Targeted for completion late 2026 or early 2027.",
+ 'A modern client-server transport API for browsers (W3C Working Draft, IETF draft-ietf-webtrans-http3) running over [[http3|HTTP/3]]. Provides multiplexed reliable streams plus unreliable datagrams β what [[websockets|WebSocket]] would look like if redesigned in 2024. Targeted for completion late 2026 or early 2027.',
wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/API/WebTransport_API',
category: 'web'
},
@@ -1964,7 +1964,7 @@ export const concepts: Concept[] = [
id: 'masque',
term: 'MASQUE',
definition:
- "An IETF working group standardising proxy protocols on top of [[http3|HTTP/3]] β CONNECT-[[ip|IP]] (tunnel any L3 traffic), CONNECT-[[udp|UDP]] (proxy [[udp|UDP]], used by [[http3|HTTP/3]]-over-[[http3|HTTP/3]]), CONNECT-[[ethernet|Ethernet]]. The technology behind iCloud Private Relay and Cloudflare WARP: arbitrary [[ip|IP]] traffic tunnelled inside what looks like normal HTTPS.",
+ 'An IETF working group standardising proxy protocols on top of [[http3|HTTP/3]] β CONNECT-[[ip|IP]] (tunnel any L3 traffic), CONNECT-[[udp|UDP]] (proxy [[udp|UDP]], used by [[http3|HTTP/3]]-over-[[http3|HTTP/3]]), CONNECT-[[ethernet|Ethernet]]. The technology behind iCloud Private Relay and Cloudflare WARP: arbitrary [[ip|IP]] traffic tunnelled inside what looks like normal HTTPS.',
wikiUrl: 'https://datatracker.ietf.org/wg/masque/about/',
category: 'web'
},
@@ -1989,7 +1989,7 @@ export const concepts: Concept[] = [
id: 'last-will',
term: 'Last Will (MQTT)',
definition:
- "A message a client tells the [[mqtt|MQTT]] broker to publish on its behalf if the client disconnects ungracefully. Lets every other subscriber learn immediately when a sensor goes offline β without polling β even though the failed sensor cannot send anything itself.",
+ 'A message a client tells the [[mqtt|MQTT]] broker to publish on its behalf if the client disconnects ungracefully. Lets every other subscriber learn immediately when a sensor goes offline β without polling β even though the failed sensor cannot send anything itself.',
wikiUrl: 'https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html',
category: 'messaging'
},
@@ -1997,7 +1997,7 @@ export const concepts: Concept[] = [
id: 'retained-message',
term: 'Retained Message (MQTT)',
definition:
- "A message the [[mqtt|MQTT]] broker holds onto for a topic and immediately delivers to any new subscriber. Lets a late-joining subscriber learn the current state of the world (e.g., the last reading from a sensor) without waiting for the next publish.",
+ 'A message the [[mqtt|MQTT]] broker holds onto for a topic and immediately delivers to any new subscriber. Lets a late-joining subscriber learn the current state of the world (e.g., the last reading from a sensor) without waiting for the next publish.',
wikiUrl: 'https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html',
category: 'messaging'
},
@@ -2005,7 +2005,7 @@ export const concepts: Concept[] = [
id: 'log-compaction',
term: 'Log Compaction (Kafka)',
definition:
- "A [[kafka|Kafka]] retention policy that, instead of deleting old records by age, keeps the most recent value for each key. Lets a topic act as an event log that doubles as a snapshot β a new consumer can read from offset 0 and end up with the current state of every key, just slowly.",
+ 'A [[kafka|Kafka]] retention policy that, instead of deleting old records by age, keeps the most recent value for each key. Lets a topic act as an event log that doubles as a snapshot β a new consumer can read from offset 0 and end up with the current state of every key, just slowly.',
wikiUrl: 'https://kafka.apache.org/documentation/#compaction',
category: 'messaging'
},
@@ -2039,7 +2039,7 @@ export const concepts: Concept[] = [
id: 'service-discovery',
term: 'Service Discovery',
definition:
- "The mechanism by which a service finds the network address of another service it depends on, when those addresses change frequently. Implementations include [[dns|DNS]] (with short TTLs), Consul/etcd (key-value lookup), Kubernetes Services (a stable [[dns|DNS]] name in front of changing pod IPs), and the service mesh (the sidecar handles it).",
+ 'The mechanism by which a service finds the network address of another service it depends on, when those addresses change frequently. Implementations include [[dns|DNS]] (with short TTLs), Consul/etcd (key-value lookup), Kubernetes Services (a stable [[dns|DNS]] name in front of changing pod IPs), and the service mesh (the sidecar handles it).',
wikiUrl: 'https://en.wikipedia.org/wiki/Service_discovery',
category: 'infrastructure'
},
@@ -2047,8 +2047,9 @@ export const concepts: Concept[] = [
id: 'circuit-breaker',
term: 'Circuit Breaker',
definition:
- "A resilience pattern where calls to a failing dependency are short-circuited (fail-fast with a fallback) instead of waiting for timeouts. Three states: *closed* (calls flow), *open* (calls fail immediately), *half-open* (a few probe calls test recovery). Prevents one slow dependency from saturating thread pools and cascading the failure.",
- analogy: 'Like the breaker in your house β it trips when something downstream is in trouble, protecting the rest of the circuit until you fix it.',
+ 'A resilience pattern where calls to a failing dependency are short-circuited (fail-fast with a fallback) instead of waiting for timeouts. Three states: *closed* (calls flow), *open* (calls fail immediately), *half-open* (a few probe calls test recovery). Prevents one slow dependency from saturating thread pools and cascading the failure.',
+ analogy:
+ 'Like the breaker in your house β it trips when something downstream is in trouble, protecting the rest of the circuit until you fix it.',
wikiUrl: 'https://martinfowler.com/bliki/CircuitBreaker.html',
category: 'infrastructure'
},
@@ -2056,7 +2057,7 @@ export const concepts: Concept[] = [
id: 'exponential-backoff',
term: 'Exponential Backoff',
definition:
- "A retry strategy where the wait between attempts doubles each time, ideally with random jitter. After a transient failure, attempt 1 waits 100 ms, attempt 2 waits 200 ms, then 400 ms, 800 ms, etc. Without jitter, many clients all retry at the same instant after a shared outage and create a thundering herd.",
+ 'A retry strategy where the wait between attempts doubles each time, ideally with random jitter. After a transient failure, attempt 1 waits 100 ms, attempt 2 waits 200 ms, then 400 ms, 800 ms, etc. Without jitter, many clients all retry at the same instant after a shared outage and create a thundering herd.',
wikiUrl: 'https://en.wikipedia.org/wiki/Exponential_backoff',
category: 'infrastructure'
},
@@ -2064,7 +2065,7 @@ export const concepts: Concept[] = [
id: 'rate-limiting',
term: 'Rate Limiting',
definition:
- "A server-side mechanism that caps how many requests a client may make in a time window β by [[ip|IP]], API key, user, or tenant. Token bucket and leaky bucket are the standard algorithms. The HTTP response is 429 Too Many Requests, ideally with a Retry-After header naming when to try again.",
+ 'A server-side mechanism that caps how many requests a client may make in a time window β by [[ip|IP]], API key, user, or tenant. Token bucket and leaky bucket are the standard algorithms. The HTTP response is 429 Too Many Requests, ideally with a Retry-After header naming when to try again.',
wikiUrl: 'https://en.wikipedia.org/wiki/Rate_limiting',
category: 'infrastructure'
},
@@ -2072,7 +2073,7 @@ export const concepts: Concept[] = [
id: 'slo-sli-sla',
term: 'SLO / SLI / SLA',
definition:
- "Three nested concepts from Google\'s SRE practice. An *SLI* (Service Level Indicator) is a measurement (e.g., 99th-percentile latency). An *SLO* (Objective) is the target you set for it (\"99.9% of requests under 200 ms over 30 days\"). An *SLA* (Agreement) is the externally-promised version with consequences if missed. The gap between an SLO and an SLA is your error budget.",
+ 'Three nested concepts from Google\'s SRE practice. An *SLI* (Service Level Indicator) is a measurement (e.g., 99th-percentile latency). An *SLO* (Objective) is the target you set for it ("99.9% of requests under 200 ms over 30 days"). An *SLA* (Agreement) is the externally-promised version with consequences if missed. The gap between an SLO and an SLA is your error budget.',
wikiUrl: 'https://sre.google/sre-book/service-level-objectives/',
category: 'infrastructure'
},
@@ -2080,7 +2081,7 @@ export const concepts: Concept[] = [
id: 'tail-latency',
term: 'Tail Latency (p99, p999)',
definition:
- "The high-percentile latencies that dominate user experience but disappear in averages. p99 is \"99% of requests are at least this fast\" β and at internet scale every user hits p99+ multiple times per session. Jeff Dean and Luiz Barroso\'s 2013 paper \"The Tail at Scale\" is the canonical text.",
+ 'The high-percentile latencies that dominate user experience but disappear in averages. p99 is "99% of requests are at least this fast" β and at internet scale every user hits p99+ multiple times per session. Jeff Dean and Luiz Barroso\'s 2013 paper "The Tail at Scale" is the canonical text.',
wikiUrl: 'https://research.google/pubs/the-tail-at-scale/',
category: 'infrastructure'
},
@@ -2088,7 +2089,7 @@ export const concepts: Concept[] = [
id: 'trace-span',
term: 'Trace / Span',
definition:
- "The distributed-tracing data model. A *trace* represents one request\'s end-to-end journey. Each unit of work along the way (an HTTP call, a database query, a queue publish) is a *span* with a start time, end time, and a parent span. Spans form a tree across services. OpenTelemetry is the standard wire format; Jaeger, Tempo, and Zipkin are common UIs.",
+ "The distributed-tracing data model. A *trace* represents one request's end-to-end journey. Each unit of work along the way (an HTTP call, a database query, a queue publish) is a *span* with a start time, end time, and a parent span. Spans form a tree across services. OpenTelemetry is the standard wire format; Jaeger, Tempo, and Zipkin are common UIs.",
wikiUrl: 'https://opentelemetry.io/docs/concepts/signals/traces/',
category: 'infrastructure'
},
@@ -2096,7 +2097,7 @@ export const concepts: Concept[] = [
id: 'availability-zone',
term: 'Region / Availability Zone',
definition:
- "Cloud-provider terminology for failure domains. A *region* is a geographic area (us-east-1, eu-west-2) with its own user-facing endpoints. An *availability zone* is one or more datacenters within a region with independent power, cooling, and networking β designed so a single AZ failure does not take down the others. \"Multi-AZ\" is the minimum production resilience bar.",
+ 'Cloud-provider terminology for failure domains. A *region* is a geographic area (us-east-1, eu-west-2) with its own user-facing endpoints. An *availability zone* is one or more datacenters within a region with independent power, cooling, and networking β designed so a single AZ failure does not take down the others. "Multi-AZ" is the minimum production resilience bar.',
wikiUrl: 'https://en.wikipedia.org/wiki/Availability_zone',
category: 'infrastructure'
},
@@ -2106,9 +2107,9 @@ export const concepts: Concept[] = [
id: 'ice',
term: 'ICE (Interactive Connectivity Establishment)',
definition:
- 'The algorithm that orchestrates [[nat-traversal|NAT traversal]] for a single session. Each agent gathers every possible candidate address (host, server-reflexive via STUN, peer-reflexive, relayed via TURN), pairs them with the peer\'s candidates, runs connectivity checks across every pair, and nominates the highest-priority working one. RFC 8445.',
+ "The algorithm that orchestrates [[nat-traversal|NAT traversal]] for a single session. Each agent gathers every possible candidate address (host, server-reflexive via STUN, peer-reflexive, relayed via TURN), pairs them with the peer's candidates, runs connectivity checks across every pair, and nominates the highest-priority working one. RFC 8445.",
analogy:
- "Like a meet-up app that tries every route between two friends β bike, train, ride-share, walking β and picks the one that actually gets them together.",
+ 'Like a meet-up app that tries every route between two friends β bike, train, ride-share, walking β and picks the one that actually gets them together.',
wikiUrl: 'https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment',
category: 'networking-basics'
},
@@ -2142,7 +2143,7 @@ export const concepts: Concept[] = [
id: 'gatt',
term: 'GATT (Generic Attribute Profile)',
definition:
- "The [[bluetooth|BLE]] application protocol. A GATT *server* (peripheral) exposes a tree of services β characteristics β descriptors, each with a 16- or 128-bit UUID and a numeric handle. A GATT *client* (central) discovers them, reads/writes/subscribes-to-notifications. The protocol every BLE sensor and wearable speaks above L2CAP.",
+ 'The [[bluetooth|BLE]] application protocol. A GATT *server* (peripheral) exposes a tree of services β characteristics β descriptors, each with a 16- or 128-bit UUID and a numeric handle. A GATT *client* (central) discovers them, reads/writes/subscribes-to-notifications. The protocol every BLE sensor and wearable speaks above L2CAP.',
analogy:
'Like a tiny REST API embedded in every Bluetooth sensor β services are endpoints, characteristics are the actual values.',
wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy#GATT',
@@ -2152,7 +2153,7 @@ export const concepts: Concept[] = [
id: 'ble',
term: 'BLE (Bluetooth Low Energy)',
definition:
- "The 2010 [[bluetooth|Bluetooth]] redesign for microamp power budgets. Different radio than Classic BR/EDR (40 Γ 2 MHz channels, GFSK-only, hops once per connection event). Different stack: L2CAP β ATT β GATT. The protocol under AirPods, AirTags, hearing aids, and Matter device commissioning.",
+ 'The 2010 [[bluetooth|Bluetooth]] redesign for microamp power budgets. Different radio than Classic BR/EDR (40 Γ 2 MHz channels, GFSK-only, hops once per connection event). Different stack: L2CAP β ATT β GATT. The protocol under AirPods, AirTags, hearing aids, and Matter device commissioning.',
wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
category: 'protocol-mechanics'
},
@@ -2160,7 +2161,7 @@ export const concepts: Concept[] = [
id: 'l2cap',
term: 'L2CAP (Logical Link Control and Adaptation Protocol)',
definition:
- "The [[bluetooth|Bluetooth]] transport layer above the Link Layer. Provides Channel IDs that demultiplex sub-protocols: CID 0x0004 is ATT (GATT data), CID 0x0005 is LE signalling, CID 0x0006 is the Security Manager Protocol (pairing).",
+ 'The [[bluetooth|Bluetooth]] transport layer above the Link Layer. Provides Channel IDs that demultiplex sub-protocols: CID 0x0004 is ATT (GATT data), CID 0x0005 is LE signalling, CID 0x0006 is the Security Manager Protocol (pairing).',
wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth#L2CAP',
category: 'protocol-mechanics'
},
@@ -2178,7 +2179,7 @@ export const concepts: Concept[] = [
id: 'lsa',
term: 'LSA (Link State Advertisement)',
definition:
- "The unit of routing information in [[ospf|OSPF]] and IS-IS. Each router floods LSAs describing its own links β type, cost, neighbours β and every router in the area accumulates them into an identical Link State Database (LSDB). Dijkstra runs on that database to compute shortest paths.",
+ 'The unit of routing information in [[ospf|OSPF]] and IS-IS. Each router floods LSAs describing its own links β type, cost, neighbours β and every router in the area accumulates them into an identical Link State Database (LSDB). Dijkstra runs on that database to compute shortest paths.',
wikiUrl: 'https://en.wikipedia.org/wiki/Link-state_advertisement',
category: 'protocol-mechanics'
},
@@ -2203,7 +2204,7 @@ export const concepts: Concept[] = [
id: 'security-association',
term: 'SA (Security Association)',
definition:
- "A one-directional [[ipsec|IPsec]] tunnel, identified by a 32-bit Security Parameters Index (SPI). It carries the cipher, key, sequence-number counter, and anti-replay window for traffic in one direction. A typical site-to-site VPN has two SAs (one each way) per Traffic Selector pair.",
+ 'A one-directional [[ipsec|IPsec]] tunnel, identified by a 32-bit Security Parameters Index (SPI). It carries the cipher, key, sequence-number counter, and anti-replay window for traffic in one direction. A typical site-to-site VPN has two SAs (one each way) per Traffic Selector pair.',
wikiUrl: 'https://en.wikipedia.org/wiki/Security_association',
category: 'security'
},
@@ -2211,7 +2212,7 @@ export const concepts: Concept[] = [
id: 'esp',
term: 'ESP (Encapsulating Security Payload)',
definition:
- "The [[ipsec|IPsec]] data-plane protocol that encrypts and authenticates [[ip|IP]] payloads with an AEAD cipher like AES-GCM. 8-byte header (SPI + 32-bit sequence number), 8-byte AEAD nonce, encrypted payload, 16-byte authentication tag. The part of IPsec that everyone deploys. RFC 4303.",
+ 'The [[ipsec|IPsec]] data-plane protocol that encrypts and authenticates [[ip|IP]] payloads with an AEAD cipher like AES-GCM. 8-byte header (SPI + 32-bit sequence number), 8-byte AEAD nonce, encrypted payload, 16-byte authentication tag. The part of IPsec that everyone deploys. RFC 4303.',
wikiUrl: 'https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload',
category: 'security'
},
@@ -2219,7 +2220,7 @@ export const concepts: Concept[] = [
id: 'ah-authentication-header',
term: 'AH (Authentication Header)',
definition:
- "The [[ipsec|IPsec]] integrity-only protocol. Authenticates the entire [[ip|IP]] header (minus mutable fields) and payload but encrypts nothing. Almost no production deployment uses AH alone in 2026 β ESP with AEAD does both jobs in one pass. RFC 4302.",
+ 'The [[ipsec|IPsec]] integrity-only protocol. Authenticates the entire [[ip|IP]] header (minus mutable fields) and payload but encrypts nothing. Almost no production deployment uses AH alone in 2026 β ESP with AEAD does both jobs in one pass. RFC 4302.',
wikiUrl: 'https://en.wikipedia.org/wiki/IPsec#Authentication_Header',
category: 'security'
},
@@ -2227,7 +2228,7 @@ export const concepts: Concept[] = [
id: 'ike',
term: 'IKE / IKEv2 (Internet Key Exchange)',
definition:
- "The [[ipsec|IPsec]] control plane β negotiates the cipher suite, exchanges Diffie-Hellman / ECDH / ML-KEM public keys, authenticates the peers (certificate, PSK, or EAP), and establishes the Security Associations the data plane uses. IKEv2 (RFC 7296, STD 79) is the modern Internet Standard.",
+ 'The [[ipsec|IPsec]] control plane β negotiates the cipher suite, exchanges Diffie-Hellman / ECDH / ML-KEM public keys, authenticates the peers (certificate, PSK, or EAP), and establishes the Security Associations the data plane uses. IKEv2 (RFC 7296, STD 79) is the modern Internet Standard.',
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Key_Exchange',
category: 'security'
},
@@ -2235,14 +2236,14 @@ export const concepts: Concept[] = [
id: 'anti-replay',
term: 'Anti-replay window',
definition:
- "A sliding bitmap of recently-seen sequence numbers maintained by an [[ipsec|ESP]] (or similar) receiver. Packets older than the window or duplicates within it are dropped. RFC 4303 Β§3.4.3 default is **32 entries** β a well-documented foot-gun on 10 Gbps+ links where out-of-order delivery routinely overflows it; production gateways tune to 1024+.",
+ 'A sliding bitmap of recently-seen sequence numbers maintained by an [[ipsec|ESP]] (or similar) receiver. Packets older than the window or duplicates within it are dropped. RFC 4303 Β§3.4.3 default is **32 entries** β a well-documented foot-gun on 10 Gbps+ links where out-of-order delivery routinely overflows it; production gateways tune to 1024+.',
category: 'security'
},
{
id: 'pfs',
term: 'PFS (Perfect Forward Secrecy)',
definition:
- "A property of a key-exchange protocol where compromising one session\'s long-term key does **not** compromise past sessions. Achieved by deriving each session key from an ephemeral Diffie-Hellman exchange. [[tls|TLS]] 1.3 enforces it; [[ipsec|IKEv2]] gets it via fresh DH/KEM in CREATE_CHILD_SA rekeys.",
+ "A property of a key-exchange protocol where compromising one session's long-term key does **not** compromise past sessions. Achieved by deriving each session key from an ephemeral Diffie-Hellman exchange. [[tls|TLS]] 1.3 enforces it; [[ipsec|IKEv2]] gets it via fresh DH/KEM in CREATE_CHILD_SA rekeys.",
wikiUrl: 'https://en.wikipedia.org/wiki/Forward_secrecy',
category: 'security'
},
@@ -2276,7 +2277,7 @@ export const concepts: Concept[] = [
id: 'ndef',
term: 'NDEF (NFC Data Exchange Format)',
definition:
- "The NFC Forum binary record container that lives in tags and rides over LLCP/SNEP. A 1-byte header (MB/ME/CF/SR/IL + 3-bit TNF) + variable type/id/payload-length fields + payload. The TNF picks the namespace: 1=Well-Known (URI, Text, Smart Poster), 2=MIME, 3=Absolute URI, 4=External. A URI record uses a single-byte prefix shorthand (0x03 = `https://`). **Adopted as an IEC standard in March 2026.**",
+ 'The NFC Forum binary record container that lives in tags and rides over LLCP/SNEP. A 1-byte header (MB/ME/CF/SR/IL + 3-bit TNF) + variable type/id/payload-length fields + payload. The TNF picks the namespace: 1=Well-Known (URI, Text, Smart Poster), 2=MIME, 3=Absolute URI, 4=External. A URI record uses a single-byte prefix shorthand (0x03 = `https://`). **Adopted as an IEC standard in March 2026.**',
category: 'protocol-mechanics'
},
{
@@ -2290,7 +2291,7 @@ export const concepts: Concept[] = [
id: 'aid',
term: 'AID (Application Identifier)',
definition:
- "A 5β16 byte identifier per ISO 7816-5 that selects which on-card application to talk to β e.g. `A0000000041010` for Mastercard, `A0000000031010` for Visa, `A0000002471001` for ICAO eMRTDs. {{emv-cryptogram|EMV}} contactless uses a two-stage selection: first SELECT *PPSE* (`2PAY.SYS.DDF01`) to enumerate which AIDs the card supports, then SELECT the chosen AID.",
+ 'A 5β16 byte identifier per ISO 7816-5 that selects which on-card application to talk to β e.g. `A0000000041010` for Mastercard, `A0000000031010` for Visa, `A0000002471001` for ICAO eMRTDs. {{emv-cryptogram|EMV}} contactless uses a two-stage selection: first SELECT *PPSE* (`2PAY.SYS.DDF01`) to enumerate which AIDs the card supports, then SELECT the chosen AID.',
category: 'protocol-mechanics'
},
{
@@ -2340,7 +2341,7 @@ export const concepts: Concept[] = [
id: 'ieee-802-15-4',
term: 'IEEE 802.15.4',
definition:
- "The PHY/MAC standard that underlies [[zigbee|Zigbee]], **Thread**, **WirelessHART**, **Wi-SUN**, and (in its 802.15.4z amendment) [[uwb|UWB]]. Bands: 2.4 GHz O-QPSK at 250 kbit/s (16 channels), 868 MHz BPSK at 20 kbit/s (Europe), 902β928 MHz BPSK at 40 kbit/s (North America). 127-byte PHY payload limit. Two device classes: FFD (Full-Function Device, can route) and RFD (Reduced-Function Device, sleepy end-device).",
+ 'The PHY/MAC standard that underlies [[zigbee|Zigbee]], **Thread**, **WirelessHART**, **Wi-SUN**, and (in its 802.15.4z amendment) [[uwb|UWB]]. Bands: 2.4 GHz O-QPSK at 250 kbit/s (16 channels), 868 MHz BPSK at 20 kbit/s (Europe), 902β928 MHz BPSK at 40 kbit/s (North America). 127-byte PHY payload limit. Two device classes: FFD (Full-Function Device, can route) and RFD (Reduced-Function Device, sleepy end-device).',
category: 'networking-basics'
},
{
@@ -2354,7 +2355,7 @@ export const concepts: Concept[] = [
id: 'trust-center',
term: 'Trust Center',
definition:
- "The single [[zigbee|Zigbee]] device (almost always the Coordinator) that holds and distributes the **network key** to all joined devices, governs which devices may join, and rekeys the network. New devices authenticate to the TC at commissioning time using a **pre-configured link key** (the universally-known default *ZigBeeAlliance09*, an **install code** derived secret, or β in R23 β a SPEKE-over-Curve25519 dynamic link key). The TC is the single trust root of a Zigbee mesh.",
+ 'The single [[zigbee|Zigbee]] device (almost always the Coordinator) that holds and distributes the **network key** to all joined devices, governs which devices may join, and rekeys the network. New devices authenticate to the TC at commissioning time using a **pre-configured link key** (the universally-known default *ZigBeeAlliance09*, an **install code** derived secret, or β in R23 β a SPEKE-over-Curve25519 dynamic link key). The TC is the single trust root of a Zigbee mesh.',
category: 'security'
},
{
@@ -2375,7 +2376,7 @@ export const concepts: Concept[] = [
id: 'sts',
term: 'STS (Scrambled Timestamp Sequence)',
definition:
- "The cryptographic primitive that makes IEEE 802.15.4z [[uwb|UWB]] ranging secure against distance-decrease attacks. A 32β2048-chip pulse sequence whose positions are generated by **AES-128 in Counter mode** keyed by a per-session STS_KEY and a per-frame nonce β a *distance commitment*. An attacker without the key sees noise; they cannot predict the next chip and cannot reliably early-replay. Receiver generates the expected sequence locally and cross-correlates with a sharp autocorrelation peak. Pre-STS UWB (802.15.4a, 2007) was vulnerable; even STS has been attacked (Ghost Peak ~4% success at USENIX Sec 2022), motivating the 802.15.4ab redesign.",
+ 'The cryptographic primitive that makes IEEE 802.15.4z [[uwb|UWB]] ranging secure against distance-decrease attacks. A 32β2048-chip pulse sequence whose positions are generated by **AES-128 in Counter mode** keyed by a per-session STS_KEY and a per-frame nonce β a *distance commitment*. An attacker without the key sees noise; they cannot predict the next chip and cannot reliably early-replay. Receiver generates the expected sequence locally and cross-correlates with a sharp autocorrelation peak. Pre-STS UWB (802.15.4a, 2007) was vulnerable; even STS has been attacked (Ghost Peak ~4% success at USENIX Sec 2022), motivating the 802.15.4ab redesign.',
category: 'security'
},
{
@@ -2389,14 +2390,14 @@ export const concepts: Concept[] = [
id: 'tof-ranging',
term: 'Time-of-Flight (ToF) ranging',
definition:
- "Measuring distance by timing how long a radio pulse takes to traverse the air and multiplying by *c* β 0.299792458 m/ns. A 1 ns timing error = 30 cm of range error. [[uwb|UWB]] chips routinely timestamp pulse arrival to 15β60 ps, yielding cm-class precision β and crucially, ToF cannot be *shortened* by a relay (the speed of light is the hard upper bound), so it defeats the BLE-RSSI relay attack class that broke Tesla Model 3 phone-as-a-key in 2022.",
+ 'Measuring distance by timing how long a radio pulse takes to traverse the air and multiplying by *c* β 0.299792458 m/ns. A 1 ns timing error = 30 cm of range error. [[uwb|UWB]] chips routinely timestamp pulse arrival to 15β60 ps, yielding cm-class precision β and crucially, ToF cannot be *shortened* by a relay (the speed of light is the hard upper bound), so it defeats the BLE-RSSI relay attack class that broke Tesla Model 3 phone-as-a-key in 2022.',
category: 'protocol-mechanics'
},
{
id: 'fira',
term: 'FiRa Consortium',
definition:
- "*Fine Ranging.* Founded **1 August 2019** by NXP, Samsung, HID Global, and Bosch to certify [[uwb|UWB]] interoperability on top of IEEE 802.15.4z. Defines the **FiRa MAC profile** for application-layer ranging configuration (session setup, ranging-round structure, multi-node ranging, result reporting via the UWB Command Interface). ~200 members. The UWB-side analogue of what the [[bluetooth|Bluetooth]] SIG does for BLE or the NFC Forum does for NFC.",
+ '*Fine Ranging.* Founded **1 August 2019** by NXP, Samsung, HID Global, and Bosch to certify [[uwb|UWB]] interoperability on top of IEEE 802.15.4z. Defines the **FiRa MAC profile** for application-layer ranging configuration (session setup, ranging-round structure, multi-node ranging, result reporting via the UWB Command Interface). ~200 members. The UWB-side analogue of what the [[bluetooth|Bluetooth]] SIG does for BLE or the NFC Forum does for NFC.',
category: 'infrastructure'
},
{
@@ -2447,7 +2448,7 @@ export const concepts: Concept[] = [
id: 'spectrum',
term: 'Spectrum',
definition:
- "The frequency range a wireless protocol is allowed to transmit on. Allocated globally by the **ITU-R**, regionally by **CEPT** (Europe) or **APT** (Asia-Pacific), and nationally by regulators like the {{fcc|FCC}} (US) or Ofcom (UK). Licensed spectrum (auctioned to carriers, predictable QoS) carries [[cellular|cellular]]; unlicensed bands ({{ism-band|ISM}}, U-NII) host [[wifi|Wi-Fi]], [[bluetooth|Bluetooth]], [[zigbee|Zigbee]], [[uwb|UWB]]. Spectrum is the most contested resource in wireless β every gigahertz freed (or reclaimed) is a multi-billion-dollar policy fight.",
+ 'The frequency range a wireless protocol is allowed to transmit on. Allocated globally by the **ITU-R**, regionally by **CEPT** (Europe) or **APT** (Asia-Pacific), and nationally by regulators like the {{fcc|FCC}} (US) or Ofcom (UK). Licensed spectrum (auctioned to carriers, predictable QoS) carries [[cellular|cellular]]; unlicensed bands ({{ism-band|ISM}}, U-NII) host [[wifi|Wi-Fi]], [[bluetooth|Bluetooth]], [[zigbee|Zigbee]], [[uwb|UWB]]. Spectrum is the most contested resource in wireless β every gigahertz freed (or reclaimed) is a multi-billion-dollar policy fight.',
analogy:
'Real estate on an invisible map. Some plots are auctioned for billions to single carriers; some plots are public parks anyone may build on if they obey the noise ordinance.',
wikiUrl: 'https://en.wikipedia.org/wiki/Radio_spectrum',
@@ -2475,7 +2476,7 @@ export const concepts: Concept[] = [
id: 'multipath',
term: 'Multipath',
definition:
- "A radio signal that arrives at a receiver via two or more paths (one direct, others reflected off walls/floors/cars) interferes with itself β the copies add constructively or destructively depending on their relative phase, producing rapid fading as the receiver or environment moves. The same physics that ruined 1990s analog cellular calls is the *foundation* of every modern wireless system: **MIMO** (multiple-input multiple-output) treats each reflected path as a separate spatial stream, and **OFDM** ({{ofdma|/OFDMA}}) spreads each symbol across hundreds of narrow subcarriers so only a handful are nulled by a deep fade. Wireless went from \"multipath is the enemy\" to \"multipath is the bandwidth\" in one generation.",
+ 'A radio signal that arrives at a receiver via two or more paths (one direct, others reflected off walls/floors/cars) interferes with itself β the copies add constructively or destructively depending on their relative phase, producing rapid fading as the receiver or environment moves. The same physics that ruined 1990s analog cellular calls is the *foundation* of every modern wireless system: **MIMO** (multiple-input multiple-output) treats each reflected path as a separate spatial stream, and **OFDM** ({{ofdma|/OFDMA}}) spreads each symbol across hundreds of narrow subcarriers so only a handful are nulled by a deep fade. Wireless went from "multipath is the enemy" to "multipath is the bandwidth" in one generation.',
wikiUrl: 'https://en.wikipedia.org/wiki/Multipath_propagation',
category: 'networking-basics'
},
@@ -2492,7 +2493,7 @@ export const concepts: Concept[] = [
id: 'ofdma',
term: 'OFDMA (Orthogonal Frequency-Division Multiple Access)',
definition:
- "The multi-user upgrade to OFDM. Where plain OFDM splits one transmission across many orthogonal subcarriers, OFDMA lets the {{access-point|AP}} assign **subsets of subcarriers** (called Resource Units) to *different* clients in the same symbol β like turning a single highway into multiple narrower lanes. Introduced to [[wifi|Wi-Fi]] in 802.11ax ([[wifi|Wi-Fi]] 6, 2020); the core multiple-access method of [[cellular|4G LTE]] and [[cellular|5G NR]] since 2008. The reason a Wi-Fi 6 {{access-point|AP}} can serve 30 phones in a coffee shop without each one paying the full per-transmission overhead the way Wi-Fi 5 did.",
+ 'The multi-user upgrade to OFDM. Where plain OFDM splits one transmission across many orthogonal subcarriers, OFDMA lets the {{access-point|AP}} assign **subsets of subcarriers** (called Resource Units) to *different* clients in the same symbol β like turning a single highway into multiple narrower lanes. Introduced to [[wifi|Wi-Fi]] in 802.11ax ([[wifi|Wi-Fi]] 6, 2020); the core multiple-access method of [[cellular|4G LTE]] and [[cellular|5G NR]] since 2008. The reason a Wi-Fi 6 {{access-point|AP}} can serve 30 phones in a coffee shop without each one paying the full per-transmission overhead the way Wi-Fi 5 did.',
wikiUrl: 'https://en.wikipedia.org/wiki/Orthogonal_frequency-division_multiple_access',
category: 'protocol-mechanics'
},
@@ -2500,7 +2501,7 @@ export const concepts: Concept[] = [
id: 'mlo',
term: 'MLO (Multi-Link Operation)',
definition:
- "The flagship feature of [[wifi|Wi-Fi]] 7 (802.11be, 2024). A single client connection spans 2.4 + 5 + 6 GHz radios simultaneously β frames can be sent on whichever band is least congested, and {{tail-latency|tail latency}} on a busy network drops sharply. The catch in shipping silicon is that most MLO is **eMLSR** (Enhanced Multi-Link Single Radio): one radio time-sliced across bands. True simultaneous transmit-receive (STR) across bands is rare. The win is *latency consistency*, not raw aggregate throughput.",
+ 'The flagship feature of [[wifi|Wi-Fi]] 7 (802.11be, 2024). A single client connection spans 2.4 + 5 + 6 GHz radios simultaneously β frames can be sent on whichever band is least congested, and {{tail-latency|tail latency}} on a busy network drops sharply. The catch in shipping silicon is that most MLO is **eMLSR** (Enhanced Multi-Link Single Radio): one radio time-sliced across bands. True simultaneous transmit-receive (STR) across bands is rare. The win is *latency consistency*, not raw aggregate throughput.',
category: 'protocol-mechanics'
},
{
@@ -2544,7 +2545,7 @@ export const concepts: Concept[] = [
id: 'afc',
term: 'AFC (Automated Frequency Coordination)',
definition:
- "A cloud service that arbitrates [[wifi|Wi-Fi]] use of the 6 GHz Standard-Power band against existing incumbent licensees (fixed microwave links, satellite services). A 6 GHz Wi-Fi {{access-point|AP}} queries an AFC operator with its location and antenna parameters; the AFC returns the channels and EIRP limits it may use without interfering with incumbents. The {{fcc|FCC}} approved seven AFC operators (Qualcomm, Federated Wireless, Sony, Comsearch, [[wifi|Wi-Fi]] Alliance Services, WBA, Broadcom) on 23 February 2024 β the regulatory machinery without which 6 GHz Standard Power would not exist.",
+ 'A cloud service that arbitrates [[wifi|Wi-Fi]] use of the 6 GHz Standard-Power band against existing incumbent licensees (fixed microwave links, satellite services). A 6 GHz Wi-Fi {{access-point|AP}} queries an AFC operator with its location and antenna parameters; the AFC returns the channels and EIRP limits it may use without interfering with incumbents. The {{fcc|FCC}} approved seven AFC operators (Qualcomm, Federated Wireless, Sony, Comsearch, [[wifi|Wi-Fi]] Alliance Services, WBA, Broadcom) on 23 February 2024 β the regulatory machinery without which 6 GHz Standard Power would not exist.',
category: 'infrastructure'
},
@@ -2561,14 +2562,14 @@ export const concepts: Concept[] = [
id: 'le-audio',
term: 'LE Audio',
definition:
- "The 2020+ [[bluetooth|Bluetooth]] audio architecture, defined across Core 5.2+ and a stack of profiles (BAP, PBP, TMAP, HAP). Replaces Classic A2DP/HFP with **Isochronous Channels** β Connected Isochronous Streams (CIS) for {{unicast|unicast}} earbuds and hearing aids, Broadcast Isochronous Streams (BIS) for {{auracast|Auracast}} one-to-many. Mandatory {{codec|codec}} is {{lc3|LC3}}. Cuts audio power by roughly half versus A2DP and brings true stereo, multi-stream, and hearing-aid-grade reliability under one umbrella.",
+ 'The 2020+ [[bluetooth|Bluetooth]] audio architecture, defined across Core 5.2+ and a stack of profiles (BAP, PBP, TMAP, HAP). Replaces Classic A2DP/HFP with **Isochronous Channels** β Connected Isochronous Streams (CIS) for {{unicast|unicast}} earbuds and hearing aids, Broadcast Isochronous Streams (BIS) for {{auracast|Auracast}} one-to-many. Mandatory {{codec|codec}} is {{lc3|LC3}}. Cuts audio power by roughly half versus A2DP and brings true stereo, multi-stream, and hearing-aid-grade reliability under one umbrella.',
category: 'protocol-mechanics'
},
{
id: 'lc3',
term: 'LC3 (Low Complexity Communications Codec)',
definition:
- "Mandatory {{codec|codec}} of {{le-audio|LE Audio}}, standardised by the [[bluetooth|Bluetooth]] SIG in January 2020 (Ericsson + Fraunhofer IIS). Replaces 1990s SBC. Roughly 2Γ more battery-efficient than SBC at equivalent quality, 8β48 kHz sample rates, 16β320 kbit/s. The codec underneath every modern earbud and hearing aid shipping {{le-audio|LE Audio}}.",
+ 'Mandatory {{codec|codec}} of {{le-audio|LE Audio}}, standardised by the [[bluetooth|Bluetooth]] SIG in January 2020 (Ericsson + Fraunhofer IIS). Replaces 1990s SBC. Roughly 2Γ more battery-efficient than SBC at equivalent quality, 8β48 kHz sample rates, 16β320 kbit/s. The codec underneath every modern earbud and hearing aid shipping {{le-audio|LE Audio}}.',
category: 'protocol-mechanics'
},
{
@@ -2582,21 +2583,21 @@ export const concepts: Concept[] = [
id: 'channel-sounding',
term: 'Channel Sounding',
definition:
- "Centimetre-class distance measurement added to [[bluetooth|Bluetooth]] 6.0 (adopted 3 September 2024). Two devices in a normal LL connection schedule Channel Sounding events on a new LE 2M 2BT PHY and measure both signal **phase** across many frequencies (Phase-Based Ranging) and **round-trip time** of timestamped packets; the combination yields cm-accurate distance up to ~150 m. The protocol-level reply to [[uwb|UWB]] for digital car keys, anti-stalking tags, and proximity-aware locks.",
+ 'Centimetre-class distance measurement added to [[bluetooth|Bluetooth]] 6.0 (adopted 3 September 2024). Two devices in a normal LL connection schedule Channel Sounding events on a new LE 2M 2BT PHY and measure both signal **phase** across many frequencies (Phase-Based Ranging) and **round-trip time** of timestamped packets; the combination yields cm-accurate distance up to ~150 m. The protocol-level reply to [[uwb|UWB]] for digital car keys, anti-stalking tags, and proximity-aware locks.',
category: 'protocol-mechanics'
},
{
id: 'rpa',
term: 'RPA (Resolvable Private Address)',
definition:
- "A 48-bit Bluetooth LE address that *looks* random but is derivable from a long-lived Identity Resolving Key (IRK) the two paired devices share. Rotated every ~15 minutes by default. A bonded peer recomputes the expected RPA from the IRK and recognises its partner; a stranger sees only noise. The mechanism that prevents long-term tracking of {{ble|BLE}} devices by sniffers β important for AirTags, AirPods, fitness wearables, and any device a person carries on their body all day.",
+ 'A 48-bit Bluetooth LE address that *looks* random but is derivable from a long-lived Identity Resolving Key (IRK) the two paired devices share. Rotated every ~15 minutes by default. A bonded peer recomputes the expected RPA from the IRK and recognises its partner; a stranger sees only noise. The mechanism that prevents long-term tracking of {{ble|BLE}} devices by sniffers β important for AirTags, AirPods, fitness wearables, and any device a person carries on their body all day.',
category: 'security'
},
{
id: 'knob-attack',
term: 'KNOB / BIAS / BLUFFS',
definition:
- "Three [[bluetooth|Bluetooth]] BR/EDR session-security breaks by the same author (Daniele Antonioli) in five years. **KNOB** (CVE-2019-9506) downgrades the entropy of the negotiated session key to 1 byte β brute-forceable. **BIAS** (CVE-2020-10135) impersonates a previously-bonded peer by abusing role-switch in Legacy Secure Connections. **BLUFFS** (CVE-2023-24023) breaks forward secrecy by forcing reuse of a session-key derivation across reconnections. Every BR/EDR device shipped before mid-2024 is affected; the Core 5.4 / 6.0 patches add explicit minimum-entropy and key-diversification checks.",
+ 'Three [[bluetooth|Bluetooth]] BR/EDR session-security breaks by the same author (Daniele Antonioli) in five years. **KNOB** (CVE-2019-9506) downgrades the entropy of the negotiated session key to 1 byte β brute-forceable. **BIAS** (CVE-2020-10135) impersonates a previously-bonded peer by abusing role-switch in Legacy Secure Connections. **BLUFFS** (CVE-2023-24023) breaks forward secrecy by forcing reuse of a session-key derivation across reconnections. Every BR/EDR device shipped before mid-2024 is affected; the Core 5.4 / 6.0 patches add explicit minimum-entropy and key-diversification checks.',
wikiUrl: 'https://en.wikipedia.org/wiki/KNOB_attack',
category: 'security'
},
@@ -2606,7 +2607,7 @@ export const concepts: Concept[] = [
id: '3gpp',
term: '3GPP (3rd Generation Partnership Project)',
definition:
- "The umbrella standards body that owns the [[cellular|cellular]] family from GSM through 5G NR and (soon) 6G. Founded December 1998 as a partnership of regional SDOs (ETSI/Europe, ATIS/USA, TTA/Korea, ARIB+TTC/Japan, CCSA/China, TSDSI/India). Specifications are organised by *Release*: Release 8 (LTE, 2008), Release 15 (5G NR, 2018), Release 18 (5G-Advanced, frozen June 2024), Release 19/20 in flight. Every spec is free to download from 3gpp.org β the largest free technical library in telecommunications.",
+ 'The umbrella standards body that owns the [[cellular|cellular]] family from GSM through 5G NR and (soon) 6G. Founded December 1998 as a partnership of regional SDOs (ETSI/Europe, ATIS/USA, TTA/Korea, ARIB+TTC/Japan, CCSA/China, TSDSI/India). Specifications are organised by *Release*: Release 8 (LTE, 2008), Release 15 (5G NR, 2018), Release 18 (5G-Advanced, frozen June 2024), Release 19/20 in flight. Every spec is free to download from 3gpp.org β the largest free technical library in telecommunications.',
wikiUrl: 'https://en.wikipedia.org/wiki/3GPP',
category: 'infrastructure'
},
@@ -2614,7 +2615,7 @@ export const concepts: Concept[] = [
id: 'gsma',
term: 'GSMA (GSM Association)',
definition:
- "The trade association of mobile network operators β ~750 carriers plus ~400 ecosystem members. Distinct from {{3gpp|3GPP}}, which writes the technical specs; the GSMA owns the *commercial* layer: IR.21 roaming agreements, BA.51 RCS, FS.36 SS7/Diameter security, the eSIM Architecture, and Mobile World Congress every February in Barcelona. The body operators belong to; 3GPP is the body engineers contribute specs to.",
+ 'The trade association of mobile network operators β ~750 carriers plus ~400 ecosystem members. Distinct from {{3gpp|3GPP}}, which writes the technical specs; the GSMA owns the *commercial* layer: IR.21 roaming agreements, BA.51 RCS, FS.36 SS7/Diameter security, the eSIM Architecture, and Mobile World Congress every February in Barcelona. The body operators belong to; 3GPP is the body engineers contribute specs to.',
wikiUrl: 'https://en.wikipedia.org/wiki/GSMA',
category: 'infrastructure'
},
@@ -2630,7 +2631,7 @@ export const concepts: Concept[] = [
id: '5g-nr',
term: '5G NR (New Radio)',
definition:
- "{{3gpp|3GPP}} Release 15, frozen June 2018. The 5G air interface: scalable {{ofdma|OFDMA}} numerology (15/30/60/120/240 kHz subcarrier spacing) addressing sub-6 GHz (FR1) and {{mmwave|mmWave}} (FR2), service-based 5G Core, network slicing, ultra-reliable low-latency (URLLC), and mMTC for massive IoT. **5G Standalone** (no LTE anchor) deployments arrived 2020β2021; **5G-Advanced** is Release 18 (June 2024).",
+ '{{3gpp|3GPP}} Release 15, frozen June 2018. The 5G air interface: scalable {{ofdma|OFDMA}} numerology (15/30/60/120/240 kHz subcarrier spacing) addressing sub-6 GHz (FR1) and {{mmwave|mmWave}} (FR2), service-based 5G Core, network slicing, ultra-reliable low-latency (URLLC), and mMTC for massive IoT. **5G Standalone** (no LTE anchor) deployments arrived 2020β2021; **5G-Advanced** is Release 18 (June 2024).',
wikiUrl: 'https://en.wikipedia.org/wiki/5G_NR',
category: 'protocol-mechanics'
},
@@ -2638,14 +2639,14 @@ export const concepts: Concept[] = [
id: 'mmwave',
term: 'mmWave',
definition:
- "Millimetre-wave radio bands β typically 24β52 GHz for 5G NR FR2, plus 60 GHz for WiGig and 28/39 GHz for fixed wireless. Enormous bandwidth (hundreds of MHz of contiguous spectrum), gigabit speeds, line-of-sight only, ~20 dB attenuation through a wet leaf. Deployed mostly in stadiums, dense urban hotspots, and fixed-wireless backhaul rather than wide-area mobile.",
+ 'Millimetre-wave radio bands β typically 24β52 GHz for 5G NR FR2, plus 60 GHz for WiGig and 28/39 GHz for fixed wireless. Enormous bandwidth (hundreds of MHz of contiguous spectrum), gigabit speeds, line-of-sight only, ~20 dB attenuation through a wet leaf. Deployed mostly in stadiums, dense urban hotspots, and fixed-wireless backhaul rather than wide-area mobile.',
category: 'networking-basics'
},
{
id: 'ran',
term: 'RAN (Radio Access Network)',
definition:
- "The set of base stations and the protocol stack between them and the carrier core β the *radio side* of a [[cellular|cellular]] network. In 5G the base station is the **gNB** (gNodeB), in 4G it was the **eNB** (eNodeB). The RAN handles the PHY/MAC/RLC/PDCP/RRC stack on the air interface and tunnels user traffic into the core over **GTP-U** on the N3 interface. **Open RAN** is the disaggregated alternative where vendor-neutral hardware and software replace vertically-integrated boxes (Vodafone UK, Rakuten Symphony, DISH on AWS Wavelength).",
+ 'The set of base stations and the protocol stack between them and the carrier core β the *radio side* of a [[cellular|cellular]] network. In 5G the base station is the **gNB** (gNodeB), in 4G it was the **eNB** (eNodeB). The RAN handles the PHY/MAC/RLC/PDCP/RRC stack on the air interface and tunnels user traffic into the core over **GTP-U** on the N3 interface. **Open RAN** is the disaggregated alternative where vendor-neutral hardware and software replace vertically-integrated boxes (Vodafone UK, Rakuten Symphony, DISH on AWS Wavelength).',
wikiUrl: 'https://en.wikipedia.org/wiki/Radio_access_network',
category: 'infrastructure'
},
@@ -2668,7 +2669,7 @@ export const concepts: Concept[] = [
id: 'volte',
term: 'VoLTE / VoNR',
definition:
- "**Voice over LTE** and **Voice over New Radio** β packetised carrier voice over the LTE or 5G data bearer, signalled by {{ims|IMS}} [[sip|SIP]] and carried over [[rtp|RTP]] using the AMR-WB or EVS {{codec|codec}}. Replaces the legacy 2G/3G circuit-switched voice fallback. GSMA reports 310+ commercial VoLTE operators in 140+ countries and 45+ commercial VoNR networks by 2025. **Wi-Fi Calling** is the same IMS stack tunneled to the carrier over [[ipsec|IPsec]] from any IP network.",
+ '**Voice over LTE** and **Voice over New Radio** β packetised carrier voice over the LTE or 5G data bearer, signalled by {{ims|IMS}} [[sip|SIP]] and carried over [[rtp|RTP]] using the AMR-WB or EVS {{codec|codec}}. Replaces the legacy 2G/3G circuit-switched voice fallback. GSMA reports 310+ commercial VoLTE operators in 140+ countries and 45+ commercial VoNR networks by 2025. **Wi-Fi Calling** is the same IMS stack tunneled to the carrier over [[ipsec|IPsec]] from any IP network.',
category: 'protocol-mechanics'
},
{
@@ -2704,7 +2705,7 @@ export const concepts: Concept[] = [
id: 'aaa',
term: 'AAA (Authentication, Authorisation, Accounting)',
definition:
- "The three-question framework every access network asks: who are you, what may you do, what did you do? RADIUS (RFC 2865, 1997) was the original; {{diameter|Diameter}} replaced it for [[cellular|cellular]]; modern OIDC/[[oauth2|OAuth]] flows generalise it for web applications. The protocol-shaped hole every enterprise authentication system fills.",
+ 'The three-question framework every access network asks: who are you, what may you do, what did you do? RADIUS (RFC 2865, 1997) was the original; {{diameter|Diameter}} replaced it for [[cellular|cellular]]; modern OIDC/[[oauth2|OAuth]] flows generalise it for web applications. The protocol-shaped hole every enterprise authentication system fills.',
category: 'security'
},
{
@@ -2721,7 +2722,7 @@ export const concepts: Concept[] = [
id: 'thread',
term: 'Thread',
definition:
- "An [[ipv6|IPv6]]-native low-power mesh protocol on {{ieee-802-15-4|IEEE 802.15.4}} radios, governed by the Thread Group (Nest/Google, Apple, Samsung, ARM, Silicon Labs, NXP, +). Where [[zigbee|Zigbee]] grew its own application layer ({{zcl|ZCL}}), Thread carries native IPv6 over **6LoWPAN** {{header|header compression}} and **MLE** (Mesh Link Establishment) routing β so a Thread device gets an IPv6 address and is reachable like any other host. Thread 1.4 (December 2024) introduced **Thread Border Routers** as multi-vendor commodity hardware. The radio layer of {{matter|Matter}} that is not Wi-Fi.",
+ 'An [[ipv6|IPv6]]-native low-power mesh protocol on {{ieee-802-15-4|IEEE 802.15.4}} radios, governed by the Thread Group (Nest/Google, Apple, Samsung, ARM, Silicon Labs, NXP, +). Where [[zigbee|Zigbee]] grew its own application layer ({{zcl|ZCL}}), Thread carries native IPv6 over **6LoWPAN** {{header|header compression}} and **MLE** (Mesh Link Establishment) routing β so a Thread device gets an IPv6 address and is reachable like any other host. Thread 1.4 (December 2024) introduced **Thread Border Routers** as multi-vendor commodity hardware. The radio layer of {{matter|Matter}} that is not Wi-Fi.',
wikiUrl: 'https://en.wikipedia.org/wiki/Thread_(network_protocol)',
category: 'networking-basics'
},
@@ -2743,7 +2744,7 @@ export const concepts: Concept[] = [
id: 'mdns',
term: 'mDNS / DNS-SD',
definition:
- "Multicast DNS (RFC 6762) and DNS Service Discovery (RFC 6763). Lets a device on a local link discover services without any configured resolver β the device queries `_googlecast._tcp.local`, `_airplay._tcp.local`, `_matter._tcp.local`, etc., over multicast UDP/5353, and any host providing the service answers. Designed by [[pioneer:stuart-cheshire|Stuart Cheshire]] at Apple. Underneath Bonjour, AirPlay, Matter device discovery, and {{thread|Thread}} Border Router service advertisement.",
+ 'Multicast DNS (RFC 6762) and DNS Service Discovery (RFC 6763). Lets a device on a local link discover services without any configured resolver β the device queries `_googlecast._tcp.local`, `_airplay._tcp.local`, `_matter._tcp.local`, etc., over multicast UDP/5353, and any host providing the service answers. Designed by [[pioneer:stuart-cheshire|Stuart Cheshire]] at Apple. Underneath Bonjour, AirPlay, Matter device discovery, and {{thread|Thread}} Border Router service advertisement.',
wikiUrl: 'https://en.wikipedia.org/wiki/Multicast_DNS',
category: 'protocol-mechanics'
},
@@ -2767,7 +2768,7 @@ export const concepts: Concept[] = [
id: 'direct-to-cell',
term: 'Direct-to-Cell',
definition:
- "Satellite-to-standard-phone connectivity using ordinary [[cellular|cellular]] terrestrial bands (typically n25/n26) rather than handheld satellite-terminal hardware. T-Mobile + SpaceX Starlink launched commercial Direct-to-Cell in **January 2025** for SMS and emergency, with voice and data on a roadmap. AT&T's AST SpaceMobile and Apple's Globalstar Emergency SOS partnership follow similar patterns. Reshapes \"coverage\" as a concept: \"no signal\" no longer means *no signal*.",
+ 'Satellite-to-standard-phone connectivity using ordinary [[cellular|cellular]] terrestrial bands (typically n25/n26) rather than handheld satellite-terminal hardware. T-Mobile + SpaceX Starlink launched commercial Direct-to-Cell in **January 2025** for SMS and emergency, with voice and data on a roadmap. AT&T\'s AST SpaceMobile and Apple\'s Globalstar Emergency SOS partnership follow similar patterns. Reshapes "coverage" as a concept: "no signal" no longer means *no signal*.',
category: 'infrastructure'
},
{
@@ -2781,7 +2782,7 @@ export const concepts: Concept[] = [
id: 'lpwan',
term: 'LPWAN (Low-Power Wide-Area Network)',
definition:
- "The family of long-range, low-data-rate, multi-year-battery wireless protocols that sit between [[wifi|Wi-Fi]] and [[cellular|cellular]]. **LoRaWAN** (sub-GHz, ALOHA-style, 125M+ devices deployed by end-2025), **Sigfox** (slow-modulation 100 bit/s ultra-narrowband, France-originated), **NB-IoT** and **LTE-M** ([[cellular|cellular]]-licensed alternatives inside [[cellular|LTE]] spectrum). All trade throughput for kilometres of range and years of battery life.",
+ 'The family of long-range, low-data-rate, multi-year-battery wireless protocols that sit between [[wifi|Wi-Fi]] and [[cellular|cellular]]. **LoRaWAN** (sub-GHz, ALOHA-style, 125M+ devices deployed by end-2025), **Sigfox** (slow-modulation 100 bit/s ultra-narrowband, France-originated), **NB-IoT** and **LTE-M** ([[cellular|cellular]]-licensed alternatives inside [[cellular|LTE]] spectrum). All trade throughput for kilometres of range and years of battery life.',
wikiUrl: 'https://en.wikipedia.org/wiki/LPWAN',
category: 'networking-basics'
},
@@ -2796,7 +2797,7 @@ export const concepts: Concept[] = [
id: 'wifi-sensing',
term: 'Wi-Fi sensing (802.11bf)',
definition:
- "Using the Channel State Information (CSI) that [[wifi|Wi-Fi]] radios already compute for {{multipath|multipath}} equalisation to *detect* people, motion, and breathing β radio waves as occupancy sensors. Standardised in **IEEE 802.11bf-2025** (published 26 September 2025), covering 1β7.125 GHz and >45 GHz bands. Lets a home Wi-Fi mesh do presence detection without a camera or PIR sensor.",
+ 'Using the Channel State Information (CSI) that [[wifi|Wi-Fi]] radios already compute for {{multipath|multipath}} equalisation to *detect* people, motion, and breathing β radio waves as occupancy sensors. Standardised in **IEEE 802.11bf-2025** (published 26 September 2025), covering 1β7.125 GHz and >45 GHz bands. Lets a home Wi-Fi mesh do presence detection without a camera or PIR sensor.',
category: 'protocol-mechanics'
},
{
@@ -2820,7 +2821,7 @@ export const concepts: Concept[] = [
id: 'cloudflare',
term: 'Cloudflare',
definition:
- "Major CDN, DDoS-mitigation, and reverse-proxy operator founded 2009. Runs ~330 PoPs, serves ~20% of all websites by some measures, and authored or co-authored several internet standards ([[quic|QUIC]] adoption, {{ech|ECH}}, {{rpki|RPKI}} measurement at radar.cloudflare.com). Runs the **1.1.1.1** public DNS resolver. Their post-mortems are a major source of public outage learning.",
+ 'Major CDN, DDoS-mitigation, and reverse-proxy operator founded 2009. Runs ~330 PoPs, serves ~20% of all websites by some measures, and authored or co-authored several internet standards ([[quic|QUIC]] adoption, {{ech|ECH}}, {{rpki|RPKI}} measurement at radar.cloudflare.com). Runs the **1.1.1.1** public DNS resolver. Their post-mortems are a major source of public outage learning.',
wikiUrl: 'https://en.wikipedia.org/wiki/Cloudflare',
category: 'infrastructure'
},
@@ -2828,7 +2829,7 @@ export const concepts: Concept[] = [
id: 'google',
term: 'Google',
definition:
- "Search, YouTube, and Android operator that has driven a disproportionate share of post-2008 internet protocol design. Authored {{spdy|SPDY}} (became [[http2|HTTP/2]]), [[quic|QUIC]] (became [[http3|HTTP/3]]), {{bbr|BBR}}, [[webrtc|WebRTC]] adoption, the public **8.8.8.8** DNS resolver, and runs **Jupiter** β one of the largest internal datacenter fabrics on earth.",
+ 'Search, YouTube, and Android operator that has driven a disproportionate share of post-2008 internet protocol design. Authored {{spdy|SPDY}} (became [[http2|HTTP/2]]), [[quic|QUIC]] (became [[http3|HTTP/3]]), {{bbr|BBR}}, [[webrtc|WebRTC]] adoption, the public **8.8.8.8** DNS resolver, and runs **Jupiter** β one of the largest internal datacenter fabrics on earth.',
wikiUrl: 'https://en.wikipedia.org/wiki/Google',
category: 'infrastructure'
},
@@ -2836,7 +2837,7 @@ export const concepts: Concept[] = [
id: 'apple',
term: 'Apple',
definition:
- "Largest single force shaping client-side wireless and codec choices: [[hls|HLS]] (2009), {{airdrop|AirDrop}}, AirPlay, the **U1 / U2 ultra-wideband** chips (2019/2024) that drove {{ccc-digital-key|CCC Digital Key}} and AirTag, the iCloud Private Relay [[quic|QUIC]] deployment, and the first {{matter|Matter}} thread-border-router shipments. Their device share gives any default they pick (X25519MLKEM768, post-quantum [[tls|TLS]], etc.) immediate global reach.",
+ 'Largest single force shaping client-side wireless and codec choices: [[hls|HLS]] (2009), {{airdrop|AirDrop}}, AirPlay, the **U1 / U2 ultra-wideband** chips (2019/2024) that drove {{ccc-digital-key|CCC Digital Key}} and AirTag, the iCloud Private Relay [[quic|QUIC]] deployment, and the first {{matter|Matter}} thread-border-router shipments. Their device share gives any default they pick (X25519MLKEM768, post-quantum [[tls|TLS]], etc.) immediate global reach.',
wikiUrl: 'https://en.wikipedia.org/wiki/Apple_Inc.',
category: 'infrastructure'
},
@@ -2844,7 +2845,7 @@ export const concepts: Concept[] = [
id: 'microsoft',
term: 'Microsoft',
definition:
- "Operator of Azure, GitHub, and the Windows networking stack. Co-author of [[websockets|WebSockets]] adoption, [[mptcp|MPTCP]] early experiments, the Azure Service Bus [[amqp|AMQP]] deployment, and the SMB/SMB-Direct file-sharing protocols. Owns LinkedIn (the largest documented [[kafka|Kafka]] deployment on earth, >7 trillion messages/day).",
+ 'Operator of Azure, GitHub, and the Windows networking stack. Co-author of [[websockets|WebSockets]] adoption, [[mptcp|MPTCP]] early experiments, the Azure Service Bus [[amqp|AMQP]] deployment, and the SMB/SMB-Direct file-sharing protocols. Owns LinkedIn (the largest documented [[kafka|Kafka]] deployment on earth, >7 trillion messages/day).',
wikiUrl: 'https://en.wikipedia.org/wiki/Microsoft',
category: 'infrastructure'
},
@@ -2852,7 +2853,7 @@ export const concepts: Concept[] = [
id: 'meta',
term: 'Meta',
definition:
- "Operator of Facebook, Instagram, WhatsApp, and Messenger (the largest [[mqtt|MQTT]] deployment in the world). Major contributor to **mvfst** (open-source [[quic|QUIC]]), {{zstd|zstd}} compression, RDMA-over-Ethernet at scale, and several {{ietf|IETF}} working groups around Media-over-QUIC and {{l4s|L4S}}.",
+ 'Operator of Facebook, Instagram, WhatsApp, and Messenger (the largest [[mqtt|MQTT]] deployment in the world). Major contributor to **mvfst** (open-source [[quic|QUIC]]), {{zstd|zstd}} compression, RDMA-over-Ethernet at scale, and several {{ietf|IETF}} working groups around Media-over-QUIC and {{l4s|L4S}}.',
wikiUrl: 'https://en.wikipedia.org/wiki/Meta_Platforms',
category: 'infrastructure'
},
@@ -2868,7 +2869,7 @@ export const concepts: Concept[] = [
id: 'nvidia',
term: 'NVIDIA',
definition:
- "GPU and networking-silicon vendor (acquired Mellanox 2020) that drives modern AI-fabric design. Ships InfiniBand and **Spectrum-X** [[ethernet|Ethernet]] switches, Quantum-X / Spectrum-X co-packaged-optics chips, and BlueField DPUs. Joined the {{uec|Ultra Ethernet Consortium}} after long InfiniBand allegiance β a turning point for AI datacenter networking.",
+ 'GPU and networking-silicon vendor (acquired Mellanox 2020) that drives modern AI-fabric design. Ships InfiniBand and **Spectrum-X** [[ethernet|Ethernet]] switches, Quantum-X / Spectrum-X co-packaged-optics chips, and BlueField DPUs. Joined the {{uec|Ultra Ethernet Consortium}} after long InfiniBand allegiance β a turning point for AI datacenter networking.',
wikiUrl: 'https://en.wikipedia.org/wiki/Nvidia',
category: 'infrastructure'
},
@@ -2876,7 +2877,7 @@ export const concepts: Concept[] = [
id: 'cisco',
term: 'Cisco',
definition:
- "The dominant enterprise router and switch vendor since the 1990s. Built **IOS**, the canonical CLI networking-equipment shell, ran some of the most influential [[bgp|BGP]] reference implementations, and authored or co-authored major early {{ietf|IETF}} routing-protocol work. Acquired Webex (2007) and Meraki (2012); 2023β2025 spent rebuilding its security stack around Splunk and Robust Intelligence.",
+ 'The dominant enterprise router and switch vendor since the 1990s. Built **IOS**, the canonical CLI networking-equipment shell, ran some of the most influential [[bgp|BGP]] reference implementations, and authored or co-authored major early {{ietf|IETF}} routing-protocol work. Acquired Webex (2007) and Meraki (2012); 2023β2025 spent rebuilding its security stack around Splunk and Robust Intelligence.',
wikiUrl: 'https://en.wikipedia.org/wiki/Cisco',
category: 'infrastructure'
},
@@ -2884,7 +2885,7 @@ export const concepts: Concept[] = [
id: 'juniper',
term: 'Juniper Networks',
definition:
- "Carrier-grade router vendor founded 1996, the second pillar of internet backbone routing alongside [[cisco|Cisco]]. **Junos OS** is the canonical FreeBSD-derived router OS. Acquired by HPE in **1 July 2025** for $14 billion.",
+ 'Carrier-grade router vendor founded 1996, the second pillar of internet backbone routing alongside [[cisco|Cisco]]. **Junos OS** is the canonical FreeBSD-derived router OS. Acquired by HPE in **1 July 2025** for $14 billion.',
wikiUrl: 'https://en.wikipedia.org/wiki/Juniper_Networks',
category: 'infrastructure'
},
@@ -2892,7 +2893,7 @@ export const concepts: Concept[] = [
id: 'broadcom',
term: 'Broadcom',
definition:
- "Switch-silicon and connectivity-chip vendor that ships **Tomahawk**, **Trident**, and **Jericho** Ethernet ASICs β the building blocks under most hyperscale datacenter switches. Acquired VMware in 2023. Tomahawk 6 (June 2025) was the first 102.4 Tbps single-chip Ethernet switch.",
+ 'Switch-silicon and connectivity-chip vendor that ships **Tomahawk**, **Trident**, and **Jericho** Ethernet ASICs β the building blocks under most hyperscale datacenter switches. Acquired VMware in 2023. Tomahawk 6 (June 2025) was the first 102.4 Tbps single-chip Ethernet switch.',
wikiUrl: 'https://en.wikipedia.org/wiki/Broadcom',
category: 'infrastructure'
},
@@ -2918,7 +2919,7 @@ export const concepts: Concept[] = [
id: 'linux',
term: 'Linux',
definition:
- "The dominant server, router, and embedded operating system, started by Linus Torvalds in 1991. Owns the canonical implementations of [[tcp|TCP]] {{cubic|CUBIC}} (2.6.19+), {{bbr|BBR}} (4.9+), [[wireguard|WireGuard]] (5.6+), eBPF, XDP, and {{l4s|L4S}}. The reference platform every other OS measures itself against on the network stack.",
+ 'The dominant server, router, and embedded operating system, started by Linus Torvalds in 1991. Owns the canonical implementations of [[tcp|TCP]] {{cubic|CUBIC}} (2.6.19+), {{bbr|BBR}} (4.9+), [[wireguard|WireGuard]] (5.6+), eBPF, XDP, and {{l4s|L4S}}. The reference platform every other OS measures itself against on the network stack.',
wikiUrl: 'https://en.wikipedia.org/wiki/Linux',
category: 'infrastructure'
},
@@ -2934,7 +2935,7 @@ export const concepts: Concept[] = [
id: 'wireshark',
term: 'Wireshark',
definition:
- "The de-facto open-source packet analyser, originally **Ethereal** (1998). Reads pcap/pcapng files, decodes hundreds of protocols (TCP, TLS, QUIC, BGP, SIP, MQTT, CoAP, EMV β almost everything in this catalogue), and is the universal tool when a protocol does not do what its spec says. Recent releases (4.4, late 2024) added decryption for [[tls|TLS]] 1.3 with key-log files and pcap-over-[[quic|QUIC]] capture.",
+ 'The de-facto open-source packet analyser, originally **Ethereal** (1998). Reads pcap/pcapng files, decodes hundreds of protocols (TCP, TLS, QUIC, BGP, SIP, MQTT, CoAP, EMV β almost everything in this catalogue), and is the universal tool when a protocol does not do what its spec says. Recent releases (4.4, late 2024) added decryption for [[tls|TLS]] 1.3 with key-log files and pcap-over-[[quic|QUIC]] capture.',
wikiUrl: 'https://en.wikipedia.org/wiki/Wireshark',
category: 'infrastructure'
},
@@ -2944,7 +2945,7 @@ export const concepts: Concept[] = [
id: 'iot',
term: 'IoT (Internet of Things)',
definition:
- "The umbrella term for networked physical objects β sensors, actuators, smart-home devices, industrial controllers β that talk over [[mqtt|MQTT]], [[coap|CoAP]], {{thread|Thread}}, [[zigbee|Zigbee]], {{matter|Matter}}, or constrained [[cellular|cellular]] radios (NB-IoT, LTE-M). The defining constraints are *small RAM, small power budgets, intermittent connectivity, and a 10+ year deployment lifetime* β which is why every IoT protocol obsesses about byte counts and battery-friendly handshakes.",
+ 'The umbrella term for networked physical objects β sensors, actuators, smart-home devices, industrial controllers β that talk over [[mqtt|MQTT]], [[coap|CoAP]], {{thread|Thread}}, [[zigbee|Zigbee]], {{matter|Matter}}, or constrained [[cellular|cellular]] radios (NB-IoT, LTE-M). The defining constraints are *small RAM, small power budgets, intermittent connectivity, and a 10+ year deployment lifetime* β which is why every IoT protocol obsesses about byte counts and battery-friendly handshakes.',
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_of_things',
category: 'networking-basics'
},
@@ -2960,7 +2961,7 @@ export const concepts: Concept[] = [
id: 'wan',
term: 'WAN (Wide Area Network)',
definition:
- "Any network spanning multiple physical locations or administrative domains β the public internet, an MPLS-VPN backbone, an SD-WAN overlay. WANs are where [[bgp|BGP]] routes, {{nat|NAT}} translates, [[tls|TLS]] protects, and the latency budget jumps from microseconds to tens or hundreds of milliseconds.",
+ 'Any network spanning multiple physical locations or administrative domains β the public internet, an MPLS-VPN backbone, an SD-WAN overlay. WANs are where [[bgp|BGP]] routes, {{nat|NAT}} translates, [[tls|TLS]] protects, and the latency budget jumps from microseconds to tens or hundreds of milliseconds.',
wikiUrl: 'https://en.wikipedia.org/wiki/Wide_area_network',
category: 'networking-basics'
},
@@ -2970,7 +2971,7 @@ export const concepts: Concept[] = [
id: 'tcp-tahoe',
term: 'TCP Tahoe',
definition:
- "The original [[tcp|TCP]] congestion-control algorithm, introduced by [[pioneer:van-jacobson|Van Jacobson]] in 1988. Adds **slow start**, **congestion avoidance**, **fast retransmit**, and full window reset on loss. Named for the 4.3BSD-Tahoe release. Superseded by {{tcp-reno|Reno}} (which keeps the window on duplicate {{ack|ACKs}}) within two years.",
+ 'The original [[tcp|TCP]] congestion-control algorithm, introduced by [[pioneer:van-jacobson|Van Jacobson]] in 1988. Adds **slow start**, **congestion avoidance**, **fast retransmit**, and full window reset on loss. Named for the 4.3BSD-Tahoe release. Superseded by {{tcp-reno|Reno}} (which keeps the window on duplicate {{ack|ACKs}}) within two years.',
wikiUrl: 'https://en.wikipedia.org/wiki/TCP_congestion_control#TCP_Tahoe_and_Reno',
category: 'protocol-mechanics'
},
@@ -2978,7 +2979,7 @@ export const concepts: Concept[] = [
id: 'tcp-reno',
term: 'TCP Reno',
definition:
- "The 1990 evolution of [[tcp|TCP]] {{tcp-tahoe|Tahoe}} that added **fast recovery** β on triple-duplicate {{ack|ACKs}}, halve the window and continue rather than dropping to one segment. The textbook congestion-control algorithm and the reference every later variant compares against.",
+ 'The 1990 evolution of [[tcp|TCP]] {{tcp-tahoe|Tahoe}} that added **fast recovery** β on triple-duplicate {{ack|ACKs}}, halve the window and continue rather than dropping to one segment. The textbook congestion-control algorithm and the reference every later variant compares against.',
wikiUrl: 'https://en.wikipedia.org/wiki/TCP_congestion_control',
category: 'protocol-mechanics'
},
@@ -2986,7 +2987,7 @@ export const concepts: Concept[] = [
id: 'tcp-newreno',
term: 'TCP NewReno',
definition:
- "An incremental refinement of {{tcp-reno|Reno}} that handles **multiple packet losses in one window** by staying in fast-recovery until *all* losses in the window have been acknowledged. Specified in [[rfc:6582|RFC 6582]] (2012, obsoleting RFC 3782). The default on Windows pre-2008 and on many BSD stacks for two decades.",
+ 'An incremental refinement of {{tcp-reno|Reno}} that handles **multiple packet losses in one window** by staying in fast-recovery until *all* losses in the window have been acknowledged. Specified in [[rfc:6582|RFC 6582]] (2012, obsoleting RFC 3782). The default on Windows pre-2008 and on many BSD stacks for two decades.',
wikiUrl: 'https://en.wikipedia.org/wiki/TCP_congestion_control#TCP_NewReno',
category: 'protocol-mechanics'
},
@@ -2994,7 +2995,7 @@ export const concepts: Concept[] = [
id: 'bbrv3',
term: 'BBRv3',
definition:
- "The 2023+ revision of {{bbr|BBR}} that addresses the v1 fairness problems with {{cubic|CUBIC}} and packet-conservation gaps. Now \`draft-ietf-ccwg-bbr\` (-04 / -05, 2025β2026); Google has run it as the default on google.com and YouTube traffic since 2023. Available in Linux via \`sysctl net.ipv4.tcp_congestion_control=bbr\` paired with FQ qdisc.",
+ 'The 2023+ revision of {{bbr|BBR}} that addresses the v1 fairness problems with {{cubic|CUBIC}} and packet-conservation gaps. Now `draft-ietf-ccwg-bbr` (-04 / -05, 2025β2026); Google has run it as the default on google.com and YouTube traffic since 2023. Available in Linux via `sysctl net.ipv4.tcp_congestion_control=bbr` paired with FQ qdisc.',
category: 'protocol-mechanics'
},
@@ -3011,7 +3012,7 @@ export const concepts: Concept[] = [
id: 'moq',
term: 'MoQ (Media over QUIC)',
definition:
- "The {{ietf|IETF}} working group and protocol family designing the next-generation sub-second live streaming transport on top of [[quic|QUIC]]. \`draft-ietf-moq-transport\` (-17 in March 2026) is the core protocol β co-edited by Suhas Nandakumar (Cisco), Victor Vasiliev (Google), Ian Swett (Google), and Alan Frindell (Meta). Designed to replace the [[rtmp|RTMP]]β[[hls|HLS]] pipeline. Cloudflare runs production MoQ relays across 330+ cities.",
+ 'The {{ietf|IETF}} working group and protocol family designing the next-generation sub-second live streaming transport on top of [[quic|QUIC]]. `draft-ietf-moq-transport` (-17 in March 2026) is the core protocol β co-edited by Suhas Nandakumar (Cisco), Victor Vasiliev (Google), Ian Swett (Google), and Alan Frindell (Meta). Designed to replace the [[rtmp|RTMP]]β[[hls|HLS]] pipeline. Cloudflare runs production MoQ relays across 330+ cities.',
category: 'protocol-mechanics'
},
@@ -3020,7 +3021,7 @@ export const concepts: Concept[] = [
id: 'wpa2',
term: 'WPA2',
definition:
- "The 2004 IEEE 802.11i amendment that made AES-CCMP and the **4-way handshake** mandatory for [[wifi|Wi-Fi]] security, ending WEP and TKIP. WPA2-Personal (PSK) is the universal home-router default 2004β2018; WPA2-Enterprise pairs it with {{eap|EAP}}-TLS / PEAP. Replaced by {{wpa3|WPA3}} starting 2018 after KRACK (2017) exposed protocol-level flaws in the 4-way handshake.",
+ 'The 2004 IEEE 802.11i amendment that made AES-CCMP and the **4-way handshake** mandatory for [[wifi|Wi-Fi]] security, ending WEP and TKIP. WPA2-Personal (PSK) is the universal home-router default 2004β2018; WPA2-Enterprise pairs it with {{eap|EAP}}-TLS / PEAP. Replaced by {{wpa3|WPA3}} starting 2018 after KRACK (2017) exposed protocol-level flaws in the 4-way handshake.',
wikiUrl: 'https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#WPA2',
category: 'security'
},
@@ -3028,7 +3029,7 @@ export const concepts: Concept[] = [
id: 'mesh-network',
term: 'Mesh network',
definition:
- "A multi-hop wireless topology where every node forwards frames for its neighbours β no central access point owns the airtime. {{thread|Thread}} (802.15.4 + IPv6), [[zigbee|Zigbee]] (802.15.4 + ZCL), Bluetooth Mesh (BR/EDR + GATT proxy), and Wi-Fi 802.11s are the four common families. The trade-off versus star topologies: longer reach and better resilience, but harder commissioning and worse battery life on relay nodes.",
+ 'A multi-hop wireless topology where every node forwards frames for its neighbours β no central access point owns the airtime. {{thread|Thread}} (802.15.4 + IPv6), [[zigbee|Zigbee]] (802.15.4 + ZCL), Bluetooth Mesh (BR/EDR + GATT proxy), and Wi-Fi 802.11s are the four common families. The trade-off versus star topologies: longer reach and better resilience, but harder commissioning and worse battery life on relay nodes.',
wikiUrl: 'https://en.wikipedia.org/wiki/Mesh_networking',
category: 'networking-basics'
},
@@ -3036,7 +3037,7 @@ export const concepts: Concept[] = [
id: 'beacon-frame',
term: 'Beacon frame',
definition:
- "In [[wifi|Wi-Fi]] (and {{ble|BLE}}, in a different sense), the periodic management frame an {{access-point|access point}} broadcasts to announce its presence β SSID, supported rates, capabilities, and timing. Default beacon interval is **100 ms** in Wi-Fi; this is one of the bigger sources of idle airtime in dense environments and is what Target Wake Time (TWT) tries to eliminate.",
+ 'In [[wifi|Wi-Fi]] (and {{ble|BLE}}, in a different sense), the periodic management frame an {{access-point|access point}} broadcasts to announce its presence β SSID, supported rates, capabilities, and timing. Default beacon interval is **100 ms** in Wi-Fi; this is one of the bigger sources of idle airtime in dense environments and is what Target Wake Time (TWT) tries to eliminate.',
wikiUrl: 'https://en.wikipedia.org/wiki/Beacon_frame',
category: 'protocol-mechanics'
},
@@ -3062,7 +3063,7 @@ export const concepts: Concept[] = [
id: 'zstd',
term: 'Zstandard (zstd)',
definition:
- "A lossless data compression algorithm developed by Yann Collet at {{meta|Meta}} (open-sourced 2016). Trades a tiny throughput cost vs. zlib for a sizeable ratio improvement, and is now an {{ietf|IETF}} standard ([[rfc:8478|RFC 8478]]) and the default codec for several [[kafka|Kafka]] producers, container image registries, and Linux kernel modules.",
+ 'A lossless data compression algorithm developed by Yann Collet at {{meta|Meta}} (open-sourced 2016). Trades a tiny throughput cost vs. zlib for a sizeable ratio improvement, and is now an {{ietf|IETF}} standard ([[rfc:8478|RFC 8478]]) and the default codec for several [[kafka|Kafka]] producers, container image registries, and Linux kernel modules.',
wikiUrl: 'https://en.wikipedia.org/wiki/Zstd',
category: 'protocol-mechanics'
},
@@ -3070,14 +3071,14 @@ export const concepts: Concept[] = [
id: 'uec',
term: 'UEC (Ultra Ethernet Consortium)',
definition:
- "Linux Foundation hosted consortium founded **19 July 2023** by AMD, Arista, Broadcom, Cisco, Eviden, HPE, Intel, Meta, and Microsoft (NVIDIA joined later) to redesign [[ethernet|Ethernet]] for AI fabrics. **UEC Specification 1.0** was published 11 June 2025 β defines **Ultra Ethernet Transport (UET)** with packet spraying, selective {{retransmission|retransmission}}, in-network telemetry, and ephemeral/{{connectionless|connectionless}} state for millions of endpoints.",
+ 'Linux Foundation hosted consortium founded **19 July 2023** by AMD, Arista, Broadcom, Cisco, Eviden, HPE, Intel, Meta, and Microsoft (NVIDIA joined later) to redesign [[ethernet|Ethernet]] for AI fabrics. **UEC Specification 1.0** was published 11 June 2025 β defines **Ultra Ethernet Transport (UET)** with packet spraying, selective {{retransmission|retransmission}}, in-network telemetry, and ephemeral/{{connectionless|connectionless}} state for millions of endpoints.',
category: 'infrastructure'
},
{
id: 'ssdp',
term: 'SSDP (Simple Service Discovery Protocol)',
definition:
- "The UPnP discovery protocol β multicast HTTP-over-[[udp|UDP]] to **239.255.255.250:1900** for finding devices on the {{lan|LAN}}. Routers, smart TVs, printers, game consoles, and media-server software (Plex, DLNA) all speak it. A long-standing security headache: open SSDP reflectors have been used in DDoS amplification attacks since 2014.",
+ 'The UPnP discovery protocol β multicast HTTP-over-[[udp|UDP]] to **239.255.255.250:1900** for finding devices on the {{lan|LAN}}. Routers, smart TVs, printers, game consoles, and media-server software (Plex, DLNA) all speak it. A long-standing security headache: open SSDP reflectors have been used in DDoS amplification attacks since 2014.',
wikiUrl: 'https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol',
category: 'protocol-mechanics'
},
@@ -3119,7 +3120,7 @@ export const concepts: Concept[] = [
id: 'tls-finished',
term: 'Finished message',
definition:
- "The handshake-completion message in [[tls|TLS]]. A keyed MAC over the entire {{handshake|handshake}} transcript so far β both sides send one to prove they computed the same keys and saw the same messages. Detects downgrade attacks: anyone who tampered with the cipher-suite list, the key shares, or the {{certificate|certificate}} chain would fail the Finished check.",
+ 'The handshake-completion message in [[tls|TLS]]. A keyed MAC over the entire {{handshake|handshake}} transcript so far β both sides send one to prove they computed the same keys and saw the same messages. Detects downgrade attacks: anyone who tampered with the cipher-suite list, the key shares, or the {{certificate|certificate}} chain would fail the Finished check.',
wikiUrl: 'https://en.wikipedia.org/wiki/Transport_Layer_Security',
category: 'security'
},
@@ -3129,7 +3130,7 @@ export const concepts: Concept[] = [
id: 'aes-gcm',
term: 'AES-GCM',
definition:
- "The dominant {{aead|AEAD}} construction in the post-2010 internet: AES in counter mode for {{encryption|encryption}}, GHASH (Galois MAC) for authentication, all under one key. Used by [[tls|TLS]] 1.2/1.3, [[ipsec|IPsec ESP]], [[ssh|SSH]], [[wireguard|WireGuard]] (in AES variants), {{srtp|SRTP}}. Hardware AES-NI / VAES support makes it the fastest mainstream cipher on x86 and ARMv8.",
+ 'The dominant {{aead|AEAD}} construction in the post-2010 internet: AES in counter mode for {{encryption|encryption}}, GHASH (Galois MAC) for authentication, all under one key. Used by [[tls|TLS]] 1.2/1.3, [[ipsec|IPsec ESP]], [[ssh|SSH]], [[wireguard|WireGuard]] (in AES variants), {{srtp|SRTP}}. Hardware AES-NI / VAES support makes it the fastest mainstream cipher on x86 and ARMv8.',
wikiUrl: 'https://en.wikipedia.org/wiki/Galois/Counter_Mode',
category: 'security'
},
@@ -3155,7 +3156,7 @@ export const concepts: Concept[] = [
id: 'pmk',
term: 'PMK (Pairwise Master Key)',
definition:
- "The long-lived secret shared between a [[wifi|Wi-Fi]] station and the {{access-point|AP}}. In WPA2-Personal it is derived from the passphrase via PBKDF2(SSID, passphrase, 4096); in WPA2-Enterprise it falls out of the {{eap|EAP}} method. Both endpoints know the PMK *before* the {{four-way-handshake|4-way handshake}}; the handshake then mixes it with nonces to derive the per-session {{ptk|PTK}}.",
+ 'The long-lived secret shared between a [[wifi|Wi-Fi]] station and the {{access-point|AP}}. In WPA2-Personal it is derived from the passphrase via PBKDF2(SSID, passphrase, 4096); in WPA2-Enterprise it falls out of the {{eap|EAP}} method. Both endpoints know the PMK *before* the {{four-way-handshake|4-way handshake}}; the handshake then mixes it with nonces to derive the per-session {{ptk|PTK}}.',
wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004',
category: 'security'
},
@@ -3163,7 +3164,7 @@ export const concepts: Concept[] = [
id: 'ptk',
term: 'PTK (Pairwise Transient Key)',
definition:
- "The per-session session key in [[wifi|Wi-Fi]] WPA2/WPA3, derived during the {{four-way-handshake|4-way handshake}} from PMK + ANonce + SNonce + both MAC addresses. The PTK is split into KCK (key-confirmation), KEK (key-encryption), and TK (the temporal key that actually encrypts data frames with AES-CCMP or GCMP). Rotated whenever the station re-associates.",
+ 'The per-session session key in [[wifi|Wi-Fi]] WPA2/WPA3, derived during the {{four-way-handshake|4-way handshake}} from PMK + ANonce + SNonce + both MAC addresses. The PTK is split into KCK (key-confirmation), KEK (key-encryption), and TK (the temporal key that actually encrypts data frames with AES-CCMP or GCMP). Rotated whenever the station re-associates.',
wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004',
category: 'security'
},
@@ -3179,7 +3180,7 @@ export const concepts: Concept[] = [
id: 'mic',
term: 'MIC (Message Integrity Code)',
definition:
- "A short authenticator appended to encrypted frames in [[wifi|Wi-Fi]] (and [[bluetooth|Bluetooth LE]]) to prove integrity. In WPA2 CCMP it is 8 bytes; in GCMP it is 16. Different from a CRC: a CRC catches transmission errors; a MIC catches *adversarial* tampering because it depends on a secret key.",
+ 'A short authenticator appended to encrypted frames in [[wifi|Wi-Fi]] (and [[bluetooth|Bluetooth LE]]) to prove integrity. In WPA2 CCMP it is 8 bytes; in GCMP it is 16. Different from a CRC: a CRC catches transmission errors; a MIC catches *adversarial* tampering because it depends on a secret key.',
wikiUrl: 'https://en.wikipedia.org/wiki/Message_authentication_code',
category: 'security'
},
@@ -3189,7 +3190,7 @@ export const concepts: Concept[] = [
id: 'spi',
term: 'SPI (Security Parameters Index)',
definition:
- "A 32-bit identifier in the [[ipsec|IPsec]] ESP header that names *which Security Association* to use to decrypt this packet. The receiver looks up the SPI in its SAD (Security Association Database) to find the key, cipher, replay window, and counters. Each direction of an IPsec tunnel has its own SPI; they are negotiated in the {{ike-sa|IKE_SA_INIT}} exchange.",
+ 'A 32-bit identifier in the [[ipsec|IPsec]] ESP header that names *which Security Association* to use to decrypt this packet. The receiver looks up the SPI in its SAD (Security Association Database) to find the key, cipher, replay window, and counters. Each direction of an IPsec tunnel has its own SPI; they are negotiated in the {{ike-sa|IKE_SA_INIT}} exchange.',
wikiUrl: 'https://en.wikipedia.org/wiki/Security_Parameter_Index',
category: 'security'
},
@@ -3197,7 +3198,7 @@ export const concepts: Concept[] = [
id: 'ike-sa',
term: 'IKE SA',
definition:
- "The control-plane Security Association in [[ipsec|IKEv2]] β the encrypted, authenticated channel that the two peers use to *negotiate* the data-plane Child SAs. Established by the **IKE_SA_INIT** + **IKE_AUTH** exchanges (two round trips) and lives for hours; rekeyed before lifetime expiry with **CREATE_CHILD_SA**.",
+ 'The control-plane Security Association in [[ipsec|IKEv2]] β the encrypted, authenticated channel that the two peers use to *negotiate* the data-plane Child SAs. Established by the **IKE_SA_INIT** + **IKE_AUTH** exchanges (two round trips) and lives for hours; rekeyed before lifetime expiry with **CREATE_CHILD_SA**.',
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Key_Exchange',
category: 'security'
},
@@ -3205,7 +3206,7 @@ export const concepts: Concept[] = [
id: 'child-sa',
term: 'Child SA',
definition:
- "A unidirectional data-plane Security Association in [[ipsec|IKEv2]]. Carries the ESP key, cipher choice, sequence-number window, and traffic selectors for one direction of a tunnel. Two Child SAs (one each way) are negotiated inside the {{ike-sa|IKE SA}} during IKE_AUTH and rekeyed via **CREATE_CHILD_SA** before their byte/time limits.",
+ 'A unidirectional data-plane Security Association in [[ipsec|IKEv2]]. Carries the ESP key, cipher choice, sequence-number window, and traffic selectors for one direction of a tunnel. Two Child SAs (one each way) are negotiated inside the {{ike-sa|IKE SA}} during IKE_AUTH and rekeyed via **CREATE_CHILD_SA** before their byte/time limits.',
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Key_Exchange',
category: 'security'
},
@@ -3215,7 +3216,7 @@ export const concepts: Concept[] = [
id: 'manifest',
term: 'Manifest',
definition:
- "The top-level playlist file in adaptive-bitrate streaming. In [[hls|HLS]] this is an **`.m3u8`** text file; in [[dash|DASH]] it is an XML **MPD** (Media Presentation Description). Lists the available bitrate ladders, codec profiles, audio/subtitle tracks, and the URLs (or URL templates) for each segment. The player downloads the manifest first, then fetches segments per its {{adaptive-bitrate|adaptive-bitrate}} logic.",
+ 'The top-level playlist file in adaptive-bitrate streaming. In [[hls|HLS]] this is an **`.m3u8`** text file; in [[dash|DASH]] it is an XML **MPD** (Media Presentation Description). Lists the available bitrate ladders, codec profiles, audio/subtitle tracks, and the URLs (or URL templates) for each segment. The player downloads the manifest first, then fetches segments per its {{adaptive-bitrate|adaptive-bitrate}} logic.',
wikiUrl: 'https://en.wikipedia.org/wiki/HTTP_Live_Streaming',
category: 'protocol-mechanics'
},
@@ -3233,7 +3234,7 @@ export const concepts: Concept[] = [
id: 'jitter-buffer',
term: 'Jitter buffer',
definition:
- "A small (10β200 ms) playout queue at the receiver in [[rtp|RTP]] / {{voip|VoIP}} systems that absorbs network {{jitter|jitter}}. Buffers a few packets before starting playback so out-of-order arrivals can be re-ordered by [[rtp|RTP]] {{sequence-number|sequence number}}, and late packets can be dropped without an audible gap. Trades a tiny added {{latency|latency}} for smooth audio/video.",
+ 'A small (10β200 ms) playout queue at the receiver in [[rtp|RTP]] / {{voip|VoIP}} systems that absorbs network {{jitter|jitter}}. Buffers a few packets before starting playback so out-of-order arrivals can be re-ordered by [[rtp|RTP]] {{sequence-number|sequence number}}, and late packets can be dropped without an audible gap. Trades a tiny added {{latency|latency}} for smooth audio/video.',
wikiUrl: 'https://en.wikipedia.org/wiki/Jitter#Jitter_buffer',
category: 'protocol-mechanics'
},
@@ -3241,7 +3242,7 @@ export const concepts: Concept[] = [
id: 'forward-error-correction',
term: 'FEC (Forward Error Correction)',
definition:
- "Add redundancy on the *sender* side so the receiver can reconstruct lost packets without asking for a {{retransmission|retransmission}}. Common in real-time media where round-trip {{retransmission|retransmissions}} are too slow. Schemes range from simple parity (send 4 packets + 1 parity packet, survive 1 loss) to Reed-Solomon and Raptor codes. [[rtp|RTP]] payload format defined in [[rfc:5109|RFC 5109]] / [[rfc:8627|RFC 8627]].",
+ 'Add redundancy on the *sender* side so the receiver can reconstruct lost packets without asking for a {{retransmission|retransmission}}. Common in real-time media where round-trip {{retransmission|retransmissions}} are too slow. Schemes range from simple parity (send 4 packets + 1 parity packet, survive 1 loss) to Reed-Solomon and Raptor codes. [[rtp|RTP]] payload format defined in [[rfc:5109|RFC 5109]] / [[rfc:8627|RFC 8627]].',
wikiUrl: 'https://en.wikipedia.org/wiki/Forward_error_correction',
category: 'protocol-mechanics'
},
@@ -3251,7 +3252,7 @@ export const concepts: Concept[] = [
id: 'ehlo',
term: 'EHLO',
definition:
- "The opening command of an Extended [[smtp|SMTP]] session ([[rfc:5321|RFC 5321]]). Replaces the legacy `HELO` and lets the server advertise capabilities it supports β {{starttls|STARTTLS}}, SIZE limits, PIPELINING, AUTH mechanisms, DSN, 8BITMIME, SMTPUTF8. Every modern mail exchange starts with `EHLO `.",
+ 'The opening command of an Extended [[smtp|SMTP]] session ([[rfc:5321|RFC 5321]]). Replaces the legacy `HELO` and lets the server advertise capabilities it supports β {{starttls|STARTTLS}}, SIZE limits, PIPELINING, AUTH mechanisms, DSN, 8BITMIME, SMTPUTF8. Every modern mail exchange starts with `EHLO `.',
wikiUrl: 'https://en.wikipedia.org/wiki/Extended_SMTP',
category: 'protocol-mechanics'
},
@@ -3259,7 +3260,7 @@ export const concepts: Concept[] = [
id: 'starttls',
term: 'STARTTLS',
definition:
- "The opportunistic-{{encryption|encryption}} upgrade verb in [[smtp|SMTP]], [[imap|IMAP]], POP3, [[xmpp|XMPP]], and LDAP. Client sends `STARTTLS` over the plaintext session; server replies `220 Ready`; both sides perform a [[tls|TLS]] {{handshake|handshake}} on the same TCP connection. Vulnerable to **stripping attacks** where an active attacker removes the capability advertisement β closed by **MTA-STS** ([[rfc:8461|RFC 8461]]) and DANE.",
+ 'The opportunistic-{{encryption|encryption}} upgrade verb in [[smtp|SMTP]], [[imap|IMAP]], POP3, [[xmpp|XMPP]], and LDAP. Client sends `STARTTLS` over the plaintext session; server replies `220 Ready`; both sides perform a [[tls|TLS]] {{handshake|handshake}} on the same TCP connection. Vulnerable to **stripping attacks** where an active attacker removes the capability advertisement β closed by **MTA-STS** ([[rfc:8461|RFC 8461]]) and DANE.',
wikiUrl: 'https://en.wikipedia.org/wiki/Opportunistic_TLS',
category: 'security'
},
@@ -3269,7 +3270,7 @@ export const concepts: Concept[] = [
id: 'dns-record-types',
term: 'DNS record types',
definition:
- "The kinds of resource records [[dns|DNS]] serves. The common set: **A** ([[ip|IPv4]] address), **AAAA** ([[ipv6|IPv6]] address), **CNAME** (alias), **MX** (mail exchange), **NS** (authoritative name servers), **SOA** (zone authority), **TXT** (free-form text, used for SPF/DKIM/DMARC), **SRV** (service location, used by [[mdns-dns-sd|DNS-SD]] and Active Directory), **PTR** (reverse lookup), **CAA** (which {{certificate-authority|CAs}} may issue for a zone), and the {{dnssec|DNSSEC}} chain (DS, DNSKEY, RRSIG, NSEC).",
+ 'The kinds of resource records [[dns|DNS]] serves. The common set: **A** ([[ip|IPv4]] address), **AAAA** ([[ipv6|IPv6]] address), **CNAME** (alias), **MX** (mail exchange), **NS** (authoritative name servers), **SOA** (zone authority), **TXT** (free-form text, used for SPF/DKIM/DMARC), **SRV** (service location, used by [[mdns-dns-sd|DNS-SD]] and Active Directory), **PTR** (reverse lookup), **CAA** (which {{certificate-authority|CAs}} may issue for a zone), and the {{dnssec|DNSSEC}} chain (DS, DNSKEY, RRSIG, NSEC).',
wikiUrl: 'https://en.wikipedia.org/wiki/List_of_DNS_record_types',
category: 'protocol-mechanics'
},
@@ -3277,7 +3278,7 @@ export const concepts: Concept[] = [
id: 'as-path',
term: 'AS_PATH',
definition:
- "A [[bgp|BGP]] path attribute listing every {{autonomous-system|AS}} a route has passed through, in reverse-chronological order. Used both for *loop prevention* (a router rejects routes whose AS_PATH contains its own AS) and as the primary tie-breaker in best-path selection β shorter paths win. The path-vector mechanism is what makes [[bgp|BGP]] **policy-routable** in a way that pure link-state protocols are not.",
+ 'A [[bgp|BGP]] path attribute listing every {{autonomous-system|AS}} a route has passed through, in reverse-chronological order. Used both for *loop prevention* (a router rejects routes whose AS_PATH contains its own AS) and as the primary tie-breaker in best-path selection β shorter paths win. The path-vector mechanism is what makes [[bgp|BGP]] **policy-routable** in a way that pure link-state protocols are not.',
wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol#Routes',
category: 'protocol-mechanics'
},
@@ -3295,7 +3296,7 @@ export const concepts: Concept[] = [
id: 'multi-homing',
term: 'Multi-homing',
definition:
- "A host (or autonomous system) reachable through *multiple* network paths or {{ip-address|IP addresses}} simultaneously. [[sctp|SCTP]] negotiates multiple address pairs per association so a path failure switches transparently; [[mptcp|MPTCP]] does the same for TCP via subflows; [[bgp|BGP]]-speaking networks multi-home by announcing the same prefix from multiple upstream providers for redundancy.",
+ 'A host (or autonomous system) reachable through *multiple* network paths or {{ip-address|IP addresses}} simultaneously. [[sctp|SCTP]] negotiates multiple address pairs per association so a path failure switches transparently; [[mptcp|MPTCP]] does the same for TCP via subflows; [[bgp|BGP]]-speaking networks multi-home by announcing the same prefix from multiple upstream providers for redundancy.',
wikiUrl: 'https://en.wikipedia.org/wiki/Multihoming',
category: 'networking-basics'
},
@@ -3303,7 +3304,7 @@ export const concepts: Concept[] = [
id: 'pipelining',
term: 'Pipelining',
definition:
- "Sending the next request before the previous response arrives, so multiple {{request-response|request-response}} pairs are in flight at once. Standardised in [[http1|HTTP/1.1]] ([[rfc:9112|RFC 9112]]) but never reliably deployed because most servers responded *in order* β one slow response stalled everything behind it ({{head-of-line-blocking|head-of-line blocking}}). [[http2|HTTP/2]] solved this with binary {{multiplexing|multiplexing}}; [[smtp|SMTP]] PIPELINING is one place it works well.",
+ 'Sending the next request before the previous response arrives, so multiple {{request-response|request-response}} pairs are in flight at once. Standardised in [[http1|HTTP/1.1]] ([[rfc:9112|RFC 9112]]) but never reliably deployed because most servers responded *in order* β one slow response stalled everything behind it ({{head-of-line-blocking|head-of-line blocking}}). [[http2|HTTP/2]] solved this with binary {{multiplexing|multiplexing}}; [[smtp|SMTP]] PIPELINING is one place it works well.',
wikiUrl: 'https://en.wikipedia.org/wiki/HTTP_pipelining',
category: 'protocol-mechanics'
},
@@ -3311,7 +3312,7 @@ export const concepts: Concept[] = [
id: 'doh',
term: 'DoH (DNS over HTTPS)',
definition:
- "[[dns|DNS]] queries tunneled over [[http2|HTTP/2]] / [[http3|HTTP/3]] to a resolver (RFC 8484, 2018). Encrypts and authenticates DNS lookups against on-path eavesdroppers and tampering β closes the metadata leak that {{dnssec|DNSSEC}} alone could not. Default in Firefox since 2020 (Cloudflare 1.1.1.1, NextDNS); enterprises sometimes block DoH to retain DNS-based filtering.",
+ '[[dns|DNS]] queries tunneled over [[http2|HTTP/2]] / [[http3|HTTP/3]] to a resolver (RFC 8484, 2018). Encrypts and authenticates DNS lookups against on-path eavesdroppers and tampering β closes the metadata leak that {{dnssec|DNSSEC}} alone could not. Default in Firefox since 2020 (Cloudflare 1.1.1.1, NextDNS); enterprises sometimes block DoH to retain DNS-based filtering.',
wikiUrl: 'https://en.wikipedia.org/wiki/DNS_over_HTTPS',
category: 'security'
},
@@ -3319,7 +3320,7 @@ export const concepts: Concept[] = [
id: 'dot',
term: 'DoT (DNS over TLS)',
definition:
- "[[dns|DNS]] queries over a dedicated [[tls|TLS]] connection on port 853 (RFC 7858, 2016). Same goal as {{doh|DoH}} β encrypt and authenticate the resolver path β but uses its own port so middleboxes can distinguish DNS from web traffic. {{android|Android}} 9+ ships Private DNS that speaks DoT; the Knot, Unbound, and CoreDNS resolvers expose it server-side.",
+ '[[dns|DNS]] queries over a dedicated [[tls|TLS]] connection on port 853 (RFC 7858, 2016). Same goal as {{doh|DoH}} β encrypt and authenticate the resolver path β but uses its own port so middleboxes can distinguish DNS from web traffic. {{android|Android}} 9+ ships Private DNS that speaks DoT; the Knot, Unbound, and CoreDNS resolvers expose it server-side.',
wikiUrl: 'https://en.wikipedia.org/wiki/DNS_over_TLS',
category: 'security'
},
@@ -3327,7 +3328,7 @@ export const concepts: Concept[] = [
id: 'stream-processing',
term: 'Stream processing',
definition:
- "Compute over an unbounded data stream as records arrive β window, aggregate, join, alert β rather than batching a finite dataset. Built on top of distributed log brokers like [[kafka|Kafka]], [[amqp|AMQP]], or Pulsar. Frameworks: Flink, [[kafka|Kafka]] Streams, Spark Structured Streaming, ksqlDB. The processing model behind real-time fraud detection, telemetry, and CDC pipelines.",
+ 'Compute over an unbounded data stream as records arrive β window, aggregate, join, alert β rather than batching a finite dataset. Built on top of distributed log brokers like [[kafka|Kafka]], [[amqp|AMQP]], or Pulsar. Frameworks: Flink, [[kafka|Kafka]] Streams, Spark Structured Streaming, ksqlDB. The processing model behind real-time fraud detection, telemetry, and CDC pipelines.',
wikiUrl: 'https://en.wikipedia.org/wiki/Stream_processing',
category: 'messaging'
},
@@ -3335,7 +3336,7 @@ export const concepts: Concept[] = [
id: 'anthropic',
term: 'Anthropic',
definition:
- "AI safety company (founded 2021) and operator of the **Claude** family of large language models. Authored the Model Context Protocol ([[mcp|MCP]], November 2024), the open standard that lets LLM applications connect to outside tools and resources over [[json-rpc|JSON-RPC]] 2.0.",
+ 'AI safety company (founded 2021) and operator of the **Claude** family of large language models. Authored the Model Context Protocol ([[mcp|MCP]], November 2024), the open standard that lets LLM applications connect to outside tools and resources over [[json-rpc|JSON-RPC]] 2.0.',
wikiUrl: 'https://en.wikipedia.org/wiki/Anthropic',
category: 'infrastructure'
},
@@ -3343,7 +3344,7 @@ export const concepts: Concept[] = [
id: 'linkedin',
term: 'LinkedIn',
definition:
- "Professional-network site acquired by [[microsoft|Microsoft]] in 2016. Originator of Apache [[kafka|Kafka]] (open-sourced 2011); the company runs the largest publicly documented Kafka deployment on earth β **>7 trillion messages/day** as of the 2020s β and was the reference architecture every other Kafka deployment scaled against.",
+ 'Professional-network site acquired by [[microsoft|Microsoft]] in 2016. Originator of Apache [[kafka|Kafka]] (open-sourced 2011); the company runs the largest publicly documented Kafka deployment on earth β **>7 trillion messages/day** as of the 2020s β and was the reference architecture every other Kafka deployment scaled against.',
wikiUrl: 'https://en.wikipedia.org/wiki/LinkedIn',
category: 'infrastructure'
},
@@ -3351,2669 +3352,2669 @@ export const concepts: Concept[] = [
id: 'android',
term: 'Android',
definition:
- "[[google|Google]]'s mobile operating system (acquired from Android Inc. in 2005, first release 2008). Drives ~70% of global smartphone share. The reference platform that adopted [[quic|QUIC]], {{doh|DoH}}/{{dot|DoT}} (\"Private DNS\"), [[mptcp|MPTCP]], post-quantum [[tls|TLS]], and {{matter|Matter}} for the consumer device fleet.",
+ '[[google|Google]]\'s mobile operating system (acquired from Android Inc. in 2005, first release 2008). Drives ~70% of global smartphone share. The reference platform that adopted [[quic|QUIC]], {{doh|DoH}}/{{dot|DoT}} ("Private DNS"), [[mptcp|MPTCP]], post-quantum [[tls|TLS]], and {{matter|Matter}} for the consumer device fleet.',
wikiUrl: 'https://en.wikipedia.org/wiki/Android_(operating_system)',
category: 'infrastructure'
},
// ββ Sequence-diagram densification (agent-merged) βββββββββββββββββ
{
- id: 'syn',
- term: 'SYN (Synchronize)',
- definition:
- "TCP control flag that opens a connection. The first packet of the {{three-way-handshake|three-way handshake}} carries SYN plus the sender's initial {{sequence-number|sequence number}}. A flood of SYNs without ACKs is the basis of a {{syn-flood|SYN-flood attack}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment',
- category: 'protocol-mechanics'
+ id: 'syn',
+ term: 'SYN (Synchronize)',
+ definition:
+ "TCP control flag that opens a connection. The first packet of the {{three-way-handshake|three-way handshake}} carries SYN plus the sender's initial {{sequence-number|sequence number}}. A flood of SYNs without ACKs is the basis of a {{syn-flood|SYN-flood attack}}.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment',
+ category: 'protocol-mechanics'
},
{
- id: 'syn-ack',
- term: 'SYN-ACK',
- definition:
- "Second message of the [[tcp|TCP]] {{three-way-handshake|three-way handshake}}: the server's reply that combines its own {{syn|SYN}} (with a fresh {{sequence-number|sequence number}}) and an {{ack|ACK}} of the client's SYN.",
- category: 'protocol-mechanics'
+ id: 'syn-ack',
+ term: 'SYN-ACK',
+ definition:
+ "Second message of the [[tcp|TCP]] {{three-way-handshake|three-way handshake}}: the server's reply that combines its own {{syn|SYN}} (with a fresh {{sequence-number|sequence number}}) and an {{ack|ACK}} of the client's SYN.",
+ category: 'protocol-mechanics'
},
{
- id: 'initial-sequence-number',
- term: 'Initial Sequence Number (ISN)',
- definition:
- "The randomly chosen {{sequence-number|sequence number}} each [[tcp|TCP]] endpoint picks at connection setup. Randomness defends against blind injection attacks ([[rfc:1948|RFC 1948]]).",
- category: 'protocol-mechanics'
+ id: 'initial-sequence-number',
+ term: 'Initial Sequence Number (ISN)',
+ definition:
+ 'The randomly chosen {{sequence-number|sequence number}} each [[tcp|TCP]] endpoint picks at connection setup. Randomness defends against blind injection attacks ([[rfc:1948|RFC 1948]]).',
+ category: 'protocol-mechanics'
},
{
- id: 'piggyback-ack',
- term: 'Piggyback ACK',
- definition:
- "Combining an {{ack|ACK}} into an outgoing data segment in the opposite direction, saving a round trip. Common in [[tcp|TCP]] bidirectional traffic.",
- category: 'protocol-mechanics'
+ id: 'piggyback-ack',
+ term: 'Piggyback ACK',
+ definition:
+ 'Combining an {{ack|ACK}} into an outgoing data segment in the opposite direction, saving a round trip. Common in [[tcp|TCP]] bidirectional traffic.',
+ category: 'protocol-mechanics'
},
{
- id: 'init-chunk',
- term: 'INIT chunk',
- definition:
- "First chunk of an [[sctp|SCTP]] {{four-way-handshake|4-way handshake}}. Carries the initiator's address list (for {{multi-homing|multi-homing}}) and verification tag.",
- category: 'protocol-mechanics'
+ id: 'init-chunk',
+ term: 'INIT chunk',
+ definition:
+ "First chunk of an [[sctp|SCTP]] {{four-way-handshake|4-way handshake}}. Carries the initiator's address list (for {{multi-homing|multi-homing}}) and verification tag.",
+ category: 'protocol-mechanics'
},
{
- id: 'init-ack-chunk',
- term: 'INIT-ACK chunk',
- definition:
- "[[sctp|SCTP]]'s reply to an {{init-chunk|INIT}}. Carries a stateless {{cookie|cookie}} so the responder commits no resources until the {{cookie-echo|COOKIE-ECHO}} returns β defeats {{syn-flood|SYN-flood}}-style attacks.",
- category: 'protocol-mechanics'
+ id: 'init-ack-chunk',
+ term: 'INIT-ACK chunk',
+ definition:
+ "[[sctp|SCTP]]'s reply to an {{init-chunk|INIT}}. Carries a stateless {{cookie|cookie}} so the responder commits no resources until the {{cookie-echo|COOKIE-ECHO}} returns β defeats {{syn-flood|SYN-flood}}-style attacks.",
+ category: 'protocol-mechanics'
},
{
- id: 'cookie-echo',
- term: 'COOKIE-ECHO chunk',
- definition:
- "Third chunk of the [[sctp|SCTP]] {{four-way-handshake|4-way handshake}}. The client echoes back the signed {{cookie|cookie}} it received in the {{init-ack-chunk|INIT-ACK}}; only at this point does the server allocate association state.",
- category: 'protocol-mechanics'
+ id: 'cookie-echo',
+ term: 'COOKIE-ECHO chunk',
+ definition:
+ 'Third chunk of the [[sctp|SCTP]] {{four-way-handshake|4-way handshake}}. The client echoes back the signed {{cookie|cookie}} it received in the {{init-ack-chunk|INIT-ACK}}; only at this point does the server allocate association state.',
+ category: 'protocol-mechanics'
},
{
- id: 'cookie-ack',
- term: 'COOKIE-ACK chunk',
- definition:
- "Final chunk of the [[sctp|SCTP]] {{four-way-handshake|4-way handshake}}, confirming the association is established and immune to {{syn-flood|SYN-flood}} DoS.",
- category: 'protocol-mechanics'
+ id: 'cookie-ack',
+ term: 'COOKIE-ACK chunk',
+ definition:
+ 'Final chunk of the [[sctp|SCTP]] {{four-way-handshake|4-way handshake}}, confirming the association is established and immune to {{syn-flood|SYN-flood}} DoS.',
+ category: 'protocol-mechanics'
},
{
- id: 'sctp-association',
- term: 'SCTP Association',
- definition:
- "[[sctp|SCTP]]'s connection-equivalent: a single logical session between two endpoints that may use multiple {{multi-homing|IP addresses}} and carries any number of independent {{stream|streams}}.",
- category: 'protocol-mechanics'
+ id: 'sctp-association',
+ term: 'SCTP Association',
+ definition:
+ "[[sctp|SCTP]]'s connection-equivalent: a single logical session between two endpoints that may use multiple {{multi-homing|IP addresses}} and carries any number of independent {{stream|streams}}.",
+ category: 'protocol-mechanics'
},
{
- id: 'verification-tag',
- term: 'Verification Tag',
- definition:
- "A random 32-bit value carried in every [[sctp|SCTP]] packet, chosen at association setup. Packets bearing the wrong tag are dropped, blocking blind injection.",
- category: 'protocol-mechanics'
+ id: 'verification-tag',
+ term: 'Verification Tag',
+ definition:
+ 'A random 32-bit value carried in every [[sctp|SCTP]] packet, chosen at association setup. Packets bearing the wrong tag are dropped, blocking blind injection.',
+ category: 'protocol-mechanics'
},
{
- id: 'mp-capable',
- term: 'MP_CAPABLE',
- definition:
- "[[mptcp|MPTCP]] [[tcp|TCP]] option exchanged during the initial {{three-way-handshake|handshake}} that signals *I can do multipath* and carries each side's per-host key β used later to authenticate additional {{subflow|subflows}}.",
- category: 'protocol-mechanics'
+ id: 'mp-capable',
+ term: 'MP_CAPABLE',
+ definition:
+ "[[mptcp|MPTCP]] [[tcp|TCP]] option exchanged during the initial {{three-way-handshake|handshake}} that signals *I can do multipath* and carries each side's per-host key β used later to authenticate additional {{subflow|subflows}}.",
+ category: 'protocol-mechanics'
},
{
- id: 'mp-join',
- term: 'MP_JOIN',
- definition:
- "[[mptcp|MPTCP]] [[tcp|TCP]] option that attaches a new {{subflow|subflow}} to an existing connection. Uses a token + {{nonce|nonce}} + {{hmac|HMAC}} to prove the new path belongs to the original session.",
- category: 'protocol-mechanics'
+ id: 'mp-join',
+ term: 'MP_JOIN',
+ definition:
+ '[[mptcp|MPTCP]] [[tcp|TCP]] option that attaches a new {{subflow|subflow}} to an existing connection. Uses a token + {{nonce|nonce}} + {{hmac|HMAC}} to prove the new path belongs to the original session.',
+ category: 'protocol-mechanics'
},
{
- id: 'subflow',
- term: 'Subflow (MPTCP)',
- definition:
- "An individual [[tcp|TCP]] connection carried over one network path that belongs to a larger [[mptcp|MPTCP]] session. A single MPTCP connection can have many subflows running in parallel over WiFi, cellular, ethernet, etc.",
- category: 'protocol-mechanics'
+ id: 'subflow',
+ term: 'Subflow (MPTCP)',
+ definition:
+ 'An individual [[tcp|TCP]] connection carried over one network path that belongs to a larger [[mptcp|MPTCP]] session. A single MPTCP connection can have many subflows running in parallel over WiFi, cellular, ethernet, etc.',
+ category: 'protocol-mechanics'
},
{
- id: 'add-addr',
- term: 'ADD_ADDR',
- definition:
- "[[mptcp|MPTCP]] option that advertises a newly available [[ip|IP]] address to the peer, inviting it to open a new {{subflow|subflow}} over that path.",
- category: 'protocol-mechanics'
+ id: 'add-addr',
+ term: 'ADD_ADDR',
+ definition:
+ '[[mptcp|MPTCP]] option that advertises a newly available [[ip|IP]] address to the peer, inviting it to open a new {{subflow|subflow}} over that path.',
+ category: 'protocol-mechanics'
},
{
- id: 'failover',
- term: 'Failover',
- definition:
- "Automatic re-routing of traffic onto a healthy path when the active one dies. Built into [[mptcp|MPTCP]] (subflow switching) and [[sctp|SCTP]] ({{multi-homing|multi-homing}}); often invisible to the application.",
- category: 'protocol-mechanics'
+ id: 'failover',
+ term: 'Failover',
+ definition:
+ 'Automatic re-routing of traffic onto a healthy path when the active one dies. Built into [[mptcp|MPTCP]] (subflow switching) and [[sctp|SCTP]] ({{multi-homing|multi-homing}}); often invisible to the application.',
+ category: 'protocol-mechanics'
},
{
- id: 'unreliable-delivery',
- term: 'Unreliable Delivery',
- definition:
- "Best-effort delivery with no retransmission, ordering, or acknowledgment. [[udp|UDP]]'s default β packets may be lost, duplicated, or reordered, and the application must handle it.",
- category: 'protocol-mechanics'
+ id: 'unreliable-delivery',
+ term: 'Unreliable Delivery',
+ definition:
+ "Best-effort delivery with no retransmission, ordering, or acknowledgment. [[udp|UDP]]'s default β packets may be lost, duplicated, or reordered, and the application must handle it.",
+ category: 'protocol-mechanics'
},
{
- id: 'fire-and-forget',
- term: 'Fire-and-Forget',
- definition:
- "Send a message and don't wait for confirmation. Characterizes [[udp|UDP]] datagrams and many event-driven systems β fast, but the sender never knows if it arrived.",
- category: 'protocol-mechanics'
+ id: 'fire-and-forget',
+ term: 'Fire-and-Forget',
+ definition:
+ "Send a message and don't wait for confirmation. Characterizes [[udp|UDP]] datagrams and many event-driven systems β fast, but the sender never knows if it arrived.",
+ category: 'protocol-mechanics'
},
{
- id: 'key-share',
- term: 'Key Share',
- definition:
- "{{tls-handshake|TLS}} extension where each side sends an ephemeral {{diffie-hellman|Diffie-Hellman}} public key in its first flight, enabling shared-secret derivation in 1-RTT and {{pfs|forward secrecy}}.",
- category: 'security'
+ id: 'key-share',
+ term: 'Key Share',
+ definition:
+ '{{tls-handshake|TLS}} extension where each side sends an ephemeral {{diffie-hellman|Diffie-Hellman}} public key in its first flight, enabling shared-secret derivation in 1-RTT and {{pfs|forward secrecy}}.',
+ category: 'security'
},
{
- id: 'stream-independence',
- term: 'Stream Independence',
- definition:
- "Property of [[quic|QUIC]] and [[sctp|SCTP]] where each {{stream|stream}} has its own ordering and loss-recovery, so a missing packet on one stream doesn't pause delivery on the others β avoids {{head-of-line-blocking|head-of-line blocking}}.",
- category: 'protocol-mechanics'
+ id: 'stream-independence',
+ term: 'Stream Independence',
+ definition:
+ "Property of [[quic|QUIC]] and [[sctp|SCTP]] where each {{stream|stream}} has its own ordering and loss-recovery, so a missing packet on one stream doesn't pause delivery on the others β avoids {{head-of-line-blocking|head-of-line blocking}}.",
+ category: 'protocol-mechanics'
},
{
- id: 'initial-packet',
- term: 'Initial Packet (QUIC)',
- definition:
- "First packet type in a [[quic|QUIC]] handshake. Carries the [[tls|TLS]] {{client-hello|ClientHello}} or {{server-hello|ServerHello}} plus QUIC transport parameters, protected with derived initial keys ([[rfc:9000|RFC 9000]]).",
- category: 'protocol-mechanics'
+ id: 'initial-packet',
+ term: 'Initial Packet (QUIC)',
+ definition:
+ 'First packet type in a [[quic|QUIC]] handshake. Carries the [[tls|TLS]] {{client-hello|ClientHello}} or {{server-hello|ServerHello}} plus QUIC transport parameters, protected with derived initial keys ([[rfc:9000|RFC 9000]]).',
+ category: 'protocol-mechanics'
},
{
- id: 'n-plus-one',
- term: 'N+1 Query Problem',
- definition:
- "Anti-pattern where fetching one parent resource then N children needs N+1 round trips (1 list + N detail calls). Common in {{request-response|request-response}} APIs over [[rest|REST]]; [[graphql|GraphQL]] mitigates it by letting clients request nested fields in a single query.",
- wikiUrl: 'https://en.wikipedia.org/wiki/N%2B1_query_problem',
- category: 'web'
+ id: 'n-plus-one',
+ term: 'N+1 Query Problem',
+ definition:
+ 'Anti-pattern where fetching one parent resource then N children needs N+1 round trips (1 list + N detail calls). Common in {{request-response|request-response}} APIs over [[rest|REST]]; [[graphql|GraphQL]] mitigates it by letting clients request nested fields in a single query.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/N%2B1_query_problem',
+ category: 'web'
},
{
- id: 'over-fetching',
- term: 'Over-fetching',
- definition:
- "When an API response includes more fields than the client needs β wasting bandwidth and CPU. The flip side is *under-fetching*, when one call doesn't return enough and forces another round trip. [[graphql|GraphQL]] was designed to eliminate both by letting clients specify exactly the shape they want.",
- category: 'web'
+ id: 'over-fetching',
+ term: 'Over-fetching',
+ definition:
+ "When an API response includes more fields than the client needs β wasting bandwidth and CPU. The flip side is *under-fetching*, when one call doesn't return enough and forces another round trip. [[graphql|GraphQL]] was designed to eliminate both by letting clients specify exactly the shape they want.",
+ category: 'web'
},
{
- id: 'domain-sharding',
- term: 'Domain Sharding',
- definition:
- "A 2010s-era [[http1|HTTP/1.1]] workaround: serve assets from multiple subdomains (`static1.example.com`, `static2.example.com`...) so the browser's 6-connections-per-origin limit multiplies. Made obsolete by [[http2|HTTP/2]] {{multiplexing|multiplexing}}, which actually hurts when you shard.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Domain_sharding',
- category: 'web'
+ id: 'domain-sharding',
+ term: 'Domain Sharding',
+ definition:
+ "A 2010s-era [[http1|HTTP/1.1]] workaround: serve assets from multiple subdomains (`static1.example.com`, `static2.example.com`...) so the browser's 6-connections-per-origin limit multiplies. Made obsolete by [[http2|HTTP/2]] {{multiplexing|multiplexing}}, which actually hurts when you shard.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Domain_sharding',
+ category: 'web'
},
{
- id: 'content-encoding',
- term: 'Content-Encoding',
- definition:
- "[[http1|HTTP]] response header naming the compression applied to the body β usually `gzip`, `br` (Brotli), or `zstd` ({{zstd|Zstandard}}). The client advertises support via `Accept-Encoding` and the server picks one. Shrinks payloads 60-90% for text.",
- wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding',
- category: 'web'
+ id: 'content-encoding',
+ term: 'Content-Encoding',
+ definition:
+ '[[http1|HTTP]] response header naming the compression applied to the body β usually `gzip`, `br` (Brotli), or `zstd` ({{zstd|Zstandard}}). The client advertises support via `Accept-Encoding` and the server picks one. Shrinks payloads 60-90% for text.',
+ wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding',
+ category: 'web'
},
{
- id: 'content-type',
- term: 'Content-Type',
- definition:
- "[[http1|HTTP]] header naming the {{mime|MIME}} type of the message body (e.g., `text/html`, `application/json`, `text/event-stream`). Tells the receiver how to parse the bytes that follow.",
- wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type',
- category: 'web'
+ id: 'content-type',
+ term: 'Content-Type',
+ definition:
+ '[[http1|HTTP]] header naming the {{mime|MIME}} type of the message body (e.g., `text/html`, `application/json`, `text/event-stream`). Tells the receiver how to parse the bytes that follow.',
+ wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type',
+ category: 'web'
},
{
- id: 'mime',
- term: 'MIME Type',
- definition:
- "Multipurpose Internet Mail Extensions β the `type/subtype` labelling system ({{content-type|Content-Type}}) used by [[http1|HTTP]], [[smtp|SMTP]], and other protocols to declare what's in a message body. Examples: `text/html`, `application/json`, `image/png`.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Media_type',
- category: 'web'
+ id: 'mime',
+ term: 'MIME Type',
+ definition:
+ "Multipurpose Internet Mail Extensions β the `type/subtype` labelling system ({{content-type|Content-Type}}) used by [[http1|HTTP]], [[smtp|SMTP]], and other protocols to declare what's in a message body. Examples: `text/html`, `application/json`, `image/png`.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Media_type',
+ category: 'web'
},
{
- id: 'protocol-upgrade',
- term: 'Protocol Upgrade',
- definition:
- "[[http1|HTTP]]'s mechanism for switching the same [[tcp|TCP]] connection to a different protocol mid-stream. Client sends `Upgrade: ` and `Connection: Upgrade`; the server replies **`101 Switching Protocols`** and both sides start speaking the new wire format. Used by [[websockets|WebSockets]] and HTTP/2 over cleartext (h2c).",
- wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism',
- category: 'web'
+ id: 'protocol-upgrade',
+ term: 'Protocol Upgrade',
+ definition:
+ "[[http1|HTTP]]'s mechanism for switching the same [[tcp|TCP]] connection to a different protocol mid-stream. Client sends `Upgrade: ` and `Connection: Upgrade`; the server replies **`101 Switching Protocols`** and both sides start speaking the new wire format. Used by [[websockets|WebSockets]] and HTTP/2 over cleartext (h2c).",
+ wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism',
+ category: 'web'
},
{
- id: 'websocket-frame',
- term: 'WebSocket Frame',
- definition:
- "The minimal unit of a [[websockets|WebSocket]] message. A small header (opcode = text/binary/close/ping/pong, masking flag, length) followed by payload bytes. Replaces [[http1|HTTP]]'s request/response framing once the {{protocol-upgrade|Upgrade}} completes.",
- category: 'web'
+ id: 'websocket-frame',
+ term: 'WebSocket Frame',
+ definition:
+ "The minimal unit of a [[websockets|WebSocket]] message. A small header (opcode = text/binary/close/ping/pong, masking flag, length) followed by payload bytes. Replaces [[http1|HTTP]]'s request/response framing once the {{protocol-upgrade|Upgrade}} completes.",
+ category: 'web'
},
{
- id: 'eventsource',
- term: 'EventSource API',
- definition:
- "The browser JavaScript interface for [[sse|Server-Sent Events]]. `new EventSource(url)` opens a streaming [[http1|HTTP]] connection, auto-reconnects on drop, and fires `message`/named events. Sends the `Last-Event-ID` header on reconnect so the server can resume.",
- wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/API/EventSource',
- category: 'web'
+ id: 'eventsource',
+ term: 'EventSource API',
+ definition:
+ 'The browser JavaScript interface for [[sse|Server-Sent Events]]. `new EventSource(url)` opens a streaming [[http1|HTTP]] connection, auto-reconnects on drop, and fires `message`/named events. Sends the `Last-Event-ID` header on reconnect so the server can resume.',
+ wikiUrl: 'https://developer.mozilla.org/en-US/docs/Web/API/EventSource',
+ category: 'web'
},
{
- id: 'last-event-id',
- term: 'Last-Event-ID',
- definition:
- "[[http1|HTTP]] header the browser sends when reconnecting an [[sse|SSE]] stream, carrying the `id:` of the last event it received. Lets the server resume the stream from where it left off β built into the {{eventsource|EventSource API}}.",
- category: 'web'
+ id: 'last-event-id',
+ term: 'Last-Event-ID',
+ definition:
+ '[[http1|HTTP]] header the browser sends when reconnecting an [[sse|SSE]] stream, carrying the `id:` of the last event it received. Lets the server resume the stream from where it left off β built into the {{eventsource|EventSource API}}.',
+ category: 'web'
},
{
- id: 'graphql-query',
- term: 'GraphQL Query',
- definition:
- "A read operation in [[graphql|GraphQL]] β the client describes a nested field selection and the server returns exactly that shape. Counterpart to **mutations** (writes) and **subscriptions** (push streams, often over [[websockets|WebSockets]]).",
- wikiUrl: 'https://graphql.org/learn/queries/',
- category: 'web'
+ id: 'graphql-query',
+ term: 'GraphQL Query',
+ definition:
+ 'A read operation in [[graphql|GraphQL]] β the client describes a nested field selection and the server returns exactly that shape. Counterpart to **mutations** (writes) and **subscriptions** (push streams, often over [[websockets|WebSockets]]).',
+ wikiUrl: 'https://graphql.org/learn/queries/',
+ category: 'web'
},
{
- id: 'graphql-mutation',
- term: 'GraphQL Mutation',
- definition:
- "A write operation in [[graphql|GraphQL]] β creates, updates, or deletes data. Same syntax as a {{graphql-query|query}} but the server treats fields as side-effecting and runs them sequentially.",
- category: 'web'
+ id: 'graphql-mutation',
+ term: 'GraphQL Mutation',
+ definition:
+ 'A write operation in [[graphql|GraphQL]] β creates, updates, or deletes data. Same syntax as a {{graphql-query|query}} but the server treats fields as side-effecting and runs them sequentially.',
+ category: 'web'
},
{
- id: 'graphql-subscription',
- term: 'GraphQL Subscription',
- definition:
- "A long-lived push channel in [[graphql|GraphQL]] β the client subscribes to events and the server streams matching payloads. Usually delivered over [[websockets|WebSockets]] (graphql-ws) or [[sse|SSE]].",
- category: 'web'
+ id: 'graphql-subscription',
+ term: 'GraphQL Subscription',
+ definition:
+ 'A long-lived push channel in [[graphql|GraphQL]] β the client subscribes to events and the server streams matching payloads. Usually delivered over [[websockets|WebSockets]] (graphql-ws) or [[sse|SSE]].',
+ category: 'web'
},
{
- id: 'graphql-schema',
- term: 'GraphQL Schema',
- definition:
- "The typed contract of a [[graphql|GraphQL]] API β defines every object type, field, argument, query/mutation/subscription root, and how they connect. Both client and server share it; tooling generates types from it.",
- category: 'web'
+ id: 'graphql-schema',
+ term: 'GraphQL Schema',
+ definition:
+ 'The typed contract of a [[graphql|GraphQL]] API β defines every object type, field, argument, query/mutation/subscription root, and how they connect. Both client and server share it; tooling generates types from it.',
+ category: 'web'
},
{
- id: 'graphql-resolver',
- term: 'GraphQL Resolver',
- definition:
- "A server-side function that produces the value for a single {{graphql-schema|schema}} field. [[graphql|GraphQL]] walks the query, calling one resolver per field β the runtime that turns a query into a response.",
- category: 'web'
+ id: 'graphql-resolver',
+ term: 'GraphQL Resolver',
+ definition:
+ 'A server-side function that produces the value for a single {{graphql-schema|schema}} field. [[graphql|GraphQL]] walks the query, calling one resolver per field β the runtime that turns a query into a response.',
+ category: 'web'
},
{
- id: 'rpc',
- term: 'RPC (Remote Procedure Call)',
- definition:
- "An API style where the client calls a *named function* on the server with arguments and gets a result β as if it were local. Contrast with [[rest|REST]] (resources + verbs) and [[graphql|GraphQL]] (typed field selection). Modern examples: [[grpc|gRPC]], [[json-rpc|JSON-RPC]], [[mcp|MCP]].",
- wikiUrl: 'https://en.wikipedia.org/wiki/Remote_procedure_call',
- category: 'protocol-mechanics'
+ id: 'rpc',
+ term: 'RPC (Remote Procedure Call)',
+ definition:
+ 'An API style where the client calls a *named function* on the server with arguments and gets a result β as if it were local. Contrast with [[rest|REST]] (resources + verbs) and [[graphql|GraphQL]] (typed field selection). Modern examples: [[grpc|gRPC]], [[json-rpc|JSON-RPC]], [[mcp|MCP]].',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Remote_procedure_call',
+ category: 'protocol-mechanics'
},
{
- id: 'protoc',
- term: 'protoc',
- definition:
- "The {{protocol-buffers|Protocol Buffers}} compiler. Reads `.proto` schema files and generates type-safe client + server stubs in C++, Go, Java, Python, Rust, and a dozen other languages β the build step behind [[grpc|gRPC]].",
- wikiUrl: 'https://protobuf.dev/reference/protoc/',
- category: 'protocol-mechanics'
+ id: 'protoc',
+ term: 'protoc',
+ definition:
+ 'The {{protocol-buffers|Protocol Buffers}} compiler. Reads `.proto` schema files and generates type-safe client + server stubs in C++, Go, Java, Python, Rust, and a dozen other languages β the build step behind [[grpc|gRPC]].',
+ wikiUrl: 'https://protobuf.dev/reference/protoc/',
+ category: 'protocol-mechanics'
},
{
- id: 'json-schema',
- term: 'JSON Schema',
- definition:
- "A vocabulary for describing the shape and constraints of {{json|JSON}} documents β types, required fields, enums, patterns. Used by [[mcp|MCP]] to declare tool input shapes and by [[a2a|A2A]] Agent Cards to declare skill inputs, so an LLM can call the tool correctly.",
- wikiUrl: 'https://json-schema.org/',
- category: 'web'
+ id: 'json-schema',
+ term: 'JSON Schema',
+ definition:
+ 'A vocabulary for describing the shape and constraints of {{json|JSON}} documents β types, required fields, enums, patterns. Used by [[mcp|MCP]] to declare tool input shapes and by [[a2a|A2A]] Agent Cards to declare skill inputs, so an LLM can call the tool correctly.',
+ wikiUrl: 'https://json-schema.org/',
+ category: 'web'
},
{
- id: 'lsp',
- term: 'Language Server Protocol (LSP)',
- definition:
- "Microsoft's [[json-rpc|JSON-RPC]] standard letting code editors talk to language servers for autocomplete, jump-to-definition, diagnostics, etc. The transport pattern (JSON-RPC over stdio) directly inspired [[mcp|MCP]].",
- wikiUrl: 'https://microsoft.github.io/language-server-protocol/',
- category: 'web'
+ id: 'lsp',
+ term: 'Language Server Protocol (LSP)',
+ definition:
+ "Microsoft's [[json-rpc|JSON-RPC]] standard letting code editors talk to language servers for autocomplete, jump-to-definition, diagnostics, etc. The transport pattern (JSON-RPC over stdio) directly inspired [[mcp|MCP]].",
+ wikiUrl: 'https://microsoft.github.io/language-server-protocol/',
+ category: 'web'
},
{
- id: 'stdio',
- term: 'stdio (Standard I/O)',
- definition:
- "The standard input/output streams of a process. Used as a transport by [[mcp|MCP]] and the {{lsp|Language Server Protocol}}: parent launches a child process and exchanges [[json-rpc|JSON-RPC]] messages over its stdin/stdout β zero network setup, fully local.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Standard_streams',
- category: 'infrastructure'
+ id: 'stdio',
+ term: 'stdio (Standard I/O)',
+ definition:
+ 'The standard input/output streams of a process. Used as a transport by [[mcp|MCP]] and the {{lsp|Language Server Protocol}}: parent launches a child process and exchanges [[json-rpc|JSON-RPC]] messages over its stdin/stdout β zero network setup, fully local.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Standard_streams',
+ category: 'infrastructure'
},
{
- id: 'well-known-uri',
- term: 'Well-Known URI',
- definition:
- "A standardized URL path under `/.well-known/` that hosts machine-readable metadata about a server. Examples: `/.well-known/openid-configuration` ([[oauth2|OAuth]]), `/.well-known/agent.json` ([[a2a|A2A]] Agent Card). Specified in [[rfc:8615|RFC 8615]].",
- wikiUrl: 'https://en.wikipedia.org/wiki/Well-known_URI',
- category: 'web'
+ id: 'well-known-uri',
+ term: 'Well-Known URI',
+ definition:
+ 'A standardized URL path under `/.well-known/` that hosts machine-readable metadata about a server. Examples: `/.well-known/openid-configuration` ([[oauth2|OAuth]]), `/.well-known/agent.json` ([[a2a|A2A]] Agent Card). Specified in [[rfc:8615|RFC 8615]].',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Well-known_URI',
+ category: 'web'
},
{
- id: 'agent-card',
- term: 'Agent Card',
- definition:
- "An [[a2a|A2A]] agent's public profile document, served at `/.well-known/agent.json` ({{well-known-uri|well-known URI}}). Lists the agent's name, skills, input/output schemas ({{json-schema|JSON Schema}}), authentication, and API endpoint β the file other agents fetch to learn how to delegate to it.",
- category: 'web'
+ id: 'agent-card',
+ term: 'Agent Card',
+ definition:
+ "An [[a2a|A2A]] agent's public profile document, served at `/.well-known/agent.json` ({{well-known-uri|well-known URI}}). Lists the agent's name, skills, input/output schemas ({{json-schema|JSON Schema}}), authentication, and API endpoint β the file other agents fetch to learn how to delegate to it.",
+ category: 'web'
},
{
- id: 'mcp-tool',
- term: 'MCP Tool',
- definition:
- "An executable function an [[mcp|MCP]] server exposes to a host. Each tool advertises a name, description, and {{json-schema|JSON Schema}} for its arguments. The host calls `tools/call` and the server runs the underlying code.",
- category: 'web'
+ id: 'mcp-tool',
+ term: 'MCP Tool',
+ definition:
+ 'An executable function an [[mcp|MCP]] server exposes to a host. Each tool advertises a name, description, and {{json-schema|JSON Schema}} for its arguments. The host calls `tools/call` and the server runs the underlying code.',
+ category: 'web'
},
{
- id: 'mcp-resource',
- term: 'MCP Resource',
- definition:
- "A readable data source an [[mcp|MCP]] server exposes β addressed by URI (files, database rows, API endpoints). The host calls `resources/read` to fetch contents and may subscribe to change notifications.",
- category: 'web'
+ id: 'mcp-resource',
+ term: 'MCP Resource',
+ definition:
+ 'A readable data source an [[mcp|MCP]] server exposes β addressed by URI (files, database rows, API endpoints). The host calls `resources/read` to fetch contents and may subscribe to change notifications.',
+ category: 'web'
},
{
- id: 'mcp-host',
- term: 'MCP Host',
- definition:
- "The AI application (e.g., Claude Desktop, an IDE assistant) on the user's side of an [[mcp|MCP]] connection. It launches or connects to MCP servers, runs the LLM, and orchestrates {{mcp-tool|tool}} calls and {{mcp-resource|resource}} reads.",
- category: 'web'
+ id: 'mcp-host',
+ term: 'MCP Host',
+ definition:
+ "The AI application (e.g., Claude Desktop, an IDE assistant) on the user's side of an [[mcp|MCP]] connection. It launches or connects to MCP servers, runs the LLM, and orchestrates {{mcp-tool|tool}} calls and {{mcp-resource|resource}} reads.",
+ category: 'web'
},
{
- id: 'soap-envelope',
- term: 'SOAP Envelope',
- definition:
- "The outer [[xml|XML]] element wrapping every [[soap|SOAP]] message: `` containing an optional `` (auth, routing, transaction info) and a required `` (the actual call or response payload, or a {{soap-fault|Fault}}).",
- category: 'web'
+ id: 'soap-envelope',
+ term: 'SOAP Envelope',
+ definition:
+ 'The outer [[xml|XML]] element wrapping every [[soap|SOAP]] message: `` containing an optional `` (auth, routing, transaction info) and a required `` (the actual call or response payload, or a {{soap-fault|Fault}}).',
+ category: 'web'
},
{
- id: 'soap-fault',
- term: 'SOAP Fault',
- definition:
- "A structured error inside a [[soap|SOAP]] response `` β carries a fault code (`Client`/`Server`/`VersionMismatch`/`MustUnderstand`), a human-readable string, and optional details. Returned with HTTP 500 but parsed as protocol-level error info regardless of transport.",
- category: 'web'
+ id: 'soap-fault',
+ term: 'SOAP Fault',
+ definition:
+ 'A structured error inside a [[soap|SOAP]] response `` β carries a fault code (`Client`/`Server`/`VersionMismatch`/`MustUnderstand`), a human-readable string, and optional details. Returned with HTTP 500 but parsed as protocol-level error info regardless of transport.',
+ category: 'web'
},
{
- id: 'soapaction',
- term: 'SOAPAction Header',
- definition:
- "[[http1|HTTP]] header on a [[soap|SOAP]] request naming the operation being invoked. Pre-{{wsdl|WSDL}} servers used it for fast dispatch without parsing the XML body; modern SOAP 1.2 puts the action in `Content-Type` instead.",
- category: 'web'
+ id: 'soapaction',
+ term: 'SOAPAction Header',
+ definition:
+ '[[http1|HTTP]] header on a [[soap|SOAP]] request naming the operation being invoked. Pre-{{wsdl|WSDL}} servers used it for fast dispatch without parsing the XML body; modern SOAP 1.2 puts the action in `Content-Type` instead.',
+ category: 'web'
},
{
- id: 'task-lifecycle-a2a',
- term: 'A2A Task Lifecycle',
- definition:
- "The state machine an [[a2a|A2A]] task moves through: `submitted` β `working` β (`input-required` β `working` ...) β `completed` / `failed` / `canceled`. Lets a client agent track long-running work and stream intermediate progress.",
- category: 'web'
+ id: 'task-lifecycle-a2a',
+ term: 'A2A Task Lifecycle',
+ definition:
+ 'The state machine an [[a2a|A2A]] task moves through: `submitted` β `working` β (`input-required` β `working` ...) β `completed` / `failed` / `canceled`. Lets a client agent track long-running work and stream intermediate progress.',
+ category: 'web'
},
{
- id: 'http2-frame',
- term: 'HTTP/2 Frame',
- definition:
- "The smallest unit of [[http2|HTTP/2]] communication. A 9-byte header (length, type, flags, stream ID) plus payload. Frame types include **HEADERS** (request/response headers, {{hpack|HPACK}}-encoded), **DATA** (body), **SETTINGS** (connection params), **WINDOW_UPDATE** ({{flow-control|flow control}}), **PING**, **RST_STREAM** (cancel a stream), **GOAWAY** (close connection), and **PUSH_PROMISE** ({{server-push|server push}}).",
- category: 'web'
+ id: 'http2-frame',
+ term: 'HTTP/2 Frame',
+ definition:
+ 'The smallest unit of [[http2|HTTP/2]] communication. A 9-byte header (length, type, flags, stream ID) plus payload. Frame types include **HEADERS** (request/response headers, {{hpack|HPACK}}-encoded), **DATA** (body), **SETTINGS** (connection params), **WINDOW_UPDATE** ({{flow-control|flow control}}), **PING**, **RST_STREAM** (cancel a stream), **GOAWAY** (close connection), and **PUSH_PROMISE** ({{server-push|server push}}).',
+ category: 'web'
},
{
- id: 'qpack',
- term: 'QPACK',
- definition:
- "[[http3|HTTP/3]]'s header-compression scheme β the [[quic|QUIC]] equivalent of {{hpack|HPACK}}. Redesigned so header decoding doesn't stall when streams arrive out of order, which is essential since QUIC streams are independent ([[rfc:9204|RFC 9204]]).",
- wikiUrl: 'https://datatracker.ietf.org/doc/html/rfc9204',
- category: 'web'
+ id: 'qpack',
+ term: 'QPACK',
+ definition:
+ "[[http3|HTTP/3]]'s header-compression scheme β the [[quic|QUIC]] equivalent of {{hpack|HPACK}}. Redesigned so header decoding doesn't stall when streams arrive out of order, which is essential since QUIC streams are independent ([[rfc:9204|RFC 9204]]).",
+ wikiUrl: 'https://datatracker.ietf.org/doc/html/rfc9204',
+ category: 'web'
},
{
- id: 'mqtt-connect',
- term: 'CONNECT / CONNACK (MQTT)',
- definition:
- "First two messages of every [[mqtt|MQTT]] session. The client sends `CONNECT` with its client ID, optional credentials, keepalive interval, and last-will message; the {{broker|broker}} replies `CONNACK` with a return code (0 = accepted). Until CONNACK arrives, no PUBLISH or SUBSCRIBE is allowed.",
- category: 'messaging'
+ id: 'mqtt-connect',
+ term: 'CONNECT / CONNACK (MQTT)',
+ definition:
+ 'First two messages of every [[mqtt|MQTT]] session. The client sends `CONNECT` with its client ID, optional credentials, keepalive interval, and last-will message; the {{broker|broker}} replies `CONNACK` with a return code (0 = accepted). Until CONNACK arrives, no PUBLISH or SUBSCRIBE is allowed.',
+ category: 'messaging'
},
{
- id: 'mqtt-subscribe',
- term: 'SUBSCRIBE / SUBACK (MQTT)',
- definition:
- "Client registers interest in one or more {{topic|topic}} filters with a `SUBSCRIBE` packet; the {{broker|broker}} responds `SUBACK` listing the granted {{qos|QoS}} level per filter. Topic filters may use the `+` (one-level) and `#` (multi-level) wildcards.",
- category: 'messaging'
+ id: 'mqtt-subscribe',
+ term: 'SUBSCRIBE / SUBACK (MQTT)',
+ definition:
+ 'Client registers interest in one or more {{topic|topic}} filters with a `SUBSCRIBE` packet; the {{broker|broker}} responds `SUBACK` listing the granted {{qos|QoS}} level per filter. Topic filters may use the `+` (one-level) and `#` (multi-level) wildcards.',
+ category: 'messaging'
},
{
- id: 'mqtt-publish',
- term: 'PUBLISH (MQTT)',
- definition:
- "Packet carrying an application message from publisher to {{broker|broker}}, or {{broker|broker}} to subscriber. Contains the {{topic|topic}} name, {{qos|QoS}} level, retain flag, and payload. At QoS > 0 a PUBLISH is matched by `PUBACK` (QoS 1) or `PUBREC`/`PUBREL`/`PUBCOMP` (QoS 2).",
- category: 'messaging'
+ id: 'mqtt-publish',
+ term: 'PUBLISH (MQTT)',
+ definition:
+ 'Packet carrying an application message from publisher to {{broker|broker}}, or {{broker|broker}} to subscriber. Contains the {{topic|topic}} name, {{qos|QoS}} level, retain flag, and payload. At QoS > 0 a PUBLISH is matched by `PUBACK` (QoS 1) or `PUBREC`/`PUBREL`/`PUBCOMP` (QoS 2).',
+ category: 'messaging'
},
{
- id: 'topic-wildcard',
- term: 'Topic wildcard (+, #)',
- definition:
- "Pattern syntax in [[mqtt|MQTT]] {{topic|topic}} filters. `+` matches exactly one level (`sensor/+/temp` covers `sensor/kitchen/temp` but not `sensor/kitchen/inner/temp`); `#` matches zero or more remaining levels and must be the final character (`sensor/#`).",
- category: 'messaging'
+ id: 'topic-wildcard',
+ term: 'Topic wildcard (+, #)',
+ definition:
+ 'Pattern syntax in [[mqtt|MQTT]] {{topic|topic}} filters. `+` matches exactly one level (`sensor/+/temp` covers `sensor/kitchen/temp` but not `sensor/kitchen/inner/temp`); `#` matches zero or more remaining levels and must be the final character (`sensor/#`).',
+ category: 'messaging'
},
{
- id: 'fanout-exchange',
- term: 'Fanout exchange',
- definition:
- "[[amqp|AMQP]] {{exchange|exchange}} type that ignores the {{routing-key|routing key}} and delivers every published message to every queue bound to it. Use it for broadcast notifications where each consumer needs its own copy.",
- category: 'messaging'
+ id: 'fanout-exchange',
+ term: 'Fanout exchange',
+ definition:
+ '[[amqp|AMQP]] {{exchange|exchange}} type that ignores the {{routing-key|routing key}} and delivers every published message to every queue bound to it. Use it for broadcast notifications where each consumer needs its own copy.',
+ category: 'messaging'
},
{
- id: 'direct-exchange',
- term: 'Direct exchange',
- definition:
- "[[amqp|AMQP]] {{exchange|exchange}} type that delivers a message to queues whose binding key exactly matches the message's {{routing-key|routing key}}. Default routing for point-to-point work queues.",
- category: 'messaging'
+ id: 'direct-exchange',
+ term: 'Direct exchange',
+ definition:
+ "[[amqp|AMQP]] {{exchange|exchange}} type that delivers a message to queues whose binding key exactly matches the message's {{routing-key|routing key}}. Default routing for point-to-point work queues.",
+ category: 'messaging'
},
{
- id: 'topic-exchange',
- term: 'Topic exchange',
- definition:
- "[[amqp|AMQP]] {{exchange|exchange}} type that matches dotted {{routing-key|routing keys}} against patterns with `*` (one word) and `#` (zero or more words). Lets consumers subscribe to slices of a hierarchical event stream.",
- category: 'messaging'
+ id: 'topic-exchange',
+ term: 'Topic exchange',
+ definition:
+ '[[amqp|AMQP]] {{exchange|exchange}} type that matches dotted {{routing-key|routing keys}} against patterns with `*` (one word) and `#` (zero or more words). Lets consumers subscribe to slices of a hierarchical event stream.',
+ category: 'messaging'
},
{
- id: 'headers-exchange',
- term: 'Headers exchange',
- definition:
- "[[amqp|AMQP]] {{exchange|exchange}} type that routes on a dictionary of message headers instead of the {{routing-key|routing key}}. Bindings specify `x-match=all` (every header must match) or `x-match=any`.",
- category: 'messaging'
+ id: 'headers-exchange',
+ term: 'Headers exchange',
+ definition:
+ '[[amqp|AMQP]] {{exchange|exchange}} type that routes on a dictionary of message headers instead of the {{routing-key|routing key}}. Bindings specify `x-match=all` (every header must match) or `x-match=any`.',
+ category: 'messaging'
},
{
- id: 'durable-queue',
- term: 'Durable queue',
- definition:
- "A queue whose definition survives a {{broker|broker}} restart. Paired with persistent messages (written to disk), it provides at-least-once delivery across crashes β at the cost of disk I/O on every publish.",
- category: 'messaging'
+ id: 'durable-queue',
+ term: 'Durable queue',
+ definition:
+ 'A queue whose definition survives a {{broker|broker}} restart. Paired with persistent messages (written to disk), it provides at-least-once delivery across crashes β at the cost of disk I/O on every publish.',
+ category: 'messaging'
},
{
- id: 'nack',
- term: 'NACK (Negative Acknowledgement)',
- definition:
- "Signal that a consumer could not process a message. In [[amqp|AMQP]] (`basic.nack`) the {{broker|broker}} may requeue the message or route it to a {{dead-letter-queue|dead-letter queue}}; in [[mqtt|MQTT]] 5 a PUBACK can carry a non-success reason code. Opposite of {{ack|ACK}}.",
- category: 'messaging'
+ id: 'nack',
+ term: 'NACK (Negative Acknowledgement)',
+ definition:
+ 'Signal that a consumer could not process a message. In [[amqp|AMQP]] (`basic.nack`) the {{broker|broker}} may requeue the message or route it to a {{dead-letter-queue|dead-letter queue}}; in [[mqtt|MQTT]] 5 a PUBACK can carry a non-success reason code. Opposite of {{ack|ACK}}.',
+ category: 'messaging'
},
{
- id: 'stomp-frame',
- term: 'STOMP frame',
- definition:
- "Wire unit of [[stomp|STOMP]]: a command word (`CONNECT`, `SEND`, `SUBSCRIBE`, ...), zero or more `Header: value` lines, a blank line, an optional body, and a terminating `\\0` (null) byte. Plain text β debuggable with `telnet`.",
- category: 'messaging'
+ id: 'stomp-frame',
+ term: 'STOMP frame',
+ definition:
+ 'Wire unit of [[stomp|STOMP]]: a command word (`CONNECT`, `SEND`, `SUBSCRIBE`, ...), zero or more `Header: value` lines, a blank line, an optional body, and a terminating `\\0` (null) byte. Plain text β debuggable with `telnet`.',
+ category: 'messaging'
},
{
- id: 'sasl',
- term: 'SASL (Simple Authentication and Security Layer)',
- definition:
- "Framework defining a family of authentication mechanisms (PLAIN, SCRAM, GSSAPI, OAUTHBEARER, ...) that protocols like [[xmpp|XMPP]], [[smtp|SMTP]], [[imap|IMAP]] and LDAP can negotiate. Separates *how to prove identity* from the application protocol.",
- category: 'security'
+ id: 'sasl',
+ term: 'SASL (Simple Authentication and Security Layer)',
+ definition:
+ 'Framework defining a family of authentication mechanisms (PLAIN, SCRAM, GSSAPI, OAUTHBEARER, ...) that protocols like [[xmpp|XMPP]], [[smtp|SMTP]], [[imap|IMAP]] and LDAP can negotiate. Separates *how to prove identity* from the application protocol.',
+ category: 'security'
},
{
- id: 'scram',
- term: 'SCRAM (Salted Challenge Response Auth)',
- definition:
- "{{sasl|SASL}} mechanism in which the server stores a salted hash of the password and proves knowledge via a challenge-response exchange. The plaintext password never crosses the wire and the server never learns it. Default for modern [[xmpp|XMPP]], MongoDB, and PostgreSQL.",
- category: 'security'
+ id: 'scram',
+ term: 'SCRAM (Salted Challenge Response Auth)',
+ definition:
+ '{{sasl|SASL}} mechanism in which the server stores a salted hash of the password and proves knowledge via a challenge-response exchange. The plaintext password never crosses the wire and the server never learns it. Default for modern [[xmpp|XMPP]], MongoDB, and PostgreSQL.',
+ category: 'security'
},
{
- id: 'xmpp-stream',
- term: 'XML stream (XMPP)',
- definition:
- "An [[xmpp|XMPP]] session is a single long-lived XML document. Each side opens with `` and appends ``, ``, and `` stanzas until shutdown. The document is closed with ` `.",
- category: 'messaging'
+ id: 'xmpp-stream',
+ term: 'XML stream (XMPP)',
+ definition:
+ 'An [[xmpp|XMPP]] session is a single long-lived XML document. Each side opens with `` and appends ``, ``, and `` stanzas until shutdown. The document is closed with ` `.',
+ category: 'messaging'
},
{
- id: 'xmpp-presence',
- term: 'Presence stanza (XMPP)',
- definition:
- "An [[xmpp|XMPP]] ` ` stanza broadcasts a user's availability (online, away, do-not-disturb) to subscribed contacts. The mechanism behind buddy-list status indicators.",
- category: 'messaging'
+ id: 'xmpp-presence',
+ term: 'Presence stanza (XMPP)',
+ definition:
+ "An [[xmpp|XMPP]] ` ` stanza broadcasts a user's availability (online, away, do-not-disturb) to subscribed contacts. The mechanism behind buddy-list status indicators.",
+ category: 'messaging'
},
{
- id: 'xmpp-resource',
- term: 'JID resource binding',
- definition:
- "After [[xmpp|XMPP]] authentication the server assigns a per-connection *resource* suffix to the bare JID (`alice@example.com` β `alice@example.com/phone`). Lets one account stay connected from multiple devices and routes stanzas to the right one.",
- category: 'messaging'
+ id: 'xmpp-resource',
+ term: 'JID resource binding',
+ definition:
+ 'After [[xmpp|XMPP]] authentication the server assigns a per-connection *resource* suffix to the bare JID (`alice@example.com` β `alice@example.com/phone`). Lets one account stay connected from multiple devices and routes stanzas to the right one.',
+ category: 'messaging'
},
{
- id: 'federation',
- term: 'Federation',
- definition:
- "Architecture where independent servers in different domains interoperate by relaying messages directly to each other β no central hub. Used by [[smtp|SMTP]] email, [[xmpp|XMPP]], Matrix, and ActivityPub.",
- category: 'messaging'
+ id: 'federation',
+ term: 'Federation',
+ definition:
+ 'Architecture where independent servers in different domains interoperate by relaying messages directly to each other β no central hub. Used by [[smtp|SMTP]] email, [[xmpp|XMPP]], Matrix, and ActivityPub.',
+ category: 'messaging'
},
{
- id: 'omemo',
- term: 'OMEMO',
- definition:
- "End-to-end encryption extension for [[xmpp|XMPP]] based on the Signal Double Ratchet. Provides forward secrecy and multi-device support layered on top of the normal {{starttls|TLS}}-protected stream.",
- category: 'security'
+ id: 'omemo',
+ term: 'OMEMO',
+ definition:
+ 'End-to-end encryption extension for [[xmpp|XMPP]] based on the Signal Double Ratchet. Provides forward secrecy and multi-device support layered on top of the normal {{starttls|TLS}}-protected stream.',
+ category: 'security'
},
{
- id: 'coap-confirmable',
- term: 'Confirmable / Non-confirmable (CoAP)',
- definition:
- "[[coap|CoAP]] message types. `CON` requires an explicit {{ack|ACK}} from the peer β reliable like [[tcp|TCP]] but per-message. `NON` is fire-and-forget, used for repeating sensor readings where a single drop is harmless.",
- category: 'messaging'
+ id: 'coap-confirmable',
+ term: 'Confirmable / Non-confirmable (CoAP)',
+ definition:
+ '[[coap|CoAP]] message types. `CON` requires an explicit {{ack|ACK}} from the peer β reliable like [[tcp|TCP]] but per-message. `NON` is fire-and-forget, used for repeating sensor readings where a single drop is harmless.',
+ category: 'messaging'
},
{
- id: 'coap-observe',
- term: 'Observe (CoAP)',
- definition:
- "[[coap|CoAP]] extension where a client registers interest in a resource and the server pushes a new representation each time the value changes, with a monotonically-increasing sequence number. Lets battery-powered devices sleep instead of polling.",
- category: 'messaging'
+ id: 'coap-observe',
+ term: 'Observe (CoAP)',
+ definition:
+ '[[coap|CoAP]] extension where a client registers interest in a resource and the server pushes a new representation each time the value changes, with a monotonically-increasing sequence number. Lets battery-powered devices sleep instead of polling.',
+ category: 'messaging'
},
{
- id: 'kafka-partition-leader',
- term: 'Partition leader (Kafka)',
- definition:
- "One broker per {{partition|partition}} that serves all reads and writes for that partition; the others are followers that replicate it. Failure of the leader triggers an election so a replica takes over. Producers and consumers are routed to leaders via the cluster metadata.",
- category: 'messaging'
+ id: 'kafka-partition-leader',
+ term: 'Partition leader (Kafka)',
+ definition:
+ 'One broker per {{partition|partition}} that serves all reads and writes for that partition; the others are followers that replicate it. Failure of the leader triggers an election so a replica takes over. Producers and consumers are routed to leaders via the cluster metadata.',
+ category: 'messaging'
},
{
- id: 'kafka-acks',
- term: 'acks=0/1/all (Kafka)',
- definition:
- "Kafka producer durability setting. `acks=0` β fire-and-forget, no acknowledgement; `acks=1` β leader has written; `acks=all` β every in-sync replica has written. Pick the durability vs latency trade-off explicitly.",
- category: 'messaging'
+ id: 'kafka-acks',
+ term: 'acks=0/1/all (Kafka)',
+ definition:
+ 'Kafka producer durability setting. `acks=0` β fire-and-forget, no acknowledgement; `acks=1` β leader has written; `acks=all` β every in-sync replica has written. Pick the durability vs latency trade-off explicitly.',
+ category: 'messaging'
},
{
- id: 'kafka-offset-commit',
- term: 'OffsetCommit (Kafka)',
- definition:
- "Kafka consumer message that records *group X has processed up to offset N in partition P*. Stored in the internal `__consumer_offsets` topic. On consumer crash, another member of the {{consumer-group|consumer group}} resumes from the committed offset.",
- category: 'messaging'
+ id: 'kafka-offset-commit',
+ term: 'OffsetCommit (Kafka)',
+ definition:
+ 'Kafka consumer message that records *group X has processed up to offset N in partition P*. Stored in the internal `__consumer_offsets` topic. On consumer crash, another member of the {{consumer-group|consumer group}} resumes from the committed offset.',
+ category: 'messaging'
},
{
- id: 'consumer-rebalance',
- term: 'Consumer rebalance',
- definition:
- "When a Kafka {{consumer-group|consumer group}} gains or loses members, partition assignments are redistributed so every {{partition|partition}} is owned by exactly one consumer. Each consumer resumes from the last committed {{offset|offset}}.",
- category: 'messaging'
+ id: 'consumer-rebalance',
+ term: 'Consumer rebalance',
+ definition:
+ 'When a Kafka {{consumer-group|consumer group}} gains or loses members, partition assignments are redistributed so every {{partition|partition}} is owned by exactly one consumer. Each consumer resumes from the last committed {{offset|offset}}.',
+ category: 'messaging'
},
{
- id: 'log-replay',
- term: 'Log replay',
- definition:
- "Reading messages from a position earlier than the current tail of an append-only log (e.g. [[kafka|Kafka]]). Because the log is immutable, replay is just *reset the {{offset|offset}}* β used for re-processing, debugging, and bootstrapping new consumers.",
- category: 'messaging'
+ id: 'log-replay',
+ term: 'Log replay',
+ definition:
+ 'Reading messages from a position earlier than the current tail of an append-only log (e.g. [[kafka|Kafka]]). Because the log is immutable, replay is just *reset the {{offset|offset}}* β used for re-processing, debugging, and bootstrapping new consumers.',
+ category: 'messaging'
},
{
- id: 'mta',
- term: 'MTA (Mail Transfer Agent)',
- definition:
- "A server that accepts, queues, and forwards [[smtp|SMTP]] mail β Postfix, Sendmail, Exim, MS Exchange. Mail hops MTA-to-MTA until it reaches the recipient's mailbox.",
- category: 'messaging'
+ id: 'mta',
+ term: 'MTA (Mail Transfer Agent)',
+ definition:
+ "A server that accepts, queues, and forwards [[smtp|SMTP]] mail β Postfix, Sendmail, Exim, MS Exchange. Mail hops MTA-to-MTA until it reaches the recipient's mailbox.",
+ category: 'messaging'
},
{
- id: 'mx-record',
- term: 'MX record',
- definition:
- "[[dns|DNS]] record type listing the {{mta|mail servers}} responsible for a domain, each with a priority. Sending {{mta|MTAs}} look up the recipient's MX before delivering [[smtp|SMTP]] mail.",
- category: 'messaging'
+ id: 'mx-record',
+ term: 'MX record',
+ definition:
+ "[[dns|DNS]] record type listing the {{mta|mail servers}} responsible for a domain, each with a priority. Sending {{mta|MTAs}} look up the recipient's MX before delivering [[smtp|SMTP]] mail.",
+ category: 'messaging'
},
{
- id: 'ptr-record',
- term: 'PTR record',
- definition:
- "[[dns|DNS]] record mapping a name to another name. In reverse DNS, PTRs map an IP back to a hostname; in [[mdns-dns-sd|DNS-SD]], a PTR for `_service._tcp.local` lists the instance names offering that service.",
- category: 'infrastructure'
+ id: 'ptr-record',
+ term: 'PTR record',
+ definition:
+ '[[dns|DNS]] record mapping a name to another name. In reverse DNS, PTRs map an IP back to a hostname; in [[mdns-dns-sd|DNS-SD]], a PTR for `_service._tcp.local` lists the instance names offering that service.',
+ category: 'infrastructure'
},
{
- id: 'srv-record',
- term: 'SRV record',
- definition:
- "[[dns|DNS]] record giving the hostname and port for a named service plus priority and weight. Used by [[mdns-dns-sd|DNS-SD]], [[sip|SIP]], [[xmpp|XMPP]] server-to-server lookup, and Active Directory.",
- category: 'infrastructure'
+ id: 'srv-record',
+ term: 'SRV record',
+ definition:
+ '[[dns|DNS]] record giving the hostname and port for a named service plus priority and weight. Used by [[mdns-dns-sd|DNS-SD]], [[sip|SIP]], [[xmpp|XMPP]] server-to-server lookup, and Active Directory.',
+ category: 'infrastructure'
},
{
- id: 'txt-record',
- term: 'TXT record',
- definition:
- "[[dns|DNS]] record carrying arbitrary text. Used to publish SPF/DKIM/DMARC email-authentication policies, [[mdns-dns-sd|DNS-SD]] service metadata, and ownership-verification tokens.",
- category: 'infrastructure'
+ id: 'txt-record',
+ term: 'TXT record',
+ definition:
+ '[[dns|DNS]] record carrying arbitrary text. Used to publish SPF/DKIM/DMARC email-authentication policies, [[mdns-dns-sd|DNS-SD]] service metadata, and ownership-verification tokens.',
+ category: 'infrastructure'
},
{
- id: 'spf',
- term: 'SPF (Sender Policy Framework)',
- definition:
- "Email-authentication mechanism in which a domain publishes a {{txt-record|TXT record}} listing the IPs allowed to send mail on its behalf. Receiving {{mta|MTAs}} reject or flag messages from other sources.",
- category: 'security'
+ id: 'spf',
+ term: 'SPF (Sender Policy Framework)',
+ definition:
+ 'Email-authentication mechanism in which a domain publishes a {{txt-record|TXT record}} listing the IPs allowed to send mail on its behalf. Receiving {{mta|MTAs}} reject or flag messages from other sources.',
+ category: 'security'
},
{
- id: 'dkim',
- term: 'DKIM (DomainKeys Identified Mail)',
- definition:
- "Sending {{mta|MTA}} signs selected headers + body with a private key; receivers fetch the public key from a {{txt-record|TXT record}} and verify. Proves the message wasn't modified in transit and really came from the claimed domain.",
- category: 'security'
+ id: 'dkim',
+ term: 'DKIM (DomainKeys Identified Mail)',
+ definition:
+ "Sending {{mta|MTA}} signs selected headers + body with a private key; receivers fetch the public key from a {{txt-record|TXT record}} and verify. Proves the message wasn't modified in transit and really came from the claimed domain.",
+ category: 'security'
},
{
- id: 'dmarc',
- term: 'DMARC',
- definition:
- "Policy layer on top of {{spf|SPF}} and {{dkim|DKIM}}. A domain publishes a {{txt-record|TXT record}} telling receivers *reject / quarantine / monitor* mail that fails authentication and aggregates failure reports back to the domain owner.",
- category: 'security'
+ id: 'dmarc',
+ term: 'DMARC',
+ definition:
+ 'Policy layer on top of {{spf|SPF}} and {{dkim|DKIM}}. A domain publishes a {{txt-record|TXT record}} telling receivers *reject / quarantine / monitor* mail that fails authentication and aggregates failure reports back to the domain owner.',
+ category: 'security'
},
{
- id: 'smtp-envelope',
- term: 'SMTP envelope',
- definition:
- "The `MAIL FROM` and `RCPT TO` addresses used by [[smtp|SMTP]] to deliver a message. Separate from the `From:` / `To:` headers shown to humans β like the address on a letter's envelope vs the heading inside.",
- category: 'messaging'
+ id: 'smtp-envelope',
+ term: 'SMTP envelope',
+ definition:
+ "The `MAIL FROM` and `RCPT TO` addresses used by [[smtp|SMTP]] to deliver a message. Separate from the `From:` / `To:` headers shown to humans β like the address on a letter's envelope vs the heading inside.",
+ category: 'messaging'
},
{
- id: 'store-and-forward',
- term: 'Store-and-forward',
- definition:
- "Each hop accepts full responsibility for a message: it commits it to durable storage, then attempts to forward to the next hop with retries. Originating from telegraph relay, it's how [[smtp|SMTP]] email, [[xmpp|XMPP]] federation, and many message queues survive intermittent links.",
- category: 'messaging'
+ id: 'store-and-forward',
+ term: 'Store-and-forward',
+ definition:
+ "Each hop accepts full responsibility for a message: it commits it to durable storage, then attempts to forward to the next hop with retries. Originating from telegraph relay, it's how [[smtp|SMTP]] email, [[xmpp|XMPP]] federation, and many message queues survive intermittent links.",
+ category: 'messaging'
},
{
- id: 'pop3',
- term: 'POP3 (Post Office Protocol)',
- definition:
- "Pre-[[imap|IMAP]] mail-retrieval protocol that downloads messages and (by default) deletes them from the server. Simple but offers no server-side state, so multiple clients see different mailboxes.",
- category: 'messaging'
+ id: 'pop3',
+ term: 'POP3 (Post Office Protocol)',
+ definition:
+ 'Pre-[[imap|IMAP]] mail-retrieval protocol that downloads messages and (by default) deletes them from the server. Simple but offers no server-side state, so multiple clients see different mailboxes.',
+ category: 'messaging'
},
{
- id: 'imap-idle',
- term: 'IDLE (IMAP)',
- definition:
- "[[imap|IMAP]] command that parks a connection in waiting mode. The server may then push untagged updates (new message arrived, flags changed) without the client polling. Foundation of *push email* on mobile.",
- category: 'messaging'
+ id: 'imap-idle',
+ term: 'IDLE (IMAP)',
+ definition:
+ '[[imap|IMAP]] command that parks a connection in waiting mode. The server may then push untagged updates (new message arrived, flags changed) without the client polling. Foundation of *push email* on mobile.',
+ category: 'messaging'
},
{
- id: 'imap-fetch',
- term: 'FETCH (IMAP)',
- definition:
- "[[imap|IMAP]] command to download specific parts of a message (`ENVELOPE`, `BODY[HEADER]`, `BODY[TEXT]`, a particular MIME part) without pulling the whole thing. Lets clients show headers fast and load attachments on demand.",
- category: 'messaging'
+ id: 'imap-fetch',
+ term: 'FETCH (IMAP)',
+ definition:
+ '[[imap|IMAP]] command to download specific parts of a message (`ENVELOPE`, `BODY[HEADER]`, `BODY[TEXT]`, a particular MIME part) without pulling the whole thing. Lets clients show headers fast and load attachments on demand.',
+ category: 'messaging'
},
{
- id: 'imap-select',
- term: 'SELECT (IMAP)',
- definition:
- "[[imap|IMAP]] command that opens a mailbox (e.g. `INBOX`) for read-write access. The server immediately pushes its current state β message count, recent count, validity tags.",
- category: 'messaging'
+ id: 'imap-select',
+ term: 'SELECT (IMAP)',
+ definition:
+ '[[imap|IMAP]] command that opens a mailbox (e.g. `INBOX`) for read-write access. The server immediately pushes its current state β message count, recent count, validity tags.',
+ category: 'messaging'
},
{
- id: 'imap-tag',
- term: 'IMAP tag',
- definition:
- "Client-chosen identifier (`A001`, `A002`, ...) prefixed to each [[imap|IMAP]] command. The server's tagged response uses the same tag, so responses can come back out of order without confusion. Untagged responses (starting with `*`) are server-initiated.",
- category: 'messaging'
+ id: 'imap-tag',
+ term: 'IMAP tag',
+ definition:
+ "Client-chosen identifier (`A001`, `A002`, ...) prefixed to each [[imap|IMAP]] command. The server's tagged response uses the same tag, so responses can come back out of order without confusion. Untagged responses (starting with `*`) are server-initiated.",
+ category: 'messaging'
},
{
- id: 'imaps',
- term: 'IMAPS',
- definition:
- "[[imap|IMAP]] wrapped in [[tls|TLS]] from the first byte, conventionally on port 993. The implicit-TLS alternative to negotiating {{starttls|STARTTLS}} on port 143.",
- category: 'security'
+ id: 'imaps',
+ term: 'IMAPS',
+ definition:
+ '[[imap|IMAP]] wrapped in [[tls|TLS]] from the first byte, conventionally on port 993. The implicit-TLS alternative to negotiating {{starttls|STARTTLS}} on port 143.',
+ category: 'security'
},
{
- id: 'ftp-active-passive',
- term: 'FTP active vs passive mode',
- definition:
- "How [[ftp|FTP]] sets up the data channel. *Active* β server opens a TCP connection back to the client (broken behind {{nat|NAT}} or {{firewall|firewall}}). *Passive* (`PASV`) β server listens on a new port and tells the client to connect to it. PASV is the modern default.",
- category: 'messaging'
+ id: 'ftp-active-passive',
+ term: 'FTP active vs passive mode',
+ definition:
+ 'How [[ftp|FTP]] sets up the data channel. *Active* β server opens a TCP connection back to the client (broken behind {{nat|NAT}} or {{firewall|firewall}}). *Passive* (`PASV`) β server listens on a new port and tells the client to connect to it. PASV is the modern default.',
+ category: 'messaging'
},
{
- id: 'ftps',
- term: 'FTPS',
- definition:
- "[[ftp|FTP]] over [[tls|TLS]]. The control channel is encrypted via {{starttls|AUTH TLS}}, and the data channel is opened inside TLS as well. Not to be confused with SFTP, which is file transfer over [[ssh|SSH]] and shares only the name.",
- category: 'security'
+ id: 'ftps',
+ term: 'FTPS',
+ definition:
+ '[[ftp|FTP]] over [[tls|TLS]]. The control channel is encrypted via {{starttls|AUTH TLS}}, and the data channel is opened inside TLS as well. Not to be confused with SFTP, which is file transfer over [[ssh|SSH]] and shares only the name.',
+ category: 'security'
},
{
- id: 'sftp',
- term: 'SFTP',
- definition:
- "SSH File Transfer Protocol β a file-management subsystem of [[ssh|SSH]], unrelated to [[ftp|FTP]] despite the name. Single port (22), no separate data channel, authenticated by SSH keys.",
- category: 'security'
+ id: 'sftp',
+ term: 'SFTP',
+ definition:
+ 'SSH File Transfer Protocol β a file-management subsystem of [[ssh|SSH]], unrelated to [[ftp|FTP]] despite the name. Single port (22), no separate data channel, authenticated by SSH keys.',
+ category: 'security'
},
{
- id: 'mdns-probe',
- term: 'mDNS probe',
- definition:
- "First step of joining an [[mdns-dns-sd|mDNS]] link: the host sends three Query messages 250 ms apart for its candidate name. If any host claims that name, the prober picks a different one (`-2`, `-3`) and starts over.",
- category: 'infrastructure'
+ id: 'mdns-probe',
+ term: 'mDNS probe',
+ definition:
+ 'First step of joining an [[mdns-dns-sd|mDNS]] link: the host sends three Query messages 250 ms apart for its candidate name. If any host claims that name, the prober picks a different one (`-2`, `-3`) and starts over.',
+ category: 'infrastructure'
},
{
- id: 'mdns-announce',
- term: 'mDNS announce',
- definition:
- "After a successful probe an [[mdns-dns-sd|mDNS]] host sends two Response messages 1 s apart with the cache-flush bit set, so every listener replaces any stale entries for the new owner's records.",
- category: 'infrastructure'
+ id: 'mdns-announce',
+ term: 'mDNS announce',
+ definition:
+ "After a successful probe an [[mdns-dns-sd|mDNS]] host sends two Response messages 1 s apart with the cache-flush bit set, so every listener replaces any stale entries for the new owner's records.",
+ category: 'infrastructure'
},
{
- id: 'mdns-goodbye',
- term: 'mDNS goodbye',
- definition:
- "At graceful shutdown an [[mdns-dns-sd|mDNS]] host sends a Response with `TTL=0` for every record it owns; receivers flush those entries immediately instead of waiting for the normal {{ttl|TTL}} to expire.",
- category: 'infrastructure'
+ id: 'mdns-goodbye',
+ term: 'mDNS goodbye',
+ definition:
+ 'At graceful shutdown an [[mdns-dns-sd|mDNS]] host sends a Response with `TTL=0` for every record it owns; receivers flush those entries immediately instead of waiting for the normal {{ttl|TTL}} to expire.',
+ category: 'infrastructure'
},
{
- id: 'cache-flush-bit',
- term: 'Cache-flush bit (mDNS)',
- definition:
- "Per-record bit in [[mdns-dns-sd|mDNS]] responses that tells receivers *replace any cached records with this name and type with this new one*. Used during announce so a renaming or moving service is reflected everywhere on the link immediately.",
- category: 'infrastructure'
+ id: 'cache-flush-bit',
+ term: 'Cache-flush bit (mDNS)',
+ definition:
+ 'Per-record bit in [[mdns-dns-sd|mDNS]] responses that tells receivers *replace any cached records with this name and type with this new one*. Used during announce so a renaming or moving service is reflected everywhere on the link immediately.',
+ category: 'infrastructure'
},
{
- id: 'ipp',
- term: 'IPP (Internet Printing Protocol)',
- definition:
- "[[http1|HTTP]]-based protocol (port 631) for submitting print jobs and querying printer status. Discovered on local networks via [[mdns-dns-sd|DNS-SD]] under `_ipp._tcp.local`.",
- category: 'infrastructure'
+ id: 'ipp',
+ term: 'IPP (Internet Printing Protocol)',
+ definition:
+ '[[http1|HTTP]]-based protocol (port 631) for submitting print jobs and querying printer status. Discovered on local networks via [[mdns-dns-sd|DNS-SD]] under `_ipp._tcp.local`.',
+ category: 'infrastructure'
},
{
- id: 'mpeg-ts',
- term: 'MPEG-2 Transport Stream (.ts)',
- definition:
- "Container format originally for digital broadcast TV that packs audio, video, and metadata into 188-byte packets. In [[hls|HLS]] streaming, each ~6-second segment is a `.ts` file delivered as a standalone {{http-method|HTTP GET}} β cacheable by any {{cdn|CDN}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/MPEG_transport_stream',
- category: 'web'
+ id: 'mpeg-ts',
+ term: 'MPEG-2 Transport Stream (.ts)',
+ definition:
+ 'Container format originally for digital broadcast TV that packs audio, video, and metadata into 188-byte packets. In [[hls|HLS]] streaming, each ~6-second segment is a `.ts` file delivered as a standalone {{http-method|HTTP GET}} β cacheable by any {{cdn|CDN}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/MPEG_transport_stream',
+ category: 'web'
},
{
- id: 'abr-segment-switch',
- term: 'ABR Segment Boundary Switch',
- definition:
- "In {{adaptive-bitrate|adaptive bitrate}} streaming ([[hls|HLS]] / [[dash|DASH]]), the player can switch quality levels only at segment boundaries β never mid-segment. Each segment is a fully-decodable, self-contained chunk, so swapping in a different bitrate for the next segment is seamless to the viewer.",
- category: 'web'
+ id: 'abr-segment-switch',
+ term: 'ABR Segment Boundary Switch',
+ definition:
+ 'In {{adaptive-bitrate|adaptive bitrate}} streaming ([[hls|HLS]] / [[dash|DASH]]), the player can switch quality levels only at segment boundaries β never mid-segment. Each segment is a fully-decodable, self-contained chunk, so swapping in a different bitrate for the next segment is seamless to the viewer.',
+ category: 'web'
},
{
- id: 'rtmp-c0-c1-c2',
- term: 'RTMP C0 / C1 / C2',
- definition:
- "The three client-to-server messages of the [[rtmp|RTMP]] {{handshake|handshake}}. **C0** = a single protocol-version byte (0x03 for plain [[rtmp|RTMP]], 0x06 for RTMPE). **C1** = 1,536 random bytes plus the client timestamp. **C2** is a verbatim echo of {{rtmp-s0-s1-s2|S1}} β proving the client received it.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Real-Time_Messaging_Protocol',
- category: 'web'
+ id: 'rtmp-c0-c1-c2',
+ term: 'RTMP C0 / C1 / C2',
+ definition:
+ 'The three client-to-server messages of the [[rtmp|RTMP]] {{handshake|handshake}}. **C0** = a single protocol-version byte (0x03 for plain [[rtmp|RTMP]], 0x06 for RTMPE). **C1** = 1,536 random bytes plus the client timestamp. **C2** is a verbatim echo of {{rtmp-s0-s1-s2|S1}} β proving the client received it.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Real-Time_Messaging_Protocol',
+ category: 'web'
},
{
- id: 'rtmp-s0-s1-s2',
- term: 'RTMP S0 / S1 / S2',
- definition:
- "Server-side counterparts of {{rtmp-c0-c1-c2|C0/C1/C2}} in the [[rtmp|RTMP]] {{handshake|handshake}}. **S0** = protocol version byte, **S1** = 1,536 random bytes plus server timestamp, **S2** = echo of {{rtmp-c0-c1-c2|C1}}. Once both sides have verified the echoes match, the {{handshake|handshake}} completes.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Real-Time_Messaging_Protocol',
- category: 'web'
+ id: 'rtmp-s0-s1-s2',
+ term: 'RTMP S0 / S1 / S2',
+ definition:
+ 'Server-side counterparts of {{rtmp-c0-c1-c2|C0/C1/C2}} in the [[rtmp|RTMP]] {{handshake|handshake}}. **S0** = protocol version byte, **S1** = 1,536 random bytes plus server timestamp, **S2** = echo of {{rtmp-c0-c1-c2|C1}}. Once both sides have verified the echoes match, the {{handshake|handshake}} completes.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Real-Time_Messaging_Protocol',
+ category: 'web'
},
{
- id: 'rtmp-connect',
- term: 'RTMP connect',
- definition:
- "First AMF0-encoded command after the [[rtmp|RTMP]] {{handshake|handshake}}. Specifies the application path on the server (e.g., `live`) and may carry optional auth parameters. The server replies with `_result` (success) or `_error`.",
- category: 'web'
+ id: 'rtmp-connect',
+ term: 'RTMP connect',
+ definition:
+ 'First AMF0-encoded command after the [[rtmp|RTMP]] {{handshake|handshake}}. Specifies the application path on the server (e.g., `live`) and may carry optional auth parameters. The server replies with `_result` (success) or `_error`.',
+ category: 'web'
},
{
- id: 'rtmp-create-stream',
- term: 'RTMP createStream',
- definition:
- "AMF0 command sent after [[rtmp|RTMP]] {{rtmp-connect|connect}}. Allocates a logical stream ID within the connection β [[rtmp|RTMP]] can {{multiplexing|multiplex}} multiple streams, though {{live-stream-ingest|live ingest}} typically uses one.",
- category: 'web'
+ id: 'rtmp-create-stream',
+ term: 'RTMP createStream',
+ definition:
+ 'AMF0 command sent after [[rtmp|RTMP]] {{rtmp-connect|connect}}. Allocates a logical stream ID within the connection β [[rtmp|RTMP]] can {{multiplexing|multiplex}} multiple streams, though {{live-stream-ingest|live ingest}} typically uses one.',
+ category: 'web'
},
{
- id: 'rtmp-publish',
- term: 'RTMP publish',
- definition:
- "AMF0 command that begins pushing audio/video to the server. Takes a {{rtmp-stream-key|stream key}} (the secret token authorising the upload) and a publish type (`live`, `record`, or `append`).",
- category: 'web'
+ id: 'rtmp-publish',
+ term: 'RTMP publish',
+ definition:
+ 'AMF0 command that begins pushing audio/video to the server. Takes a {{rtmp-stream-key|stream key}} (the secret token authorising the upload) and a publish type (`live`, `record`, or `append`).',
+ category: 'web'
},
{
- id: 'rtmp-stream-key',
- term: 'RTMP Stream Key',
- definition:
- "The opaque secret token your live encoder (OBS, Wirecast) embeds in the [[rtmp|RTMP]] {{rtmp-publish|publish}} request. Identifies *which channel* the encoder is pushing to and authorises the upload β treat it like a password; anyone with the key can hijack your stream.",
- category: 'web'
+ id: 'rtmp-stream-key',
+ term: 'RTMP Stream Key',
+ definition:
+ 'The opaque secret token your live encoder (OBS, Wirecast) embeds in the [[rtmp|RTMP]] {{rtmp-publish|publish}} request. Identifies *which channel* the encoder is pushing to and authorises the upload β treat it like a password; anyone with the key can hijack your stream.',
+ category: 'web'
},
{
- id: 'live-stream-ingest',
- term: 'Live-Stream Ingest',
- definition:
- "The pipeline that accepts a live video feed from an encoder and prepares it for distribution. The encoder pushes via [[rtmp|RTMP]] (or SRT/WebRTC) to a {{cdn|CDN}} ingest endpoint; the server then {{transcoding|transcodes}} into [[hls|HLS]] / [[dash|DASH]] segments for viewer playback.",
- category: 'web'
+ id: 'live-stream-ingest',
+ term: 'Live-Stream Ingest',
+ definition:
+ 'The pipeline that accepts a live video feed from an encoder and prepares it for distribution. The encoder pushes via [[rtmp|RTMP]] (or SRT/WebRTC) to a {{cdn|CDN}} ingest endpoint; the server then {{transcoding|transcodes}} into [[hls|HLS]] / [[dash|DASH]] segments for viewer playback.',
+ category: 'web'
},
{
- id: 'transcoding',
- term: 'Transcoding',
- definition:
- "Re-encoding a media stream from one {{codec|codec}} or bitrate to another. In live streaming, a {{cdn|CDN}} typically transcodes the [[rtmp|RTMP]] ingest into multiple [[hls|HLS]] / [[dash|DASH]] quality variants ({{adaptive-bitrate|adaptive bitrate}}) so players can switch based on {{bandwidth|bandwidth}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Transcoding',
- category: 'web'
+ id: 'transcoding',
+ term: 'Transcoding',
+ definition:
+ 'Re-encoding a media stream from one {{codec|codec}} or bitrate to another. In live streaming, a {{cdn|CDN}} typically transcodes the [[rtmp|RTMP]] ingest into multiple [[hls|HLS]] / [[dash|DASH]] quality variants ({{adaptive-bitrate|adaptive bitrate}}) so players can switch based on {{bandwidth|bandwidth}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Transcoding',
+ category: 'web'
},
{
- id: 'aac',
- term: 'AAC (Advanced Audio Coding)',
- definition:
- "Lossy audio {{codec|codec}} that superseded MP3 β used by virtually every modern streaming service (YouTube, Apple Music, Spotify Connect) and the default audio in [[rtmp|RTMP]] / [[hls|HLS]] / [[dash|DASH]] pipelines. Defined in MPEG-4 Part 3 (ISO/IEC 14496-3).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Advanced_Audio_Coding',
- category: 'web'
+ id: 'aac',
+ term: 'AAC (Advanced Audio Coding)',
+ definition:
+ 'Lossy audio {{codec|codec}} that superseded MP3 β used by virtually every modern streaming service (YouTube, Apple Music, Spotify Connect) and the default audio in [[rtmp|RTMP]] / [[hls|HLS]] / [[dash|DASH]] pipelines. Defined in MPEG-4 Part 3 (ISO/IEC 14496-3).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Advanced_Audio_Coding',
+ category: 'web'
},
{
- id: 'h264',
- term: 'H.264 / AVC',
- definition:
- "The dominant video {{codec|codec}} of the 2010s β Advanced Video Coding, MPEG-4 Part 10. Ships in virtually every camera, phone, browser, and streaming pipeline. Carried inside [[hls|HLS]] `.ts` segments and [[rtmp|RTMP]] chunks.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Advanced_Video_Coding',
- category: 'web'
+ id: 'h264',
+ term: 'H.264 / AVC',
+ definition:
+ 'The dominant video {{codec|codec}} of the 2010s β Advanced Video Coding, MPEG-4 Part 10. Ships in virtually every camera, phone, browser, and streaming pipeline. Carried inside [[hls|HLS]] `.ts` segments and [[rtmp|RTMP]] chunks.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Advanced_Video_Coding',
+ category: 'web'
},
{
- id: 'h265',
- term: 'H.265 / HEVC',
- definition:
- "High Efficiency Video Coding β successor to {{h264|H.264}} delivering roughly 2x compression at the same quality. Widely used for 4K [[hls|HLS]] / [[dash|DASH]] but with patent-licensing friction that opened the door for royalty-free alternatives like {{av1|AV1}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/High_Efficiency_Video_Coding',
- category: 'web'
+ id: 'h265',
+ term: 'H.265 / HEVC',
+ definition:
+ 'High Efficiency Video Coding β successor to {{h264|H.264}} delivering roughly 2x compression at the same quality. Widely used for 4K [[hls|HLS]] / [[dash|DASH]] but with patent-licensing friction that opened the door for royalty-free alternatives like {{av1|AV1}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/High_Efficiency_Video_Coding',
+ category: 'web'
},
{
- id: 'vp9',
- term: 'VP9',
- definition:
- "Royalty-free video {{codec|codec}} developed by {{google|Google}}. Comparable compression to {{h265|H.265}} but free of patent licensing; used heavily by YouTube. Carried in WebM and {{fragmented-mp4|fMP4}} containers for [[dash|DASH]] streaming.",
- wikiUrl: 'https://en.wikipedia.org/wiki/VP9',
- category: 'web'
+ id: 'vp9',
+ term: 'VP9',
+ definition:
+ 'Royalty-free video {{codec|codec}} developed by {{google|Google}}. Comparable compression to {{h265|H.265}} but free of patent licensing; used heavily by YouTube. Carried in WebM and {{fragmented-mp4|fMP4}} containers for [[dash|DASH]] streaming.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/VP9',
+ category: 'web'
},
{
- id: 'av1',
- term: 'AV1',
- definition:
- "Open, royalty-free video {{codec|codec}} from the Alliance for Open Media (Google, Netflix, Amazon, Apple). Roughly 30% better compression than {{h265|H.265}}. Native support in Chrome, Firefox, Safari 17+, and modern Android/iOS hardware decoders.",
- wikiUrl: 'https://en.wikipedia.org/wiki/AV1',
- category: 'web'
+ id: 'av1',
+ term: 'AV1',
+ definition:
+ 'Open, royalty-free video {{codec|codec}} from the Alliance for Open Media (Google, Netflix, Amazon, Apple). Roughly 30% better compression than {{h265|H.265}}. Native support in Chrome, Firefox, Safari 17+, and modern Android/iOS hardware decoders.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/AV1',
+ category: 'web'
},
{
- id: 'fragmented-mp4',
- term: 'Fragmented MP4 (fMP4)',
- definition:
- "An MP4 file split into independently-decodable fragments. Each `.m4s` segment in a [[dash|DASH]] stream (and modern [[hls|HLS]]) is one fragment β small enough to {{cdn|CDN}}-cache and quality-switch at the boundary. Built on {{isobmff|ISOBMFF}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/ISO_base_media_file_format',
- category: 'web'
+ id: 'fragmented-mp4',
+ term: 'Fragmented MP4 (fMP4)',
+ definition:
+ 'An MP4 file split into independently-decodable fragments. Each `.m4s` segment in a [[dash|DASH]] stream (and modern [[hls|HLS]]) is one fragment β small enough to {{cdn|CDN}}-cache and quality-switch at the boundary. Built on {{isobmff|ISOBMFF}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/ISO_base_media_file_format',
+ category: 'web'
},
{
- id: 'isobmff',
- term: 'ISOBMFF (ISO Base Media File Format)',
- definition:
- "ISO/IEC 14496-12 β the box-based container that underlies MP4, {{fragmented-mp4|fMP4}}, QuickTime, 3GP, and the segment format used by [[dash|DASH]] and CMAF [[hls|HLS]]. {{codec|Codec}}-agnostic: stores video, audio, subtitles, and metadata in nested boxes.",
- wikiUrl: 'https://en.wikipedia.org/wiki/ISO_base_media_file_format',
- category: 'web'
+ id: 'isobmff',
+ term: 'ISOBMFF (ISO Base Media File Format)',
+ definition:
+ 'ISO/IEC 14496-12 β the box-based container that underlies MP4, {{fragmented-mp4|fMP4}}, QuickTime, 3GP, and the segment format used by [[dash|DASH]] and CMAF [[hls|HLS]]. {{codec|Codec}}-agnostic: stores video, audio, subtitles, and metadata in nested boxes.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/ISO_base_media_file_format',
+ category: 'web'
},
{
- id: 'dash-period',
- term: 'DASH Period',
- definition:
- "Top-level segment of a [[dash|DASH]] {{mpd|MPD}} timeline β a single chapter of the presentation (e.g., main feature vs. ad break). Each Period contains one or more {{dash-adaptation-set|AdaptationSets}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Adaptive_Streaming_over_HTTP',
- category: 'web'
+ id: 'dash-period',
+ term: 'DASH Period',
+ definition:
+ 'Top-level segment of a [[dash|DASH]] {{mpd|MPD}} timeline β a single chapter of the presentation (e.g., main feature vs. ad break). Each Period contains one or more {{dash-adaptation-set|AdaptationSets}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Adaptive_Streaming_over_HTTP',
+ category: 'web'
},
{
- id: 'dash-adaptation-set',
- term: 'DASH AdaptationSet',
- definition:
- "A track within a [[dash|DASH]] {{dash-period|Period}} β typically *video*, *audio*, or *subtitle*. Contains multiple {{dash-representation|Representations}} that are alternative quality variants the player chooses between.",
- category: 'web'
+ id: 'dash-adaptation-set',
+ term: 'DASH AdaptationSet',
+ definition:
+ 'A track within a [[dash|DASH]] {{dash-period|Period}} β typically *video*, *audio*, or *subtitle*. Contains multiple {{dash-representation|Representations}} that are alternative quality variants the player chooses between.',
+ category: 'web'
},
{
- id: 'dash-representation',
- term: 'DASH Representation',
- definition:
- "A single quality variant inside a {{dash-adaptation-set|DASH AdaptationSet}} β e.g., the 720p version of the video track. The {{adaptive-bitrate|ABR}} algorithm switches between Representations as {{bandwidth|bandwidth}} changes.",
- category: 'web'
+ id: 'dash-representation',
+ term: 'DASH Representation',
+ definition:
+ 'A single quality variant inside a {{dash-adaptation-set|DASH AdaptationSet}} β e.g., the 720p version of the video track. The {{adaptive-bitrate|ABR}} algorithm switches between Representations as {{bandwidth|bandwidth}} changes.',
+ category: 'web'
},
{
- id: 'abr-bola',
- term: 'BOLA (Buffer Occupancy based Lyapunov Algorithm)',
- definition:
- "Buffer-based {{adaptive-bitrate|ABR}} algorithm that picks the next segment's quality based on how full the player's buffer is β not on measured throughput. The default in dash.js since 2016. More robust than throughput-only methods under variable network conditions.",
- category: 'web'
+ id: 'abr-bola',
+ term: 'BOLA (Buffer Occupancy based Lyapunov Algorithm)',
+ definition:
+ "Buffer-based {{adaptive-bitrate|ABR}} algorithm that picks the next segment's quality based on how full the player's buffer is β not on measured throughput. The default in dash.js since 2016. More robust than throughput-only methods under variable network conditions.",
+ category: 'web'
},
{
- id: 'sdp-offer-answer',
- term: 'SDP Offer/Answer Model',
- definition:
- "The negotiation pattern used by [[sip|SIP]] and [[webrtc|WebRTC]] (RFC 3264). Side A sends an [[sdp|SDP]] *offer* listing every {{codec|codec}}/transport it supports; side B replies with an *answer* that contains only the intersection. One round trip β no haggling, no renegotiation under steady state.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Session_Description_Protocol',
- category: 'web'
+ id: 'sdp-offer-answer',
+ term: 'SDP Offer/Answer Model',
+ definition:
+ 'The negotiation pattern used by [[sip|SIP]] and [[webrtc|WebRTC]] (RFC 3264). Side A sends an [[sdp|SDP]] *offer* listing every {{codec|codec}}/transport it supports; side B replies with an *answer* that contains only the intersection. One round trip β no haggling, no renegotiation under steady state.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Session_Description_Protocol',
+ category: 'web'
},
{
- id: 'sip-invite',
- term: 'SIP INVITE',
- definition:
- "The [[sip|SIP]] request that initiates a session β please ring this user. Body carries an [[sdp|SDP]] offer describing what audio/video the caller can send. Uses a {{three-way-handshake|three-way pattern}} (INVITE -> final response -> {{sip-ack|ACK}}) to be safe over [[udp|UDP]].",
- wikiUrl: 'https://en.wikipedia.org/wiki/Session_Initiation_Protocol',
- category: 'web'
+ id: 'sip-invite',
+ term: 'SIP INVITE',
+ definition:
+ 'The [[sip|SIP]] request that initiates a session β please ring this user. Body carries an [[sdp|SDP]] offer describing what audio/video the caller can send. Uses a {{three-way-handshake|three-way pattern}} (INVITE -> final response -> {{sip-ack|ACK}}) to be safe over [[udp|UDP]].',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Session_Initiation_Protocol',
+ category: 'web'
},
{
- id: 'sip-register',
- term: 'SIP REGISTER',
- definition:
- "[[sip|SIP]] request that maps a SIP URI (`bob@example.com`) to the device's current {{ip-address|IP}} and {{port|port}}. The {{sip-registrar|registrar}} stores this binding so future {{sip-invite|INVITEs}} can be routed to the right device.",
- category: 'web'
+ id: 'sip-register',
+ term: 'SIP REGISTER',
+ definition:
+ "[[sip|SIP]] request that maps a SIP URI (`bob@example.com`) to the device's current {{ip-address|IP}} and {{port|port}}. The {{sip-registrar|registrar}} stores this binding so future {{sip-invite|INVITEs}} can be routed to the right device.",
+ category: 'web'
},
{
- id: 'sip-ack',
- term: 'SIP ACK',
- definition:
- "Third leg of the [[sip|SIP]] {{sip-invite|INVITE}} {{three-way-handshake|three-way handshake}}. The caller confirms it received the `{{sip-200-ok|200 OK}}`. Unlike most [[sip|SIP]] requests, the ACK to a 2xx response is hop-by-hop generated by the end user agent β not by the proxy.",
- category: 'web'
+ id: 'sip-ack',
+ term: 'SIP ACK',
+ definition:
+ 'Third leg of the [[sip|SIP]] {{sip-invite|INVITE}} {{three-way-handshake|three-way handshake}}. The caller confirms it received the `{{sip-200-ok|200 OK}}`. Unlike most [[sip|SIP]] requests, the ACK to a 2xx response is hop-by-hop generated by the end user agent β not by the proxy.',
+ category: 'web'
},
{
- id: 'sip-bye',
- term: 'SIP BYE',
- definition:
- "[[sip|SIP]] request that ends an established session. Either side can send BYE; the receiver replies `{{sip-200-ok|200 OK}}` and tears down the dialog. Media flow stops immediately.",
- category: 'web'
+ id: 'sip-bye',
+ term: 'SIP BYE',
+ definition:
+ '[[sip|SIP]] request that ends an established session. Either side can send BYE; the receiver replies `{{sip-200-ok|200 OK}}` and tears down the dialog. Media flow stops immediately.',
+ category: 'web'
},
{
- id: 'sip-180-ringing',
- term: 'SIP 180 Ringing',
- definition:
- "[[sip|SIP]] {{sip-provisional-response|provisional response}} (1xx) meaning *the callee's phone is being alerted*. May arrive multiple times as the {{sip-proxy|proxy}} forks the {{sip-invite|INVITE}} to multiple devices. Not a final response β the call isn't answered yet.",
- category: 'web'
+ id: 'sip-180-ringing',
+ term: 'SIP 180 Ringing',
+ definition:
+ "[[sip|SIP]] {{sip-provisional-response|provisional response}} (1xx) meaning *the callee's phone is being alerted*. May arrive multiple times as the {{sip-proxy|proxy}} forks the {{sip-invite|INVITE}} to multiple devices. Not a final response β the call isn't answered yet.",
+ category: 'web'
},
{
- id: 'sip-200-ok',
- term: 'SIP 200 OK',
- definition:
- "[[sip|SIP]] final response (2xx) β the callee answered. The 200 OK to an {{sip-invite|INVITE}} carries the [[sdp|SDP]] *answer*, completing {{codec|codec}}/{{port|port}} negotiation. Caller responds with {{sip-ack|ACK}}.",
- category: 'web'
+ id: 'sip-200-ok',
+ term: 'SIP 200 OK',
+ definition:
+ '[[sip|SIP]] final response (2xx) β the callee answered. The 200 OK to an {{sip-invite|INVITE}} carries the [[sdp|SDP]] *answer*, completing {{codec|codec}}/{{port|port}} negotiation. Caller responds with {{sip-ack|ACK}}.',
+ category: 'web'
},
{
- id: 'sip-provisional-response',
- term: 'SIP Provisional Response (1xx)',
- definition:
- "Any [[sip|SIP]] response in the 100-199 range β informational, not final. Common: `100 Trying`, `{{sip-180-ringing|180 Ringing}}`, `183 Session Progress`. Lets the caller know the request is being processed before a final 2xx/4xx/5xx/6xx response arrives.",
- category: 'web'
+ id: 'sip-provisional-response',
+ term: 'SIP Provisional Response (1xx)',
+ definition:
+ 'Any [[sip|SIP]] response in the 100-199 range β informational, not final. Common: `100 Trying`, `{{sip-180-ringing|180 Ringing}}`, `183 Session Progress`. Lets the caller know the request is being processed before a final 2xx/4xx/5xx/6xx response arrives.',
+ category: 'web'
},
{
- id: 'sip-proxy',
- term: 'SIP Proxy',
- definition:
- "Intermediary server that routes [[sip|SIP]] requests towards the callee β like an SMTP relay for VoIP. May fork an {{sip-invite|INVITE}} to multiple registered devices ({{sip-forking|forking}}). Once the session establishes, media usually bypasses the proxy and flows {{peer-to-peer|peer-to-peer}}.",
- category: 'web'
+ id: 'sip-proxy',
+ term: 'SIP Proxy',
+ definition:
+ 'Intermediary server that routes [[sip|SIP]] requests towards the callee β like an SMTP relay for VoIP. May fork an {{sip-invite|INVITE}} to multiple registered devices ({{sip-forking|forking}}). Once the session establishes, media usually bypasses the proxy and flows {{peer-to-peer|peer-to-peer}}.',
+ category: 'web'
},
{
- id: 'sip-registrar',
- term: 'SIP Registrar',
- definition:
- "[[sip|SIP]] server that accepts {{sip-register|REGISTER}} requests and stores the binding between a SIP URI (`bob@example.com`) and the device's current {{ip-address|IP}} and {{port|port}}. The {{sip-proxy|proxy}} queries the registrar to find where to route incoming calls.",
- category: 'web'
+ id: 'sip-registrar',
+ term: 'SIP Registrar',
+ definition:
+ "[[sip|SIP]] server that accepts {{sip-register|REGISTER}} requests and stores the binding between a SIP URI (`bob@example.com`) and the device's current {{ip-address|IP}} and {{port|port}}. The {{sip-proxy|proxy}} queries the registrar to find where to route incoming calls.",
+ category: 'web'
},
{
- id: 'sip-forking',
- term: 'SIP Forking',
- definition:
- "A {{sip-proxy|SIP proxy}} feature: when Bob has multiple devices registered to the same SIP URI, the proxy can fan the {{sip-invite|INVITE}} out to all of them in parallel β so every phone he owns rings at once. The first to answer wins; the others get a CANCEL.",
- category: 'web'
+ id: 'sip-forking',
+ term: 'SIP Forking',
+ definition:
+ 'A {{sip-proxy|SIP proxy}} feature: when Bob has multiple devices registered to the same SIP URI, the proxy can fan the {{sip-invite|INVITE}} out to all of them in parallel β so every phone he owns rings at once. The first to answer wins; the others get a CANCEL.',
+ category: 'web'
},
{
- id: 'ssh-kex-init',
- term: 'SSH KEX_INIT',
- definition:
- "The opening message of the [[ssh|SSH]] {{ssh-key-exchange|key exchange}}. Each side lists the algorithms it supports for {{ssh-key-exchange|key exchange}}, host-key, {{encryption|encryption}}, {{hmac|MAC}}, and compression. Both ends then pick the strongest mutual choice.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Secure_Shell',
- category: 'security'
+ id: 'ssh-kex-init',
+ term: 'SSH KEX_INIT',
+ definition:
+ 'The opening message of the [[ssh|SSH]] {{ssh-key-exchange|key exchange}}. Each side lists the algorithms it supports for {{ssh-key-exchange|key exchange}}, host-key, {{encryption|encryption}}, {{hmac|MAC}}, and compression. Both ends then pick the strongest mutual choice.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Secure_Shell',
+ category: 'security'
},
{
- id: 'ssh-key-exchange',
- term: 'SSH Key Exchange',
- definition:
- "Phase of the [[ssh|SSH]] connection that derives a shared session key β typically via {{diffie-hellman|Diffie-Hellman}} or {{ecdh|ECDH}} on Curve25519. The session key encrypts every byte that follows; an eavesdropper with the full transcript still can't recover it.",
- category: 'security'
+ id: 'ssh-key-exchange',
+ term: 'SSH Key Exchange',
+ definition:
+ "Phase of the [[ssh|SSH]] connection that derives a shared session key β typically via {{diffie-hellman|Diffie-Hellman}} or {{ecdh|ECDH}} on Curve25519. The session key encrypts every byte that follows; an eavesdropper with the full transcript still can't recover it.",
+ category: 'security'
},
{
- id: 'ssh-host-key',
- term: 'SSH Host Key',
- definition:
- "Long-term {{asymmetric-encryption|asymmetric}} key pair that identifies an [[ssh|SSH]] server across reboots. The client pins the public half in `known_hosts`; on later connections it verifies the server signs the {{ssh-key-exchange|KEX}} transcript with the matching {{private-key|private key}}. Defeats {{man-in-the-middle|MITM}}.",
- category: 'security'
+ id: 'ssh-host-key',
+ term: 'SSH Host Key',
+ definition:
+ 'Long-term {{asymmetric-encryption|asymmetric}} key pair that identifies an [[ssh|SSH]] server across reboots. The client pins the public half in `known_hosts`; on later connections it verifies the server signs the {{ssh-key-exchange|KEX}} transcript with the matching {{private-key|private key}}. Defeats {{man-in-the-middle|MITM}}.',
+ category: 'security'
},
{
- id: 'ssh-tofu',
- term: 'TOFU (Trust on First Use)',
- definition:
- "Security model used by [[ssh|SSH]] and many other protocols: trust the public key the *first* time you see it, pin it locally, alert loudly if it ever changes. Pragmatic compromise β no {{pki|PKI}} needed, but the first connection is unauthenticated.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Trust_on_first_use',
- category: 'security'
+ id: 'ssh-tofu',
+ term: 'TOFU (Trust on First Use)',
+ definition:
+ 'Security model used by [[ssh|SSH]] and many other protocols: trust the public key the *first* time you see it, pin it locally, alert loudly if it ever changes. Pragmatic compromise β no {{pki|PKI}} needed, but the first connection is unauthenticated.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Trust_on_first_use',
+ category: 'security'
},
{
- id: 'ssh-publickey-auth',
- term: 'SSH publickey Authentication',
- definition:
- "[[ssh|SSH]] auth method where the client proves possession of a {{private-key|private key}} matching a {{public-key|public key}} the server has authorised (in `~/.ssh/authorized_keys`). The de-facto standard for server access; replaces password auth entirely in modern deployments.",
- category: 'security'
+ id: 'ssh-publickey-auth',
+ term: 'SSH publickey Authentication',
+ definition:
+ '[[ssh|SSH]] auth method where the client proves possession of a {{private-key|private key}} matching a {{public-key|public key}} the server has authorised (in `~/.ssh/authorized_keys`). The de-facto standard for server access; replaces password auth entirely in modern deployments.',
+ category: 'security'
},
{
- id: 'ssh-keyboard-interactive',
- term: 'SSH keyboard-interactive',
- definition:
- "[[ssh|SSH]] auth method (RFC 4256) that lets the server prompt the client for arbitrary challenges β used for 2FA, OTP tokens, and PAM-driven flows. The server sends a list of prompts; the client returns responses.",
- category: 'security'
+ id: 'ssh-keyboard-interactive',
+ term: 'SSH keyboard-interactive',
+ definition:
+ '[[ssh|SSH]] auth method (RFC 4256) that lets the server prompt the client for arbitrary challenges β used for 2FA, OTP tokens, and PAM-driven flows. The server sends a list of prompts; the client returns responses.',
+ category: 'security'
},
{
- id: 'ssh-channels',
- term: 'SSH Channels',
- definition:
- "Logical streams inside one [[ssh|SSH]] connection. {{multiplexing|Multiplexes}} interactive shells, file transfer ({{sftp|SFTP}}), {{port-forwarding|port forwarding}}, and X11 forwarding β all on the same encrypted [[tcp|TCP]] {{socket|socket}}.",
- category: 'security'
+ id: 'ssh-channels',
+ term: 'SSH Channels',
+ definition:
+ 'Logical streams inside one [[ssh|SSH]] connection. {{multiplexing|Multiplexes}} interactive shells, file transfer ({{sftp|SFTP}}), {{port-forwarding|port forwarding}}, and X11 forwarding β all on the same encrypted [[tcp|TCP]] {{socket|socket}}.',
+ category: 'security'
},
{
- id: 'tls-certificate-verify',
- term: 'TLS CertificateVerify',
- definition:
- "[[tls|TLS]] 1.3 {{tls-handshake|handshake}} message in which the server signs the entire transcript with the {{private-key|private key}} matching its {{certificate|certificate}}. Proves the server actually owns the cert β without this step a {{man-in-the-middle|MITM}} could replay someone else's cert.",
- category: 'security'
+ id: 'tls-certificate-verify',
+ term: 'TLS CertificateVerify',
+ definition:
+ "[[tls|TLS]] 1.3 {{tls-handshake|handshake}} message in which the server signs the entire transcript with the {{private-key|private key}} matching its {{certificate|certificate}}. Proves the server actually owns the cert β without this step a {{man-in-the-middle|MITM}} could replay someone else's cert.",
+ category: 'security'
},
{
- id: 'csrf',
- term: 'CSRF (Cross-Site Request Forgery)',
- definition:
- "Attack class where a malicious site tricks a logged-in user's browser into making an unwanted request to a target site, riding on the user's session {{cookie|cookies}}. Defences: {{oauth-state|state}} tokens, SameSite cookies, double-submit headers.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Cross-site_request_forgery',
- category: 'security'
+ id: 'csrf',
+ term: 'CSRF (Cross-Site Request Forgery)',
+ definition:
+ "Attack class where a malicious site tricks a logged-in user's browser into making an unwanted request to a target site, riding on the user's session {{cookie|cookies}}. Defences: {{oauth-state|state}} tokens, SameSite cookies, double-submit headers.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Cross-site_request_forgery',
+ category: 'security'
},
{
- id: 'oauth-state',
- term: 'OAuth state parameter',
- definition:
- "Opaque, unpredictable token included in an [[oauth2|OAuth]] authorization request and echoed back in the redirect. Lets the client verify the response matches a request *it* initiated β preventing {{csrf|CSRF}} on the callback endpoint. Always required.",
- category: 'security'
+ id: 'oauth-state',
+ term: 'OAuth state parameter',
+ definition:
+ 'Opaque, unpredictable token included in an [[oauth2|OAuth]] authorization request and echoed back in the redirect. Lets the client verify the response matches a request *it* initiated β preventing {{csrf|CSRF}} on the callback endpoint. Always required.',
+ category: 'security'
},
{
- id: 'oauth-auth-code',
- term: 'OAuth Authorization Code',
- definition:
- "Short-lived (~30 s), single-use token returned by the [[oauth2|OAuth]] authorization server after user {{oauth-consent|consent}}. The client exchanges it (plus {{pkce|PKCE}} `code_verifier`) at the token endpoint for an {{access-token|access token}} + {{oauth-refresh-token|refresh token}}.",
- category: 'security'
+ id: 'oauth-auth-code',
+ term: 'OAuth Authorization Code',
+ definition:
+ 'Short-lived (~30 s), single-use token returned by the [[oauth2|OAuth]] authorization server after user {{oauth-consent|consent}}. The client exchanges it (plus {{pkce|PKCE}} `code_verifier`) at the token endpoint for an {{access-token|access token}} + {{oauth-refresh-token|refresh token}}.',
+ category: 'security'
},
{
- id: 'oauth-consent',
- term: 'OAuth Consent Screen',
- definition:
- "The page where the user reviews and approves which {{oauth-scope|scopes}} a client app is requesting access to. Run by the [[oauth2|OAuth]] authorization server β the client never sees the user's password.",
- category: 'security'
+ id: 'oauth-consent',
+ term: 'OAuth Consent Screen',
+ definition:
+ "The page where the user reviews and approves which {{oauth-scope|scopes}} a client app is requesting access to. Run by the [[oauth2|OAuth]] authorization server β the client never sees the user's password.",
+ category: 'security'
},
{
- id: 'oauth-scope',
- term: 'OAuth Scope',
- definition:
- "String identifying a specific permission requested by an [[oauth2|OAuth]] client (e.g., `read:user`, `repo`, `email`). Shown on the {{oauth-consent|consent screen}} so the user knows what they're granting. The {{access-token|access token}} is bound to the approved scopes.",
- category: 'security'
+ id: 'oauth-scope',
+ term: 'OAuth Scope',
+ definition:
+ "String identifying a specific permission requested by an [[oauth2|OAuth]] client (e.g., `read:user`, `repo`, `email`). Shown on the {{oauth-consent|consent screen}} so the user knows what they're granting. The {{access-token|access token}} is bound to the approved scopes.",
+ category: 'security'
},
{
- id: 'oauth-client-id',
- term: 'OAuth client_id',
- definition:
- "Public identifier the [[oauth2|OAuth]] authorization server uses to recognise a registered client application. Sent in every request (`/authorize`, `/token`). Not a secret β paired with {{pkce|PKCE}} or a `client_secret` for confidential clients.",
- category: 'security'
+ id: 'oauth-client-id',
+ term: 'OAuth client_id',
+ definition:
+ 'Public identifier the [[oauth2|OAuth]] authorization server uses to recognise a registered client application. Sent in every request (`/authorize`, `/token`). Not a secret β paired with {{pkce|PKCE}} or a `client_secret` for confidential clients.',
+ category: 'security'
},
{
- id: 'oauth-refresh-token',
- term: 'OAuth Refresh Token',
- definition:
- "Long-lived [[oauth2|OAuth]] token used to obtain new {{access-token|access tokens}} without re-prompting the user. Must be stored confidentially (server-side only for web apps). Rotated by the auth server on each use in modern implementations.",
- category: 'security'
+ id: 'oauth-refresh-token',
+ term: 'OAuth Refresh Token',
+ definition:
+ 'Long-lived [[oauth2|OAuth]] token used to obtain new {{access-token|access tokens}} without re-prompting the user. Must be stored confidentially (server-side only for web apps). Rotated by the auth server on each use in modern implementations.',
+ category: 'security'
},
{
- id: 'rsa',
- term: 'RSA',
- definition:
- "{{asymmetric-encryption|Asymmetric}} algorithm (Rivest-Shamir-Adleman, 1977) for signatures and key encapsulation. Security rests on the difficulty of factoring large integers. Still common in [[tls|TLS]] / [[ipsec|IPsec]] {{certificate|certificates}}, though {{ecdsa|ECDSA}} and Ed25519 are now preferred.",
- wikiUrl: 'https://en.wikipedia.org/wiki/RSA_(cryptosystem)',
- category: 'security'
+ id: 'rsa',
+ term: 'RSA',
+ definition:
+ '{{asymmetric-encryption|Asymmetric}} algorithm (Rivest-Shamir-Adleman, 1977) for signatures and key encapsulation. Security rests on the difficulty of factoring large integers. Still common in [[tls|TLS]] / [[ipsec|IPsec]] {{certificate|certificates}}, though {{ecdsa|ECDSA}} and Ed25519 are now preferred.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/RSA_(cryptosystem)',
+ category: 'security'
},
{
- id: 'ecdsa',
- term: 'ECDSA (Elliptic Curve Digital Signature Algorithm)',
- definition:
- "Digital signature scheme over elliptic curves β much shorter keys/signatures than {{rsa|RSA}} for equivalent security. Used in [[tls|TLS]] / [[ssh|SSH]] / [[ipsec|IPsec]] {{certificate|certificates}}, and as the signature algorithm in Bitcoin and Ethereum.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm',
- category: 'security'
+ id: 'ecdsa',
+ term: 'ECDSA (Elliptic Curve Digital Signature Algorithm)',
+ definition:
+ 'Digital signature scheme over elliptic curves β much shorter keys/signatures than {{rsa|RSA}} for equivalent security. Used in [[tls|TLS]] / [[ssh|SSH]] / [[ipsec|IPsec]] {{certificate|certificates}}, and as the signature algorithm in Bitcoin and Ethereum.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm',
+ category: 'security'
},
{
- id: 'ecdh',
- term: 'ECDH (Elliptic Curve Diffie-Hellman)',
- definition:
- "Variant of {{diffie-hellman|Diffie-Hellman}} key exchange over elliptic curves (commonly Curve25519 or P-256). Much smaller keys, faster computation, same shared-secret derivation. The default {{ssh-key-exchange|key exchange}} in modern [[tls|TLS]] 1.3 and [[ssh|SSH]].",
- wikiUrl: 'https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman',
- category: 'security'
+ id: 'ecdh',
+ term: 'ECDH (Elliptic Curve Diffie-Hellman)',
+ definition:
+ 'Variant of {{diffie-hellman|Diffie-Hellman}} key exchange over elliptic curves (commonly Curve25519 or P-256). Much smaller keys, faster computation, same shared-secret derivation. The default {{ssh-key-exchange|key exchange}} in modern [[tls|TLS]] 1.3 and [[ssh|SSH]].',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman',
+ category: 'security'
},
{
- id: 'psk',
- term: 'PSK (Pre-Shared Key)',
- definition:
- "Authentication mode where both parties share a long-term symmetric secret out of band β no {{certificate|certificates}}, no {{pki|PKI}}. Used in [[ipsec|IPsec]] site-to-site VPNs, [[wireguard|WireGuard]] (optional mix), and consumer Wi-Fi (WPA-PSK).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Pre-shared_key',
- category: 'security'
+ id: 'psk',
+ term: 'PSK (Pre-Shared Key)',
+ definition:
+ 'Authentication mode where both parties share a long-term symmetric secret out of band β no {{certificate|certificates}}, no {{pki|PKI}}. Used in [[ipsec|IPsec]] site-to-site VPNs, [[wireguard|WireGuard]] (optional mix), and consumer Wi-Fi (WPA-PSK).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Pre-shared_key',
+ category: 'security'
},
{
- id: 'curve25519',
- term: 'Curve25519',
- definition:
- "Modern elliptic curve designed by [[pioneer:dan-bernstein|Daniel J. Bernstein]] (2005). Used for {{ecdh|ECDH}} in [[tls|TLS]] 1.3, [[ssh|SSH]], [[wireguard|WireGuard]], Signal β fast, side-channel-resistant, and free of suspect NIST parameters.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Curve25519',
- category: 'security'
+ id: 'curve25519',
+ term: 'Curve25519',
+ definition:
+ 'Modern elliptic curve designed by [[pioneer:dan-bernstein|Daniel J. Bernstein]] (2005). Used for {{ecdh|ECDH}} in [[tls|TLS]] 1.3, [[ssh|SSH]], [[wireguard|WireGuard]], Signal β fast, side-channel-resistant, and free of suspect NIST parameters.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Curve25519',
+ category: 'security'
},
{
- id: 'poly1305',
- term: 'Poly1305',
- definition:
- "One-time authenticator (Bernstein, 2005) used as the integrity tag in the {{chacha20-poly1305|ChaCha20-Poly1305}} {{aead|AEAD}}. Appends a 16-byte tag the receiver verifies before accepting the ciphertext. Replay-safe when paired with a unique {{nonce|nonce}} per message.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Poly1305',
- category: 'security'
+ id: 'poly1305',
+ term: 'Poly1305',
+ definition:
+ 'One-time authenticator (Bernstein, 2005) used as the integrity tag in the {{chacha20-poly1305|ChaCha20-Poly1305}} {{aead|AEAD}}. Appends a 16-byte tag the receiver verifies before accepting the ciphertext. Replay-safe when paired with a unique {{nonce|nonce}} per message.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Poly1305',
+ category: 'security'
},
{
- id: 'noise-ik',
- term: 'Noise_IK pattern',
- definition:
- "One of the {{noise-protocol|Noise Protocol Framework}} handshake patterns. *I* = initiator's static key sent immediately, *K* = responder's static key already known. The [[wireguard|WireGuard]] handshake is `Noise_IKpsk2` β Noise_IK with an optional pre-shared key mixed in at step 2.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Noise_Protocol_Framework',
- category: 'security'
+ id: 'noise-ik',
+ term: 'Noise_IK pattern',
+ definition:
+ "One of the {{noise-protocol|Noise Protocol Framework}} handshake patterns. *I* = initiator's static key sent immediately, *K* = responder's static key already known. The [[wireguard|WireGuard]] handshake is `Noise_IKpsk2` β Noise_IK with an optional pre-shared key mixed in at step 2.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Noise_Protocol_Framework',
+ category: 'security'
},
{
- id: 'noise-protocol',
- term: 'Noise Protocol Framework',
- definition:
- "Family of cryptographic handshake patterns by [[pioneer:trevor-perrin|Trevor Perrin]] β pick a pattern (IK, XX, NK), plug in DH curve + cipher + hash, get a complete handshake. Powers [[wireguard|WireGuard]], WhatsApp, Signal, and Lightning Network.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Noise_Protocol_Framework',
- category: 'security'
+ id: 'noise-protocol',
+ term: 'Noise Protocol Framework',
+ definition:
+ 'Family of cryptographic handshake patterns by [[pioneer:trevor-perrin|Trevor Perrin]] β pick a pattern (IK, XX, NK), plug in DH curve + cipher + hash, get a complete handshake. Powers [[wireguard|WireGuard]], WhatsApp, Signal, and Lightning Network.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Noise_Protocol_Framework',
+ category: 'security'
},
{
- id: 'wg-handshake-initiation',
- term: 'WireGuard Handshake Initiation (type=1)',
- definition:
- "First message of the [[wireguard|WireGuard]] {{noise-ik|Noise_IKpsk2}} handshake β 148 bytes. Carries the initiator's ephemeral pubkey, an {{aead|AEAD}}-encrypted copy of its static pubkey, a {{wg-tai64n|TAI64N}} timestamp, and the {{wg-mac1|MAC1}}/{{wg-mac2|MAC2}} cookie pair.",
- category: 'security'
+ id: 'wg-handshake-initiation',
+ term: 'WireGuard Handshake Initiation (type=1)',
+ definition:
+ "First message of the [[wireguard|WireGuard]] {{noise-ik|Noise_IKpsk2}} handshake β 148 bytes. Carries the initiator's ephemeral pubkey, an {{aead|AEAD}}-encrypted copy of its static pubkey, a {{wg-tai64n|TAI64N}} timestamp, and the {{wg-mac1|MAC1}}/{{wg-mac2|MAC2}} cookie pair.",
+ category: 'security'
},
{
- id: 'wg-handshake-response',
- term: 'WireGuard Handshake Response (type=2)',
- definition:
- "Second message of the [[wireguard|WireGuard]] handshake β 92 bytes. The responder's ephemeral pubkey, an {{aead|AEAD}}-encrypted empty payload (proves key agreement), and {{wg-mac1|MAC1}}/{{wg-mac2|MAC2}}. After this, both peers hold matching {{chacha20-poly1305|ChaCha20-Poly1305}} keys.",
- category: 'security'
+ id: 'wg-handshake-response',
+ term: 'WireGuard Handshake Response (type=2)',
+ definition:
+ "Second message of the [[wireguard|WireGuard]] handshake β 92 bytes. The responder's ephemeral pubkey, an {{aead|AEAD}}-encrypted empty payload (proves key agreement), and {{wg-mac1|MAC1}}/{{wg-mac2|MAC2}}. After this, both peers hold matching {{chacha20-poly1305|ChaCha20-Poly1305}} keys.",
+ category: 'security'
},
{
- id: 'wg-transport-data',
- term: 'WireGuard Transport Data (type=4)',
- definition:
- "Steady-state [[wireguard|WireGuard]] {{packet|packet}} carrying an encrypted inner [[ip|IP]] payload. 16-byte header (type + receiver-index + 64-bit counter) + {{aead|AEAD}} ciphertext + 16-byte {{poly1305|Poly1305}} tag. Counter doubles as both the nonce and {{anti-replay|anti-replay}} sequence number.",
- category: 'security'
+ id: 'wg-transport-data',
+ term: 'WireGuard Transport Data (type=4)',
+ definition:
+ 'Steady-state [[wireguard|WireGuard]] {{packet|packet}} carrying an encrypted inner [[ip|IP]] payload. 16-byte header (type + receiver-index + 64-bit counter) + {{aead|AEAD}} ciphertext + 16-byte {{poly1305|Poly1305}} tag. Counter doubles as both the nonce and {{anti-replay|anti-replay}} sequence number.',
+ category: 'security'
},
{
- id: 'wg-ephemeral-key',
- term: 'Ephemeral Key (WireGuard)',
- definition:
- "Single-use Curve25519 key pair generated fresh for each [[wireguard|WireGuard]] {{handshake|handshake}}. Provides {{forward-secrecy|forward secrecy}}: even if the long-term static key leaks later, past session keys cannot be recovered.",
- category: 'security'
+ id: 'wg-ephemeral-key',
+ term: 'Ephemeral Key (WireGuard)',
+ definition:
+ 'Single-use Curve25519 key pair generated fresh for each [[wireguard|WireGuard]] {{handshake|handshake}}. Provides {{forward-secrecy|forward secrecy}}: even if the long-term static key leaks later, past session keys cannot be recovered.',
+ category: 'security'
},
{
- id: 'wg-tai64n',
- term: 'TAI64N timestamp',
- definition:
- "12-byte time-of-day stamp embedded in the [[wireguard|WireGuard]] {{wg-handshake-initiation|Handshake Initiation}}. Lets the responder reject replayed initiations that are older than the most recent one seen β without keeping per-peer replay tables.",
- wikiUrl: 'https://cr.yp.to/libtai/tai64.html',
- category: 'security'
+ id: 'wg-tai64n',
+ term: 'TAI64N timestamp',
+ definition:
+ '12-byte time-of-day stamp embedded in the [[wireguard|WireGuard]] {{wg-handshake-initiation|Handshake Initiation}}. Lets the responder reject replayed initiations that are older than the most recent one seen β without keeping per-peer replay tables.',
+ wikiUrl: 'https://cr.yp.to/libtai/tai64.html',
+ category: 'security'
},
{
- id: 'wg-mac1',
- term: 'WireGuard MAC1',
- definition:
- "First message authentication code in every [[wireguard|WireGuard]] handshake packet. Computed over the message using the responder's static public key β proves the sender already knows that pubkey. Cheap anti-amplification check.",
- category: 'security'
+ id: 'wg-mac1',
+ term: 'WireGuard MAC1',
+ definition:
+ "First message authentication code in every [[wireguard|WireGuard]] handshake packet. Computed over the message using the responder's static public key β proves the sender already knows that pubkey. Cheap anti-amplification check.",
+ category: 'security'
},
{
- id: 'wg-mac2',
- term: 'WireGuard MAC2 (Cookie)',
- definition:
- "Second [[wireguard|WireGuard]] handshake MAC, normally zero but populated with a server-issued cookie when the responder is under DoS load. Acts as a stateless rate-limiter β initiators must prove reachability before the responder spends CPU verifying signatures.",
- category: 'security'
+ id: 'wg-mac2',
+ term: 'WireGuard MAC2 (Cookie)',
+ definition:
+ 'Second [[wireguard|WireGuard]] handshake MAC, normally zero but populated with a server-issued cookie when the responder is under DoS load. Acts as a stateless rate-limiter β initiators must prove reachability before the responder spends CPU verifying signatures.',
+ category: 'security'
},
{
- id: 'post-quantum',
- term: 'Post-Quantum Cryptography (PQC)',
- definition:
- "Algorithms believed to resist attacks by future large-scale quantum computers β e.g., {{ml-kem|ML-KEM}}, ML-DSA, SLH-DSA (NIST FIPS 203/204/205, 2024). Being added to [[tls|TLS]], [[ssh|SSH]], [[ipsec|IPsec]] via hybrid handshakes that mix PQC with classical {{ecdh|ECDH}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Post-quantum_cryptography',
- category: 'security'
+ id: 'post-quantum',
+ term: 'Post-Quantum Cryptography (PQC)',
+ definition:
+ 'Algorithms believed to resist attacks by future large-scale quantum computers β e.g., {{ml-kem|ML-KEM}}, ML-DSA, SLH-DSA (NIST FIPS 203/204/205, 2024). Being added to [[tls|TLS]], [[ssh|SSH]], [[ipsec|IPsec]] via hybrid handshakes that mix PQC with classical {{ecdh|ECDH}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Post-quantum_cryptography',
+ category: 'security'
},
{
- id: 'kem',
- term: 'KEM (Key Encapsulation Mechanism)',
- definition:
- "Cryptographic primitive for transmitting a symmetric key under a recipient's {{public-key|public key}}. {{post-quantum|Post-quantum}} {{ml-kem|ML-KEM}} is a KEM, as is classical RSA-KEM. KEMs replace ephemeral {{diffie-hellman|DH}} in PQC-era [[tls|TLS]] / [[ipsec|IPsec]] handshakes.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Key_encapsulation_mechanism',
- category: 'security'
+ id: 'kem',
+ term: 'KEM (Key Encapsulation Mechanism)',
+ definition:
+ "Cryptographic primitive for transmitting a symmetric key under a recipient's {{public-key|public key}}. {{post-quantum|Post-quantum}} {{ml-kem|ML-KEM}} is a KEM, as is classical RSA-KEM. KEMs replace ephemeral {{diffie-hellman|DH}} in PQC-era [[tls|TLS]] / [[ipsec|IPsec]] handshakes.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Key_encapsulation_mechanism',
+ category: 'security'
},
{
- id: 'ipsec-ike-sa-init',
- term: 'IKE_SA_INIT',
- definition:
- "First [[ipsec|IPsec]] {{ike|IKEv2}} exchange β proposes a {{cipher-suite|cipher suite}}, runs {{diffie-hellman|Diffie-Hellman}} / {{ecdh|ECDH}} / {{kem|KEM}}, exchanges {{nonce|Nonces}}, and runs {{ipsec-nat-detection|NAT_DETECTION}}. No {{encryption|encryption}} yet β keys don't exist until this completes.",
- category: 'security'
+ id: 'ipsec-ike-sa-init',
+ term: 'IKE_SA_INIT',
+ definition:
+ "First [[ipsec|IPsec]] {{ike|IKEv2}} exchange β proposes a {{cipher-suite|cipher suite}}, runs {{diffie-hellman|Diffie-Hellman}} / {{ecdh|ECDH}} / {{kem|KEM}}, exchanges {{nonce|Nonces}}, and runs {{ipsec-nat-detection|NAT_DETECTION}}. No {{encryption|encryption}} yet β keys don't exist until this completes.",
+ category: 'security'
},
{
- id: 'ipsec-ike-intermediate',
- term: 'IKE_INTERMEDIATE',
- definition:
- "[[ipsec|IPsec]] {{ike|IKEv2}} exchange added by [[rfc:9242|RFC 9242]] to ship large {{post-quantum|post-quantum}} keys ({{ml-kem|ML-KEM-1024}} ~ 1.5 KB) that won't fit in a single {{ipsec-ike-sa-init|IKE_SA_INIT}} [[udp|UDP]] datagram. Runs encrypted, before identity is revealed; can chain extra {{kem|KEMs}} per [[rfc:9370|RFC 9370]].",
- category: 'security'
+ id: 'ipsec-ike-intermediate',
+ term: 'IKE_INTERMEDIATE',
+ definition:
+ "[[ipsec|IPsec]] {{ike|IKEv2}} exchange added by [[rfc:9242|RFC 9242]] to ship large {{post-quantum|post-quantum}} keys ({{ml-kem|ML-KEM-1024}} ~ 1.5 KB) that won't fit in a single {{ipsec-ike-sa-init|IKE_SA_INIT}} [[udp|UDP]] datagram. Runs encrypted, before identity is revealed; can chain extra {{kem|KEMs}} per [[rfc:9370|RFC 9370]].",
+ category: 'security'
},
{
- id: 'ipsec-ike-auth',
- term: 'IKE_AUTH',
- definition:
- "Second [[ipsec|IPsec]] {{ike|IKEv2}} exchange. Carries the identities (`IDi`, `IDr`), authenticates the {{ipsec-ike-sa-init|IKE_SA_INIT}} transcript (with {{rsa|RSA}}/{{ecdsa|ECDSA}} {{certificate|certs}}, {{psk|PSK}}, or {{eap|EAP}}), and negotiates the first {{child-sa|Child SA}}.",
- category: 'security'
+ id: 'ipsec-ike-auth',
+ term: 'IKE_AUTH',
+ definition:
+ 'Second [[ipsec|IPsec]] {{ike|IKEv2}} exchange. Carries the identities (`IDi`, `IDr`), authenticates the {{ipsec-ike-sa-init|IKE_SA_INIT}} transcript (with {{rsa|RSA}}/{{ecdsa|ECDSA}} {{certificate|certs}}, {{psk|PSK}}, or {{eap|EAP}}), and negotiates the first {{child-sa|Child SA}}.',
+ category: 'security'
},
{
- id: 'ipsec-create-child-sa',
- term: 'CREATE_CHILD_SA',
- definition:
- "[[ipsec|IPsec]] {{ike|IKEv2}} exchange used both to add new {{child-sa|Child SAs}} and to rekey existing ones (with the `REKEY_SA` notify). Optional fresh {{diffie-hellman|DH}}/{{kem|KEM}} provides {{pfs|Perfect Forward Secrecy}}.",
- category: 'security'
+ id: 'ipsec-create-child-sa',
+ term: 'CREATE_CHILD_SA',
+ definition:
+ '[[ipsec|IPsec]] {{ike|IKEv2}} exchange used both to add new {{child-sa|Child SAs}} and to rekey existing ones (with the `REKEY_SA` notify). Optional fresh {{diffie-hellman|DH}}/{{kem|KEM}} provides {{pfs|Perfect Forward Secrecy}}.',
+ category: 'security'
},
{
- id: 'ipsec-informational',
- term: 'INFORMATIONAL (IKEv2)',
- definition:
- "Encrypted [[ipsec|IPsec]] {{ike|IKEv2}} exchange for housekeeping β DELETE notifications when a {{security-association|SA}} expires, dead-peer-detection liveness probes, MOBIKE address updates, error messages.",
- category: 'security'
+ id: 'ipsec-informational',
+ term: 'INFORMATIONAL (IKEv2)',
+ definition:
+ 'Encrypted [[ipsec|IPsec]] {{ike|IKEv2}} exchange for housekeeping β DELETE notifications when a {{security-association|SA}} expires, dead-peer-detection liveness probes, MOBIKE address updates, error messages.',
+ category: 'security'
},
{
- id: 'ipsec-nat-detection',
- term: 'NAT_DETECTION (IKEv2)',
- definition:
- "Pair of hash payloads exchanged in {{ipsec-ike-sa-init|IKE_SA_INIT}}: each side hashes its own and peer's IP/port and compares with what arrived. A mismatch means one of them is behind {{nat|NAT}} β triggers UDP-encapsulation of {{esp|ESP}} on port 4500 (NAT-T).",
- category: 'security'
+ id: 'ipsec-nat-detection',
+ term: 'NAT_DETECTION (IKEv2)',
+ definition:
+ "Pair of hash payloads exchanged in {{ipsec-ike-sa-init|IKE_SA_INIT}}: each side hashes its own and peer's IP/port and compares with what arrived. A mismatch means one of them is behind {{nat|NAT}} β triggers UDP-encapsulation of {{esp|ESP}} on port 4500 (NAT-T).",
+ category: 'security'
},
{
- id: 'ipsec-skeyseed',
- term: 'SKEYSEED',
- definition:
- "The seed value [[ipsec|IPsec]] {{ike|IKEv2}} derives from the {{ipsec-ike-sa-init|IKE_SA_INIT}} Diffie-Hellman shared secret plus the two {{nonce|Nonces}}. All subsequent {{ike-sa|IKE SA}} keys (`SK_d`, `SK_e`, `SK_a`, `SK_p`) are expanded from SKEYSEED via the prf.",
- category: 'security'
+ id: 'ipsec-skeyseed',
+ term: 'SKEYSEED',
+ definition:
+ 'The seed value [[ipsec|IPsec]] {{ike|IKEv2}} derives from the {{ipsec-ike-sa-init|IKE_SA_INIT}} Diffie-Hellman shared secret plus the two {{nonce|Nonces}}. All subsequent {{ike-sa|IKE SA}} keys (`SK_d`, `SK_e`, `SK_a`, `SK_p`) are expanded from SKEYSEED via the prf.',
+ category: 'security'
},
{
- id: 'kerberos-kdc',
- term: 'KDC (Key Distribution Center)',
- definition:
- "Central trusted server in [[kerberos|Kerberos]] β split into the Authentication Service (AS, issues {{kerberos-tgt|TGTs}}) and the {{kerberos-tgs|Ticket Granting Service}} (TGS, issues service tickets). Knows every principal's long-term key; never speaks to services directly.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Key_distribution_center',
- category: 'security'
+ id: 'kerberos-kdc',
+ term: 'KDC (Key Distribution Center)',
+ definition:
+ "Central trusted server in [[kerberos|Kerberos]] β split into the Authentication Service (AS, issues {{kerberos-tgt|TGTs}}) and the {{kerberos-tgs|Ticket Granting Service}} (TGS, issues service tickets). Knows every principal's long-term key; never speaks to services directly.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Key_distribution_center',
+ category: 'security'
},
{
- id: 'kerberos-tgs',
- term: 'Ticket Granting Service (TGS)',
- definition:
- "Half of the [[kerberos|Kerberos]] {{kerberos-kdc|KDC}}. Accepts a {{kerberos-tgt|TGT}} + {{kerberos-authenticator|authenticator}} ({{kerberos-tgs-req|TGS-REQ}}) and returns a {{kerberos-service-ticket|service ticket}} for the requested service ({{kerberos-tgs-rep|TGS-REP}}).",
- category: 'security'
+ id: 'kerberos-tgs',
+ term: 'Ticket Granting Service (TGS)',
+ definition:
+ 'Half of the [[kerberos|Kerberos]] {{kerberos-kdc|KDC}}. Accepts a {{kerberos-tgt|TGT}} + {{kerberos-authenticator|authenticator}} ({{kerberos-tgs-req|TGS-REQ}}) and returns a {{kerberos-service-ticket|service ticket}} for the requested service ({{kerberos-tgs-rep|TGS-REP}}).',
+ category: 'security'
},
{
- id: 'kerberos-tgt',
- term: 'TGT (Ticket Granting Ticket)',
- definition:
- "Time-bounded [[kerberos|Kerberos]] credential issued by the Authentication Service in {{kerberos-as-rep|AS-REP}}. {{encryption|Encrypted}} under the {{kerberos-krbtgt|krbtgt}} key (only the KDC reads it). Lets the client request {{kerberos-service-ticket|service tickets}} without re-entering its password β typically valid 10 hours.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Ticket_Granting_Ticket',
- category: 'security'
+ id: 'kerberos-tgt',
+ term: 'TGT (Ticket Granting Ticket)',
+ definition:
+ 'Time-bounded [[kerberos|Kerberos]] credential issued by the Authentication Service in {{kerberos-as-rep|AS-REP}}. {{encryption|Encrypted}} under the {{kerberos-krbtgt|krbtgt}} key (only the KDC reads it). Lets the client request {{kerberos-service-ticket|service tickets}} without re-entering its password β typically valid 10 hours.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Ticket_Granting_Ticket',
+ category: 'security'
},
{
- id: 'kerberos-krbtgt',
- term: 'krbtgt',
- definition:
- "Special [[kerberos|Kerberos]] {{kerberos-principal|principal}} whose long-term key encrypts every {{kerberos-tgt|TGT}}. Compromise of the krbtgt password hash = the famous *Golden Ticket* attack: an attacker can mint TGTs for any user in the realm.",
- category: 'security'
+ id: 'kerberos-krbtgt',
+ term: 'krbtgt',
+ definition:
+ 'Special [[kerberos|Kerberos]] {{kerberos-principal|principal}} whose long-term key encrypts every {{kerberos-tgt|TGT}}. Compromise of the krbtgt password hash = the famous *Golden Ticket* attack: an attacker can mint TGTs for any user in the realm.',
+ category: 'security'
},
{
- id: 'kerberos-principal',
- term: 'Kerberos Principal',
- definition:
- "Named identity in a [[kerberos|Kerberos]] realm β either a user (`alice@EXAMPLE.COM`) or a service (`HTTP/web1.example.com@EXAMPLE.COM`). Each principal has a long-term key derived from its password (users) or stored in a {{kerberos-keytab|keytab}} (services).",
- category: 'security'
+ id: 'kerberos-principal',
+ term: 'Kerberos Principal',
+ definition:
+ 'Named identity in a [[kerberos|Kerberos]] realm β either a user (`alice@EXAMPLE.COM`) or a service (`HTTP/web1.example.com@EXAMPLE.COM`). Each principal has a long-term key derived from its password (users) or stored in a {{kerberos-keytab|keytab}} (services).',
+ category: 'security'
},
{
- id: 'kerberos-authenticator',
- term: 'Kerberos Authenticator',
- definition:
- "Small encrypted blob the client builds fresh per request β typically containing a timestamp and the client's principal. {{encryption|Encrypted}} under the session key inside whichever ticket it accompanies. Proves the client *just now* holds the key β not just that it once did.",
- category: 'security'
+ id: 'kerberos-authenticator',
+ term: 'Kerberos Authenticator',
+ definition:
+ "Small encrypted blob the client builds fresh per request β typically containing a timestamp and the client's principal. {{encryption|Encrypted}} under the session key inside whichever ticket it accompanies. Proves the client *just now* holds the key β not just that it once did.",
+ category: 'security'
},
{
- id: 'kerberos-keytab',
- term: 'Kerberos Keytab',
- definition:
- "File on a service host that stores the long-term keys for service {{kerberos-principal|principals}}. The service uses its keytab to decrypt incoming {{kerberos-service-ticket|service tickets}} in {{kerberos-ap-req|AP-REQ}} β without contacting the {{kerberos-kdc|KDC}}.",
- category: 'security'
+ id: 'kerberos-keytab',
+ term: 'Kerberos Keytab',
+ definition:
+ 'File on a service host that stores the long-term keys for service {{kerberos-principal|principals}}. The service uses its keytab to decrypt incoming {{kerberos-service-ticket|service tickets}} in {{kerberos-ap-req|AP-REQ}} β without contacting the {{kerberos-kdc|KDC}}.',
+ category: 'security'
},
{
- id: 'kerberos-service-ticket',
- term: 'Kerberos Service Ticket',
- definition:
- "Per-service [[kerberos|Kerberos]] credential returned in {{kerberos-tgs-rep|TGS-REP}}. {{encryption|Encrypted}} under the target service's long-term key (so only that service can read it), containing the client identity and a fresh client<->service session key.",
- category: 'security'
+ id: 'kerberos-service-ticket',
+ term: 'Kerberos Service Ticket',
+ definition:
+ "Per-service [[kerberos|Kerberos]] credential returned in {{kerberos-tgs-rep|TGS-REP}}. {{encryption|Encrypted}} under the target service's long-term key (so only that service can read it), containing the client identity and a fresh client<->service session key.",
+ category: 'security'
},
{
- id: 'kerberos-pa-enc-timestamp',
- term: 'PA-ENC-TIMESTAMP',
- definition:
- "Pre-authentication data attached to a [[kerberos|Kerberos]] {{kerberos-as-req|AS-REQ}}: a fresh timestamp {{encryption|encrypted}} under the user's password-derived key. Lets the {{kerberos-kdc|KDC}} verify the user knows their password before issuing a {{kerberos-tgt|TGT}} β blocks offline-cracking attacks on AS-REP.",
- category: 'security'
+ id: 'kerberos-pa-enc-timestamp',
+ term: 'PA-ENC-TIMESTAMP',
+ definition:
+ "Pre-authentication data attached to a [[kerberos|Kerberos]] {{kerberos-as-req|AS-REQ}}: a fresh timestamp {{encryption|encrypted}} under the user's password-derived key. Lets the {{kerberos-kdc|KDC}} verify the user knows their password before issuing a {{kerberos-tgt|TGT}} β blocks offline-cracking attacks on AS-REP.",
+ category: 'security'
},
{
- id: 'kerberos-as-req',
- term: 'Kerberos AS-REQ',
- definition:
- "First [[kerberos|Kerberos]] message β client to {{kerberos-kdc|KDC}} Authentication Service. Carries the client's {{kerberos-principal|principal}} name, requested {{kerberos-tgt|TGT}} options, and {{kerberos-pa-enc-timestamp|PA-ENC-TIMESTAMP}}.",
- category: 'security'
+ id: 'kerberos-as-req',
+ term: 'Kerberos AS-REQ',
+ definition:
+ "First [[kerberos|Kerberos]] message β client to {{kerberos-kdc|KDC}} Authentication Service. Carries the client's {{kerberos-principal|principal}} name, requested {{kerberos-tgt|TGT}} options, and {{kerberos-pa-enc-timestamp|PA-ENC-TIMESTAMP}}.",
+ category: 'security'
},
{
- id: 'kerberos-as-rep',
- term: 'Kerberos AS-REP',
- definition:
- "{{kerberos-kdc|KDC}} response to a successful {{kerberos-as-req|AS-REQ}}. Carries the {{kerberos-tgt|TGT}} ({{encryption|encrypted}} under {{kerberos-krbtgt|krbtgt}}) and the new session key (encrypted under the user's long-term key).",
- category: 'security'
+ id: 'kerberos-as-rep',
+ term: 'Kerberos AS-REP',
+ definition:
+ "{{kerberos-kdc|KDC}} response to a successful {{kerberos-as-req|AS-REQ}}. Carries the {{kerberos-tgt|TGT}} ({{encryption|encrypted}} under {{kerberos-krbtgt|krbtgt}}) and the new session key (encrypted under the user's long-term key).",
+ category: 'security'
},
{
- id: 'kerberos-tgs-req',
- term: 'Kerberos TGS-REQ',
- definition:
- "Request from a [[kerberos|Kerberos]] client to the {{kerberos-tgs|Ticket Granting Service}}: give me a ticket for service X. Carries the {{kerberos-tgt|TGT}} and a fresh {{kerberos-authenticator|authenticator}} encrypted under the TGT's session key.",
- category: 'security'
+ id: 'kerberos-tgs-req',
+ term: 'Kerberos TGS-REQ',
+ definition:
+ "Request from a [[kerberos|Kerberos]] client to the {{kerberos-tgs|Ticket Granting Service}}: give me a ticket for service X. Carries the {{kerberos-tgt|TGT}} and a fresh {{kerberos-authenticator|authenticator}} encrypted under the TGT's session key.",
+ category: 'security'
},
{
- id: 'kerberos-tgs-rep',
- term: 'Kerberos TGS-REP',
- definition:
- "{{kerberos-tgs|TGS}} response to a successful {{kerberos-tgs-req|TGS-REQ}}: returns a {{kerberos-service-ticket|service ticket}} (encrypted under the service's long-term key) plus the new client<->service session key.",
- category: 'security'
+ id: 'kerberos-tgs-rep',
+ term: 'Kerberos TGS-REP',
+ definition:
+ "{{kerberos-tgs|TGS}} response to a successful {{kerberos-tgs-req|TGS-REQ}}: returns a {{kerberos-service-ticket|service ticket}} (encrypted under the service's long-term key) plus the new client<->service session key.",
+ category: 'security'
},
{
- id: 'kerberos-ap-req',
- term: 'Kerberos AP-REQ',
- definition:
- "Message the client sends *to the service* (not the KDC): the {{kerberos-service-ticket|service ticket}} plus a fresh {{kerberos-authenticator|authenticator}}. The service decrypts with its {{kerberos-keytab|keytab}}, verifies the authenticator's timestamp is within Β±5 min, and authenticates the client.",
- category: 'security'
+ id: 'kerberos-ap-req',
+ term: 'Kerberos AP-REQ',
+ definition:
+ "Message the client sends *to the service* (not the KDC): the {{kerberos-service-ticket|service ticket}} plus a fresh {{kerberos-authenticator|authenticator}}. The service decrypts with its {{kerberos-keytab|keytab}}, verifies the authenticator's timestamp is within Β±5 min, and authenticates the client.",
+ category: 'security'
},
{
- id: 'kerberos-ap-rep',
- term: 'Kerberos AP-REP',
- definition:
- "Optional reply from the service to the client β an encrypted timestamp proving the service also knows the session key. Provides mutual authentication: client now knows the service is genuine, not an impostor with a stolen ticket.",
- category: 'security'
+ id: 'kerberos-ap-rep',
+ term: 'Kerberos AP-REP',
+ definition:
+ 'Optional reply from the service to the client β an encrypted timestamp proving the service also knows the session key. Provides mutual authentication: client now knows the service is genuine, not an impostor with a stolen ticket.',
+ category: 'security'
},
{
- id: 'nameserver',
- term: 'Nameserver',
- definition:
- "A [[dns|DNS]] server that holds and serves zone data. Three flavors matter: **root** (knows the {{tld|TLDs}}), **TLD** (knows the registrars' authoritative servers), and **authoritative** (the final source of truth for a domain's records).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Name_server',
- category: 'infrastructure'
+ id: 'nameserver',
+ term: 'Nameserver',
+ definition:
+ "A [[dns|DNS]] server that holds and serves zone data. Three flavors matter: **root** (knows the {{tld|TLDs}}), **TLD** (knows the registrars' authoritative servers), and **authoritative** (the final source of truth for a domain's records).",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Name_server',
+ category: 'infrastructure'
},
{
- id: 'tld',
- term: 'TLD (Top-Level Domain)',
- definition:
- "The rightmost label of a domain name β `.com`, `.org`, `.net`, country codes like `.uk`. Run by registries (Verisign for `.com`); their {{nameserver|nameservers}} know which {{authoritative-nameserver|authoritative server}} owns each second-level domain.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Top-level_domain',
- category: 'infrastructure'
+ id: 'tld',
+ term: 'TLD (Top-Level Domain)',
+ definition:
+ 'The rightmost label of a domain name β `.com`, `.org`, `.net`, country codes like `.uk`. Run by registries (Verisign for `.com`); their {{nameserver|nameservers}} know which {{authoritative-nameserver|authoritative server}} owns each second-level domain.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Top-level_domain',
+ category: 'infrastructure'
},
{
- id: 'root-server',
- term: 'Root Nameserver',
- definition:
- "One of 13 logical {{nameserver|nameservers}} (`a.root-servers.net` β¦ `m.root-servers.net`, replicated globally via {{anycast|anycast}}) that anchor the [[dns|DNS]] hierarchy. They don't know specific domains β they just know which {{tld|TLD}} server to ask next.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Root_name_server',
- category: 'infrastructure'
+ id: 'root-server',
+ term: 'Root Nameserver',
+ definition:
+ "One of 13 logical {{nameserver|nameservers}} (`a.root-servers.net` β¦ `m.root-servers.net`, replicated globally via {{anycast|anycast}}) that anchor the [[dns|DNS]] hierarchy. They don't know specific domains β they just know which {{tld|TLD}} server to ask next.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Root_name_server',
+ category: 'infrastructure'
},
{
- id: 'authoritative-nameserver',
- term: 'Authoritative Nameserver',
- definition:
- "A {{nameserver|nameserver}} that holds the definitive records for a domain (set by the registrant). Returns *answers*, not referrals β the final stop in {{iterative-resolution|iterative resolution}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server',
- category: 'infrastructure'
+ id: 'authoritative-nameserver',
+ term: 'Authoritative Nameserver',
+ definition:
+ 'A {{nameserver|nameserver}} that holds the definitive records for a domain (set by the registrant). Returns *answers*, not referrals β the final stop in {{iterative-resolution|iterative resolution}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server',
+ category: 'infrastructure'
},
{
- id: 'recursive-resolver',
- term: 'Recursive Resolver',
- definition:
- "A [[dns|DNS]] server that does the legwork of resolution on the client's behalf β walks the hierarchy ({{root-server|root}} β {{tld|TLD}} β {{authoritative-nameserver|authoritative}}) and returns the final answer. Caches aggressively. Operated by ISPs and public services like `1.1.1.1` or `8.8.8.8`.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Domain_Name_System#DNS_resolvers',
- category: 'infrastructure'
+ id: 'recursive-resolver',
+ term: 'Recursive Resolver',
+ definition:
+ "A [[dns|DNS]] server that does the legwork of resolution on the client's behalf β walks the hierarchy ({{root-server|root}} β {{tld|TLD}} β {{authoritative-nameserver|authoritative}}) and returns the final answer. Caches aggressively. Operated by ISPs and public services like `1.1.1.1` or `8.8.8.8`.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Domain_Name_System#DNS_resolvers',
+ category: 'infrastructure'
},
{
- id: 'iterative-resolution',
- term: 'Iterative Resolution',
- definition:
- "DNS lookup strategy where the {{recursive-resolver|resolver}} walks the hierarchy itself β each {{nameserver|nameserver}} answers *go ask this other server* (a referral), not the final answer, until an {{authoritative-nameserver|authoritative}} server replies with the record.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Domain_Name_System#DNS_resolvers',
- category: 'protocol-mechanics'
+ id: 'iterative-resolution',
+ term: 'Iterative Resolution',
+ definition:
+ 'DNS lookup strategy where the {{recursive-resolver|resolver}} walks the hierarchy itself β each {{nameserver|nameserver}} answers *go ask this other server* (a referral), not the final answer, until an {{authoritative-nameserver|authoritative}} server replies with the record.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Domain_Name_System#DNS_resolvers',
+ category: 'protocol-mechanics'
},
{
- id: 'a-record',
- term: 'A Record',
- definition:
- "Address record β maps a domain name to a 32-bit IPv4 address. The most basic [[dns|DNS]] record type; the answer to *what's `example.com`'s IP?*.",
- wikiUrl: 'https://en.wikipedia.org/wiki/List_of_DNS_record_types',
- category: 'infrastructure'
+ id: 'a-record',
+ term: 'A Record',
+ definition:
+ "Address record β maps a domain name to a 32-bit IPv4 address. The most basic [[dns|DNS]] record type; the answer to *what's `example.com`'s IP?*.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/List_of_DNS_record_types',
+ category: 'infrastructure'
},
{
- id: 'aaaa-record',
- term: 'AAAA Record',
- definition:
- "Quad-A record β maps a domain name to a 128-bit [[ipv6|IPv6]] address. The [[ipv6|IPv6]] counterpart to the {{a-record|A record}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IPv6_address#Domain_Name_System',
- category: 'infrastructure'
+ id: 'aaaa-record',
+ term: 'AAAA Record',
+ definition:
+ 'Quad-A record β maps a domain name to a 128-bit [[ipv6|IPv6]] address. The [[ipv6|IPv6]] counterpart to the {{a-record|A record}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IPv6_address#Domain_Name_System',
+ category: 'infrastructure'
},
{
- id: 'cname-record',
- term: 'CNAME Record',
- definition:
- "Canonical Name record. A [[dns|DNS]] alias β *`www.example.com` is really called `example.com`*. Resolvers chase the chain until they hit an {{a-record|A}}/{{aaaa-record|AAAA}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/CNAME_record',
- category: 'infrastructure'
+ id: 'cname-record',
+ term: 'CNAME Record',
+ definition:
+ 'Canonical Name record. A [[dns|DNS]] alias β *`www.example.com` is really called `example.com`*. Resolvers chase the chain until they hit an {{a-record|A}}/{{aaaa-record|AAAA}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/CNAME_record',
+ category: 'infrastructure'
},
{
- id: 'ns-record',
- term: 'NS Record',
- definition:
- "Nameserver record. Delegates a [[dns|DNS]] zone to a set of {{authoritative-nameserver|authoritative nameservers}}. How the parent zone (e.g. `.com`) points to the child zone's nameservers.",
- wikiUrl: 'https://en.wikipedia.org/wiki/List_of_DNS_record_types#NS',
- category: 'infrastructure'
+ id: 'ns-record',
+ term: 'NS Record',
+ definition:
+ "Nameserver record. Delegates a [[dns|DNS]] zone to a set of {{authoritative-nameserver|authoritative nameservers}}. How the parent zone (e.g. `.com`) points to the child zone's nameservers.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/List_of_DNS_record_types#NS',
+ category: 'infrastructure'
},
{
- id: 'dora',
- term: 'DORA (Discover, Offer, Request, Ack)',
- definition:
- "The mnemonic for the four-message [[dhcp|DHCP]] {{handshake|exchange}}: **D**ISCOVER (client broadcasts), **O**FFER (server proposes), **R**EQUEST (client accepts), **A**CK (server confirms). Yields an {{ip-address|IP address}}, gateway, [[dns|DNS]] settings, and {{dhcp-lease|lease}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Operation',
- category: 'protocol-mechanics'
+ id: 'dora',
+ term: 'DORA (Discover, Offer, Request, Ack)',
+ definition:
+ 'The mnemonic for the four-message [[dhcp|DHCP]] {{handshake|exchange}}: **D**ISCOVER (client broadcasts), **O**FFER (server proposes), **R**EQUEST (client accepts), **A**CK (server confirms). Yields an {{ip-address|IP address}}, gateway, [[dns|DNS]] settings, and {{dhcp-lease|lease}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Operation',
+ category: 'protocol-mechanics'
},
{
- id: 'dhcp-discover',
- term: 'DHCPDISCOVER',
- definition:
- "The first message of the {{dora|DORA}} {{handshake|exchange}}. A new client {{broadcast|broadcasts}} *I need an IP* from `0.0.0.0` to `255.255.255.255` so any [[dhcp|DHCP]] server on the {{lan|LAN}} can hear it.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol',
- category: 'protocol-mechanics'
+ id: 'dhcp-discover',
+ term: 'DHCPDISCOVER',
+ definition:
+ 'The first message of the {{dora|DORA}} {{handshake|exchange}}. A new client {{broadcast|broadcasts}} *I need an IP* from `0.0.0.0` to `255.255.255.255` so any [[dhcp|DHCP]] server on the {{lan|LAN}} can hear it.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'dhcp-offer',
- term: 'DHCPOFFER',
- definition:
- "The server's reply in the {{dora|DORA}} {{handshake|exchange}}: *here's a candidate {{ip-address|IP}} from my pool, plus a {{dhcp-lease|lease}} time*. Multiple servers may offer; the client picks one.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol',
- category: 'protocol-mechanics'
+ id: 'dhcp-offer',
+ term: 'DHCPOFFER',
+ definition:
+ "The server's reply in the {{dora|DORA}} {{handshake|exchange}}: *here's a candidate {{ip-address|IP}} from my pool, plus a {{dhcp-lease|lease}} time*. Multiple servers may offer; the client picks one.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'dhcp-request',
- term: 'DHCPREQUEST',
- definition:
- "Third message of {{dora|DORA}}: client confirms *I'll take this offer*. Also {{broadcast|broadcast}} so other [[dhcp|DHCP]] servers know to release their offers.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol',
- category: 'protocol-mechanics'
+ id: 'dhcp-request',
+ term: 'DHCPREQUEST',
+ definition:
+ "Third message of {{dora|DORA}}: client confirms *I'll take this offer*. Also {{broadcast|broadcast}} so other [[dhcp|DHCP]] servers know to release their offers.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'dhcp-ack',
- term: 'DHCPACK',
- definition:
- "Final message of {{dora|DORA}}: server confirms the {{dhcp-lease|lease}} and ships the full network config (subnet mask, default gateway, [[dns|DNS]] servers).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol',
- category: 'protocol-mechanics'
+ id: 'dhcp-ack',
+ term: 'DHCPACK',
+ definition:
+ 'Final message of {{dora|DORA}}: server confirms the {{dhcp-lease|lease}} and ships the full network config (subnet mask, default gateway, [[dns|DNS]] servers).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'dhcp-lease',
- term: 'DHCP Lease',
- definition:
- "A time-bounded grant of an {{ip-address|IP address}} by a [[dhcp|DHCP]] server. Clients renew at T1 (~50%) and T2 (~87.5%) of the lease duration; if neither succeeds, they re-{{dhcp-discover|DISCOVER}} before expiry.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Lease',
- category: 'protocol-mechanics'
+ id: 'dhcp-lease',
+ term: 'DHCP Lease',
+ definition:
+ 'A time-bounded grant of an {{ip-address|IP address}} by a [[dhcp|DHCP]] server. Clients renew at T1 (~50%) and T2 (~87.5%) of the lease duration; if neither succeeds, they re-{{dhcp-discover|DISCOVER}} before expiry.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Lease',
+ category: 'protocol-mechanics'
},
{
- id: 'clock-drift',
- term: 'Clock Drift',
- definition:
- "The tendency of a hardware clock to deviate from true time. Crystal oscillators in computers gain or lose seconds per day; [[ntp|NTP]] and PTP correct for this continuously.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Clock_drift',
- category: 'networking-basics'
+ id: 'clock-drift',
+ term: 'Clock Drift',
+ definition:
+ 'The tendency of a hardware clock to deviate from true time. Crystal oscillators in computers gain or lose seconds per day; [[ntp|NTP]] and PTP correct for this continuously.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Clock_drift',
+ category: 'networking-basics'
},
{
- id: 'marzullos-algorithm',
- term: "Marzullo's Algorithm",
- definition:
- "Algorithm that finds the smallest interval consistent with the largest number of estimates, used by [[ntp|NTP]] to discard outlier time samples and converge on a single accurate offset.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Marzullo%27s_algorithm',
- category: 'protocol-mechanics'
+ id: 'marzullos-algorithm',
+ term: "Marzullo's Algorithm",
+ definition:
+ 'Algorithm that finds the smallest interval consistent with the largest number of estimates, used by [[ntp|NTP]] to discard outlier time samples and converge on a single accurate offset.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Marzullo%27s_algorithm',
+ category: 'protocol-mechanics'
},
{
- id: 'nts',
- term: 'NTS (Network Time Security)',
- definition:
- "Cryptographic extension to [[ntp|NTP]] ([[rfc:8915|RFC 8915]]) that authenticates time replies β defeats {{man-in-the-middle|MITM}} attackers who would otherwise manipulate clocks to break certificate validation.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Network_Time_Security',
- category: 'security'
+ id: 'nts',
+ term: 'NTS (Network Time Security)',
+ definition:
+ 'Cryptographic extension to [[ntp|NTP]] ([[rfc:8915|RFC 8915]]) that authenticates time replies β defeats {{man-in-the-middle|MITM}} attackers who would otherwise manipulate clocks to break certificate validation.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Network_Time_Security',
+ category: 'security'
},
{
- id: 'ping',
- term: 'ping',
- definition:
- "The simplest reachability test on the internet. Sends an [[icmp|ICMP]] {{echo-request|Echo Request}} and times the {{echo-reply|Echo Reply}} β gives you {{rtt|round-trip time}} and packet-loss percentage.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Ping_(networking_utility)',
- category: 'infrastructure'
+ id: 'ping',
+ term: 'ping',
+ definition:
+ 'The simplest reachability test on the internet. Sends an [[icmp|ICMP]] {{echo-request|Echo Request}} and times the {{echo-reply|Echo Reply}} β gives you {{rtt|round-trip time}} and packet-loss percentage.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Ping_(networking_utility)',
+ category: 'infrastructure'
},
{
- id: 'traceroute',
- term: 'traceroute',
- definition:
- "Diagnostic that maps the {{hop|hops}} between you and a destination. Sends packets with increasing {{ttl|TTL}} (1, 2, 3 β¦); each router whose TTL hits 0 returns an [[icmp|ICMP]] {{time-exceeded|Time Exceeded}}, revealing its address.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Traceroute',
- category: 'infrastructure'
+ id: 'traceroute',
+ term: 'traceroute',
+ definition:
+ 'Diagnostic that maps the {{hop|hops}} between you and a destination. Sends packets with increasing {{ttl|TTL}} (1, 2, 3 β¦); each router whose TTL hits 0 returns an [[icmp|ICMP]] {{time-exceeded|Time Exceeded}}, revealing its address.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Traceroute',
+ category: 'infrastructure'
},
{
- id: 'echo-request',
- term: 'Echo Request (ICMP Type 8)',
- definition:
- "The [[icmp|ICMP]] message {{ping|ping}} sends. Type 8 for IPv4, Type 128 for [[ipv6|IPv6]] ({{icmpv6|ICMPv6}}). Carries an identifier + sequence number; the {{echo-reply|Echo Reply}} copies them back.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Echo_request',
- category: 'protocol-mechanics'
+ id: 'echo-request',
+ term: 'Echo Request (ICMP Type 8)',
+ definition:
+ 'The [[icmp|ICMP]] message {{ping|ping}} sends. Type 8 for IPv4, Type 128 for [[ipv6|IPv6]] ({{icmpv6|ICMPv6}}). Carries an identifier + sequence number; the {{echo-reply|Echo Reply}} copies them back.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Echo_request',
+ category: 'protocol-mechanics'
},
{
- id: 'echo-reply',
- term: 'Echo Reply (ICMP Type 0)',
- definition:
- "The [[icmp|ICMP]] response to an {{echo-request|Echo Request}}. Type 0 for IPv4, Type 129 for [[ipv6|IPv6]]. The send/receive timestamps give you {{rtt|round-trip time}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Echo_reply',
- category: 'protocol-mechanics'
+ id: 'echo-reply',
+ term: 'Echo Reply (ICMP Type 0)',
+ definition:
+ 'The [[icmp|ICMP]] response to an {{echo-request|Echo Request}}. Type 0 for IPv4, Type 129 for [[ipv6|IPv6]]. The send/receive timestamps give you {{rtt|round-trip time}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Echo_reply',
+ category: 'protocol-mechanics'
},
{
- id: 'time-exceeded',
- term: 'Time Exceeded (ICMP Type 11)',
- definition:
- "[[icmp|ICMP]] error sent by a router when a packet's {{ttl|TTL}} hits 0. {{traceroute|traceroute}} relies on this β each TTL value reveals one more {{hop|hop}} along the path.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Time_exceeded',
- category: 'protocol-mechanics'
+ id: 'time-exceeded',
+ term: 'Time Exceeded (ICMP Type 11)',
+ definition:
+ "[[icmp|ICMP]] error sent by a router when a packet's {{ttl|TTL}} hits 0. {{traceroute|traceroute}} relies on this β each TTL value reveals one more {{hop|hop}} along the path.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Time_exceeded',
+ category: 'protocol-mechanics'
},
{
- id: 'arp-cache',
- term: 'ARP Cache',
- definition:
- "Per-host table of recently-learned IPβ{{mac-address|MAC}} mappings. [[arp|ARP]] consults it before broadcasting a request; entries expire after 1β5 minutes (OS-dependent) so changes propagate.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Address_Resolution_Protocol#ARP_cache',
- category: 'networking-basics'
+ id: 'arp-cache',
+ term: 'ARP Cache',
+ definition:
+ 'Per-host table of recently-learned IPβ{{mac-address|MAC}} mappings. [[arp|ARP]] consults it before broadcasting a request; entries expire after 1β5 minutes (OS-dependent) so changes propagate.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Address_Resolution_Protocol#ARP_cache',
+ category: 'networking-basics'
},
{
- id: 'arp-request',
- term: 'ARP Request',
- definition:
- "The *who has this {{ip-address|IP}}?* {{broadcast|broadcast}} sent to destination [[ethernet|Ethernet]] address `FF:FF:FF:FF:FF:FF` so every host on the {{lan|LAN}} receives and processes it.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Address_Resolution_Protocol',
- category: 'protocol-mechanics'
+ id: 'arp-request',
+ term: 'ARP Request',
+ definition:
+ 'The *who has this {{ip-address|IP}}?* {{broadcast|broadcast}} sent to destination [[ethernet|Ethernet]] address `FF:FF:FF:FF:FF:FF` so every host on the {{lan|LAN}} receives and processes it.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Address_Resolution_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'arp-reply',
- term: 'ARP Reply',
- definition:
- "The {{unicast|unicast}} response to an {{arp-request|ARP Request}} carrying the answering host's {{mac-address|MAC address}}. Only the matching host responds.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Address_Resolution_Protocol',
- category: 'protocol-mechanics'
+ id: 'arp-reply',
+ term: 'ARP Reply',
+ definition:
+ "The {{unicast|unicast}} response to an {{arp-request|ARP Request}} carrying the answering host's {{mac-address|MAC address}}. Only the matching host responds.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Address_Resolution_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'bgp-open',
- term: 'BGP OPEN',
- definition:
- "First [[bgp|BGP]] message after the [[tcp|TCP]] connection forms β peers exchange their {{asn|AS number}}, BGP version, {{hold-timer|hold time}}, and a router ID. Failure aborts the session.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol',
- category: 'protocol-mechanics'
+ id: 'bgp-open',
+ term: 'BGP OPEN',
+ definition:
+ 'First [[bgp|BGP]] message after the [[tcp|TCP]] connection forms β peers exchange their {{asn|AS number}}, BGP version, {{hold-timer|hold time}}, and a router ID. Failure aborts the session.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'bgp-update',
- term: 'BGP UPDATE',
- definition:
- "The workhorse [[bgp|BGP]] message β announces new routes (NLRI + path attributes like {{as-path|AS_PATH}}, NEXT_HOP, LOCAL_PREF, MED) or withdraws previously announced ones.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol',
- category: 'protocol-mechanics'
+ id: 'bgp-update',
+ term: 'BGP UPDATE',
+ definition:
+ 'The workhorse [[bgp|BGP]] message β announces new routes (NLRI + path attributes like {{as-path|AS_PATH}}, NEXT_HOP, LOCAL_PREF, MED) or withdraws previously announced ones.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'bgp-keepalive',
- term: 'BGP KEEPALIVE',
- definition:
- "Tiny 19-byte heartbeat sent every ~30s on quiet [[bgp|BGP]] sessions. Proves the peer is alive even when there's nothing to {{bgp-update|UPDATE}}. Resets the {{hold-timer|hold timer}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol',
- category: 'protocol-mechanics'
+ id: 'bgp-keepalive',
+ term: 'BGP KEEPALIVE',
+ definition:
+ "Tiny 19-byte heartbeat sent every ~30s on quiet [[bgp|BGP]] sessions. Proves the peer is alive even when there's nothing to {{bgp-update|UPDATE}}. Resets the {{hold-timer|hold timer}}.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'hold-timer',
- term: 'Hold Timer',
- definition:
- "How long a [[bgp|BGP]] peer waits without receiving a {{bgp-keepalive|KEEPALIVE}} or {{bgp-update|UPDATE}} before declaring the neighbor dead. Default 90s, negotiated in {{bgp-open|OPEN}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol',
- category: 'protocol-mechanics'
+ id: 'hold-timer',
+ term: 'Hold Timer',
+ definition:
+ 'How long a [[bgp|BGP]] peer waits without receiving a {{bgp-keepalive|KEEPALIVE}} or {{bgp-update|UPDATE}} before declaring the neighbor dead. Default 90s, negotiated in {{bgp-open|OPEN}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'router-solicitation',
- term: 'Router Solicitation (ICMPv6 Type 133)',
- definition:
- "{{ndp|NDP}} message a new host sends to find any routers on the link. Multicast to `ff02::2` (all-routers). Routers reply with {{router-advertisement|Router Advertisements}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
- category: 'protocol-mechanics'
+ id: 'router-solicitation',
+ term: 'Router Solicitation (ICMPv6 Type 133)',
+ definition:
+ '{{ndp|NDP}} message a new host sends to find any routers on the link. Multicast to `ff02::2` (all-routers). Routers reply with {{router-advertisement|Router Advertisements}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'router-advertisement',
- term: 'Router Advertisement (ICMPv6 Type 134)',
- definition:
- "{{ndp|NDP}} message routers send (periodically or in response to {{router-solicitation|Router Solicitation}}) carrying the link prefix, MTU, default gateway, and flags that drive [[ipv6|IPv6]] autoconfiguration ({{slaac|SLAAC}}).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
- category: 'protocol-mechanics'
+ id: 'router-advertisement',
+ term: 'Router Advertisement (ICMPv6 Type 134)',
+ definition:
+ '{{ndp|NDP}} message routers send (periodically or in response to {{router-solicitation|Router Solicitation}}) carrying the link prefix, MTU, default gateway, and flags that drive [[ipv6|IPv6]] autoconfiguration ({{slaac|SLAAC}}).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'neighbor-solicitation',
- term: 'Neighbor Solicitation (ICMPv6 Type 135)',
- definition:
- "{{ndp|NDP}} message β the [[ipv6|IPv6]] equivalent of [[arp|ARP Request]]. Asks *who has this address?*, sent to a {{solicited-node-multicast|solicited-node multicast}} address so only candidate matches process it.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
- category: 'protocol-mechanics'
+ id: 'neighbor-solicitation',
+ term: 'Neighbor Solicitation (ICMPv6 Type 135)',
+ definition:
+ '{{ndp|NDP}} message β the [[ipv6|IPv6]] equivalent of [[arp|ARP Request]]. Asks *who has this address?*, sent to a {{solicited-node-multicast|solicited-node multicast}} address so only candidate matches process it.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'neighbor-advertisement',
- term: 'Neighbor Advertisement (ICMPv6 Type 136)',
- definition:
- "{{ndp|NDP}} message β the [[ipv6|IPv6]] equivalent of [[arp|ARP Reply]]. Carries the responder's link-layer address. Also sent unsolicited when an address changes.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
- category: 'protocol-mechanics'
+ id: 'neighbor-advertisement',
+ term: 'Neighbor Advertisement (ICMPv6 Type 136)',
+ definition:
+ "{{ndp|NDP}} message β the [[ipv6|IPv6]] equivalent of [[arp|ARP Reply]]. Carries the responder's link-layer address. Also sent unsolicited when an address changes.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'solicited-node-multicast',
- term: 'Solicited-Node Multicast',
- definition:
- "An [[ipv6|IPv6]] {{multicast|multicast}} address derived from the last 24 bits of a host's address (`ff02::1:ffXX:XXXX`). {{ndp|NDP}} uses it instead of {{broadcast|broadcast}} so only ~1 of 2Β²β΄ hosts processes each query.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Solicited-node_multicast_address',
- category: 'protocol-mechanics'
+ id: 'solicited-node-multicast',
+ term: 'Solicited-Node Multicast',
+ definition:
+ "An [[ipv6|IPv6]] {{multicast|multicast}} address derived from the last 24 bits of a host's address (`ff02::1:ffXX:XXXX`). {{ndp|NDP}} uses it instead of {{broadcast|broadcast}} so only ~1 of 2Β²β΄ hosts processes each query.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Solicited-node_multicast_address',
+ category: 'protocol-mechanics'
},
{
- id: 'hop-limit',
- term: 'Hop Limit',
- definition:
- "[[ipv6|IPv6]]'s rename of {{ttl|TTL}}. Decremented by 1 at every router; hits 0 β packet dropped + {{icmpv6|ICMPv6}} Time Exceeded returned. Loop prevention.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IPv6_packet#Fixed_header',
- category: 'protocol-mechanics'
+ id: 'hop-limit',
+ term: 'Hop Limit',
+ definition:
+ "[[ipv6|IPv6]]'s rename of {{ttl|TTL}}. Decremented by 1 at every router; hits 0 β packet dropped + {{icmpv6|ICMPv6}} Time Exceeded returned. Loop prevention.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/IPv6_packet#Fixed_header',
+ category: 'protocol-mechanics'
},
{
- id: 'icmpv6',
- term: 'ICMPv6',
- definition:
- "[[icmp|ICMP]] for [[ipv6|IPv6]]. Same role β diagnostics and errors β but also carries {{ndp|NDP}}, MLD, and Router Renumbering. Mandatory; firewalls must not block it blindly.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6',
- category: 'protocol-mechanics'
+ id: 'icmpv6',
+ term: 'ICMPv6',
+ definition:
+ '[[icmp|ICMP]] for [[ipv6|IPv6]]. Same role β diagnostics and errors β but also carries {{ndp|NDP}}, MLD, and Router Renumbering. Mandatory; firewalls must not block it blindly.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6',
+ category: 'protocol-mechanics'
},
{
- id: 'router-id',
- term: 'Router ID (RID)',
- definition:
- "32-bit identifier (formatted like an IPv4 address) that uniquely identifies a router in [[ospf|OSPF]] / [[bgp|BGP]]. Usually the highest loopback or active interface address.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First#Router_ID',
- category: 'protocol-mechanics'
+ id: 'router-id',
+ term: 'Router ID (RID)',
+ definition:
+ '32-bit identifier (formatted like an IPv4 address) that uniquely identifies a router in [[ospf|OSPF]] / [[bgp|BGP]]. Usually the highest loopback or active interface address.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First#Router_ID',
+ category: 'protocol-mechanics'
},
{
- id: 'ospf-hello',
- term: 'OSPF Hello',
- definition:
- "[[ospf|OSPF]] message multicast to `224.0.0.5` every 10s on point-to-point links. Carries router ID, HelloInterval, DeadInterval, neighbors seen β must match exactly for {{adjacency|adjacency}} to form.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
- category: 'protocol-mechanics'
+ id: 'ospf-hello',
+ term: 'OSPF Hello',
+ definition:
+ '[[ospf|OSPF]] message multicast to `224.0.0.5` every 10s on point-to-point links. Carries router ID, HelloInterval, DeadInterval, neighbors seen β must match exactly for {{adjacency|adjacency}} to form.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
+ category: 'protocol-mechanics'
},
{
- id: 'dbd',
- term: 'DBD (Database Description)',
- definition:
- "[[ospf|OSPF]] message exchanged in the ExStart/{{exchange|Exchange}} state. Master/slave is elected by router ID; each side sends {{lsa|LSA}} headers (not full LSAs) so peers learn what they're missing.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
- category: 'protocol-mechanics'
+ id: 'dbd',
+ term: 'DBD (Database Description)',
+ definition:
+ "[[ospf|OSPF]] message exchanged in the ExStart/{{exchange|Exchange}} state. Master/slave is elected by router ID; each side sends {{lsa|LSA}} headers (not full LSAs) so peers learn what they're missing.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
+ category: 'protocol-mechanics'
},
{
- id: 'lsr',
- term: 'LSR (Link State Request)',
- definition:
- "[[ospf|OSPF]] message: *send me these {{lsa|LSAs}}*. Used during the Loading state to fetch full link-state records the router doesn't have or has older copies of.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
- category: 'protocol-mechanics'
+ id: 'lsr',
+ term: 'LSR (Link State Request)',
+ definition:
+ "[[ospf|OSPF]] message: *send me these {{lsa|LSAs}}*. Used during the Loading state to fetch full link-state records the router doesn't have or has older copies of.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
+ category: 'protocol-mechanics'
},
{
- id: 'lsu',
- term: 'LSU (Link State Update)',
- definition:
- "[[ospf|OSPF]] message carrying one or more {{lsa|LSAs}}. The actual link-state data β checksummed, age-stamped, sequence-numbered. Acknowledged by {{lsack|LSAck}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
- category: 'protocol-mechanics'
+ id: 'lsu',
+ term: 'LSU (Link State Update)',
+ definition:
+ '[[ospf|OSPF]] message carrying one or more {{lsa|LSAs}}. The actual link-state data β checksummed, age-stamped, sequence-numbered. Acknowledged by {{lsack|LSAck}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
+ category: 'protocol-mechanics'
},
{
- id: 'lsack',
- term: 'LSAck (Link State Acknowledgment)',
- definition:
- "[[ospf|OSPF]] message that acknowledges receipt of an {{lsu|LSU}}. Required because [[ospf|OSPF]] runs directly on [[ip|IP]] (protocol 89) without [[tcp|TCP]] β it implements its own reliable delivery.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
- category: 'protocol-mechanics'
+ id: 'lsack',
+ term: 'LSAck (Link State Acknowledgment)',
+ definition:
+ '[[ospf|OSPF]] message that acknowledges receipt of an {{lsu|LSU}}. Required because [[ospf|OSPF]] runs directly on [[ip|IP]] (protocol 89) without [[tcp|TCP]] β it implements its own reliable delivery.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
+ category: 'protocol-mechanics'
},
{
- id: 'adjacency',
- term: 'Adjacency',
- definition:
- "An [[ospf|OSPF]] relationship between two neighboring routers that has progressed through the eight-state machine (Down β Init β 2-Way β ExStart β {{exchange|Exchange}} β Loading β Full) and now exchanges link-state info.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
- category: 'protocol-mechanics'
+ id: 'adjacency',
+ term: 'Adjacency',
+ definition:
+ 'An [[ospf|OSPF]] relationship between two neighboring routers that has progressed through the eight-state machine (Down β Init β 2-Way β ExStart β {{exchange|Exchange}} β Loading β Full) and now exchanges link-state info.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First',
+ category: 'protocol-mechanics'
},
{
- id: 'fib',
- term: 'FIB (Forwarding Information Base)',
- definition:
- "The compiled, fast-lookup table that the data plane actually uses to forward packets. Derived from the {{routing-table|RIB}} but optimized for line-rate {{ip-address|IP}} matching (typically TCAM in hardware routers).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Forwarding_information_base',
- category: 'infrastructure'
+ id: 'fib',
+ term: 'FIB (Forwarding Information Base)',
+ definition:
+ 'The compiled, fast-lookup table that the data plane actually uses to forward packets. Derived from the {{routing-table|RIB}} but optimized for line-rate {{ip-address|IP}} matching (typically TCAM in hardware routers).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Forwarding_information_base',
+ category: 'infrastructure'
},
{
- id: 'beacon',
- term: 'Beacon Frame',
- definition:
- "[[wifi|Wi-Fi]] management frame broadcast by an {{access-point|AP}} ~10Γ per second. Carries the {{ssid|SSID}}, supported rates, security mode (WPA2/WPA3), and capabilities β how clients discover the network.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Beacon_frame',
- category: 'protocol-mechanics'
+ id: 'beacon',
+ term: 'Beacon Frame',
+ definition:
+ '[[wifi|Wi-Fi]] management frame broadcast by an {{access-point|AP}} ~10Γ per second. Carries the {{ssid|SSID}}, supported rates, security mode (WPA2/WPA3), and capabilities β how clients discover the network.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Beacon_frame',
+ category: 'protocol-mechanics'
},
{
- id: 'ssid',
- term: 'SSID (Service Set Identifier)',
- definition:
- "The human-readable network name advertised by a [[wifi|Wi-Fi]] {{access-point|AP}} (e.g. `MyNetwork`). Up to 32 bytes; multiple APs can share the same SSID to form an ESS.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Service_set_(802.11_network)#SSID',
- category: 'networking-basics'
+ id: 'ssid',
+ term: 'SSID (Service Set Identifier)',
+ definition:
+ 'The human-readable network name advertised by a [[wifi|Wi-Fi]] {{access-point|AP}} (e.g. `MyNetwork`). Up to 32 bytes; multiple APs can share the same SSID to form an ESS.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Service_set_(802.11_network)#SSID',
+ category: 'networking-basics'
},
{
- id: 'authentication-frame',
- term: '802.11 Authentication Frame',
- definition:
- "Legacy [[wifi|802.11]] management frame from before WPA. Today it's a formality β modern security happens in the {{wpa2-handshake|WPA2/3 4-way handshake}}. Originally for WEP shared-key auth.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11',
- category: 'protocol-mechanics'
+ id: 'authentication-frame',
+ term: '802.11 Authentication Frame',
+ definition:
+ "Legacy [[wifi|802.11]] management frame from before WPA. Today it's a formality β modern security happens in the {{wpa2-handshake|WPA2/3 4-way handshake}}. Originally for WEP shared-key auth.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11',
+ category: 'protocol-mechanics'
},
{
- id: 'association-request',
- term: 'Association Request',
- definition:
- "[[wifi|Wi-Fi]] management frame β *I want to use this network*. Carries the client's capabilities and the {{ssid|SSID}}. The {{access-point|AP}} replies with an {{association-response|Association Response}} carrying an {{aid|AID}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11',
- category: 'protocol-mechanics'
+ id: 'association-request',
+ term: 'Association Request',
+ definition:
+ "[[wifi|Wi-Fi]] management frame β *I want to use this network*. Carries the client's capabilities and the {{ssid|SSID}}. The {{access-point|AP}} replies with an {{association-response|Association Response}} carrying an {{aid|AID}}.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11',
+ category: 'protocol-mechanics'
},
{
- id: 'association-response',
- term: 'Association Response',
- definition:
- "[[wifi|Wi-Fi]] management frame from the {{access-point|AP}} accepting (or rejecting) an {{association-request|Association Request}}. On success, it carries the assigned {{aid|AID}} (1β2007).",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11',
- category: 'protocol-mechanics'
+ id: 'association-response',
+ term: 'Association Response',
+ definition:
+ '[[wifi|Wi-Fi]] management frame from the {{access-point|AP}} accepting (or rejecting) an {{association-request|Association Request}}. On success, it carries the assigned {{aid|AID}} (1β2007).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11',
+ category: 'protocol-mechanics'
},
{
- id: 'wpa2-handshake',
- term: 'WPA2 4-way Handshake',
- definition:
- "The post-association {{handshake|exchange}} that derives session keys from the {{pmk|PMK}} (passphrase): {{anonce|ANonce}} β {{snonce|SNonce}}+{{mic|MIC}} β {{gtk|GTK}}+{{mic|MIC}} β {{ack|ACK}}. Both sides prove they know the passphrase without sending it.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004#The_four-way_handshake',
- category: 'security'
+ id: 'wpa2-handshake',
+ term: 'WPA2 4-way Handshake',
+ definition:
+ 'The post-association {{handshake|exchange}} that derives session keys from the {{pmk|PMK}} (passphrase): {{anonce|ANonce}} β {{snonce|SNonce}}+{{mic|MIC}} β {{gtk|GTK}}+{{mic|MIC}} β {{ack|ACK}}. Both sides prove they know the passphrase without sending it.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004#The_four-way_handshake',
+ category: 'security'
},
{
- id: 'anonce',
- term: 'ANonce',
- definition:
- "Authenticator Nonce β the random number the {{access-point|AP}} sends in step 1 of the {{wpa2-handshake|WPA2 4-way handshake}}. Combined with the {{snonce|SNonce}} and both {{mac-address|MAC}} addresses to derive the {{ptk|PTK}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004',
- category: 'security'
+ id: 'anonce',
+ term: 'ANonce',
+ definition:
+ 'Authenticator Nonce β the random number the {{access-point|AP}} sends in step 1 of the {{wpa2-handshake|WPA2 4-way handshake}}. Combined with the {{snonce|SNonce}} and both {{mac-address|MAC}} addresses to derive the {{ptk|PTK}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004',
+ category: 'security'
},
{
- id: 'snonce',
- term: 'SNonce',
- definition:
- "Supplicant Nonce β the random number the client sends in step 2 of the {{wpa2-handshake|WPA2 4-way handshake}}. Lets each side independently derive the {{ptk|PTK}} from the {{pmk|PMK}} + nonces + MACs.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004',
- category: 'security'
+ id: 'snonce',
+ term: 'SNonce',
+ definition:
+ 'Supplicant Nonce β the random number the client sends in step 2 of the {{wpa2-handshake|WPA2 4-way handshake}}. Lets each side independently derive the {{ptk|PTK}} from the {{pmk|PMK}} + nonces + MACs.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004',
+ category: 'security'
},
{
- id: 'adv-ind',
- term: 'ADV_IND',
- definition:
- "[[bluetooth|BLE]] connectable, undirected advertising packet β the default *I'm here, talk to me* beacon. Broadcast on channels 37/38/39 at the advertising interval. Carries Flags + Service UUIDs + local name (β€31 bytes).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
- category: 'protocol-mechanics'
+ id: 'adv-ind',
+ term: 'ADV_IND',
+ definition:
+ "[[bluetooth|BLE]] connectable, undirected advertising packet β the default *I'm here, talk to me* beacon. Broadcast on channels 37/38/39 at the advertising interval. Carries Flags + Service UUIDs + local name (β€31 bytes).",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
+ category: 'protocol-mechanics'
},
{
- id: 'connect-ind',
- term: 'CONNECT_IND',
- definition:
- "[[bluetooth|BLE]] link-layer packet a Central sends in response to {{adv-ind|ADV_IND}} to open a connection. Carries the 32-bit Access Address, channel-hop pattern, connection interval, and supervision timeout.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
- category: 'protocol-mechanics'
+ id: 'connect-ind',
+ term: 'CONNECT_IND',
+ definition:
+ '[[bluetooth|BLE]] link-layer packet a Central sends in response to {{adv-ind|ADV_IND}} to open a connection. Carries the 32-bit Access Address, channel-hop pattern, connection interval, and supervision timeout.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
+ category: 'protocol-mechanics'
},
{
- id: 'att-mtu',
- term: 'ATT MTU',
- definition:
- "The maximum payload size of an {{gatt|ATT}} PDU on a [[bluetooth|BLE]] link. Defaults to 23 (only 20 bytes usable) β the *first thing to fix on every new BLE connection* via an ATT MTU Exchange (up to 247 or 517).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
- category: 'protocol-mechanics'
+ id: 'att-mtu',
+ term: 'ATT MTU',
+ definition:
+ 'The maximum payload size of an {{gatt|ATT}} PDU on a [[bluetooth|BLE]] link. Defaults to 23 (only 20 bytes usable) β the *first thing to fix on every new BLE connection* via an ATT MTU Exchange (up to 247 or 517).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
+ category: 'protocol-mechanics'
},
{
- id: 'att-read',
- term: 'ATT Read',
- definition:
- "{{gatt|GATT}} operation that retrieves a characteristic's value by handle or UUID. Read by Type lets a Central skip the handle-discovery step when it already knows the UUID.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
- category: 'protocol-mechanics'
+ id: 'att-read',
+ term: 'ATT Read',
+ definition:
+ "{{gatt|GATT}} operation that retrieves a characteristic's value by handle or UUID. Read by Type lets a Central skip the handle-discovery step when it already knows the UUID.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
+ category: 'protocol-mechanics'
},
{
- id: 'att-write',
- term: 'ATT Write',
- definition:
- "{{gatt|GATT}} operation that sets a characteristic's value. *Write Request* expects a confirmation; *Write Without Response* (fire-and-forget) is the high-throughput variant.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
- category: 'protocol-mechanics'
+ id: 'att-write',
+ term: 'ATT Write',
+ definition:
+ "{{gatt|GATT}} operation that sets a characteristic's value. *Write Request* expects a confirmation; *Write Without Response* (fire-and-forget) is the high-throughput variant.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
+ category: 'protocol-mechanics'
},
{
- id: 'att-notify',
- term: 'ATT Notify',
- definition:
- "Unsolicited {{gatt|GATT}} push from a Peripheral to a Central β no ACK at the ATT layer. Enabled by writing `0x0001` to the {{cccd|CCCD}}. The mechanism behind every push-based BLE sensor.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
- category: 'protocol-mechanics'
+ id: 'att-notify',
+ term: 'ATT Notify',
+ definition:
+ 'Unsolicited {{gatt|GATT}} push from a Peripheral to a Central β no ACK at the ATT layer. Enabled by writing `0x0001` to the {{cccd|CCCD}}. The mechanism behind every push-based BLE sensor.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
+ category: 'protocol-mechanics'
},
{
- id: 'cccd',
- term: 'CCCD (Client Characteristic Configuration Descriptor)',
- definition:
- "{{gatt|GATT}} descriptor (UUID 0x2902) attached to notifiable characteristics. Write `0x0001` to enable {{att-notify|notifications}}, `0x0002` for indications, `0x0000` to disable.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
- category: 'protocol-mechanics'
+ id: 'cccd',
+ term: 'CCCD (Client Characteristic Configuration Descriptor)',
+ definition:
+ '{{gatt|GATT}} descriptor (UUID 0x2902) attached to notifiable characteristics. Write `0x0001` to enable {{att-notify|notifications}}, `0x0002` for indications, `0x0000` to disable.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
+ category: 'protocol-mechanics'
},
{
- id: 'smp-pairing',
- term: 'SMP Pairing',
- definition:
- "Security Manager Protocol β [[bluetooth|BLE]]'s pairing layer. Modern devices use **LE Secure Connections** (ECDH on Curve P-256) to derive a Long-Term Key; legacy *Just-Works* is vulnerable to relay attacks.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy#Security',
- category: 'security'
+ id: 'smp-pairing',
+ term: 'SMP Pairing',
+ definition:
+ "Security Manager Protocol β [[bluetooth|BLE]]'s pairing layer. Modern devices use **LE Secure Connections** (ECDH on Curve P-256) to derive a Long-Term Key; legacy *Just-Works* is vulnerable to relay attacks.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy#Security',
+ category: 'security'
},
{
- id: 'll-enc-req',
- term: 'LL_ENC_REQ',
- definition:
- "[[bluetooth|BLE]] Link Layer Control PDU that initiates link encryption. After {{smp-pairing|SMP pairing}} establishes the Long-Term Key, LL_ENC_REQ turns on AES-CCM for every subsequent PDU.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
- category: 'security'
+ id: 'll-enc-req',
+ term: 'LL_ENC_REQ',
+ definition:
+ '[[bluetooth|BLE]] Link Layer Control PDU that initiates link encryption. After {{smp-pairing|SMP pairing}} establishes the Long-Term Key, LL_ENC_REQ turns on AES-CCM for every subsequent PDU.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
+ category: 'security'
},
{
- id: 'pcd',
- term: 'PCD (Proximity Coupling Device)',
- definition:
- "The {{rfid|RFID}}/[[nfc|NFC]] reader side β the *terminal* that energizes the 13.56 MHz field and initiates commands. ISO/IEC 14443 nomenclature.",
- wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
- category: 'protocol-mechanics'
+ id: 'pcd',
+ term: 'PCD (Proximity Coupling Device)',
+ definition:
+ 'The {{rfid|RFID}}/[[nfc|NFC]] reader side β the *terminal* that energizes the 13.56 MHz field and initiates commands. ISO/IEC 14443 nomenclature.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
+ category: 'protocol-mechanics'
},
{
- id: 'picc',
- term: 'PICC (Proximity Integrated Circuit Card)',
- definition:
- "The {{rfid|RFID}}/[[nfc|NFC]] *card* side β passive (powered by {{inductive-coupling|inductive coupling}} from the {{pcd|PCD}}'s field) or active (phone in card-emulation mode).",
- wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
- category: 'protocol-mechanics'
+ id: 'picc',
+ term: 'PICC (Proximity Integrated Circuit Card)',
+ definition:
+ "The {{rfid|RFID}}/[[nfc|NFC]] *card* side β passive (powered by {{inductive-coupling|inductive coupling}} from the {{pcd|PCD}}'s field) or active (phone in card-emulation mode).",
+ wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
+ category: 'protocol-mechanics'
},
{
- id: 'reqa',
- term: 'REQA / WUPA',
- definition:
- "7-bit short frame ([[nfc|NFC]] Type A): REQA `0x26` wakes IDLE {{picc|PICCs}}, WUPA `0x52` wakes both IDLE and HALT. First message of the [[nfc|NFC]] anti-collision dance.",
- wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
- category: 'protocol-mechanics'
+ id: 'reqa',
+ term: 'REQA / WUPA',
+ definition:
+ '7-bit short frame ([[nfc|NFC]] Type A): REQA `0x26` wakes IDLE {{picc|PICCs}}, WUPA `0x52` wakes both IDLE and HALT. First message of the [[nfc|NFC]] anti-collision dance.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
+ category: 'protocol-mechanics'
},
{
- id: 'atqa',
- term: 'ATQA (Answer to Request, Type A)',
- definition:
- "The {{picc|PICC}}'s reply to {{reqa|REQA}}/WUPA. 16 bits indicating the UID size (4/7/10 bytes) and which anti-collision bit-frame to use.",
- wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
- category: 'protocol-mechanics'
+ id: 'atqa',
+ term: 'ATQA (Answer to Request, Type A)',
+ definition:
+ "The {{picc|PICC}}'s reply to {{reqa|REQA}}/WUPA. 16 bits indicating the UID size (4/7/10 bytes) and which anti-collision bit-frame to use.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
+ category: 'protocol-mechanics'
},
{
- id: 'rats',
- term: 'RATS / ATS',
- definition:
- "Request for Answer To Select β the [[nfc|NFC]] command that promotes a card from raw ISO 14443-3 anti-collision to the higher-layer ISO 14443-4 protocol. The ATS response declares Frame Size and Frame Waiting Time.",
- wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
- category: 'protocol-mechanics'
+ id: 'rats',
+ term: 'RATS / ATS',
+ definition:
+ 'Request for Answer To Select β the [[nfc|NFC]] command that promotes a card from raw ISO 14443-3 anti-collision to the higher-layer ISO 14443-4 protocol. The ATS response declares Frame Size and Frame Waiting Time.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
+ category: 'protocol-mechanics'
},
{
- id: 'anti-collision',
- term: 'Anti-Collision',
- definition:
- "The bit-by-bit loop ([[nfc|NFC]] Type A: SEL + NVB cascade) that singles out exactly one card when multiple {{picc|PICCs}} share the {{pcd|PCD}}'s field. Resolves the UID one bit at a time.",
- wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
- category: 'protocol-mechanics'
+ id: 'anti-collision',
+ term: 'Anti-Collision',
+ definition:
+ "The bit-by-bit loop ([[nfc|NFC]] Type A: SEL + NVB cascade) that singles out exactly one card when multiple {{picc|PICCs}} share the {{pcd|PCD}}'s field. Resolves the UID one bit at a time.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
+ category: 'protocol-mechanics'
},
{
- id: 'select-aid',
- term: 'SELECT AID',
- definition:
- "ISO 7816-4 command (`00 A4 04 00 β¦`) that selects an application by its {{aid|AID}}. In contactless payment: first SELECT {{ppse|PPSE}}, then SELECT the chosen card AID (Visa, Mastercard, AmEx).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Smart_card_application_protocol_data_unit',
- category: 'protocol-mechanics'
+ id: 'select-aid',
+ term: 'SELECT AID',
+ definition:
+ 'ISO 7816-4 command (`00 A4 04 00 β¦`) that selects an application by its {{aid|AID}}. In contactless payment: first SELECT {{ppse|PPSE}}, then SELECT the chosen card AID (Visa, Mastercard, AmEx).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Smart_card_application_protocol_data_unit',
+ category: 'protocol-mechanics'
},
{
- id: 'pdol',
- term: 'PDOL (Processing Data Object List)',
- definition:
- "List of EMV tags the card needs filled in by the terminal before {{gpo|GPO}}: amount, currency, country, transaction date, terminal verification results, unpredictable number, etc.",
- wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
- category: 'protocol-mechanics'
+ id: 'pdol',
+ term: 'PDOL (Processing Data Object List)',
+ definition:
+ 'List of EMV tags the card needs filled in by the terminal before {{gpo|GPO}}: amount, currency, country, transaction date, terminal verification results, unpredictable number, etc.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
+ category: 'protocol-mechanics'
},
{
- id: 'gpo',
- term: 'GPO (Get Processing Options)',
- definition:
- "EMV contactless command that hands the {{pdol|PDOL}}-filled data to the card. The card replies with AIP (modes supported) and {{afl|AFL}} (which records the terminal should next {{read-record|READ}}).",
- wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
- category: 'protocol-mechanics'
+ id: 'gpo',
+ term: 'GPO (Get Processing Options)',
+ definition:
+ 'EMV contactless command that hands the {{pdol|PDOL}}-filled data to the card. The card replies with AIP (modes supported) and {{afl|AFL}} (which records the terminal should next {{read-record|READ}}).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
+ category: 'protocol-mechanics'
},
{
- id: 'afl',
- term: 'AFL (Application File Locator)',
- definition:
- "EMV record map returned in the {{gpo|GPO}} response β tells the terminal exactly which records to {{read-record|READ RECORD}} to assemble the cardholder data, certificate chain, and CDOL.",
- wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
- category: 'protocol-mechanics'
+ id: 'afl',
+ term: 'AFL (Application File Locator)',
+ definition:
+ 'EMV record map returned in the {{gpo|GPO}} response β tells the terminal exactly which records to {{read-record|READ RECORD}} to assemble the cardholder data, certificate chain, and CDOL.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
+ category: 'protocol-mechanics'
},
{
- id: 'read-record',
- term: 'READ RECORD',
- definition:
- "ISO 7816-4 command that retrieves one record from a file on the card. EMV terminals issue several READ RECORDs (one per {{afl|AFL}} entry) to pull DPAN, expiry, CDOL1, and the offline data-authentication certificate chain.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Smart_card_application_protocol_data_unit',
- category: 'protocol-mechanics'
+ id: 'read-record',
+ term: 'READ RECORD',
+ definition:
+ 'ISO 7816-4 command that retrieves one record from a file on the card. EMV terminals issue several READ RECORDs (one per {{afl|AFL}} entry) to pull DPAN, expiry, CDOL1, and the offline data-authentication certificate chain.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Smart_card_application_protocol_data_unit',
+ category: 'protocol-mechanics'
},
{
- id: 'generate-ac',
- term: 'GENERATE AC',
- definition:
- "The EMV command that asks the card to produce an Application Cryptogram from the CDOL1 inputs. Yields the {{arqc|ARQC}} (online) or TC (offline-approved). MAC'd under the per-DPAN key.",
- wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
- category: 'security'
+ id: 'generate-ac',
+ term: 'GENERATE AC',
+ definition:
+ "The EMV command that asks the card to produce an Application Cryptogram from the CDOL1 inputs. Yields the {{arqc|ARQC}} (online) or TC (offline-approved). MAC'd under the per-DPAN key.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
+ category: 'security'
},
{
- id: 'arqc',
- term: 'ARQC (Authorisation Request Cryptogram)',
- definition:
- "EMV cryptogram returned by {{generate-ac|GENERATE AC}}. The terminal forwards it via acquirer β payment network β issuer; the issuer's HSM verifies and returns an ARPC = APPROVED/DECLINED.",
- wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
- category: 'security'
+ id: 'arqc',
+ term: 'ARQC (Authorisation Request Cryptogram)',
+ definition:
+ "EMV cryptogram returned by {{generate-ac|GENERATE AC}}. The terminal forwards it via acquirer β payment network β issuer; the issuer's HSM verifies and returns an ARPC = APPROVED/DECLINED.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
+ category: 'security'
},
{
- id: 'dpan',
- term: 'DPAN (Device PAN)',
- definition:
- "The tokenized card number stored on a phone or wearable for contactless payments β *not* the real PAN. Real PAN lives only at the issuer; the DPAN is unique per device + per merchant network.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Tokenization_(data_security)',
- category: 'security'
+ id: 'dpan',
+ term: 'DPAN (Device PAN)',
+ definition:
+ 'The tokenized card number stored on a phone or wearable for contactless payments β *not* the real PAN. Real PAN lives only at the issuer; the DPAN is unique per device + per merchant network.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Tokenization_(data_security)',
+ category: 'security'
},
{
- id: 'binding-request',
- term: 'STUN Binding Request',
- definition:
- "20-byte {{stun|STUN}} packet β magic cookie `0x2112A442` + 96-bit transaction ID. Sent to a STUN server (learns server-reflexive address) or peer (ICE connectivity check).",
- wikiUrl: 'https://en.wikipedia.org/wiki/STUN',
- category: 'protocol-mechanics'
+ id: 'binding-request',
+ term: 'STUN Binding Request',
+ definition:
+ '20-byte {{stun|STUN}} packet β magic cookie `0x2112A442` + 96-bit transaction ID. Sent to a STUN server (learns server-reflexive address) or peer (ICE connectivity check).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/STUN',
+ category: 'protocol-mechanics'
},
{
- id: 'xor-mapped-address',
- term: 'XOR-MAPPED-ADDRESS',
- definition:
- "{{stun|STUN}} attribute in a Binding Response carrying the source `ip:port` the server observed, XORed against the magic cookie so {{nat|NAT}} middleboxes can't rewrite it. Your server-reflexive candidate.",
- wikiUrl: 'https://en.wikipedia.org/wiki/STUN',
- category: 'protocol-mechanics'
+ id: 'xor-mapped-address',
+ term: 'XOR-MAPPED-ADDRESS',
+ definition:
+ "{{stun|STUN}} attribute in a Binding Response carrying the source `ip:port` the server observed, XORed against the magic cookie so {{nat|NAT}} middleboxes can't rewrite it. Your server-reflexive candidate.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/STUN',
+ category: 'protocol-mechanics'
},
{
- id: 'xor-relayed-address',
- term: 'XOR-RELAYED-ADDRESS',
- definition:
- "{{turn|TURN}} attribute in an Allocate Response β the public `ip:port` the relay reserved for the client. The fallback path when neither host nor server-reflexive {{ice-candidate|candidates}} work.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT',
- category: 'protocol-mechanics'
+ id: 'xor-relayed-address',
+ term: 'XOR-RELAYED-ADDRESS',
+ definition:
+ '{{turn|TURN}} attribute in an Allocate Response β the public `ip:port` the relay reserved for the client. The fallback path when neither host nor server-reflexive {{ice-candidate|candidates}} work.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT',
+ category: 'protocol-mechanics'
},
{
- id: 'use-candidate',
- term: 'USE-CANDIDATE',
- definition:
- "{{stun|STUN}} attribute the {{ice|ICE}} controlling agent sets on the connectivity check it wants the other side to use. Nominates the winning candidate pair; media starts flowing on it.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment',
- category: 'protocol-mechanics'
+ id: 'use-candidate',
+ term: 'USE-CANDIDATE',
+ definition:
+ '{{stun|STUN}} attribute the {{ice|ICE}} controlling agent sets on the connectivity check it wants the other side to use. Nominates the winning candidate pair; media starts flowing on it.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment',
+ category: 'protocol-mechanics'
},
{
- id: 'interface-id',
- term: 'Interface ID',
- definition:
- "Lower 64 bits of an [[ipv6|IPv6]] address β identifies a specific interface on a link. Built from the {{mac-address|MAC}} via EUI-64, generated randomly (privacy addresses), or assigned via DHCPv6.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IPv6_address#Modified_EUI-64',
- category: 'networking-basics'
+ id: 'interface-id',
+ term: 'Interface ID',
+ definition:
+ 'Lower 64 bits of an [[ipv6|IPv6]] address β identifies a specific interface on a link. Built from the {{mac-address|MAC}} via EUI-64, generated randomly (privacy addresses), or assigned via DHCPv6.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IPv6_address#Modified_EUI-64',
+ category: 'networking-basics'
},
{
- id: 'mac-table',
- term: 'MAC Address Table',
- definition:
- "Per-switch table mapping {{mac-address|MAC addresses}} to switch ports. Learned by snooping the source MAC of frames as they arrive. Entries time out after a few minutes if unused. The reason a switch is faster than a hub.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Forwarding_information_base',
- category: 'networking-basics'
+ id: 'mac-table',
+ term: 'MAC Address Table',
+ definition:
+ 'Per-switch table mapping {{mac-address|MAC addresses}} to switch ports. Learned by snooping the source MAC of frames as they arrive. Entries time out after a few minutes if unused. The reason a switch is faster than a hub.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Forwarding_information_base',
+ category: 'networking-basics'
},
{
- id: 'prach',
- term: 'PRACH (Physical Random Access Channel)',
- definition:
- "The {{5g-nr|5G NR}} / {{lte|LTE}} uplink channel a {{ue|UE}} uses to first contact a {{gnb|base station}}. The UE transmits a PRACH preamble (Msg1) in a contention-based slot; the base station replies with a Random Access Response (RAR / Msg2) carrying initial timing advance and a temporary identifier ({{c-rnti|C-RNTI}}).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Physical_layer_(LTE)',
- category: 'protocol-mechanics'
+ id: 'prach',
+ term: 'PRACH (Physical Random Access Channel)',
+ definition:
+ 'The {{5g-nr|5G NR}} / {{lte|LTE}} uplink channel a {{ue|UE}} uses to first contact a {{gnb|base station}}. The UE transmits a PRACH preamble (Msg1) in a contention-based slot; the base station replies with a Random Access Response (RAR / Msg2) carrying initial timing advance and a temporary identifier ({{c-rnti|C-RNTI}}).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Physical_layer_(LTE)',
+ category: 'protocol-mechanics'
},
{
- id: 'ue',
- term: 'UE (User Equipment)',
- definition:
- "{{3gpp|3GPP}} term for the [[cellular|cellular]] subscriber device β phone, tablet, modem, IoT module. The UE pairs with the {{sim-usim|USIM}} to authenticate to the network and runs the {{rrc|RRC}} and {{nas|NAS}} stacks against the {{gnb|gNB}} and {{amf|AMF}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/User_equipment',
- category: 'networking-basics'
+ id: 'ue',
+ term: 'UE (User Equipment)',
+ definition:
+ '{{3gpp|3GPP}} term for the [[cellular|cellular]] subscriber device β phone, tablet, modem, IoT module. The UE pairs with the {{sim-usim|USIM}} to authenticate to the network and runs the {{rrc|RRC}} and {{nas|NAS}} stacks against the {{gnb|gNB}} and {{amf|AMF}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/User_equipment',
+ category: 'networking-basics'
},
{
- id: 'gnb',
- term: 'gNB (Next-Generation NodeB)',
- definition:
- "The {{5g-nr|5G}} base station β the radio access node a {{ue|UE}} attaches to. Speaks {{rrc|RRC}} to UEs over the air and NGAP to the {{amf|AMF}} over the N2 interface. Successor to the {{lte|LTE}} eNB.",
- wikiUrl: 'https://en.wikipedia.org/wiki/GNodeB',
- category: 'networking-basics'
+ id: 'gnb',
+ term: 'gNB (Next-Generation NodeB)',
+ definition:
+ 'The {{5g-nr|5G}} base station β the radio access node a {{ue|UE}} attaches to. Speaks {{rrc|RRC}} to UEs over the air and NGAP to the {{amf|AMF}} over the N2 interface. Successor to the {{lte|LTE}} eNB.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/GNodeB',
+ category: 'networking-basics'
},
{
- id: 'rrc',
- term: 'RRC (Radio Resource Control)',
- definition:
- "The signalling protocol between a {{ue|UE}} and a {{gnb|gNB}} that sets up, reconfigures, and tears down radio bearers. Walks the UE through an eight-state machine: Idle β RRCSetupRequest β RRCSetup β RRCReconfiguration. Carries security mode, measurement reports, and handover commands.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Radio_Resource_Control',
- category: 'protocol-mechanics'
+ id: 'rrc',
+ term: 'RRC (Radio Resource Control)',
+ definition:
+ 'The signalling protocol between a {{ue|UE}} and a {{gnb|gNB}} that sets up, reconfigures, and tears down radio bearers. Walks the UE through an eight-state machine: Idle β RRCSetupRequest β RRCSetup β RRCReconfiguration. Carries security mode, measurement reports, and handover commands.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Radio_Resource_Control',
+ category: 'protocol-mechanics'
},
{
- id: 'nas',
- term: 'NAS (Non-Access Stratum)',
- definition:
- "The [[cellular|cellular]] signalling layer that runs end-to-end between a {{ue|UE}} and the {{amf|AMF}}, transparent to the {{gnb|gNB}}. Carries Registration, Authentication, Security Mode Command, and PDU Session messages. NAS ciphering (128-NEA) and integrity (128-NIA) sit here.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Non-access_stratum',
- category: 'protocol-mechanics'
+ id: 'nas',
+ term: 'NAS (Non-Access Stratum)',
+ definition:
+ 'The [[cellular|cellular]] signalling layer that runs end-to-end between a {{ue|UE}} and the {{amf|AMF}}, transparent to the {{gnb|gNB}}. Carries Registration, Authentication, Security Mode Command, and PDU Session messages. NAS ciphering (128-NEA) and integrity (128-NIA) sit here.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Non-access_stratum',
+ category: 'protocol-mechanics'
},
{
- id: 'amf',
- term: 'AMF (Access and Mobility Management Function)',
- definition:
- "The {{5g-core|5G core}} function that terminates {{nas|NAS}} signalling for a {{ue|UE}}: handles Registration, mobility, paging, and authentication orchestration with {{ausf|AUSF}} / {{udm|UDM}}. Equivalent role to the {{lte|LTE}} MME.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
- category: 'infrastructure'
+ id: 'amf',
+ term: 'AMF (Access and Mobility Management Function)',
+ definition:
+ 'The {{5g-core|5G core}} function that terminates {{nas|NAS}} signalling for a {{ue|UE}}: handles Registration, mobility, paging, and authentication orchestration with {{ausf|AUSF}} / {{udm|UDM}}. Equivalent role to the {{lte|LTE}} MME.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
+ category: 'infrastructure'
},
{
- id: 'smf',
- term: 'SMF (Session Management Function)',
- definition:
- "The {{5g-core|5G core}} function that creates and manages {{pdu-session|PDU sessions}} β assigns [[ip|IP]] addresses, programs the {{upf|UPF}} via {{pfcp|PFCP}}, enforces {{qos|QoS}} rules. Control-plane counterpart to UPF under {{cups|CUPS}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
- category: 'infrastructure'
+ id: 'smf',
+ term: 'SMF (Session Management Function)',
+ definition:
+ 'The {{5g-core|5G core}} function that creates and manages {{pdu-session|PDU sessions}} β assigns [[ip|IP]] addresses, programs the {{upf|UPF}} via {{pfcp|PFCP}}, enforces {{qos|QoS}} rules. Control-plane counterpart to UPF under {{cups|CUPS}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
+ category: 'infrastructure'
},
{
- id: 'upf',
- term: 'UPF (User Plane Function)',
- definition:
- "The {{5g-core|5G core}} data-plane forwarder. Receives user packets from {{gnb|gNB}} via N3 ({{gtp-u|GTP-U}}), applies the PDR/FAR/QER/URR rules installed by the {{smf|SMF}} over {{pfcp|PFCP}}, and forwards to the data network. The packet processor in the {{cups|CUPS}} split.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
- category: 'infrastructure'
+ id: 'upf',
+ term: 'UPF (User Plane Function)',
+ definition:
+ 'The {{5g-core|5G core}} data-plane forwarder. Receives user packets from {{gnb|gNB}} via N3 ({{gtp-u|GTP-U}}), applies the PDR/FAR/QER/URR rules installed by the {{smf|SMF}} over {{pfcp|PFCP}}, and forwards to the data network. The packet processor in the {{cups|CUPS}} split.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
+ category: 'infrastructure'
},
{
- id: 'ausf',
- term: 'AUSF (Authentication Server Function)',
- definition:
- "The {{5g-core|5G core}} function that runs the authentication exchange with a {{ue|UE}}. Receives the authentication vector from {{udm|UDM}}, sends RAND/AUTN to the UE via {{amf|AMF}}, compares the returned RES* against HRES*. The 5G-AKA decision point.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G_security',
- category: 'security'
+ id: 'ausf',
+ term: 'AUSF (Authentication Server Function)',
+ definition:
+ 'The {{5g-core|5G core}} function that runs the authentication exchange with a {{ue|UE}}. Receives the authentication vector from {{udm|UDM}}, sends RAND/AUTN to the UE via {{amf|AMF}}, compares the returned RES* against HRES*. The 5G-AKA decision point.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G_security',
+ category: 'security'
},
{
- id: 'udm',
- term: 'UDM (Unified Data Management)',
- definition:
- "The {{5g-core|5G core}} subscriber database β holds long-term keys K, subscription profiles, and policy data. Hosts the SIDF (Subscription Identifier De-concealing Function) that decrypts {{suci|SUCI}} back into {{supi|SUPI}}. Equivalent role to the {{lte|LTE}} HSS.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G_security',
- category: 'infrastructure'
+ id: 'udm',
+ term: 'UDM (Unified Data Management)',
+ definition:
+ 'The {{5g-core|5G core}} subscriber database β holds long-term keys K, subscription profiles, and policy data. Hosts the SIDF (Subscription Identifier De-concealing Function) that decrypts {{suci|SUCI}} back into {{supi|SUPI}}. Equivalent role to the {{lte|LTE}} HSS.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G_security',
+ category: 'infrastructure'
},
{
- id: '5g-core',
- term: '5G Core (5GC)',
- definition:
- "The service-based architecture that replaced the {{lte|LTE}} EPC in {{5g-nr|5G}}. Decomposes mobility, sessions, authentication, and policy into discrete network functions ({{amf|AMF}}, {{smf|SMF}}, {{upf|UPF}}, {{ausf|AUSF}}, {{udm|UDM}}, PCF, NRF) that talk over HTTP/2 service APIs ({{sba|SBA}}).",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G',
- category: 'infrastructure'
+ id: '5g-core',
+ term: '5G Core (5GC)',
+ definition:
+ 'The service-based architecture that replaced the {{lte|LTE}} EPC in {{5g-nr|5G}}. Decomposes mobility, sessions, authentication, and policy into discrete network functions ({{amf|AMF}}, {{smf|SMF}}, {{upf|UPF}}, {{ausf|AUSF}}, {{udm|UDM}}, PCF, NRF) that talk over HTTP/2 service APIs ({{sba|SBA}}).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G',
+ category: 'infrastructure'
},
{
- id: 'suci',
- term: 'SUCI (Subscription Concealed Identifier)',
- definition:
- "The encrypted form of a subscriber's permanent [[cellular|cellular]] identity. The {{sim-usim|USIM}} encrypts the {{supi|SUPI}} with the home network's public key (ECIES on Curve25519, Profile A) before any transmission β so the long-term IMSI is never sent in clear over the air. Introduced in {{5g-nr|5G}} to defeat IMSI catchers.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Subscription_Concealed_Identifier',
- category: 'security'
+ id: 'suci',
+ term: 'SUCI (Subscription Concealed Identifier)',
+ definition:
+ "The encrypted form of a subscriber's permanent [[cellular|cellular]] identity. The {{sim-usim|USIM}} encrypts the {{supi|SUPI}} with the home network's public key (ECIES on Curve25519, Profile A) before any transmission β so the long-term IMSI is never sent in clear over the air. Introduced in {{5g-nr|5G}} to defeat IMSI catchers.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Subscription_Concealed_Identifier',
+ category: 'security'
},
{
- id: 'supi',
- term: 'SUPI (Subscription Permanent Identifier)',
- definition:
- "The long-term [[cellular|cellular]] subscriber identity stored on the {{sim-usim|USIM}}. Usually an IMSI (MCC + MNC + MSIN). Never sent in clear in {{5g-nr|5G}} β always concealed as a {{suci|SUCI}} on the air interface, decrypted only at the {{udm|UDM}}'s SIDF.",
- wikiUrl: 'https://en.wikipedia.org/wiki/International_mobile_subscriber_identity',
- category: 'security'
+ id: 'supi',
+ term: 'SUPI (Subscription Permanent Identifier)',
+ definition:
+ "The long-term [[cellular|cellular]] subscriber identity stored on the {{sim-usim|USIM}}. Usually an IMSI (MCC + MNC + MSIN). Never sent in clear in {{5g-nr|5G}} β always concealed as a {{suci|SUCI}} on the air interface, decrypted only at the {{udm|UDM}}'s SIDF.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/International_mobile_subscriber_identity',
+ category: 'security'
},
{
- id: '5g-aka',
- term: '5G-AKA (Authentication and Key Agreement)',
- definition:
- "The mutual authentication and key derivation protocol between a {{ue|UE}} and the home network in {{5g-nr|5G}}. {{ausf|AUSF}} sends RAND + AUTN; the {{sim-usim|USIM}} verifies AUTN.MAC = f1(K, SQN, RAND), computes RES* via KDF(CK || IK); AUSF compares HRES*. Successor to {{lte|LTE}} EPS-AKA with hash-based RES* and {{suci|SUCI}} integration.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Authentication_and_Key_Agreement_(protocol)',
- category: 'security'
+ id: '5g-aka',
+ term: '5G-AKA (Authentication and Key Agreement)',
+ definition:
+ 'The mutual authentication and key derivation protocol between a {{ue|UE}} and the home network in {{5g-nr|5G}}. {{ausf|AUSF}} sends RAND + AUTN; the {{sim-usim|USIM}} verifies AUTN.MAC = f1(K, SQN, RAND), computes RES* via KDF(CK || IK); AUSF compares HRES*. Successor to {{lte|LTE}} EPS-AKA with hash-based RES* and {{suci|SUCI}} integration.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Authentication_and_Key_Agreement_(protocol)',
+ category: 'security'
},
{
- id: 'guti',
- term: '5G-GUTI (Globally Unique Temporary Identifier)',
- definition:
- "The temporary [[cellular|cellular]] identity assigned to a {{ue|UE}} by the {{amf|AMF}} after successful Registration. Used in place of the {{supi|SUPI}} for subsequent paging and signalling, rotated on a per-network policy to prevent tracking.",
- wikiUrl: 'https://en.wikipedia.org/wiki/GUTI',
- category: 'security'
+ id: 'guti',
+ term: '5G-GUTI (Globally Unique Temporary Identifier)',
+ definition:
+ 'The temporary [[cellular|cellular]] identity assigned to a {{ue|UE}} by the {{amf|AMF}} after successful Registration. Used in place of the {{supi|SUPI}} for subsequent paging and signalling, rotated on a per-network policy to prevent tracking.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/GUTI',
+ category: 'security'
},
{
- id: 'nssai',
- term: 'NSSAI / S-NSSAI (Network Slice Selection)',
- definition:
- "The {{5g-nr|5G}} identifier that selects which network slice a {{ue|UE}} attaches to. A single S-NSSAI is one slice (SST + SD); NSSAI is the set requested or allowed. Lets one physical [[cellular|cellular]] network present multiple isolated logical networks (eMBB, URLLC, mMTC).",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
- category: 'infrastructure'
+ id: 'nssai',
+ term: 'NSSAI / S-NSSAI (Network Slice Selection)',
+ definition:
+ 'The {{5g-nr|5G}} identifier that selects which network slice a {{ue|UE}} attaches to. A single S-NSSAI is one slice (SST + SD); NSSAI is the set requested or allowed. Lets one physical [[cellular|cellular]] network present multiple isolated logical networks (eMBB, URLLC, mMTC).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
+ category: 'infrastructure'
},
{
- id: 'pdu-session',
- term: 'PDU Session',
- definition:
- "The {{5g-nr|5G}} equivalent of \"give me an [[ip|IP]] address.\" A logical connection between the {{ue|UE}} and the data network (identified by {{dnn|DNN}}), set up by the {{smf|SMF}} programming the {{upf|UPF}} via {{pfcp|PFCP}}. Carries one or more {{drb|Data Radio Bearers}} with {{qos|QoS}} flows.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G',
- category: 'protocol-mechanics'
+ id: 'pdu-session',
+ term: 'PDU Session',
+ definition:
+ 'The {{5g-nr|5G}} equivalent of "give me an [[ip|IP]] address." A logical connection between the {{ue|UE}} and the data network (identified by {{dnn|DNN}}), set up by the {{smf|SMF}} programming the {{upf|UPF}} via {{pfcp|PFCP}}. Carries one or more {{drb|Data Radio Bearers}} with {{qos|QoS}} flows.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G',
+ category: 'protocol-mechanics'
},
{
- id: 'dnn',
- term: 'DNN (Data Network Name)',
- definition:
- "The {{5g-nr|5G}} successor to {{lte|LTE}} APN. A string (\"internet\", \"ims\", \"private.acme\") that identifies which data network a {{pdu-session|PDU session}} terminates in. The {{smf|SMF}} uses it to pick the {{upf|UPF}} and IP pool.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Access_Point_Name',
- category: 'networking-basics'
+ id: 'dnn',
+ term: 'DNN (Data Network Name)',
+ definition:
+ 'The {{5g-nr|5G}} successor to {{lte|LTE}} APN. A string ("internet", "ims", "private.acme") that identifies which data network a {{pdu-session|PDU session}} terminates in. The {{smf|SMF}} uses it to pick the {{upf|UPF}} and IP pool.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Access_Point_Name',
+ category: 'networking-basics'
},
{
- id: 'c-rnti',
- term: 'C-RNTI (Cell Radio Network Temporary Identifier)',
- definition:
- "The 16-bit temporary identifier a {{gnb|gNB}} assigns to a {{ue|UE}} in its cell. Assigned in the RAR (Msg2) right after the {{prach|PRACH}} preamble succeeds. Addresses the UE in every subsequent radio scheduling command.",
- wikiUrl: 'https://en.wikipedia.org/wiki/RNTI',
- category: 'protocol-mechanics'
+ id: 'c-rnti',
+ term: 'C-RNTI (Cell Radio Network Temporary Identifier)',
+ definition:
+ 'The 16-bit temporary identifier a {{gnb|gNB}} assigns to a {{ue|UE}} in its cell. Assigned in the RAR (Msg2) right after the {{prach|PRACH}} preamble succeeds. Addresses the UE in every subsequent radio scheduling command.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/RNTI',
+ category: 'protocol-mechanics'
},
{
- id: 'drb',
- term: 'DRB (Data Radio Bearer)',
- definition:
- "A {{5g-nr|5G}} / {{lte|LTE}} radio-layer pipe for user data, set up by {{rrc|RRCReconfiguration}}. Each DRB carries one or more {{qos|QoS}} flows ({{qfi|QFI}}-tagged) of a {{pdu-session|PDU session}}. The signalling counterpart is the SRB.",
- wikiUrl: 'https://en.wikipedia.org/wiki/E-UTRA',
- category: 'protocol-mechanics'
+ id: 'drb',
+ term: 'DRB (Data Radio Bearer)',
+ definition:
+ 'A {{5g-nr|5G}} / {{lte|LTE}} radio-layer pipe for user data, set up by {{rrc|RRCReconfiguration}}. Each DRB carries one or more {{qos|QoS}} flows ({{qfi|QFI}}-tagged) of a {{pdu-session|PDU session}}. The signalling counterpart is the SRB.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/E-UTRA',
+ category: 'protocol-mechanics'
},
{
- id: 'qfi',
- term: 'QFI (QoS Flow Identifier)',
- definition:
- "The 6-bit tag a {{5g-nr|5G}} {{upf|UPF}} stamps on every uplink/downlink packet to identify which {{qos|QoS}} flow of a {{pdu-session|PDU session}} it belongs to. The {{gnb|gNB}} maps QFIs to {{drb|Data Radio Bearers}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G',
- category: 'protocol-mechanics'
+ id: 'qfi',
+ term: 'QFI (QoS Flow Identifier)',
+ definition:
+ 'The 6-bit tag a {{5g-nr|5G}} {{upf|UPF}} stamps on every uplink/downlink packet to identify which {{qos|QoS}} flow of a {{pdu-session|PDU session}} it belongs to. The {{gnb|gNB}} maps QFIs to {{drb|Data Radio Bearers}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G',
+ category: 'protocol-mechanics'
},
{
- id: 'ngap',
- term: 'NGAP (NG Application Protocol)',
- definition:
- "The control-plane signalling protocol between a {{gnb|gNB}} and the {{amf|AMF}} on the N2 interface in {{5g-nr|5G}}. Carries Initial UE Message, NAS PDUs, UE Context Setup, handover requests. Sibling of the {{lte|LTE}} S1AP.",
- wikiUrl: 'https://en.wikipedia.org/wiki/NG_Application_Protocol',
- category: 'protocol-mechanics'
+ id: 'ngap',
+ term: 'NGAP (NG Application Protocol)',
+ definition:
+ 'The control-plane signalling protocol between a {{gnb|gNB}} and the {{amf|AMF}} on the N2 interface in {{5g-nr|5G}}. Carries Initial UE Message, NAS PDUs, UE Context Setup, handover requests. Sibling of the {{lte|LTE}} S1AP.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/NG_Application_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'pfcp',
- term: 'PFCP (Packet Forwarding Control Protocol)',
- definition:
- "The {{3gpp|3GPP}} protocol over UDP/8805 that lets {{smf|SMF}} program {{upf|UPF}} forwarding state: PDR (Packet Detection Rule), FAR (Forwarding Action Rule), QER ({{qos|QoS}} Enforcement Rule), URR (Usage Reporting Rule). The wire between control and data plane under {{cups|CUPS}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Packet_Forwarding_Control_Protocol',
- category: 'protocol-mechanics'
+ id: 'pfcp',
+ term: 'PFCP (Packet Forwarding Control Protocol)',
+ definition:
+ 'The {{3gpp|3GPP}} protocol over UDP/8805 that lets {{smf|SMF}} program {{upf|UPF}} forwarding state: PDR (Packet Detection Rule), FAR (Forwarding Action Rule), QER ({{qos|QoS}} Enforcement Rule), URR (Usage Reporting Rule). The wire between control and data plane under {{cups|CUPS}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Packet_Forwarding_Control_Protocol',
+ category: 'protocol-mechanics'
},
{
- id: 'cups',
- term: 'CUPS (Control and User Plane Separation)',
- definition:
- "The {{3gpp|3GPP}} architecture, mandatory in {{5g-nr|5G}}, that splits session-management signalling ({{smf|SMF}}) from packet forwarding ({{upf|UPF}}) and connects them with {{pfcp|PFCP}}. Lets operators scale data plane independently and deploy UPFs at the edge.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
- category: 'infrastructure'
+ id: 'cups',
+ term: 'CUPS (Control and User Plane Separation)',
+ definition:
+ 'The {{3gpp|3GPP}} architecture, mandatory in {{5g-nr|5G}}, that splits session-management signalling ({{smf|SMF}}) from packet forwarding ({{upf|UPF}}) and connects them with {{pfcp|PFCP}}. Lets operators scale data plane independently and deploy UPFs at the edge.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G_network_slicing',
+ category: 'infrastructure'
},
{
- id: 'ssb',
- term: 'SSB (Synchronization Signal Block)',
- definition:
- "The {{5g-nr|5G}} beacon a {{gnb|gNB}} radiates so {{ue|UEs}} can find it: a periodic burst containing PSS, SSS, and PBCH. UEs measure RSRP/RSRQ on the SSB to pick the best cell before sending a {{prach|PRACH}} preamble.",
- wikiUrl: 'https://en.wikipedia.org/wiki/5G_NR_frequency_bands',
- category: 'protocol-mechanics'
+ id: 'ssb',
+ term: 'SSB (Synchronization Signal Block)',
+ definition:
+ 'The {{5g-nr|5G}} beacon a {{gnb|gNB}} radiates so {{ue|UEs}} can find it: a periodic burst containing PSS, SSS, and PBCH. UEs measure RSRP/RSRQ on the SSB to pick the best cell before sending a {{prach|PRACH}} preamble.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/5G_NR_frequency_bands',
+ category: 'protocol-mechanics'
},
{
- id: 'pan-id',
- term: 'PAN ID (Personal Area Network Identifier)',
- definition:
- "The 16-bit identifier of an {{ieee-802-15-4|IEEE 802.15.4}} {{piconet|PAN}}. [[zigbee|Zigbee]] and Thread networks use the PAN ID to filter frames at the {{mac-address|MAC}} layer β devices only process frames matching their PAN ID. Picked by the {{zigbee-coordinator|Coordinator}} at network formation.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Personal_area_network',
- category: 'networking-basics'
+ id: 'pan-id',
+ term: 'PAN ID (Personal Area Network Identifier)',
+ definition:
+ 'The 16-bit identifier of an {{ieee-802-15-4|IEEE 802.15.4}} {{piconet|PAN}}. [[zigbee|Zigbee]] and Thread networks use the PAN ID to filter frames at the {{mac-address|MAC}} layer β devices only process frames matching their PAN ID. Picked by the {{zigbee-coordinator|Coordinator}} at network formation.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Personal_area_network',
+ category: 'networking-basics'
},
{
- id: 'zigbee-coordinator',
- term: 'Zigbee Coordinator',
- definition:
- "The single mandatory device that forms a [[zigbee|Zigbee]] network β picks the channel and {{pan-id|PAN ID}}, distributes the network key as the {{trust-center|Trust Center}}, and owns short address 0x0000. Usually mains-powered and always a {{ffd|Full Function Device}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
- category: 'infrastructure'
+ id: 'zigbee-coordinator',
+ term: 'Zigbee Coordinator',
+ definition:
+ 'The single mandatory device that forms a [[zigbee|Zigbee]] network β picks the channel and {{pan-id|PAN ID}}, distributes the network key as the {{trust-center|Trust Center}}, and owns short address 0x0000. Usually mains-powered and always a {{ffd|Full Function Device}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
+ category: 'infrastructure'
},
{
- id: 'zigbee-router',
- term: 'Zigbee Router',
- definition:
- "A mains-powered [[zigbee|Zigbee]] {{ffd|FFD}} that forwards frames on behalf of neighbours, enabling {{mesh-network|mesh}} routing via AODV. Routers also let new devices join the network by forwarding their Association Requests to the {{trust-center|Trust Center}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
- category: 'infrastructure'
+ id: 'zigbee-router',
+ term: 'Zigbee Router',
+ definition:
+ 'A mains-powered [[zigbee|Zigbee]] {{ffd|FFD}} that forwards frames on behalf of neighbours, enabling {{mesh-network|mesh}} routing via AODV. Routers also let new devices join the network by forwarding their Association Requests to the {{trust-center|Trust Center}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
+ category: 'infrastructure'
},
{
- id: 'ffd',
- term: 'FFD (Full Function Device)',
- definition:
- "An {{ieee-802-15-4|IEEE 802.15.4}} device that implements the full MAC and can route, act as a {{zigbee-coordinator|Coordinator}} or {{zigbee-router|Router}}, and talk to any other device. Contrast with {{rfd|RFD}} which can only talk to its parent.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
- category: 'networking-basics'
+ id: 'ffd',
+ term: 'FFD (Full Function Device)',
+ definition:
+ 'An {{ieee-802-15-4|IEEE 802.15.4}} device that implements the full MAC and can route, act as a {{zigbee-coordinator|Coordinator}} or {{zigbee-router|Router}}, and talk to any other device. Contrast with {{rfd|RFD}} which can only talk to its parent.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
+ category: 'networking-basics'
},
{
- id: 'rfd',
- term: 'RFD (Reduced Function Device)',
- definition:
- "An {{ieee-802-15-4|IEEE 802.15.4}} End Device that implements only the minimum MAC needed to talk to its parent. Typically battery-powered ([[zigbee|Zigbee]] sensors, buttons, end-line bulbs) and sleeps most of the time.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
- category: 'networking-basics'
+ id: 'rfd',
+ term: 'RFD (Reduced Function Device)',
+ definition:
+ 'An {{ieee-802-15-4|IEEE 802.15.4}} End Device that implements only the minimum MAC needed to talk to its parent. Typically battery-powered ([[zigbee|Zigbee]] sensors, buttons, end-line bulbs) and sleeps most of the time.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
+ category: 'networking-basics'
},
{
- id: 'zigbee-joiner',
- term: 'Zigbee Joiner',
- definition:
- "A new [[zigbee|Zigbee]] device attempting to join an existing network. Broadcasts a Beacon Request, picks a parent ({{zigbee-router|Router}} or {{zigbee-coordinator|Coordinator}}), sends an Association Request, and receives the network key encrypted under its pre-configured link key (often an {{install-code|install code}}).",
- wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
- category: 'protocol-mechanics'
+ id: 'zigbee-joiner',
+ term: 'Zigbee Joiner',
+ definition:
+ 'A new [[zigbee|Zigbee]] device attempting to join an existing network. Broadcasts a Beacon Request, picks a parent ({{zigbee-router|Router}} or {{zigbee-coordinator|Coordinator}}), sends an Association Request, and receives the network key encrypted under its pre-configured link key (often an {{install-code|install code}}).',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
+ category: 'protocol-mechanics'
},
{
- id: 'aps-layer',
- term: 'APS (Application Support Sub-layer)',
- definition:
- "The [[zigbee|Zigbee]] layer sitting between {{zigbee-nwk|NWK}} and the application. Handles end-to-end addressing of clusters, APS-level encryption (Transport-Key commands carry the network key encrypted under the link key), and bindings. Frame format: APS header + ZCL payload.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
- category: 'protocol-mechanics'
+ id: 'aps-layer',
+ term: 'APS (Application Support Sub-layer)',
+ definition:
+ 'The [[zigbee|Zigbee]] layer sitting between {{zigbee-nwk|NWK}} and the application. Handles end-to-end addressing of clusters, APS-level encryption (Transport-Key commands carry the network key encrypted under the link key), and bindings. Frame format: APS header + ZCL payload.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
+ category: 'protocol-mechanics'
},
{
- id: 'zigbee-nwk',
- term: 'NWK (Zigbee Network Layer)',
- definition:
- "The [[zigbee|Zigbee]] layer responsible for {{mesh-network|mesh}} routing (AODV-based), short-address allocation, and Device Announce broadcasts. Sits between {{ieee-802-15-4|802.15.4 MAC}} and {{aps-layer|APS}}; every NWK frame is encrypted with the network key.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
- category: 'protocol-mechanics'
+ id: 'zigbee-nwk',
+ term: 'NWK (Zigbee Network Layer)',
+ definition:
+ 'The [[zigbee|Zigbee]] layer responsible for {{mesh-network|mesh}} routing (AODV-based), short-address allocation, and Device Announce broadcasts. Sits between {{ieee-802-15-4|802.15.4 MAC}} and {{aps-layer|APS}}; every NWK frame is encrypted with the network key.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
+ category: 'protocol-mechanics'
},
{
- id: 'network-key',
- term: 'Network Key (Zigbee)',
- definition:
- "The 128-bit AES key shared by every device on a [[zigbee|Zigbee]] network. Encrypts every {{zigbee-nwk|NWK}} frame in transit. Delivered to a new joiner by the {{trust-center|Trust Center}} via an {{aps-layer|APS}} Transport-Key command, itself encrypted under the joiner's pre-configured link key.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
- category: 'security'
+ id: 'network-key',
+ term: 'Network Key (Zigbee)',
+ definition:
+ "The 128-bit AES key shared by every device on a [[zigbee|Zigbee]] network. Encrypts every {{zigbee-nwk|NWK}} frame in transit. Delivered to a new joiner by the {{trust-center|Trust Center}} via an {{aps-layer|APS}} Transport-Key command, itself encrypted under the joiner's pre-configured link key.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
+ category: 'security'
},
{
- id: 'short-address',
- term: 'Short address (16-bit)',
- definition:
- "A 16-bit address assigned by the {{zigbee-coordinator|Coordinator}} to each [[zigbee|Zigbee]] device after Association. Used in every {{zigbee-nwk|NWK}} header instead of the full 8-byte {{eui-64|EUI-64}} to save airtime on the constrained {{ieee-802-15-4|802.15.4}} radio.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
- category: 'networking-basics'
+ id: 'short-address',
+ term: 'Short address (16-bit)',
+ definition:
+ 'A 16-bit address assigned by the {{zigbee-coordinator|Coordinator}} to each [[zigbee|Zigbee]] device after Association. Used in every {{zigbee-nwk|NWK}} header instead of the full 8-byte {{eui-64|EUI-64}} to save airtime on the constrained {{ieee-802-15-4|802.15.4}} radio.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
+ category: 'networking-basics'
},
{
- id: 'eui-64',
- term: 'EUI-64',
- definition:
- "A 64-bit globally unique identifier assigned by IEEE OUI to {{ieee-802-15-4|802.15.4}}, [[bluetooth|Bluetooth]], and [[ipv6|IPv6]] devices. The long-term factory-burned identity, exchanged once at join time, then replaced by a {{short-address|short address}} for normal traffic in [[zigbee|Zigbee]].",
- wikiUrl: 'https://en.wikipedia.org/wiki/MAC_address',
- category: 'networking-basics'
+ id: 'eui-64',
+ term: 'EUI-64',
+ definition:
+ 'A 64-bit globally unique identifier assigned by IEEE OUI to {{ieee-802-15-4|802.15.4}}, [[bluetooth|Bluetooth]], and [[ipv6|IPv6]] devices. The long-term factory-burned identity, exchanged once at join time, then replaced by a {{short-address|short address}} for normal traffic in [[zigbee|Zigbee]].',
+ wikiUrl: 'https://en.wikipedia.org/wiki/MAC_address',
+ category: 'networking-basics'
},
{
- id: 'zigbee-zdo',
- term: 'ZDO (Zigbee Device Object)',
- definition:
- "Cluster 0x0013 on every [[zigbee|Zigbee]] device β handles device announcement, service discovery, binding, and network management. The Device Announce broadcast lets routers update their routing tables when a new device joins.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
- category: 'protocol-mechanics'
+ id: 'zigbee-zdo',
+ term: 'ZDO (Zigbee Device Object)',
+ definition:
+ 'Cluster 0x0013 on every [[zigbee|Zigbee]] device β handles device announcement, service discovery, binding, and network management. The Device Announce broadcast lets routers update their routing tables when a new device joins.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Zigbee',
+ category: 'protocol-mechanics'
},
{
- id: 'aodv',
- term: 'AODV (Ad-hoc On-demand Distance Vector)',
- definition:
- "The reactive {{mesh-network|mesh}} routing algorithm used by [[zigbee|Zigbee]] and other low-power meshes. Routes are discovered on demand via Route Request / Route Reply broadcasts; intermediate nodes cache routes and age them out. Trades convergence speed for low memory footprint.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Ad_hoc_On-Demand_Distance_Vector_Routing',
- category: 'protocol-mechanics'
+ id: 'aodv',
+ term: 'AODV (Ad-hoc On-demand Distance Vector)',
+ definition:
+ 'The reactive {{mesh-network|mesh}} routing algorithm used by [[zigbee|Zigbee]] and other low-power meshes. Routes are discovered on demand via Route Request / Route Reply broadcasts; intermediate nodes cache routes and age them out. Trades convergence speed for low memory footprint.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Ad_hoc_On-Demand_Distance_Vector_Routing',
+ category: 'protocol-mechanics'
},
{
- id: 'ds-twr',
- term: 'DS-TWR (Double-Sided Two-Way Ranging)',
- definition:
- "The three-message [[uwb|UWB]] ranging exchange (Poll, Response, Final) whose cross-product cancels relative clock drift between initiator and responder to first order. Achieves 10β30 cm distance accuracy where SS-TWR would drift with ppm clock error. Standardised in {{ieee-802-15-4|IEEE 802.15.4z}}.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Real-time_locating_system',
- category: 'protocol-mechanics'
+ id: 'ds-twr',
+ term: 'DS-TWR (Double-Sided Two-Way Ranging)',
+ definition:
+ 'The three-message [[uwb|UWB]] ranging exchange (Poll, Response, Final) whose cross-product cancels relative clock drift between initiator and responder to first order. Achieves 10β30 cm distance accuracy where SS-TWR would drift with ppm clock error. Standardised in {{ieee-802-15-4|IEEE 802.15.4z}}.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Real-time_locating_system',
+ category: 'protocol-mechanics'
},
{
- id: 'sfd',
- term: 'SFD (Start of Frame Delimiter)',
- definition:
- "The reference symbol an {{ieee-802-15-4|IEEE 802.15.4}} / [[uwb|UWB]] receiver locks onto to timestamp a frame's arrival. UWB DW3000-class chips resolve the SFD to ~15 picosecond precision β the foundation of {{tof-ranging|ToF}} distance measurement.",
- wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
- category: 'protocol-mechanics'
+ id: 'sfd',
+ term: 'SFD (Start of Frame Delimiter)',
+ definition:
+ "The reference symbol an {{ieee-802-15-4|IEEE 802.15.4}} / [[uwb|UWB]] receiver locks onto to timestamp a frame's arrival. UWB DW3000-class chips resolve the SFD to ~15 picosecond precision β the foundation of {{tof-ranging|ToF}} distance measurement.",
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
+ category: 'protocol-mechanics'
},
{
- id: 'pake',
- term: 'PAKE (Password-Authenticated Key Exchange)',
- definition:
- "A class of key-exchange protocols (SPAKE2+, OPAQUE, J-PAKE) that derive a strong shared key from a low-entropy password without leaking the password to an eavesdropper or active MITM. Used by {{ccc-digital-key|CCC Digital Key}}, {{matter|Matter}} commissioning, and WPA3 SAE.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Password-authenticated_key_agreement',
- category: 'security'
+ id: 'pake',
+ term: 'PAKE (Password-Authenticated Key Exchange)',
+ definition:
+ 'A class of key-exchange protocols (SPAKE2+, OPAQUE, J-PAKE) that derive a strong shared key from a low-entropy password without leaking the password to an eavesdropper or active MITM. Used by {{ccc-digital-key|CCC Digital Key}}, {{matter|Matter}} commissioning, and WPA3 SAE.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Password-authenticated_key_agreement',
+ category: 'security'
},
{
- id: 'nearby-interaction',
- term: 'Nearby Interaction (Apple)',
- definition:
- "Apple's framework that exposes [[uwb|UWB]] {{ds-twr|DS-TWR}} ranging on iPhone (U1/U2 chip) and Apple Watch to apps. Bootstraps the session over [[bluetooth|BLE]], runs UWB on Channel 9, refreshes distance and angle at ~10 Hz. The mechanism under AirTag Precision Finding.",
- wikiUrl: 'https://developer.apple.com/nearbyinteraction/',
- category: 'protocol-mechanics'
+ id: 'nearby-interaction',
+ term: 'Nearby Interaction (Apple)',
+ definition:
+ "Apple's framework that exposes [[uwb|UWB]] {{ds-twr|DS-TWR}} ranging on iPhone (U1/U2 chip) and Apple Watch to apps. Bootstraps the session over [[bluetooth|BLE]], runs UWB on Channel 9, refreshes distance and angle at ~10 Hz. The mechanism under AirTag Precision Finding.",
+ wikiUrl: 'https://developer.apple.com/nearbyinteraction/',
+ category: 'protocol-mechanics'
},
// ββ Acronym densification batch ββββββββββββββββββββββββββββββββββββ
@@ -6028,7 +6029,8 @@ export const concepts: Concept[] = [
term: 'API (Application Programming Interface)',
definition:
'The contract a piece of software exposes for other software to call. On the web it almost always means an HTTP-spoken interface β [[rest|REST]], [[grpc|gRPC]], [[graphql|GraphQL]], [[json-rpc|JSON-RPC]] β with a published URL shape, method, request/response schema, and auth model.',
- analogy: 'A restaurant menu: the kitchen exposes what it will cook, the rules, and the price β you order against the menu, not by walking into the kitchen.',
+ analogy:
+ 'A restaurant menu: the kitchen exposes what it will cook, the rules, and the price β you order against the menu, not by walking into the kitchen.',
wikiUrl: 'https://en.wikipedia.org/wiki/API',
category: 'web'
},
@@ -6116,7 +6118,7 @@ export const concepts: Concept[] = [
id: 'ram',
term: 'RAM (Random-Access Memory)',
definition:
- "Volatile working memory. In constrained-device contexts ([[coap|CoAP]] sensors, [[zigbee|Zigbee]] nodes), RAM is measured in kilobytes β a hard ceiling on how much protocol state you can keep per connection.",
+ 'Volatile working memory. In constrained-device contexts ([[coap|CoAP]] sensors, [[zigbee|Zigbee]] nodes), RAM is measured in kilobytes β a hard ceiling on how much protocol state you can keep per connection.',
wikiUrl: 'https://en.wikipedia.org/wiki/Random-access_memory',
category: 'infrastructure'
},
@@ -6140,7 +6142,7 @@ export const concepts: Concept[] = [
id: 'html',
term: 'HTML (HyperText Markup Language)',
definition:
- "The document format the web ships over [[http1|HTTP]]. Invented by [[pioneer:tim-berners-lee|Tim Berners-Lee]] at CERN in 1989 alongside HTTP and URLs β one of the three pillars that made the web a thing.",
+ 'The document format the web ships over [[http1|HTTP]]. Invented by [[pioneer:tim-berners-lee|Tim Berners-Lee]] at CERN in 1989 alongside HTTP and URLs β one of the three pillars that made the web a thing.',
wikiUrl: 'https://en.wikipedia.org/wiki/HTML',
category: 'web'
},
@@ -6172,7 +6174,7 @@ export const concepts: Concept[] = [
id: 'uuid',
term: 'UUID (Universally Unique Identifier)',
definition:
- "128-bit identifier with enough entropy that two systems can mint them independently without collision. Used everywhere from [[bluetooth|BLE]] service IDs to database primary keys to {{matter|Matter}} fabric IDs.",
+ '128-bit identifier with enough entropy that two systems can mint them independently without collision. Used everywhere from [[bluetooth|BLE]] service IDs to database primary keys to {{matter|Matter}} fabric IDs.',
wikiUrl: 'https://en.wikipedia.org/wiki/Universally_unique_identifier',
category: 'protocol-mechanics'
},
@@ -6219,7 +6221,7 @@ export const concepts: Concept[] = [
id: 'osi',
term: 'OSI (Open Systems Interconnection)',
definition:
- "The seven-layer reference model (Physical, Data Link, Network, Transport, Session, Presentation, Application) that the world learned networking through, even though the actual OSI protocol suite lost to [[tcp|TCP]]/[[ip|IP]]. Still the lingua franca for arguing about which layer a problem belongs to.",
+ 'The seven-layer reference model (Physical, Data Link, Network, Transport, Session, Presentation, Application) that the world learned networking through, even though the actual OSI protocol suite lost to [[tcp|TCP]]/[[ip|IP]]. Still the lingua franca for arguing about which layer a problem belongs to.',
wikiUrl: 'https://en.wikipedia.org/wiki/OSI_model',
category: 'networking-basics'
},
@@ -6243,7 +6245,7 @@ export const concepts: Concept[] = [
id: 'mtu-acronym',
term: 'MTU',
definition:
- "Maximum Transmission Unit β the largest [[ip|IP]] payload that fits in one [[ethernet|link-layer]] frame without fragmentation. Standard Ethernet is 1500 bytes; jumbo frames go to 9000; PMTUD and PLPMTUD find the smallest MTU on a path. See {{mtu|MTU}} for the full entry.",
+ 'Maximum Transmission Unit β the largest [[ip|IP]] payload that fits in one [[ethernet|link-layer]] frame without fragmentation. Standard Ethernet is 1500 bytes; jumbo frames go to 9000; PMTUD and PLPMTUD find the smallest MTU on a path. See {{mtu|MTU}} for the full entry.',
wikiUrl: 'https://en.wikipedia.org/wiki/Maximum_transmission_unit',
category: 'protocol-mechanics'
},
@@ -6251,7 +6253,7 @@ export const concepts: Concept[] = [
id: 'sla',
term: 'SLA (Service Level Agreement)',
definition:
- "The contracted promise β typically a percentage uptime, a latency budget, a [[#rto|RTO]] β that a service makes to its customers. Often the lever that forces an architecture change after an outage.",
+ 'The contracted promise β typically a percentage uptime, a latency budget, a [[#rto|RTO]] β that a service makes to its customers. Often the lever that forces an architecture change after an outage.',
wikiUrl: 'https://en.wikipedia.org/wiki/Service-level_agreement',
category: 'infrastructure'
},
@@ -6301,7 +6303,7 @@ export const concepts: Concept[] = [
id: 'ibm',
term: 'IBM',
definition:
- "International Business Machines. The mainframe giant whose 1970s networking (SNA) the internet replaced β and whose later research arms shipped MQTT (Andy Stanford-Clark), RSA-precursor work, and a long tail of standards committee labour.",
+ 'International Business Machines. The mainframe giant whose 1970s networking (SNA) the internet replaced β and whose later research arms shipped MQTT (Andy Stanford-Clark), RSA-precursor work, and a long tail of standards committee labour.',
wikiUrl: 'https://en.wikipedia.org/wiki/IBM',
category: 'infrastructure'
},
@@ -6373,7 +6375,7 @@ export const concepts: Concept[] = [
id: 'parc',
term: 'Xerox PARC',
definition:
- "Palo Alto Research Center. Where Ethernet was sketched in 1973 ([[pioneer:bob-metcalfe|Bob Metcalfe]], David Boggs), where the modern GUI was invented, where the Alto workstation networked over the original 2.94 Mb/s Ethernet β a stunning concentration of firsts.",
+ 'Palo Alto Research Center. Where Ethernet was sketched in 1973 ([[pioneer:bob-metcalfe|Bob Metcalfe]], David Boggs), where the modern GUI was invented, where the Alto workstation networked over the original 2.94 Mb/s Ethernet β a stunning concentration of firsts.',
wikiUrl: 'https://en.wikipedia.org/wiki/PARC_(company)',
category: 'infrastructure'
},
@@ -6399,7 +6401,7 @@ export const concepts: Concept[] = [
id: 'aes-128',
term: 'AES-128',
definition:
- "[[#aes|AES]] with a 128-bit key β 10 rounds, fast everywhere. Used by MIFARE DESFire EV2/EV3, [[wireguard|WireGuard]] (via ChaCha alternative), TLS 1.3 cipher suites, and [[ipsec|IPsec]] ESP defaults.",
+ '[[#aes|AES]] with a 128-bit key β 10 rounds, fast everywhere. Used by MIFARE DESFire EV2/EV3, [[wireguard|WireGuard]] (via ChaCha alternative), TLS 1.3 cipher suites, and [[ipsec|IPsec]] ESP defaults.',
wikiUrl: 'https://en.wikipedia.org/wiki/Advanced_Encryption_Standard',
category: 'security'
},
@@ -6407,7 +6409,7 @@ export const concepts: Concept[] = [
id: 'md5',
term: 'MD5 (Message-Digest 5)',
definition:
- "The 128-bit hash function Ron Rivest published in 1991. Practical collision attacks since 2004 (Wang Xiaoyun) made it cryptographically dead, but its checksum use in `MD5SUM` files and legacy [[bgp|BGP]] / [[tcp|TCP]]-MD5 lingers.",
+ 'The 128-bit hash function Ron Rivest published in 1991. Practical collision attacks since 2004 (Wang Xiaoyun) made it cryptographically dead, but its checksum use in `MD5SUM` files and legacy [[bgp|BGP]] / [[tcp|TCP]]-MD5 lingers.',
wikiUrl: 'https://en.wikipedia.org/wiki/MD5',
category: 'security'
},
@@ -6423,7 +6425,7 @@ export const concepts: Concept[] = [
id: 'sha256',
term: 'SHA-256',
definition:
- "256-bit member of the SHA-2 family β the workhorse hash for HMAC, [[tls|TLS]] 1.3 transcripts, Bitcoin, [[ssh|SSH]] fingerprints, and almost every modern signature scheme.",
+ '256-bit member of the SHA-2 family β the workhorse hash for HMAC, [[tls|TLS]] 1.3 transcripts, Bitcoin, [[ssh|SSH]] fingerprints, and almost every modern signature scheme.',
wikiUrl: 'https://en.wikipedia.org/wiki/SHA-2',
category: 'security'
},
@@ -6431,7 +6433,7 @@ export const concepts: Concept[] = [
id: 'sha2',
term: 'SHA-2',
definition:
- "Family of [[#nist|NIST]] hash functions (SHA-224/256/384/512) published in 2001 to replace [[#sha1|SHA-1]]. Still considered secure in 2026, but the world is migrating to SHA-3 and post-quantum primitives in parallel.",
+ 'Family of [[#nist|NIST]] hash functions (SHA-224/256/384/512) published in 2001 to replace [[#sha1|SHA-1]]. Still considered secure in 2026, but the world is migrating to SHA-3 and post-quantum primitives in parallel.',
wikiUrl: 'https://en.wikipedia.org/wiki/SHA-2',
category: 'security'
},
@@ -6455,7 +6457,7 @@ export const concepts: Concept[] = [
id: 'ecc',
term: 'ECC (Elliptic Curve Cryptography)',
definition:
- "Public-key cryptography over elliptic curves β equivalent security to RSA at much smaller key sizes (256-bit ECC β 3072-bit RSA). The basis of [[#ecdhe|ECDHE]], [[#ecdsa|ECDSA]], Ed25519, and [[#x25519|X25519]].",
+ 'Public-key cryptography over elliptic curves β equivalent security to RSA at much smaller key sizes (256-bit ECC β 3072-bit RSA). The basis of [[#ecdhe|ECDHE]], [[#ecdsa|ECDSA]], Ed25519, and [[#x25519|X25519]].',
wikiUrl: 'https://en.wikipedia.org/wiki/Elliptic-curve_cryptography',
category: 'security'
},
@@ -6471,7 +6473,7 @@ export const concepts: Concept[] = [
id: 'ecdsa-acr',
term: 'ECDSA (Elliptic Curve Digital Signature Algorithm)',
definition:
- "[[#ecc|Elliptic-curve]] signature scheme used in [[tls|TLS]] server certificates, [[ssh|SSH]] host keys, and most blockchains. Smaller signatures and keys than RSA at equivalent security.",
+ '[[#ecc|Elliptic-curve]] signature scheme used in [[tls|TLS]] server certificates, [[ssh|SSH]] host keys, and most blockchains. Smaller signatures and keys than RSA at equivalent security.',
wikiUrl: 'https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm',
category: 'security'
},
@@ -6487,7 +6489,7 @@ export const concepts: Concept[] = [
id: 'spake2',
term: 'SPAKE2',
definition:
- "Password-authenticated key {{exchange|exchange}} β derives a strong session key from a low-entropy password without leaking it. Used by {{matter|Matter}} commissioning (SPAKE2+), {{ccc-digital-key|CCC Digital Key}}, and a growing slice of zero-trust pairing flows.",
+ 'Password-authenticated key {{exchange|exchange}} β derives a strong session key from a low-entropy password without leaking it. Used by {{matter|Matter}} commissioning (SPAKE2+), {{ccc-digital-key|CCC Digital Key}}, and a growing slice of zero-trust pairing flows.',
wikiUrl: 'https://datatracker.ietf.org/doc/rfc9382/',
category: 'security'
},
@@ -6495,7 +6497,7 @@ export const concepts: Concept[] = [
id: 'pq',
term: 'PQ (Post-Quantum)',
definition:
- "Shorthand for *post-quantum* cryptography β primitives believed to survive a sufficiently large quantum computer. Hybrid PQ key exchange (X25519 + ML-KEM) is rolling out in [[tls|TLS]] now to defeat *harvest-now-decrypt-later* adversaries.",
+ 'Shorthand for *post-quantum* cryptography β primitives believed to survive a sufficiently large quantum computer. Hybrid PQ key exchange (X25519 + ML-KEM) is rolling out in [[tls|TLS]] now to defeat *harvest-now-decrypt-later* adversaries.',
wikiUrl: 'https://en.wikipedia.org/wiki/Post-quantum_cryptography',
category: 'security'
},
@@ -6511,7 +6513,7 @@ export const concepts: Concept[] = [
id: 'nist',
term: 'NIST (National Institute of Standards and Technology)',
definition:
- "The US standards body that runs cryptographic standardisation β [[#aes|AES]] (FIPS 197), SHA-2/SHA-3, [[#pqc|PQC]] (FIPS 203/204/205). Its calls for proposals quietly set the global crypto agenda.",
+ 'The US standards body that runs cryptographic standardisation β [[#aes|AES]] (FIPS 197), SHA-2/SHA-3, [[#pqc|PQC]] (FIPS 203/204/205). Its calls for proposals quietly set the global crypto agenda.',
wikiUrl: 'https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology',
category: 'security'
},
@@ -6527,7 +6529,7 @@ export const concepts: Concept[] = [
id: 'cve',
term: 'CVE (Common Vulnerabilities and Exposures)',
definition:
- "The MITRE-run public catalogue of disclosed security flaws β every entry has a CVE-YYYY-NNNNN identifier so vendors, scanners, and incident responders can talk about the same bug. Most protocol weaknesses you read about here (Heartbleed, KNOB, BLUFFS) have CVE numbers attached.",
+ 'The MITRE-run public catalogue of disclosed security flaws β every entry has a CVE-YYYY-NNNNN identifier so vendors, scanners, and incident responders can talk about the same bug. Most protocol weaknesses you read about here (Heartbleed, KNOB, BLUFFS) have CVE numbers attached.',
wikiUrl: 'https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures',
category: 'security'
},
@@ -6575,7 +6577,7 @@ export const concepts: Concept[] = [
id: 'hsm',
term: 'HSM (Hardware Security Module)',
definition:
- "A tamper-resistant box (USB key, PCIe card, rack appliance) that holds private keys and signs / decrypts inside the device β keys never leave the boundary. Used for [[tls|TLS]] root CAs, payment HSMs, and modern enclave-style auth.",
+ 'A tamper-resistant box (USB key, PCIe card, rack appliance) that holds private keys and signs / decrypts inside the device β keys never leave the boundary. Used for [[tls|TLS]] root CAs, payment HSMs, and modern enclave-style auth.',
wikiUrl: 'https://en.wikipedia.org/wiki/Hardware_security_module',
category: 'security'
},
@@ -6583,7 +6585,7 @@ export const concepts: Concept[] = [
id: 'sso',
term: 'SSO (Single Sign-On)',
definition:
- "Login once, access many services β the property [[oauth2|OAuth]] / OIDC / [[ssh|Kerberos]] / SAML all deliver in different shapes. The convenience that makes federated identity worth the integration pain.",
+ 'Login once, access many services β the property [[oauth2|OAuth]] / OIDC / [[ssh|Kerberos]] / SAML all deliver in different shapes. The convenience that makes federated identity worth the integration pain.',
wikiUrl: 'https://en.wikipedia.org/wiki/Single_sign-on',
category: 'security'
},
@@ -6609,7 +6611,7 @@ export const concepts: Concept[] = [
id: 'crud',
term: 'CRUD',
definition:
- "Create, Read, Update, Delete β the canonical four operations almost every backend resource maps onto. REST maps these to POST / GET / PUT-PATCH / DELETE.",
+ 'Create, Read, Update, Delete β the canonical four operations almost every backend resource maps onto. REST maps these to POST / GET / PUT-PATCH / DELETE.',
wikiUrl: 'https://en.wikipedia.org/wiki/Create,_read,_update_and_delete',
category: 'web'
},
@@ -6617,7 +6619,7 @@ export const concepts: Concept[] = [
id: 'mime-acr',
term: 'MIME',
definition:
- "Multipurpose Internet Mail Extensions β the [[rfc:2045|RFC 2045]] / [[rfc:2046|RFC 2046]] machinery for tagging payload types (`text/html`, `image/png`, `application/json`) and bundling attachments. Born for [[smtp|email]], reused as the `Content-Type` system of [[http1|HTTP]] and HTTP/2/3.",
+ 'Multipurpose Internet Mail Extensions β the [[rfc:2045|RFC 2045]] / [[rfc:2046|RFC 2046]] machinery for tagging payload types (`text/html`, `image/png`, `application/json`) and bundling attachments. Born for [[smtp|email]], reused as the `Content-Type` system of [[http1|HTTP]] and HTTP/2/3.',
wikiUrl: 'https://en.wikipedia.org/wiki/MIME',
category: 'web'
},
@@ -6625,7 +6627,7 @@ export const concepts: Concept[] = [
id: 'ssl-cert',
term: 'SSL Cert',
definition:
- "Colloquial name for a [[tls|TLS]] X.509 server certificate β the file your CA issued you, even though SSL itself was retired around 1999. The acronym refuses to die.",
+ 'Colloquial name for a [[tls|TLS]] X.509 server certificate β the file your CA issued you, even though SSL itself was retired around 1999. The acronym refuses to die.',
wikiUrl: 'https://en.wikipedia.org/wiki/Public_key_certificate',
category: 'security'
},
@@ -6675,7 +6677,7 @@ export const concepts: Concept[] = [
id: 'crc',
term: 'CRC (Cyclic Redundancy Check)',
definition:
- "A polynomial checksum used at almost every protocol layer ([[ethernet|Ethernet]] FCS, IP/TCP checksums, [[zigbee|802.15.4]] PHY) to detect bit errors. Cheap to compute in hardware; defeats single- and burst-errors of bounded length.",
+ 'A polynomial checksum used at almost every protocol layer ([[ethernet|Ethernet]] FCS, IP/TCP checksums, [[zigbee|802.15.4]] PHY) to detect bit errors. Cheap to compute in hardware; defeats single- and burst-errors of bounded length.',
wikiUrl: 'https://en.wikipedia.org/wiki/Cyclic_redundancy_check',
category: 'protocol-mechanics'
},
@@ -6715,7 +6717,7 @@ export const concepts: Concept[] = [
id: 'isis',
term: 'IS-IS (Intermediate System to Intermediate System)',
definition:
- "Link-state routing protocol from the OSI suite ([[#iso-iec|ISO/IEC]] 10589) that quietly runs inside most large ISP backbones β same family as [[ospf|OSPF]] but encoded directly on top of [[ethernet|L2]] rather than [[ip|IP]]. Loved by Tier-1s for its multi-protocol cleanliness.",
+ 'Link-state routing protocol from the OSI suite ([[#iso-iec|ISO/IEC]] 10589) that quietly runs inside most large ISP backbones β same family as [[ospf|OSPF]] but encoded directly on top of [[ethernet|L2]] rather than [[ip|IP]]. Loved by Tier-1s for its multi-protocol cleanliness.',
wikiUrl: 'https://en.wikipedia.org/wiki/IS-IS',
category: 'protocol-mechanics'
},
@@ -6731,7 +6733,7 @@ export const concepts: Concept[] = [
id: 'med',
term: 'MED (Multi-Exit Discriminator)',
definition:
- "A [[bgp|BGP]] attribute (path-selection step 7) that lets an AS hint to its neighbour which of multiple links is preferred for inbound traffic. Meaningful only between paths from the *same* neighbouring AS β a frequent source of policy confusion.",
+ 'A [[bgp|BGP]] attribute (path-selection step 7) that lets an AS hint to its neighbour which of multiple links is preferred for inbound traffic. Meaningful only between paths from the *same* neighbouring AS β a frequent source of policy confusion.',
wikiUrl: 'https://en.wikipedia.org/wiki/Border_Gateway_Protocol#MULTI_EXIT_DISC',
category: 'protocol-mechanics'
},
@@ -6739,7 +6741,7 @@ export const concepts: Concept[] = [
id: 'sfu',
term: 'SFU (Selective Forwarding Unit)',
definition:
- 'A media server that receives each [[webrtc|WebRTC]] participant\'s stream once and forwards copies to the other participants β without transcoding. The scalable middle ground between mesh (every-to-every) and MCU (re-encode in the middle).',
+ "A media server that receives each [[webrtc|WebRTC]] participant's stream once and forwards copies to the other participants β without transcoding. The scalable middle ground between mesh (every-to-every) and MCU (re-encode in the middle).",
wikiUrl: 'https://webrtcglossary.com/sfu/',
category: 'protocol-mechanics'
},
@@ -6747,7 +6749,7 @@ export const concepts: Concept[] = [
id: 'sip-uri',
term: 'SIP URI',
definition:
- "`sip:alice@example.com` or `sips:alice@example.com` β the addressable identifier for a [[sip|SIP]] endpoint. `sips:` requires [[tls|TLS]] hop-by-hop but does not promise end-to-end encryption (an upstream relay sees plaintext).",
+ '`sip:alice@example.com` or `sips:alice@example.com` β the addressable identifier for a [[sip|SIP]] endpoint. `sips:` requires [[tls|TLS]] hop-by-hop but does not promise end-to-end encryption (an upstream relay sees plaintext).',
wikiUrl: 'https://en.wikipedia.org/wiki/Session_Initiation_Protocol#SIP_URI',
category: 'protocol-mechanics'
},
@@ -6757,7 +6759,7 @@ export const concepts: Concept[] = [
id: 'gsm',
term: 'GSM (Global System for Mobile Communications)',
definition:
- "The 2G European cellular standard (1991) that ate the world β first to digitise voice, first to define the SIM, the only network on which texting (SMS) was an accidental afterthought. Survives in patches for fallback in 2026.",
+ 'The 2G European cellular standard (1991) that ate the world β first to digitise voice, first to define the SIM, the only network on which texting (SMS) was an accidental afterthought. Survives in patches for fallback in 2026.',
wikiUrl: 'https://en.wikipedia.org/wiki/GSM',
category: 'protocol-mechanics'
},
@@ -6765,7 +6767,7 @@ export const concepts: Concept[] = [
id: 'cdma',
term: 'CDMA (Code-Division Multiple Access)',
definition:
- "Spread-spectrum multiple-access scheme [[pioneer:irwin-jacobs|Irwin Jacobs]] and Qualcomm shipped commercially in IS-95 (1995) β every user transmits on the same frequency, distinguished by orthogonal codes. The math underneath 3G WCDMA and CDMA2000.",
+ 'Spread-spectrum multiple-access scheme [[pioneer:irwin-jacobs|Irwin Jacobs]] and Qualcomm shipped commercially in IS-95 (1995) β every user transmits on the same frequency, distinguished by orthogonal codes. The math underneath 3G WCDMA and CDMA2000.',
wikiUrl: 'https://en.wikipedia.org/wiki/Code-division_multiple_access',
category: 'protocol-mechanics'
},
@@ -6781,7 +6783,7 @@ export const concepts: Concept[] = [
id: 'umts',
term: 'UMTS (Universal Mobile Telecommunications System)',
definition:
- "The 3GPP-defined 3G family β [[#wcdma|WCDMA]] radio + a packet core that finally treated data as a first-class citizen. Replaced by LTE in the 2010s and now shutting down worldwide.",
+ 'The 3GPP-defined 3G family β [[#wcdma|WCDMA]] radio + a packet core that finally treated data as a first-class citizen. Replaced by LTE in the 2010s and now shutting down worldwide.',
wikiUrl: 'https://en.wikipedia.org/wiki/UMTS',
category: 'protocol-mechanics'
},
@@ -6789,7 +6791,7 @@ export const concepts: Concept[] = [
id: 'epc',
term: 'EPC (Evolved Packet Core)',
definition:
- "The 4G/LTE all-IP core network β MME, SGW, PGW components β replacing the circuit-switched leftovers of 3G. Replaced again in 5G by the service-based architecture (5GC SBA).",
+ 'The 4G/LTE all-IP core network β MME, SGW, PGW components β replacing the circuit-switched leftovers of 3G. Replaced again in 5G by the service-based architecture (5GC SBA).',
wikiUrl: 'https://en.wikipedia.org/wiki/System_Architecture_Evolution',
category: 'protocol-mechanics'
},
@@ -6797,7 +6799,7 @@ export const concepts: Concept[] = [
id: 'gps',
term: 'GPS (Global Positioning System)',
definition:
- "US-operated satellite constellation that broadcasts time-stamped signals so a receiver can trilaterate position. Network-adjacent: GPS provides the high-precision time source many [[ntp|NTP]] / PTP stratum-1 servers discipline themselves to.",
+ 'US-operated satellite constellation that broadcasts time-stamped signals so a receiver can trilaterate position. Network-adjacent: GPS provides the high-precision time source many [[ntp|NTP]] / PTP stratum-1 servers discipline themselves to.',
wikiUrl: 'https://en.wikipedia.org/wiki/Global_Positioning_System',
category: 'infrastructure'
},
@@ -6805,7 +6807,7 @@ export const concepts: Concept[] = [
id: 'qam',
term: 'QAM (Quadrature Amplitude Modulation)',
definition:
- "A modulation scheme that packs multiple bits per symbol by varying amplitude and phase. 4096-QAM (Wi-Fi 7, DOCSIS 4.0) means 12 bits/symbol β at the cost of needing a clean SNR.",
+ 'A modulation scheme that packs multiple bits per symbol by varying amplitude and phase. 4096-QAM (Wi-Fi 7, DOCSIS 4.0) means 12 bits/symbol β at the cost of needing a clean SNR.',
wikiUrl: 'https://en.wikipedia.org/wiki/Quadrature_amplitude_modulation',
category: 'protocol-mechanics'
},
@@ -6813,7 +6815,7 @@ export const concepts: Concept[] = [
id: 'bpsk',
term: 'BPSK (Binary Phase Shift Keying)',
definition:
- "The simplest phase-modulation scheme β one bit per symbol, two phases 180Β° apart. Robust to noise, used in [[nfc|NFC-A]] PICC-to-PCD return signalling, GPS, and the lowest [[wifi|Wi-Fi]] data rates.",
+ 'The simplest phase-modulation scheme β one bit per symbol, two phases 180Β° apart. Robust to noise, used in [[nfc|NFC-A]] PICC-to-PCD return signalling, GPS, and the lowest [[wifi|Wi-Fi]] data rates.',
wikiUrl: 'https://en.wikipedia.org/wiki/Phase-shift_keying#Binary_phase-shift_keying_(BPSK)',
category: 'protocol-mechanics'
},
@@ -6821,7 +6823,7 @@ export const concepts: Concept[] = [
id: 'csma-cd',
term: 'CSMA/CD',
definition:
- "Carrier-Sense Multiple Access with Collision Detection β the original [[ethernet|Ethernet]] mediation algorithm: listen, talk, detect collisions, back off. Obsolete once switches replaced hubs; the modern descendant on Wi-Fi is {{csma-ca|CSMA/CA}}.",
+ 'Carrier-Sense Multiple Access with Collision Detection β the original [[ethernet|Ethernet]] mediation algorithm: listen, talk, detect collisions, back off. Obsolete once switches replaced hubs; the modern descendant on Wi-Fi is {{csma-ca|CSMA/CA}}.',
wikiUrl: 'https://en.wikipedia.org/wiki/Carrier-sense_multiple_access_with_collision_detection',
category: 'protocol-mechanics'
},
@@ -6837,7 +6839,7 @@ export const concepts: Concept[] = [
id: 'mac-media',
term: 'MAC (Media Access Control)',
definition:
- "The data-link sub-layer that decides *who talks next* on a shared medium β [[ethernet|Ethernet]] MAC, Wi-Fi MAC, [[zigbee|802.15.4]] MAC. Distinct from a {{mac-address|MAC address}}, which is the identifier the MAC layer uses.",
+ 'The data-link sub-layer that decides *who talks next* on a shared medium β [[ethernet|Ethernet]] MAC, Wi-Fi MAC, [[zigbee|802.15.4]] MAC. Distinct from a {{mac-address|MAC address}}, which is the identifier the MAC layer uses.',
wikiUrl: 'https://en.wikipedia.org/wiki/Medium_access_control',
category: 'networking-basics'
},
@@ -6845,7 +6847,7 @@ export const concepts: Concept[] = [
id: 'ap-access-point',
term: 'AP (Access Point)',
definition:
- "The radio that bridges [[wifi|Wi-Fi]] clients to the wired [[ethernet|Ethernet]] LAN. APs broadcast beacons announcing the SSID, do CSMA/CA arbitration, and own the BSS β the unit Wi-Fi roaming hops between.",
+ 'The radio that bridges [[wifi|Wi-Fi]] clients to the wired [[ethernet|Ethernet]] LAN. APs broadcast beacons announcing the SSID, do CSMA/CA arbitration, and own the BSS β the unit Wi-Fi roaming hops between.',
wikiUrl: 'https://en.wikipedia.org/wiki/Wireless_access_point',
category: 'protocol-mechanics'
},
@@ -6853,7 +6855,7 @@ export const concepts: Concept[] = [
id: 'rts-cts',
term: 'RTS/CTS',
definition:
- "Request-To-Send / Clear-To-Send β the optional [[wifi|Wi-Fi]] handshake that reserves a duration of the medium before a frame. Trades latency for protection against hidden-node collisions; mostly used at high data rates today.",
+ 'Request-To-Send / Clear-To-Send β the optional [[wifi|Wi-Fi]] handshake that reserves a duration of the medium before a frame. Trades latency for protection against hidden-node collisions; mostly used at high data rates today.',
wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11_RTS/CTS',
category: 'protocol-mechanics'
},
@@ -6861,7 +6863,7 @@ export const concepts: Concept[] = [
id: 'sms',
term: 'SMS (Short Message Service)',
definition:
- "160-character text messaging, born in the [[#gsm|GSM]] standard (1992) as a control-plane afterthought and accidentally becoming the most reliable global-reach messaging system on earth. Still the fallback for satellite Direct-to-Cell.",
+ '160-character text messaging, born in the [[#gsm|GSM]] standard (1992) as a control-plane afterthought and accidentally becoming the most reliable global-reach messaging system on earth. Still the fallback for satellite Direct-to-Cell.',
wikiUrl: 'https://en.wikipedia.org/wiki/SMS',
category: 'protocol-mechanics'
},
@@ -6869,7 +6871,7 @@ export const concepts: Concept[] = [
id: 'docsis',
term: 'DOCSIS (Data Over Cable Service Interface Specification)',
definition:
- "The protocol stack that turns cable-TV coax into broadband. DOCSIS 4.0 (2026 deployments) adds 4096-QAM, full-duplex, and {{l4s|L4S}} support for low-latency queueing.",
+ 'The protocol stack that turns cable-TV coax into broadband. DOCSIS 4.0 (2026 deployments) adds 4096-QAM, full-duplex, and {{l4s|L4S}} support for low-latency queueing.',
wikiUrl: 'https://en.wikipedia.org/wiki/DOCSIS',
category: 'protocol-mechanics'
},
@@ -6887,7 +6889,7 @@ export const concepts: Concept[] = [
id: 'hevc',
term: 'HEVC',
definition:
- "H.265 / High Efficiency Video Coding β successor to H.264, ~50% better compression for the same quality, but a patent thicket so dense that royalty-free AV1 was created to escape it.",
+ 'H.265 / High Efficiency Video Coding β successor to H.264, ~50% better compression for the same quality, but a patent thicket so dense that royalty-free AV1 was created to escape it.',
wikiUrl: 'https://en.wikipedia.org/wiki/High_Efficiency_Video_Coding',
category: 'web'
},
@@ -6895,7 +6897,7 @@ export const concepts: Concept[] = [
id: 'drm',
term: 'DRM (Digital Rights Management)',
definition:
- "The cryptographic + legal machinery that gates streamed video β Widevine, FairPlay, PlayReady. License exchanges flow over [[tls|TLS]] alongside the [[dash|DASH]] / [[hls|HLS]] media segments.",
+ 'The cryptographic + legal machinery that gates streamed video β Widevine, FairPlay, PlayReady. License exchanges flow over [[tls|TLS]] alongside the [[dash|DASH]] / [[hls|HLS]] media segments.',
wikiUrl: 'https://en.wikipedia.org/wiki/Digital_rights_management',
category: 'security'
},
@@ -6913,7 +6915,7 @@ export const concepts: Concept[] = [
id: 'emv',
term: 'EMV (Europay, Mastercard, Visa)',
definition:
- "The smart-card payment standard (and consortium) named after its founders. EMV runs on contactless and chip-and-PIN cards globally β over [[#iso-iec|ISO/IEC]] 14443 at the link layer, ISO 7816 at the application layer.",
+ 'The smart-card payment standard (and consortium) named after its founders. EMV runs on contactless and chip-and-PIN cards globally β over [[#iso-iec|ISO/IEC]] 14443 at the link layer, ISO 7816 at the application layer.',
wikiUrl: 'https://en.wikipedia.org/wiki/EMV',
category: 'protocol-mechanics'
},
@@ -6929,7 +6931,7 @@ export const concepts: Concept[] = [
id: 'pcd',
term: 'PCD (Proximity Coupling Device)',
definition:
- "The [[#iso-iec|ISO/IEC]] 14443 name for the *reader* in an [[nfc|NFC]] / contactless-card exchange β the active side that powers the antenna and initiates communication.",
+ 'The [[#iso-iec|ISO/IEC]] 14443 name for the *reader* in an [[nfc|NFC]] / contactless-card exchange β the active side that powers the antenna and initiates communication.',
wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
category: 'protocol-mechanics'
},
@@ -6937,7 +6939,7 @@ export const concepts: Concept[] = [
id: 'tlv',
term: 'TLV (Type-Length-Value)',
definition:
- "A compact, extensible encoding pattern β one byte of type, one or more bytes of length, then `length` bytes of value. Used by [[ipsec|IKE]], BGP attributes, [[nfc|NDEF]], EMV ICC data, and many constrained-device protocols.",
+ 'A compact, extensible encoding pattern β one byte of type, one or more bytes of length, then `length` bytes of value. Used by [[ipsec|IKE]], BGP attributes, [[nfc|NDEF]], EMV ICC data, and many constrained-device protocols.',
wikiUrl: 'https://en.wikipedia.org/wiki/Type%E2%80%93length%E2%80%93value',
category: 'protocol-mechanics'
},
@@ -6945,7 +6947,7 @@ export const concepts: Concept[] = [
id: 'icao',
term: 'ICAO (International Civil Aviation Organization)',
definition:
- "The UN agency that, alongside writing aviation rules, also defines the file structure of biometric e-passports β the data groups (DG1 MRZ, DG2 photo, EF.SOD, EF.COM) that an [[#iso-iec|ISO/IEC]] 14443-4 reader pulls off the passport chip.",
+ 'The UN agency that, alongside writing aviation rules, also defines the file structure of biometric e-passports β the data groups (DG1 MRZ, DG2 photo, EF.SOD, EF.COM) that an [[#iso-iec|ISO/IEC]] 14443-4 reader pulls off the passport chip.',
wikiUrl: 'https://en.wikipedia.org/wiki/International_Civil_Aviation_Organization',
category: 'infrastructure'
},
@@ -6953,7 +6955,7 @@ export const concepts: Concept[] = [
id: 'se-secure-element',
term: 'SE (Secure Element)',
definition:
- "A tamper-resistant chip inside a phone or card that holds keys and runs sensitive applets (payment, transit, access). The eSE in modern phones replaces SIM-based SE for [[nfc|NFC]] payments.",
+ 'A tamper-resistant chip inside a phone or card that holds keys and runs sensitive applets (payment, transit, access). The eSE in modern phones replaces SIM-based SE for [[nfc|NFC]] payments.',
wikiUrl: 'https://www.globalplatform.org/specificationsdevice.asp',
category: 'security'
},
@@ -6969,7 +6971,7 @@ export const concepts: Concept[] = [
id: 'sak',
term: 'SAK (Select Acknowledge)',
definition:
- "The byte an [[#iso-iec|ISO/IEC]] 14443-A card returns in response to a SELECT β encodes whether the card supports ISO 14443-4 and is the moment the reader decides which protocol stack to switch into.",
+ 'The byte an [[#iso-iec|ISO/IEC]] 14443-A card returns in response to a SELECT β encodes whether the card supports ISO 14443-4 and is the moment the reader decides which protocol stack to switch into.',
wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
category: 'protocol-mechanics'
},
@@ -6979,7 +6981,7 @@ export const concepts: Concept[] = [
id: 'sig',
term: 'SIG (Bluetooth SIG)',
definition:
- "The Bluetooth Special Interest Group β the standards body that owns the [[bluetooth|Bluetooth]] specs (Core, Mesh, LE Audio, BR/EDR). Members like Apple, Google, Samsung, and Microsoft drive what ends up in a release.",
+ 'The Bluetooth Special Interest Group β the standards body that owns the [[bluetooth|Bluetooth]] specs (Core, Mesh, LE Audio, BR/EDR). Members like Apple, Google, Samsung, and Microsoft drive what ends up in a release.',
wikiUrl: 'https://www.bluetooth.com/about-us/',
category: 'infrastructure'
},
@@ -6995,7 +6997,7 @@ export const concepts: Concept[] = [
id: 'le-low-energy',
term: 'LE (Low Energy)',
definition:
- "Short for [[bluetooth|Bluetooth Low Energy]] β the 2010 redesign for battery-constrained sensors and wearables. Different radio (BLE 2M PHY), different framing ({{l2cap|L2CAP}} / {{att-mtu|ATT}} / {{gatt|GATT}}), different threat model.",
+ 'Short for [[bluetooth|Bluetooth Low Energy]] β the 2010 redesign for battery-constrained sensors and wearables. Different radio (BLE 2M PHY), different framing ({{l2cap|L2CAP}} / {{att-mtu|ATT}} / {{gatt|GATT}}), different threat model.',
wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy',
category: 'protocol-mechanics'
},
@@ -7003,7 +7005,7 @@ export const concepts: Concept[] = [
id: 'att-attribute',
term: 'ATT (Attribute Protocol)',
definition:
- "The [[bluetooth|BLE]] mid-layer that exposes named attributes (UUIDs) for read / write / notify operations. {{gatt|GATT}} is the profile layer on top of ATT.",
+ 'The [[bluetooth|BLE]] mid-layer that exposes named attributes (UUIDs) for read / write / notify operations. {{gatt|GATT}} is the profile layer on top of ATT.',
wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_Low_Energy#Generic_Attribute_Profile',
category: 'protocol-mechanics'
},
@@ -7019,7 +7021,7 @@ export const concepts: Concept[] = [
id: 'bis-broadcast',
term: 'BIS (Broadcast Isochronous Stream)',
definition:
- "The [[bluetooth|BLE Audio]] stream type for one-to-many public audio β public Auracast hearing-loop, in-flight entertainment, gym-TV sound. The newer alternative to a {{cis|CIS}} unicast stream.",
+ 'The [[bluetooth|BLE Audio]] stream type for one-to-many public audio β public Auracast hearing-loop, in-flight entertainment, gym-TV sound. The newer alternative to a {{cis|CIS}} unicast stream.',
wikiUrl: 'https://en.wikipedia.org/wiki/Bluetooth_LE_Audio',
category: 'protocol-mechanics'
},
@@ -7027,7 +7029,7 @@ export const concepts: Concept[] = [
id: 'knob-attack',
term: 'KNOB Attack',
definition:
- "Key Negotiation Of Bluetooth (CVE-2019-9506) β downgraded BR/EDR pairing to a 1-byte session key, brute-forceable in seconds. Disclosed by Daniele Antonioli et al. in 2019.",
+ 'Key Negotiation Of Bluetooth (CVE-2019-9506) β downgraded BR/EDR pairing to a 1-byte session key, brute-forceable in seconds. Disclosed by Daniele Antonioli et al. in 2019.',
wikiUrl: 'https://knobattack.com/',
category: 'security'
},
@@ -7035,7 +7037,7 @@ export const concepts: Concept[] = [
id: 'bias-attack',
term: 'BIAS Attack',
definition:
- "Bluetooth Impersonation AttackS (CVE-2020-10135) β impersonated a previously-bonded BR/EDR device by exploiting the asymmetric authentication of legacy pairing. Same team as KNOB.",
+ 'Bluetooth Impersonation AttackS (CVE-2020-10135) β impersonated a previously-bonded BR/EDR device by exploiting the asymmetric authentication of legacy pairing. Same team as KNOB.',
wikiUrl: 'https://francozappa.github.io/about-bias/',
category: 'security'
},
@@ -7043,7 +7045,7 @@ export const concepts: Concept[] = [
id: 'bluffs-attack',
term: 'BLUFFS',
definition:
- "Bluetooth Forward And Future Secrecy attacks (CVE-2023-24023) β broke forward secrecy on BR/EDR Secure Connections sessions by forcing key reuse. Antonioli, 2023.",
+ 'Bluetooth Forward And Future Secrecy attacks (CVE-2023-24023) β broke forward secrecy on BR/EDR Secure Connections sessions by forcing key reuse. Antonioli, 2023.',
wikiUrl: 'https://francozappa.github.io/about-bluffs/',
category: 'security'
},
@@ -7051,7 +7053,7 @@ export const concepts: Concept[] = [
id: 'sig-bluetooth-acronym',
term: 'CSA (Connectivity Standards Alliance)',
definition:
- "The standards body formerly known as the Zigbee Alliance β owners of [[zigbee|Zigbee]] PRO and (since 2022) {{matter|Matter}}. Renamed in 2021 to escape the single-protocol branding.",
+ 'The standards body formerly known as the Zigbee Alliance β owners of [[zigbee|Zigbee]] PRO and (since 2022) {{matter|Matter}}. Renamed in 2021 to escape the single-protocol branding.',
wikiUrl: 'https://csa-iot.org/',
category: 'infrastructure'
},
@@ -7061,7 +7063,7 @@ export const concepts: Concept[] = [
id: 'ccc',
term: 'CCC (Car Connectivity Consortium)',
definition:
- "The standards body that defines Digital Key β the [[bluetooth|BLE]] + [[uwb|UWB]] protocol your phone uses to unlock and start cars from BMW, Mercedes, Hyundai, and a growing list.",
+ 'The standards body that defines Digital Key β the [[bluetooth|BLE]] + [[uwb|UWB]] protocol your phone uses to unlock and start cars from BMW, Mercedes, Hyundai, and a growing list.',
wikiUrl: 'https://carconnectivity.org/',
category: 'infrastructure'
},
@@ -7069,7 +7071,7 @@ export const concepts: Concept[] = [
id: 'ces-show',
term: 'CES (Consumer Electronics Show)',
definition:
- "The annual Las Vegas trade show where consumer-IoT roadmaps land β Matter device announcements, Digital Key partnerships, Wi-Fi alliance demos. Where a protocol becomes a press release.",
+ 'The annual Las Vegas trade show where consumer-IoT roadmaps land β Matter device announcements, Digital Key partnerships, Wi-Fi alliance demos. Where a protocol becomes a press release.',
wikiUrl: 'https://en.wikipedia.org/wiki/Consumer_Electronics_Show',
category: 'infrastructure'
},
@@ -7077,7 +7079,7 @@ export const concepts: Concept[] = [
id: 'oem',
term: 'OEM (Original Equipment Manufacturer)',
definition:
- "The company that builds a product end customers buy β BMW, Schlage, Hue. Distinct from a chip vendor (NXP, Qualcomm) or a standards body. The OEM is who has to ship firmware for every new protocol.",
+ 'The company that builds a product end customers buy β BMW, Schlage, Hue. Distinct from a chip vendor (NXP, Qualcomm) or a standards body. The OEM is who has to ship firmware for every new protocol.',
wikiUrl: 'https://en.wikipedia.org/wiki/Original_equipment_manufacturer',
category: 'infrastructure'
},
@@ -7087,7 +7089,7 @@ export const concepts: Concept[] = [
id: 'ikev2',
term: 'IKEv2',
definition:
- "Internet Key Exchange v2 β the [[ipsec|IPsec]] key-management protocol that negotiates Security Associations between peers. Defined in [[rfc:7296|RFC 7296]].",
+ 'Internet Key Exchange v2 β the [[ipsec|IPsec]] key-management protocol that negotiates Security Associations between peers. Defined in [[rfc:7296|RFC 7296]].',
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_Key_Exchange',
category: 'security'
},
@@ -7095,7 +7097,7 @@ export const concepts: Concept[] = [
id: 'esp',
term: 'ESP (Encapsulating Security Payload)',
definition:
- "The [[ipsec|IPsec]] sub-protocol ([[rfc:4303|RFC 4303]]) that actually wraps and encrypts traffic between peers β distinct from IKE (key exchange) and AH (auth without encryption).",
+ 'The [[ipsec|IPsec]] sub-protocol ([[rfc:4303|RFC 4303]]) that actually wraps and encrypts traffic between peers β distinct from IKE (key exchange) and AH (auth without encryption).',
wikiUrl: 'https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload',
category: 'security'
},
@@ -7113,7 +7115,7 @@ export const concepts: Concept[] = [
id: 'frr',
term: 'FRR (Free Range Routing)',
definition:
- "An open-source routing daemon ({{bgp|BGP}}, [[ospf|OSPF]], [[isis|IS-IS]], BFD) β the FreeBSD-licensed Quagga fork that runs on Linux switches and the Cumulus / SONiC ecosystem.",
+ 'An open-source routing daemon ({{bgp|BGP}}, [[ospf|OSPF]], [[isis|IS-IS]], BFD) β the FreeBSD-licensed Quagga fork that runs on Linux switches and the Cumulus / SONiC ecosystem.',
wikiUrl: 'https://frrouting.org/',
category: 'infrastructure'
},
@@ -7156,14 +7158,15 @@ export const concepts: Concept[] = [
term: 'ROA (Route Origin Authorization)',
definition:
"A signed [[#rpki-acr|RPKI]] object that says 'AS X is authorised to originate prefix P with max-length M'. Networks running ROV ([[bgp|BGP]] route-origin validation) drop announcements that fail to match.",
- wikiUrl: 'https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/route-origin-authorisation',
+ wikiUrl:
+ 'https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/route-origin-authorisation',
category: 'security'
},
{
id: 'ripe-ncc',
term: 'RIPE NCC',
definition:
- "RΓ©seaux IP EuropΓ©ens Network Coordination Centre β the regional internet registry for Europe and the Middle East. Allocates [[ip|IPv4]] / [[ipv6|IPv6]] address space and AS numbers; runs the {{atlas|RIPE Atlas}} measurement platform.",
+ 'RΓ©seaux IP EuropΓ©ens Network Coordination Centre β the regional internet registry for Europe and the Middle East. Allocates [[ip|IPv4]] / [[ipv6|IPv6]] address space and AS numbers; runs the {{atlas|RIPE Atlas}} measurement platform.',
wikiUrl: 'https://www.ripe.net/about-us',
category: 'infrastructure'
},
@@ -7179,7 +7182,7 @@ export const concepts: Concept[] = [
id: 'arin',
term: 'ARIN',
definition:
- "American Registry for Internet Numbers β the regional internet registry for the US, Canada, and parts of the Caribbean. Sister org to {{#ripe-ncc|RIPE NCC}}, {{#apnic|APNIC}}, AFRINIC, and LACNIC.",
+ 'American Registry for Internet Numbers β the regional internet registry for the US, Canada, and parts of the Caribbean. Sister org to {{#ripe-ncc|RIPE NCC}}, {{#apnic|APNIC}}, AFRINIC, and LACNIC.',
wikiUrl: 'https://www.arin.net/',
category: 'infrastructure'
},
@@ -7197,7 +7200,7 @@ export const concepts: Concept[] = [
id: 'smtp-mail-from',
term: 'MAIL FROM',
definition:
- "The [[smtp|SMTP]] command that declares the envelope sender β what bounces and 550 rejections route back to. Distinct from the `From:` *header* a user sees; mismatches between the two are how phishing makes a living.",
+ 'The [[smtp|SMTP]] command that declares the envelope sender β what bounces and 550 rejections route back to. Distinct from the `From:` *header* a user sees; mismatches between the two are how phishing makes a living.',
wikiUrl: 'https://en.wikipedia.org/wiki/Bounce_address',
category: 'protocol-mechanics'
},
@@ -7205,7 +7208,7 @@ export const concepts: Concept[] = [
id: 'smtp-rcpt-to',
term: 'RCPT TO',
definition:
- "The [[smtp|SMTP]] command that declares an envelope recipient. Issued once per recipient; each receives an independent reply. The server can accept some and reject others before any message data flows.",
+ 'The [[smtp|SMTP]] command that declares an envelope recipient. Issued once per recipient; each receives an independent reply. The server can accept some and reject others before any message data flows.',
wikiUrl: 'https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_transport_example',
category: 'protocol-mechanics'
},
@@ -7213,7 +7216,7 @@ export const concepts: Concept[] = [
id: 'smtp-data',
term: 'DATA',
definition:
- "The [[smtp|SMTP]] command that begins the message body β headers, MIME parts, attachments β terminated by a `.` on its own line. Everything before DATA is envelope; everything after is the user-visible message.",
+ 'The [[smtp|SMTP]] command that begins the message body β headers, MIME parts, attachments β terminated by a `.` on its own line. Everything before DATA is envelope; everything after is the user-visible message.',
wikiUrl: 'https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_transport_example',
category: 'protocol-mechanics'
},
@@ -7221,7 +7224,7 @@ export const concepts: Concept[] = [
id: 'smtp-auth',
term: 'AUTH (SMTP)',
definition:
- "The [[smtp|SMTP]] extension ([[rfc:4954|RFC 4954]]) for authenticated submission β historically AUTH LOGIN / PLAIN over [[tls|TLS]], now XOAUTH2 / [[oauth2|OAuth]] in modern providers (Microsoft 365 SMTP AUTH retires basic auth in 2026).",
+ 'The [[smtp|SMTP]] extension ([[rfc:4954|RFC 4954]]) for authenticated submission β historically AUTH LOGIN / PLAIN over [[tls|TLS]], now XOAUTH2 / [[oauth2|OAuth]] in modern providers (Microsoft 365 SMTP AUTH retires basic auth in 2026).',
wikiUrl: 'https://datatracker.ietf.org/doc/html/rfc4954',
category: 'security'
},
@@ -7239,7 +7242,7 @@ export const concepts: Concept[] = [
id: 'sip-invite',
term: 'INVITE (SIP)',
definition:
- "The [[sip|SIP]] method that initiates a session β `INVITE sip:bob@example.com SIP/2.0`, followed by SDP describing the proposed media. The 100/180/200 responses are the call-progression dance every SIP-stack tutorial draws.",
+ 'The [[sip|SIP]] method that initiates a session β `INVITE sip:bob@example.com SIP/2.0`, followed by SDP describing the proposed media. The 100/180/200 responses are the call-progression dance every SIP-stack tutorial draws.',
wikiUrl: 'https://en.wikipedia.org/wiki/Session_Initiation_Protocol#Methods',
category: 'protocol-mechanics'
},
@@ -7249,7 +7252,7 @@ export const concepts: Concept[] = [
id: 'bgp-update',
term: 'UPDATE (BGP)',
definition:
- "The [[bgp|BGP]] message type that announces or withdraws routes. A storm of UPDATE messages is the visible symptom of every famous route leak ({{as-7007-1997|AS 7007}}, Pakistan-YouTube, Facebook 2021).",
+ 'The [[bgp|BGP]] message type that announces or withdraws routes. A storm of UPDATE messages is the visible symptom of every famous route leak ({{as-7007-1997|AS 7007}}, Pakistan-YouTube, Facebook 2021).',
wikiUrl: 'https://datatracker.ietf.org/doc/html/rfc4271#section-4.3',
category: 'protocol-mechanics'
},
@@ -7257,7 +7260,7 @@ export const concepts: Concept[] = [
id: 'bgp-keepalive',
term: 'KEEPALIVE (BGP)',
definition:
- "The smallest [[bgp|BGP]] message β 19 bytes, no payload β sent every Hold-Time / 3 to keep a session alive. Missing for a full Hold-Time tears the session down and triggers route reconvergence.",
+ 'The smallest [[bgp|BGP]] message β 19 bytes, no payload β sent every Hold-Time / 3 to keep a session alive. Missing for a full Hold-Time tears the session down and triggers route reconvergence.',
wikiUrl: 'https://datatracker.ietf.org/doc/html/rfc4271#section-4.4',
category: 'protocol-mechanics'
},
@@ -7275,7 +7278,7 @@ export const concepts: Concept[] = [
id: 'kerberos-ap-req-acr',
term: 'AP-REQ',
definition:
- "The [[ssh|Kerberos]] Application Request β what a client sends to a service, containing the service ticket + a fresh authenticator. The service decrypts with its long-term key, verifies, and grants access.",
+ 'The [[ssh|Kerberos]] Application Request β what a client sends to a service, containing the service ticket + a fresh authenticator. The service decrypts with its long-term key, verifies, and grants access.',
wikiUrl: 'https://datatracker.ietf.org/doc/html/rfc4120#section-3.2',
category: 'security'
},
@@ -7293,7 +7296,7 @@ export const concepts: Concept[] = [
id: 'eee',
term: 'CES (cellular)',
definition:
- "Carrier Ethernet Services β the operator term for [[ethernet|Ethernet]] handoff between mobile networks and metro/aggregation. Different beast from the Vegas trade show CES.",
+ 'Carrier Ethernet Services β the operator term for [[ethernet|Ethernet]] handoff between mobile networks and metro/aggregation. Different beast from the Vegas trade show CES.',
wikiUrl: 'https://en.wikipedia.org/wiki/Carrier_Ethernet',
category: 'infrastructure'
},
@@ -7303,7 +7306,7 @@ export const concepts: Concept[] = [
id: 'acm-org',
term: 'ACM (Association for Computing Machinery)',
definition:
- "The oldest scientific computing society (1947). Runs SIGCOMM and the Web Conference; publishes the Communications of the ACM. Where most foundational networking papers land.",
+ 'The oldest scientific computing society (1947). Runs SIGCOMM and the Web Conference; publishes the Communications of the ACM. Where most foundational networking papers land.',
wikiUrl: 'https://www.acm.org/',
category: 'infrastructure'
},
@@ -7319,7 +7322,7 @@ export const concepts: Concept[] = [
id: 'usenix-conf',
term: 'USENIX',
definition:
- "The systems-and-security conference family (USENIX Security, NSDI, ATC, SOSP-adjacent). Home of major networking papers (Stevens-era and beyond).",
+ 'The systems-and-security conference family (USENIX Security, NSDI, ATC, SOSP-adjacent). Home of major networking papers (Stevens-era and beyond).',
wikiUrl: 'https://www.usenix.org/',
category: 'infrastructure'
},
@@ -7327,7 +7330,7 @@ export const concepts: Concept[] = [
id: 'sigcomm-conf',
term: 'SIGCOMM',
definition:
- "The ACM Special Interest Group on Data Communication β and its flagship annual conference. The forum that midwifed [[tcp|TCP]] congestion control, BBR, and most of the routing-protocol literature.",
+ 'The ACM Special Interest Group on Data Communication β and its flagship annual conference. The forum that midwifed [[tcp|TCP]] congestion control, BBR, and most of the routing-protocol literature.',
wikiUrl: 'https://www.sigcomm.org/',
category: 'infrastructure'
},
@@ -7347,7 +7350,7 @@ export const concepts: Concept[] = [
id: 'rfc-doc',
term: 'RFC',
definition:
- "Request for Comments β the document series that defines internet protocols. Published by the [[ietf|IETF]] (and historically by IAB, IRTF, Independent Stream). Every TCP/IP/HTTP/TLS rule you read about ultimately points to one. See {{ietf|IETF}} for the body that publishes them.",
+ 'Request for Comments β the document series that defines internet protocols. Published by the [[ietf|IETF]] (and historically by IAB, IRTF, Independent Stream). Every TCP/IP/HTTP/TLS rule you read about ultimately points to one. See {{ietf|IETF}} for the body that publishes them.',
wikiUrl: 'https://en.wikipedia.org/wiki/Request_for_Comments',
category: 'infrastructure'
},
@@ -7355,7 +7358,7 @@ export const concepts: Concept[] = [
id: 'scp-copy',
term: 'SCP (Secure Copy Protocol)',
definition:
- "The file-copy command/protocol layered on [[ssh|SSH]] β `scp file user@host:/path`. Written by Tatu YlΓΆnen with the original SSH; the wire protocol was deprecated in [[#rhel|RHEL]] 9 / OpenSSH 9.0 in favour of SFTP, though the `scp` command still works (now via SFTP under the hood).",
+ 'The file-copy command/protocol layered on [[ssh|SSH]] β `scp file user@host:/path`. Written by Tatu YlΓΆnen with the original SSH; the wire protocol was deprecated in [[#rhel|RHEL]] 9 / OpenSSH 9.0 in favour of SFTP, though the `scp` command still works (now via SFTP under the hood).',
wikiUrl: 'https://en.wikipedia.org/wiki/Secure_copy_protocol',
category: 'security'
},
@@ -7363,7 +7366,7 @@ export const concepts: Concept[] = [
id: 'ask-modulation',
term: 'ASK (Amplitude Shift Keying)',
definition:
- "A modulation scheme that encodes bits by varying carrier amplitude. [[nfc|NFC]] Type-A uses 100% ASK modified-Miller from reader to card β the carrier briefly drops to zero, which is easy to demodulate with the limited silicon in a passive card.",
+ 'A modulation scheme that encodes bits by varying carrier amplitude. [[nfc|NFC]] Type-A uses 100% ASK modified-Miller from reader to card β the carrier briefly drops to zero, which is easy to demodulate with the limited silicon in a passive card.',
wikiUrl: 'https://en.wikipedia.org/wiki/Amplitude-shift_keying',
category: 'protocol-mechanics'
},
@@ -7379,7 +7382,7 @@ export const concepts: Concept[] = [
id: 'sel-iso',
term: 'SEL (Select Command, ISO 14443)',
definition:
- "The [[#iso-iec|ISO/IEC]] 14443-3 anti-collision command β the reader walks the binary tree of card UIDs by sending SEL with progressively more of the UID until a single card is selected.",
+ 'The [[#iso-iec|ISO/IEC]] 14443-3 anti-collision command β the reader walks the binary tree of card UIDs by sending SEL with progressively more of the UID until a single card is selected.',
wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
category: 'protocol-mechanics'
},
@@ -7387,7 +7390,7 @@ export const concepts: Concept[] = [
id: 'hosts-txt',
term: 'HOSTS.TXT',
definition:
- "The single global text file that mapped hostnames to [[ip|IP]] addresses on the [[arpanet|ARPANET]] until 1983 β maintained at SRI-NIC, distributed by FTP, hand-edited per change. Replaced by [[dns|DNS]] in 1983 ([[rfc:882|RFC 882]] / [[rfc:883|RFC 883]]).",
+ 'The single global text file that mapped hostnames to [[ip|IP]] addresses on the [[arpanet|ARPANET]] until 1983 β maintained at SRI-NIC, distributed by FTP, hand-edited per change. Replaced by [[dns|DNS]] in 1983 ([[rfc:882|RFC 882]] / [[rfc:883|RFC 883]]).',
wikiUrl: 'https://en.wikipedia.org/wiki/Hosts_(file)',
category: 'infrastructure'
},
@@ -7411,7 +7414,7 @@ export const concepts: Concept[] = [
id: 'cname-bare',
term: 'CNAME',
definition:
- "Canonical-Name [[dns|DNS]] record β an alias from one name to another. Resolvers follow the chain. CNAMEs cannot coexist with other records at the same name, which is why the apex of a zone often needs ALIAS / ANAME / CNAME-flattening trickery instead.",
+ 'Canonical-Name [[dns|DNS]] record β an alias from one name to another. Resolvers follow the chain. CNAMEs cannot coexist with other records at the same name, which is why the apex of a zone often needs ALIAS / ANAME / CNAME-flattening trickery instead.',
wikiUrl: 'https://en.wikipedia.org/wiki/CNAME_record',
category: 'networking-basics'
},
@@ -7435,7 +7438,7 @@ export const concepts: Concept[] = [
id: 'ts-3gpp',
term: 'TS (3GPP Technical Specification)',
definition:
- "A numbered standards document published by {{3gpp|3GPP}} β TS 23.501 (5G System Architecture), TS 33.501 (Security Architecture), TS 38.401 (RAN Architecture). Different prefix than [[rfc:1|IETF RFCs]] but plays the same role in the cellular world.",
+ 'A numbered standards document published by {{3gpp|3GPP}} β TS 23.501 (5G System Architecture), TS 33.501 (Security Architecture), TS 38.401 (RAN Architecture). Different prefix than [[rfc:1|IETF RFCs]] but plays the same role in the cellular world.',
wikiUrl: 'https://www.3gpp.org/specifications-technologies',
category: 'protocol-mechanics'
},
@@ -7443,7 +7446,7 @@ export const concepts: Concept[] = [
id: 'nba-mms',
term: 'NBA-MMS',
definition:
- "Narrowband-Assisted Multi-Millisecond Sounding β the [[bluetooth|Bluetooth]] 6.0 (early 2026) {{channel-sounding|Channel Sounding}} extension that improves ranging accuracy at distance by interleaving a narrowband tone with the wideband sounding pulse.",
+ 'Narrowband-Assisted Multi-Millisecond Sounding β the [[bluetooth|Bluetooth]] 6.0 (early 2026) {{channel-sounding|Channel Sounding}} extension that improves ranging accuracy at distance by interleaving a narrowband tone with the wideband sounding pulse.',
wikiUrl: 'https://www.bluetooth.com/specifications/specs/',
category: 'protocol-mechanics'
},
@@ -7459,7 +7462,7 @@ export const concepts: Concept[] = [
id: 'aes-ccm',
term: 'AES-CCM',
definition:
- "AES in Counter with CBC-MAC mode β an AEAD that combines encryption and authentication. Used by [[zigbee|802.15.4]] link-layer security, COSE_Encrypt0 in {{matter|Matter}}, and {{coap|CoAP}}-OSCORE. Less common than {{aes-gcm|AES-GCM}} but easier on constrained hardware.",
+ 'AES in Counter with CBC-MAC mode β an AEAD that combines encryption and authentication. Used by [[zigbee|802.15.4]] link-layer security, COSE_Encrypt0 in {{matter|Matter}}, and {{coap|CoAP}}-OSCORE. Less common than {{aes-gcm|AES-GCM}} but easier on constrained hardware.',
wikiUrl: 'https://en.wikipedia.org/wiki/CCM_mode',
category: 'security'
},
@@ -7467,7 +7470,7 @@ export const concepts: Concept[] = [
id: 'ccm-mode',
term: 'CCM (Counter with CBC-MAC)',
definition:
- "The block-cipher mode of operation that combines CTR encryption with a CBC-MAC tag. CCM is the {{aes-ccm|AES-CCM}} family of constructions widely used in constrained-device networking.",
+ 'The block-cipher mode of operation that combines CTR encryption with a CBC-MAC tag. CCM is the {{aes-ccm|AES-CCM}} family of constructions widely used in constrained-device networking.',
wikiUrl: 'https://en.wikipedia.org/wiki/CCM_mode',
category: 'security'
},
@@ -7483,7 +7486,7 @@ export const concepts: Concept[] = [
id: 'pq-ciphersuite',
term: 'X25519MLKEM768',
definition:
- "The hybrid post-quantum [[tls|TLS]] 1.3 key {{exchange|exchange}} that combines classic {{#x25519|X25519}} with {{ml-kem|ML-KEM-768}}. Default key share in iOS 26 and Chrome 132+, switched on by default for Cloudflare-fronted sites in 2025.",
+ 'The hybrid post-quantum [[tls|TLS]] 1.3 key {{exchange|exchange}} that combines classic {{#x25519|X25519}} with {{ml-kem|ML-KEM-768}}. Default key share in iOS 26 and Chrome 132+, switched on by default for Cloudflare-fronted sites in 2025.',
wikiUrl: 'https://blog.cloudflare.com/post-quantum-tls-with-x25519mlkem768/',
category: 'security'
},
@@ -7491,7 +7494,7 @@ export const concepts: Concept[] = [
id: 'nfc-v',
term: 'NFC-V',
definition:
- "The [[#iso-iec|ISO/IEC]] 15693 long-range vicinity-coupling subtype of [[nfc|NFC]] β used for libraries, asset tags, and some access-control systems where 10β30 cm read range matters more than payment-grade security.",
+ 'The [[#iso-iec|ISO/IEC]] 15693 long-range vicinity-coupling subtype of [[nfc|NFC]] β used for libraries, asset tags, and some access-control systems where 10β30 cm read range matters more than payment-grade security.',
wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_15693',
category: 'protocol-mechanics'
},
@@ -7499,7 +7502,7 @@ export const concepts: Concept[] = [
id: 'nfc-f',
term: 'NFC-F (FeliCa)',
definition:
- "The Sony-designed [[nfc|NFC]] subtype standardised as {{#iso-iec|ISO/IEC}} 18092 β different framing from NFC-A/B, native to Japan (Suica, PASMO) and Hong Kong (Octopus) transit systems, and supported by every modern phone for Japanese-market payments.",
+ 'The Sony-designed [[nfc|NFC]] subtype standardised as {{#iso-iec|ISO/IEC}} 18092 β different framing from NFC-A/B, native to Japan (Suica, PASMO) and Hong Kong (Octopus) transit systems, and supported by every modern phone for Japanese-market payments.',
wikiUrl: 'https://en.wikipedia.org/wiki/FeliCa',
category: 'protocol-mechanics'
},
@@ -7515,7 +7518,7 @@ export const concepts: Concept[] = [
id: 'pgw',
term: 'PGW (PDN Gateway)',
definition:
- "The [[#epc|EPC]] component that connects user-plane traffic to the outside [[ip|IP]] world β handles QoS, charging, lawful intercept, and the [[#smtp-mail-from|GTP-U]] tunnels back toward the {{#sgw-3gpp|SGW}}.",
+ 'The [[#epc|EPC]] component that connects user-plane traffic to the outside [[ip|IP]] world β handles QoS, charging, lawful intercept, and the [[#smtp-mail-from|GTP-U]] tunnels back toward the {{#sgw-3gpp|SGW}}.',
wikiUrl: 'https://en.wikipedia.org/wiki/System_Architecture_Evolution#PDN_Gateway',
category: 'protocol-mechanics'
},
@@ -7524,7 +7527,8 @@ export const concepts: Concept[] = [
term: 'MME (Mobility Management Entity)',
definition:
"The 4G [[#epc|EPC]] signalling brain β handles UE attach, authentication via the HSS, paging, and bearer setup. Replaced by AMF + SMF in 5G's service-based architecture.",
- wikiUrl: 'https://en.wikipedia.org/wiki/System_Architecture_Evolution#Mobility_Management_Entity',
+ wikiUrl:
+ 'https://en.wikipedia.org/wiki/System_Architecture_Evolution#Mobility_Management_Entity',
category: 'protocol-mechanics'
},
@@ -7541,7 +7545,7 @@ export const concepts: Concept[] = [
id: 'spake2-plus',
term: 'SPAKE2',
definition:
- "Password-authenticated key {{exchange|exchange}} β derives a strong session key from a low-entropy password without leaking it. The augmented SPAKE2+ variant ([[rfc:9383|RFC 9383]]) is what {{matter|Matter}} commissioning, {{ccc-digital-key|CCC Digital Key}}, and a growing slice of zero-trust pairing flows use.",
+ 'Password-authenticated key {{exchange|exchange}} β derives a strong session key from a low-entropy password without leaking it. The augmented SPAKE2+ variant ([[rfc:9383|RFC 9383]]) is what {{matter|Matter}} commissioning, {{ccc-digital-key|CCC Digital Key}}, and a growing slice of zero-trust pairing flows use.',
wikiUrl: 'https://datatracker.ietf.org/doc/html/rfc9383',
category: 'security'
},
@@ -7549,7 +7553,7 @@ export const concepts: Concept[] = [
id: 'iso14443',
term: 'ISO/IEC 14443',
definition:
- "The four-part standard for proximity contactless cards at 13.56 MHz β Type-A and Type-B physical layers, anti-collision (REQA/ATQA/SEL/SAK or ATQB/ATTRIB), block-oriented transmission. Almost every credit-card tap, transit card, and government-ID interaction passes through ISO 14443.",
+ 'The four-part standard for proximity contactless cards at 13.56 MHz β Type-A and Type-B physical layers, anti-collision (REQA/ATQA/SEL/SAK or ATQB/ATTRIB), block-oriented transmission. Almost every credit-card tap, transit card, and government-ID interaction passes through ISO 14443.',
wikiUrl: 'https://en.wikipedia.org/wiki/ISO/IEC_14443',
category: 'protocol-mechanics'
},
@@ -7567,7 +7571,7 @@ export const concepts: Concept[] = [
id: 'cidr-acr',
term: 'CIDR',
definition:
- "Classless Inter-Domain Routing ([[rfc:1518|RFC 1518]] / 1519, 1993) β replaced the rigid Class A/B/C [[ip|IPv4]] partition with the `prefix/length` notation (`10.0.0.0/8`). Without CIDR, [[ipv4|IPv4]] would have exhausted in the mid-1990s.",
+ 'Classless Inter-Domain Routing ([[rfc:1518|RFC 1518]] / 1519, 1993) β replaced the rigid Class A/B/C [[ip|IPv4]] partition with the `prefix/length` notation (`10.0.0.0/8`). Without CIDR, [[ipv4|IPv4]] would have exhausted in the mid-1990s.',
wikiUrl: 'https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing',
category: 'networking-basics'
},
@@ -7575,7 +7579,7 @@ export const concepts: Concept[] = [
id: 'wan-acr',
term: 'WAN (Wide-Area Network)',
definition:
- "A network that spans long distances β across cities, countries, continents. Distinguished from a LAN by latency, link cost, and the BGP routing that ties WAN segments together.",
+ 'A network that spans long distances β across cities, countries, continents. Distinguished from a LAN by latency, link cost, and the BGP routing that ties WAN segments together.',
wikiUrl: 'https://en.wikipedia.org/wiki/Wide_area_network',
category: 'networking-basics'
},
@@ -7583,7 +7587,7 @@ export const concepts: Concept[] = [
id: 'lan-acr',
term: 'LAN (Local-Area Network)',
definition:
- "The network inside one building or campus β Ethernet switches and Wi-Fi APs, usually one or two BGP-unaware autonomous systems wide.",
+ 'The network inside one building or campus β Ethernet switches and Wi-Fi APs, usually one or two BGP-unaware autonomous systems wide.',
wikiUrl: 'https://en.wikipedia.org/wiki/Local_area_network',
category: 'networking-basics'
},
@@ -7599,7 +7603,7 @@ export const concepts: Concept[] = [
id: 'voip-acr',
term: 'VoIP (Voice over IP)',
definition:
- "Carrying voice telephony over [[ip|IP]] networks instead of dedicated circuits β the umbrella the [[sip|SIP]] / [[rtp|RTP]] / [[#sdp-acr|SDP]] stack lives under. Killed the PSTN over two decades.",
+ 'Carrying voice telephony over [[ip|IP]] networks instead of dedicated circuits β the umbrella the [[sip|SIP]] / [[rtp|RTP]] / [[#sdp-acr|SDP]] stack lives under. Killed the PSTN over two decades.',
wikiUrl: 'https://en.wikipedia.org/wiki/Voice_over_IP',
category: 'protocol-mechanics'
},
@@ -7607,7 +7611,7 @@ export const concepts: Concept[] = [
id: 'volte',
term: 'VoLTE (Voice over LTE)',
definition:
- "Carrying voice as packets over the LTE / 5G data plane (typically via the IMS core and RTP) rather than the legacy 3G circuit-switched fallback. The modern default in most carriers as 2G/3G sunset.",
+ 'Carrying voice as packets over the LTE / 5G data plane (typically via the IMS core and RTP) rather than the legacy 3G circuit-switched fallback. The modern default in most carriers as 2G/3G sunset.',
wikiUrl: 'https://en.wikipedia.org/wiki/Voice_over_LTE',
category: 'protocol-mechanics'
},
@@ -7633,7 +7637,7 @@ export const concepts: Concept[] = [
id: 'sli-metric',
term: 'SLI',
definition:
- "Service Level Indicator β the actual measured metric (success rate, p99 latency) used to validate an {{#slo|SLO}}. Distinct from a metric in general because SLIs are picked specifically to map to user pain.",
+ 'Service Level Indicator β the actual measured metric (success rate, p99 latency) used to validate an {{#slo|SLO}}. Distinct from a metric in general because SLIs are picked specifically to map to user pain.',
wikiUrl: 'https://en.wikipedia.org/wiki/Service_level_indicator',
category: 'infrastructure'
},
@@ -7641,7 +7645,7 @@ export const concepts: Concept[] = [
id: 'mtbf',
term: 'MTBF (Mean Time Between Failures)',
definition:
- "Average elapsed time between unplanned outages of a system. Hardware reliability lives here; software people prefer SLOs/error budgets because MTBF stops being a useful aggregate for rapid-release systems.",
+ 'Average elapsed time between unplanned outages of a system. Hardware reliability lives here; software people prefer SLOs/error budgets because MTBF stops being a useful aggregate for rapid-release systems.',
wikiUrl: 'https://en.wikipedia.org/wiki/Mean_time_between_failures',
category: 'infrastructure'
},
@@ -7649,7 +7653,7 @@ export const concepts: Concept[] = [
id: 'mttr-acr',
term: 'MTTR (Mean Time To Recovery)',
definition:
- "How long, on average, an incident takes to resolve. A leading SRE metric β pairs with MTBF and feeds the error-budget math. Often the lever that drives investment in better tooling, deploys, and on-call.",
+ 'How long, on average, an incident takes to resolve. A leading SRE metric β pairs with MTBF and feeds the error-budget math. Often the lever that drives investment in better tooling, deploys, and on-call.',
wikiUrl: 'https://en.wikipedia.org/wiki/Mean_time_to_recovery',
category: 'infrastructure'
},
@@ -7659,7 +7663,7 @@ export const concepts: Concept[] = [
id: 'pop-acr',
term: 'PoP (Point of Presence)',
definition:
- "A physical location where a network provider, CDN, or carrier has gear β peering routers, anycast servers, optical regen. The unit of geographic reach for [[cloudflare|Cloudflare]], Netflix Open Connect, and big AS networks.",
+ 'A physical location where a network provider, CDN, or carrier has gear β peering routers, anycast servers, optical regen. The unit of geographic reach for [[cloudflare|Cloudflare]], Netflix Open Connect, and big AS networks.',
wikiUrl: 'https://en.wikipedia.org/wiki/Point_of_presence',
category: 'infrastructure'
},
@@ -7667,7 +7671,7 @@ export const concepts: Concept[] = [
id: 'ix-acr',
term: 'IX / IXP (Internet Exchange Point)',
definition:
- "A physical fabric (usually a building or campus) where many networks peer with each other directly via [[bgp|BGP]] β AMS-IX, DE-CIX, LINX, NL-ix. The reason a packet from one ISP to another rarely traverses a Tier-1 transit any more.",
+ 'A physical fabric (usually a building or campus) where many networks peer with each other directly via [[bgp|BGP]] β AMS-IX, DE-CIX, LINX, NL-ix. The reason a packet from one ISP to another rarely traverses a Tier-1 transit any more.',
wikiUrl: 'https://en.wikipedia.org/wiki/Internet_exchange_point',
category: 'infrastructure'
},
@@ -7675,7 +7679,7 @@ export const concepts: Concept[] = [
id: 'cdn-acr',
term: 'CDN',
definition:
- "Content Delivery Network β fleet of distributed cache servers that sits between origins and clients ([[cloudflare|Cloudflare]], Fastly, Akamai, Netflix Open Connect, AWS CloudFront). Cuts latency, absorbs DDoS, and terminates [[tls|TLS]] at the edge.",
+ 'Content Delivery Network β fleet of distributed cache servers that sits between origins and clients ([[cloudflare|Cloudflare]], Fastly, Akamai, Netflix Open Connect, AWS CloudFront). Cuts latency, absorbs DDoS, and terminates [[tls|TLS]] at the edge.',
wikiUrl: 'https://en.wikipedia.org/wiki/Content_delivery_network',
category: 'infrastructure'
},
@@ -7685,7 +7689,7 @@ export const concepts: Concept[] = [
id: 'l4s-acr',
term: 'L4S',
definition:
- "Low Latency, Low Loss, Scalable throughput ([[rfc:9330|RFC 9330]]) β a new active-queue-management scheme that uses ECN signalling for prompt feedback. Shipped in iOS 26, Apple TV, and DOCSIS 4.0 cable modems in 2025β26.",
+ 'Low Latency, Low Loss, Scalable throughput ([[rfc:9330|RFC 9330]]) β a new active-queue-management scheme that uses ECN signalling for prompt feedback. Shipped in iOS 26, Apple TV, and DOCSIS 4.0 cable modems in 2025β26.',
wikiUrl: 'https://en.wikipedia.org/wiki/L4S',
category: 'protocol-mechanics'
},
@@ -7693,7 +7697,7 @@ export const concepts: Concept[] = [
id: 'wifi-7',
term: 'Wi-Fi 7',
definition:
- "IEEE 802.11be (ratified July 2024, certified mid-2025) β 320 MHz channels, 4096-QAM, MLO (multi-link operation simultaneously across bands), 5β10Γ the throughput of Wi-Fi 6. The first version positioning Wi-Fi as a cable-replacement for indoor 10 Gbps.",
+ 'IEEE 802.11be (ratified July 2024, certified mid-2025) β 320 MHz channels, 4096-QAM, MLO (multi-link operation simultaneously across bands), 5β10Γ the throughput of Wi-Fi 6. The first version positioning Wi-Fi as a cable-replacement for indoor 10 Gbps.',
wikiUrl: 'https://en.wikipedia.org/wiki/Wi-Fi_7',
category: 'protocol-mechanics'
},
@@ -7701,7 +7705,7 @@ export const concepts: Concept[] = [
id: 'wifi-8',
term: 'Wi-Fi 8',
definition:
- "IEEE 802.11bn (in standards work, ~2028 ratification) β focused on reliability and AI/AR workloads rather than peak throughput. Will likely keep 4096-QAM and add tighter coordination across {{ap-access-point|APs}}.",
+ 'IEEE 802.11bn (in standards work, ~2028 ratification) β focused on reliability and AI/AR workloads rather than peak throughput. Will likely keep 4096-QAM and add tighter coordination across {{ap-access-point|APs}}.',
wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11bn',
category: 'protocol-mechanics'
},
@@ -7711,7 +7715,7 @@ export const concepts: Concept[] = [
id: 'etsi',
term: 'ETSI (European Telecommunications Standards Institute)',
definition:
- "The European standards body that co-runs {{3gpp|3GPP}} (alongside ARIB+TTC in Japan, ATIS in North America, CCSA in China, and TTA in Korea). Owns GSM, DECT, and the European side of every cellular standard since.",
+ 'The European standards body that co-runs {{3gpp|3GPP}} (alongside ARIB+TTC in Japan, ATIS in North America, CCSA in China, and TTA in Korea). Owns GSM, DECT, and the European side of every cellular standard since.',
wikiUrl: 'https://www.etsi.org/',
category: 'infrastructure'
},
@@ -7727,7 +7731,7 @@ export const concepts: Concept[] = [
id: 'dult',
term: 'DULT (Detecting Unwanted Location Trackers)',
definition:
- "Joint Apple-Google standard for tracker-stalking detection β born from the AirTag stalking incidents of 2022. Defines how iOS and Android scan for non-owner tracker beacons and warn the user.",
+ 'Joint Apple-Google standard for tracker-stalking detection β born from the AirTag stalking incidents of 2022. Defines how iOS and Android scan for non-owner tracker beacons and warn the user.',
wikiUrl: 'https://datatracker.ietf.org/doc/draft-detecting-unwanted-location-trackers/',
category: 'security'
},
@@ -7751,7 +7755,7 @@ export const concepts: Concept[] = [
id: 'srlg',
term: 'SRLG (Shared Risk Link Group)',
definition:
- "The set of links that share a single failure point (a fibre conduit, a card chassis). Path-computation algorithms ([[ospf|OSPF-TE]], {{isis|IS-IS-TE}}, segment routing) avoid SRLG overlap when building primary/backup pairs.",
+ 'The set of links that share a single failure point (a fibre conduit, a card chassis). Path-computation algorithms ([[ospf|OSPF-TE]], {{isis|IS-IS-TE}}, segment routing) avoid SRLG overlap when building primary/backup pairs.',
wikiUrl: 'https://en.wikipedia.org/wiki/Shared_Risk_Link_Group',
category: 'protocol-mechanics'
},
@@ -7759,7 +7763,7 @@ export const concepts: Concept[] = [
id: 'ospf-dr',
term: 'DR (Designated Router)',
definition:
- "On a multi-access [[ospf|OSPF]] segment (Ethernet, broadcast), one router is elected DR β it sources the network LSA and lets all other routers form adjacencies only with it, not pairwise. A Backup DR (BDR) shadows it.",
+ 'On a multi-access [[ospf|OSPF]] segment (Ethernet, broadcast), one router is elected DR β it sources the network LSA and lets all other routers form adjacencies only with it, not pairwise. A Backup DR (BDR) shadows it.',
wikiUrl: 'https://en.wikipedia.org/wiki/Open_Shortest_Path_First#Designated_router',
category: 'protocol-mechanics'
},
@@ -7767,7 +7771,7 @@ export const concepts: Concept[] = [
id: 'clat-acr',
term: 'CLAT (Customer-side Translator)',
definition:
- "The customer-side half of 464XLAT ([[rfc:6877|RFC 6877]]) β translates IPv4 traffic from legacy apps into IPv6 on an IPv6-only access network. Lets a phone or laptop run IPv4-only apps even when its carrier offers only IPv6.",
+ 'The customer-side half of 464XLAT ([[rfc:6877|RFC 6877]]) β translates IPv4 traffic from legacy apps into IPv6 on an IPv6-only access network. Lets a phone or laptop run IPv4-only apps even when its carrier offers only IPv6.',
wikiUrl: 'https://datatracker.ietf.org/doc/html/rfc6877',
category: 'networking-basics'
},
@@ -7775,7 +7779,7 @@ export const concepts: Concept[] = [
id: 'hosts-bare',
term: 'HOSTS',
definition:
- "The {{hosts-txt|HOSTS.TXT}} file β the single global text file that mapped hostnames to [[ip|IP]] addresses on the ARPANET before [[dns|DNS]] launched in 1983. Modern operating systems still have a tiny `/etc/hosts` for local overrides.",
+ 'The {{hosts-txt|HOSTS.TXT}} file β the single global text file that mapped hostnames to [[ip|IP]] addresses on the ARPANET before [[dns|DNS]] launched in 1983. Modern operating systems still have a tiny `/etc/hosts` for local overrides.',
wikiUrl: 'https://en.wikipedia.org/wiki/Hosts_(file)',
category: 'infrastructure'
},
@@ -7783,7 +7787,7 @@ export const concepts: Concept[] = [
id: 'hrp-uwb',
term: 'HRP (High Rate Pulse Repetition)',
definition:
- "The high-pulse-rate UWB mode (~64β249.6 MHz pulse repetition) used by IEEE 802.15.4z secure ranging β the mode {{#u1-chip|Apple U1}} / U2 chips actually run. Distinguished from LRP (Low Rate Pulse) which optimises for power, not ranging accuracy.",
+ 'The high-pulse-rate UWB mode (~64β249.6 MHz pulse repetition) used by IEEE 802.15.4z secure ranging β the mode {{#u1-chip|Apple U1}} / U2 chips actually run. Distinguished from LRP (Low Rate Pulse) which optimises for power, not ranging accuracy.',
wikiUrl: 'https://en.wikipedia.org/wiki/Ultra-wideband',
category: 'protocol-mechanics'
},
@@ -7791,7 +7795,7 @@ export const concepts: Concept[] = [
id: 'bprf',
term: 'BPRF (Base Pulse Repetition Frequency)',
definition:
- "The IEEE 802.15.4z {{uwb|UWB}} HRP mode that runs at 64 MHz pulse repetition with 499.2 MHz of bandwidth and 6.81 Mbps payload β the mainline mode for Apple Nearby Interaction and CCC Digital Key 3.0 ranging.",
+ 'The IEEE 802.15.4z {{uwb|UWB}} HRP mode that runs at 64 MHz pulse repetition with 499.2 MHz of bandwidth and 6.81 Mbps payload β the mainline mode for Apple Nearby Interaction and CCC Digital Key 3.0 ranging.',
wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.15.4',
category: 'protocol-mechanics'
},
@@ -7799,7 +7803,7 @@ export const concepts: Concept[] = [
id: 'nxp',
term: 'NXP',
definition:
- "Dutch semiconductor company spun out of Philips in 2006 β the dominant supplier of NFC, MIFARE, and secure-element chips for phones, cards, and access readers.",
+ 'Dutch semiconductor company spun out of Philips in 2006 β the dominant supplier of NFC, MIFARE, and secure-element chips for phones, cards, and access readers.',
wikiUrl: 'https://en.wikipedia.org/wiki/NXP_Semiconductors',
category: 'infrastructure'
},
@@ -7807,7 +7811,7 @@ export const concepts: Concept[] = [
id: 'qorvo',
term: 'Qorvo',
definition:
- "US semiconductor company β supplies most of the {{uwb|UWB}} radios that ship in Android phones, automotive Digital Key modules, and access-control readers. Competes with NXP in the UWB/NFC space.",
+ 'US semiconductor company β supplies most of the {{uwb|UWB}} radios that ship in Android phones, automotive Digital Key modules, and access-control readers. Competes with NXP in the UWB/NFC space.',
wikiUrl: 'https://en.wikipedia.org/wiki/Qorvo',
category: 'infrastructure'
},
@@ -7815,8 +7819,9 @@ export const concepts: Concept[] = [
id: 'crtc',
term: 'CRTC',
definition:
- "Canadian Radio-television and Telecommunications Commission β the national regulator that, after the 2022 Rogers outage, codified telecom networks as critical national infrastructure and forced large carriers to expose their resilience posture.",
- wikiUrl: 'https://en.wikipedia.org/wiki/Canadian_Radio-television_and_Telecommunications_Commission',
+ 'Canadian Radio-television and Telecommunications Commission β the national regulator that, after the 2022 Rogers outage, codified telecom networks as critical national infrastructure and forced large carriers to expose their resilience posture.',
+ wikiUrl:
+ 'https://en.wikipedia.org/wiki/Canadian_Radio-television_and_Telecommunications_Commission',
category: 'infrastructure'
},
{
@@ -7849,7 +7854,7 @@ export const concepts: Concept[] = [
id: '5gc',
term: '5GC (5G Core)',
definition:
- "The 5G replacement for the 4G [[#epc|EPC]] β a service-based architecture where every function (AMF, SMF, UPF, AUSF, UDM, PCF) exposes HTTP/2 + JSON APIs. Cloud-native by design, harder to operate than its EPC predecessor.",
+ 'The 5G replacement for the 4G [[#epc|EPC]] β a service-based architecture where every function (AMF, SMF, UPF, AUSF, UDM, PCF) exposes HTTP/2 + JSON APIs. Cloud-native by design, harder to operate than its EPC predecessor.',
wikiUrl: 'https://en.wikipedia.org/wiki/5G_core_network',
category: 'protocol-mechanics'
},
@@ -7867,7 +7872,7 @@ export const concepts: Concept[] = [
id: 'rrc',
term: 'RRC (Radio Resource Control)',
definition:
- "The cellular control-plane protocol between handset and base station β manages the RRC_IDLE β CONNECTED β INACTIVE state machine, bearer setup, paging. Distinct from {{#nas|NAS}} which signals to the core.",
+ 'The cellular control-plane protocol between handset and base station β manages the RRC_IDLE β CONNECTED β INACTIVE state machine, bearer setup, paging. Distinct from {{#nas|NAS}} which signals to the core.',
wikiUrl: 'https://en.wikipedia.org/wiki/Radio_Resource_Control',
category: 'protocol-mechanics'
},
@@ -7875,10 +7880,82 @@ export const concepts: Concept[] = [
id: 'nas',
term: 'NAS (Non-Access Stratum)',
definition:
- "The cellular signalling protocols between the handset and the core network (MME in 4G, AMF in 5G) β registration, authentication, mobility, session management. The control-plane layer above {{#rrc|RRC}}.",
+ 'The cellular signalling protocols between the handset and the core network (MME in 4G, AMF in 5G) β registration, authentication, mobility, session management. The control-plane layer above {{#rrc|RRC}}.',
wikiUrl: 'https://en.wikipedia.org/wiki/Non-access_stratum',
category: 'protocol-mechanics'
},
+ {
+ id: 'egp',
+ term: 'EGP (Exterior Gateway Protocol)',
+ definition:
+ 'The original protocol for exchanging routing information between autonomous systems on the early internet (RFC 904, 1984). It assumed a simple tree-shaped network with a single core and could not handle loops, so it was replaced by [[bgp|BGP]] as the internet grew into a mesh of peers.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Exterior_Gateway_Protocol',
+ category: 'infrastructure'
+ },
+ {
+ id: 'congestion-collapse',
+ term: 'Congestion Collapse',
+ definition:
+ 'A failure mode where a network becomes so overloaded that almost no useful work gets through β senders keep retransmitting packets that are already queued or dropped, which adds yet more load. The internet suffered real congestion collapses in 1986; [[tcp|TCP]]βs congestion-control algorithms (slow start, congestion avoidance) were added specifically to prevent it.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Network_congestion#Congestive_collapse',
+ category: 'networking-basics'
+ },
+ {
+ id: 'ossification',
+ term: 'Protocol Ossification',
+ definition:
+ 'The loss of flexibility that happens when middleboxes (firewalls, NATs, load balancers) inspect and depend on the exact wire format of a protocol, so any change breaks in the field. [[tcp|TCP]] is heavily ossified, which is why [[quic|QUIC]] runs over [[udp|UDP]] and encrypts almost its entire header β to keep middleboxes from freezing its design.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Protocol_ossification',
+ category: 'networking-basics'
+ },
+ {
+ id: 'tcp-handshake',
+ term: 'TCP Three-Way Handshake',
+ definition:
+ 'The connection-setup exchange that opens every [[tcp|TCP]] connection: the client sends SYN, the server replies SYN-ACK, the client answers ACK. It synchronizes initial sequence numbers in both directions and costs one round trip before any data flows β the latency [[quic|QUIC]] and TLS 1.3 work hard to fold away.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment',
+ category: 'protocol-mechanics'
+ },
+ {
+ id: 'http-verbs',
+ term: 'HTTP Methods (Verbs)',
+ definition:
+ 'The action words at the start of every [[http1|HTTP]] request β GET (read), POST (create), PUT (replace), PATCH (modify), DELETE (remove), plus HEAD and OPTIONS. [[rest|REST]] APIs lean on their defined semantics (safe, idempotent) so caches and proxies can reason about a request without understanding the application.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/HTTP#Request_methods',
+ category: 'web'
+ },
+ {
+ id: 'comet',
+ term: 'Comet (HTTP long-polling)',
+ definition:
+ 'An umbrella term for the pre-[[websockets|WebSocket]] techniques that faked server push over plain [[http1|HTTP]] β long-polling (hold a request open until there is data) and hidden streaming iframes. Comet powered early live chat and dashboards but wasted connections and added latency, which motivated real bidirectional transports.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Comet_(programming)',
+ category: 'web'
+ },
+ {
+ id: 'phishing',
+ term: 'Phishing',
+ definition:
+ 'A social-engineering attack that tricks a user into handing credentials to a fake site or approving a malicious request, rather than breaking the cryptography. It is the reason modern auth leans on phishing-resistant factors like WebAuthn/passkeys and hardware security keys instead of passwords and one-time codes alone.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Phishing',
+ category: 'security'
+ },
+ {
+ id: 'ttls',
+ term: 'EAP-TTLS',
+ definition:
+ 'An 802.1X/EAP authentication method that first builds a [[tls|TLS]] tunnel to the authentication server, then carries the userβs credentials (often a legacy password protocol) safely inside it. Widely used on enterprise and campus [[wifi|Wi-Fi]] because it authenticates users without requiring a client certificate on every device.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol#EAP-TTLS',
+ category: 'security'
+ },
+ {
+ id: 'rsn',
+ term: 'RSN (Robust Security Network)',
+ definition:
+ 'The security framework introduced by the 802.11i amendment (the basis of WPA2) that replaced the broken WEP scheme on [[wifi|Wi-Fi]]. An RSN negotiates strong ciphers (CCMP/AES) and the 4-way handshake that derives fresh per-session keys, advertised in the RSN Information Element of management frames.',
+ wikiUrl: 'https://en.wikipedia.org/wiki/IEEE_802.11i-2004',
+ category: 'security'
+ }
];
export const conceptMap = new Map(concepts.map((c) => [c.id, c]));
diff --git a/src/lib/data/diagram-definitions.ts b/src/lib/data/diagram-definitions.ts
index eb920c7..d2e814b 100644
--- a/src/lib/data/diagram-definitions.ts
+++ b/src/lib/data/diagram-definitions.ts
@@ -43,21 +43,21 @@ export const diagramDefinitions: Record = {
caption:
'**[[tcp|TCP]]** = Transmission Control Protocol. A {{three-way-handshake|three-way handshake}} opens the connection, **`seq`**/**`ack`** numbers track every byte, and **{{fin|FIN}}** closes it cleanly β the foundation of reliable delivery ([[rfc:793|RFC 793]] / [[rfc:9293|RFC 9293]]).',
steps: {
- 0: 'Before any data flows, both sides must agree they\'re talking. The next three messages β {{syn|SYN}}, {{syn-ack|SYN-ACK}}, **{{ack|ACK}}** β establish that agreement and sync their {{sequence-number|sequence number}} counters.',
+ 0: "Before any data flows, both sides must agree they're talking. The next three messages β {{syn|SYN}}, {{syn-ack|SYN-ACK}}, **{{ack|ACK}}** β establish that agreement and sync their {{sequence-number|sequence number}} counters.",
1: '{{syn|SYN}} = synchronize. The client picks a random {{initial-sequence-number|initial sequence number}} (here `100`) and sends it. The *Hey, can we talk?* step.',
- 2: 'Server replies with its own {{syn|SYN}} (random `seq=300`) plus **{{ack|ACK}}** of the client\'s {{syn|SYN}}. **`ack=101`** means *next byte I expect is 101*. *Yes, I hear you β can you hear me?*',
- 3: 'Client **{{ack|ACK}}**s the server\'s {{syn|SYN}} with `ack=301`. Both sides have now seen each other\'s starting {{sequence-number|sequence numbers}} β the {{handshake|handshake}} is complete.',
+ 2: "Server replies with its own {{syn|SYN}} (random `seq=300`) plus **{{ack|ACK}}** of the client's {{syn|SYN}}. **`ack=101`** means *next byte I expect is 101*. *Yes, I hear you β can you hear me?*",
+ 3: "Client **{{ack|ACK}}**s the server's {{syn|SYN}} with `ack=301`. Both sides have now seen each other's starting {{sequence-number|sequence numbers}} β the {{handshake|handshake}} is complete.",
4: 'The connection is open. {{sequence-number|Sequence-number}} counters are synced on both ends, so every byte from now on can be tracked, ordered, and {{ack|acknowledged}}.',
5: 'Client sends 50 bytes of application data starting at {{sequence-number|sequence}} **`101`**. The server will track these as bytes `101β150`.',
6: 'Server replies with **`ack=151`** β *I have received through byte 150; send me byte 151 next.* {{ack|ACKs}} always name the next-expected byte, not the last-received.',
- 7: 'Client sends another 80 bytes starting at **`151`. Notice it didn\'t wait for individual {{ack|ACKs}} β [[tcp|TCP]]\'s {{sliding-window|sliding window}}** lets multiple {{segment|segments}} be in flight at once.',
+ 7: "Client sends another 80 bytes starting at **`151`. Notice it didn't wait for individual {{ack|ACKs}} β [[tcp|TCP]]'s {{sliding-window|sliding window}}** lets multiple {{segment|segments}} be in flight at once.",
8: 'Server {{piggyback-ack|piggybacks}} an **{{ack|ACK}}** onto its own outgoing data β `ack=231` covers everything through byte 230. Combining {{ack|ACKs}} with data saves a {{rtt|round trip}}.',
9: 'The sequence/ack accounting is what makes [[tcp|TCP]] reliable. Missing {{ack|ACKs}} trigger {{retransmission|retransmission}}, and out-of-order bytes are reassembled before they reach the application.',
10: 'Either side can initiate close. The next three messages perform a graceful shutdown β each direction is flushed independently before the connection is torn down.',
- 11: '{{tcp-fin|FIN}} = finish. The client signals *I\'m done sending*. The server can still send any remaining data on its side.',
- 12: 'Server **{{ack|ACK}}**s the {{tcp-fin|FIN}} and sends its own {{tcp-fin|FIN}} β *I\'m done too*. These are often combined into a single {{segment|segment}}.',
- 13: 'Client **{{ack|ACK}}**s the server\'s {{tcp-fin|FIN}}. Both directions are now closed; no more application data can flow on this connection.',
- 14: 'Client lingers in **{{time-wait|`TIME_WAIT`}}** for ~60 seconds before releasing the {{socket|socket}}. This catches late-arriving {{packet|packets}} so they don\'t pollute a fresh connection on the same {{port|port}} pair.'
+ 11: "{{tcp-fin|FIN}} = finish. The client signals *I'm done sending*. The server can still send any remaining data on its side.",
+ 12: "Server **{{ack|ACK}}**s the {{tcp-fin|FIN}} and sends its own {{tcp-fin|FIN}} β *I'm done too*. These are often combined into a single {{segment|segment}}.",
+ 13: "Client **{{ack|ACK}}**s the server's {{tcp-fin|FIN}}. Both directions are now closed; no more application data can flow on this connection.",
+ 14: "Client lingers in **{{time-wait|`TIME_WAIT`}}** for ~60 seconds before releasing the {{socket|socket}}. This catches late-arriving {{packet|packets}} so they don't pollute a fresh connection on the same {{port|port}} pair."
}
},
@@ -76,8 +76,8 @@ export const diagramDefinitions: Record = {
caption:
'**[[udp|UDP]]** = User Datagram Protocol. {{fire-and-forget|Fire-and-forget}} delivery β minimal 8-byte header, no {{handshake|handshake}}, no retransmits. The application is responsible for any reliability it needs ([[rfc:768|RFC 768]]).',
steps: {
- 0: 'No setup. The very first {{packet|packet}} carries data β there\'s no {{syn|SYN}}/{{ack|ACK}} ceremony. This is what makes [[udp|UDP]] fast for [[dns|DNS]] lookups, voice, video, and gaming.',
- 4: '{{datagram|Datagram}} 4 is dropped in transit. [[udp|UDP]] doesn\'t notice and doesn\'t care β there\'s no {{retransmission|retransmission}} machinery.',
+ 0: "No setup. The very first {{packet|packet}} carries data β there's no {{syn|SYN}}/{{ack|ACK}} ceremony. This is what makes [[udp|UDP]] fast for [[dns|DNS]] lookups, voice, video, and gaming.",
+ 4: "{{datagram|Datagram}} 4 is dropped in transit. [[udp|UDP]] doesn't notice and doesn't care β there's no {{retransmission|retransmission}} machinery.",
6: 'Receiver gets `1, 2, 3, 5` β *out of order possible* and one missing. [[udp|UDP]] delivers what arrives and leaves the rest to the application.',
7: 'No reliability features at all: no {{ack|ACKs}}, no {{sequence-number|sequence numbers}}, no {{flow-control|flow control}}, no {{congestion-control|congestion control}}. The {{header|header}} is just src/dst {{port|port}}, length, {{checksum|checksum}} β a total of `8 bytes`.'
}
@@ -102,12 +102,12 @@ export const diagramDefinitions: Record = {
'**[[quic|QUIC]]** = Quick [[udp|UDP]] Internet Connections. Transport + {{encryption|encryption}} fused into one {{handshake|handshake}}. Independent **streams** mean a lost packet only blocks its own stream, not the whole connection ([[rfc:9000|RFC 9000]]).',
steps: {
0: 'Where [[tcp|TCP]] needs a separate {{tls-handshake|TLS handshake}} on top, [[quic|QUIC]] merges them β connection setup and {{encryption|encryption}} happen in the same exchange, halving the {{rtt|round trips}}.',
- 1: 'Client\'s first flight carries the [[tls|TLS]] {{client-hello|ClientHello}} plus [[quic|QUIC]] connection setup. Already includes its {{key-share|key share}} for the {{handshake|handshake}}.',
+ 1: "Client's first flight carries the [[tls|TLS]] {{client-hello|ClientHello}} plus [[quic|QUIC]] connection setup. Already includes its {{key-share|key share}} for the {{handshake|handshake}}.",
2: 'Server replies with **{{server-hello|ServerHello}}** + {{key-share|key share}} in the same {{initial-packet|Initial packet}}. After this exchange, both sides have shared keys.',
3: 'Server sends its **{{certificate|Certificate}}** and a {{tls-finished|`Finished`}} message β already {{encryption|encrypted}} with the new keys.',
4: 'Client confirms it received and verified everything. {{one-rtt|One round trip}} total β application data can now flow.',
7: 'A {{packet|packet}} on {{stream|Stream}} 1 is lost. In [[tcp|TCP]] this would block *every* stream behind it β **{{head-of-line-blocking|head-of-line blocking}}** at the transport layer.',
- 8: '{{stream|Stream}} 2\'s data delivers immediately. [[quic|QUIC]] {{stream-independence|streams are independent}} β Stream 1\'s loss doesn\'t pause Stream 2 while waiting for {{retransmission|retransmission}}.',
+ 8: "{{stream|Stream}} 2's data delivers immediately. [[quic|QUIC]] {{stream-independence|streams are independent}} β Stream 1's loss doesn't pause Stream 2 while waiting for {{retransmission|retransmission}}.",
9: 'Returning clients can send data in their first {{packet|packet}} using cached {{session-resumption|session keys}} β **{{zero-rtt|0-RTT}}**. Trades a small {{replay-attack|replay-attack}} risk for a faster connection.'
}
},
@@ -130,13 +130,13 @@ export const diagramDefinitions: Record = {
caption:
'**[[sctp|SCTP]]** = Stream Control Transmission Protocol. [[tcp|TCP]]-like reliability with two superpowers: multiple **independent streams** in one association (no {{head-of-line-blocking|head-of-line blocking}}) and **{{multi-homing|multi-homing}}** for [[ip|IP]]-level {{failover|failover}}. Used as the transport under telecom {{signaling|signaling}} (SIGTRAN) and [[webrtc|WebRTC]] data channels ([[rfc:4960|RFC 4960]] / 9260).',
steps: {
- 0: 'Unlike [[tcp|TCP]]\'s {{three-way-handshake|three-way}}, [[sctp|SCTP]] uses {{four-way-handshake|four messages}} β the extra {{rtt|round trip}} lets the server hand out a {{cookie|cookie}} *before* committing any state, defeating {{syn-flood|SYN-flood}} attacks.',
- 1: '{{init-chunk|INIT}} opens the {{sctp-association|association}}. Includes the client\'s address list ({{multi-homing|multi-homing}}) and a {{verification-tag|verification tag}}.',
+ 0: "Unlike [[tcp|TCP]]'s {{three-way-handshake|three-way}}, [[sctp|SCTP]] uses {{four-way-handshake|four messages}} β the extra {{rtt|round trip}} lets the server hand out a {{cookie|cookie}} *before* committing any state, defeating {{syn-flood|SYN-flood}} attacks.",
+ 1: "{{init-chunk|INIT}} opens the {{sctp-association|association}}. Includes the client's address list ({{multi-homing|multi-homing}}) and a {{verification-tag|verification tag}}.",
2: 'Server replies with {{init-ack-chunk|INIT-ACK}} carrying a {{stateless|stateless}} **{{cookie|cookie}}** β a signed token. The server keeps no state yet.',
- 3: 'Client echoes the {{cookie|cookie}} back ({{cookie-echo|COOKIE-ECHO}}). Only now does the server allocate resources β anyone forging an {{init-chunk|INIT}} couldn\'t fake the {{cookie|cookie}}.',
+ 3: "Client echoes the {{cookie|cookie}} back ({{cookie-echo|COOKIE-ECHO}}). Only now does the server allocate resources β anyone forging an {{init-chunk|INIT}} couldn't fake the {{cookie|cookie}}.",
4: 'Server confirms with {{cookie-ack|COOKIE-ACK}}. {{sctp-association|Association}} established, immune to {{syn-flood|SYN-flood}} DoS.',
7: 'A {{packet|packet}} on {{stream|Stream}} 2 is lost. [[sctp|SCTP]] {{retransmission|retransmits}} it β but only Stream 2 is affected.',
- 8: '{{stream|Stream}} 3\'s voice traffic flows immediately, untouched by Stream 2\'s recovery. Each {{stream|stream}} has its own ordering β same insight [[quic|QUIC]] later adopted.',
+ 8: "{{stream|Stream}} 3's voice traffic flows immediately, untouched by Stream 2's recovery. Each {{stream|stream}} has its own ordering β same insight [[quic|QUIC]] later adopted.",
9: '**{{multi-homing|Multi-homing}}**: the same {{sctp-association|association}} can use multiple network paths. If one [[ip|IP]] fails, traffic reroutes through another without breaking the connection.'
}
},
@@ -170,8 +170,8 @@ export const diagramDefinitions: Record = {
6: '**{{mp-join|`MP_JOIN`}} opens a second {{subflow|subflow}} on the cellular interface. Carries a token (proves it belongs to the existing connection) and a {{nonce|nonce}}** ({{replay-attack|replay protection}}).',
7: 'Server proves it knows `key_A` by sending an **{{hmac|HMAC}}**. Cryptographic binding stops attackers from sneaking in a fake {{subflow|subflow}}.',
8: 'Client returns its own {{hmac|HMAC}}. {{subflow|Subflow}} authenticated.',
- 12: 'WiFi disconnects (e.g., walking out of a cafΓ©). The [[mptcp|MPTCP]] layer notices and {{failover|shifts all traffic to cellular}} β the app\'s [[tcp|TCP]] {{socket|socket}} never breaks.',
- 13: 'Data continues over cellular alone. From the application\'s view it\'s the same connection β the most powerful feature of [[mptcp|MPTCP]].'
+ 12: "WiFi disconnects (e.g., walking out of a cafΓ©). The [[mptcp|MPTCP]] layer notices and {{failover|shifts all traffic to cellular}} β the app's [[tcp|TCP]] {{socket|socket}} never breaks.",
+ 13: "Data continues over cellular alone. From the application's view it's the same connection β the most powerful feature of [[mptcp|MPTCP]]."
}
},
@@ -197,11 +197,11 @@ export const diagramDefinitions: Record = {
0: '**`GET`** = the request {{http-method|method}} for *fetching* a resource. Safe (no server-side side effects) and **{{idempotent|idempotent}}** (calling twice = calling once), so responses are freely cacheable. The other common methods: **`POST` (create), `PUT` (replace), `PATCH` (partial update), `DELETE` (remove), `HEAD` (GET without body β just headers), `OPTIONS`** (capabilities probe, used in {{cors|CORS}}).',
1: '**`200 OK` = success with body. [[http1|HTTP]] {{status-code|status codes}} are 3-digit, grouped by hundreds: `1xx`** informational (`100 Continue`), **`2xx`** success (`201 Created`, `204 No Content`), **`3xx`** redirect (`301` permanent, `302` temporary, `304 Not Modified`), **`4xx`** client error (`400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, `429 Too Many Requests`), **`5xx`** server error (`500 Internal`, `502 Bad Gateway`, `503 Unavailable`, `504 Gateway Timeout`).',
2: 'Browser scans the HTML and finds **` ` (CSS), `
@@ -49,15 +54,26 @@
class="flex h-16 w-16 items-center justify-center rounded-2xl"
style="background-color: {color}10"
>
-
-
+
+
Simulation Coming Soon
- An interactive simulation for this protocol is being developed.
- Switch to the Learn tab to explore its documentation.
+ An interactive simulation for this protocol is being developed. Switch to the Learn tab to
+ explore its documentation.
diff --git a/src/lib/simulator/components/StepTimeline.svelte b/src/lib/simulator/components/StepTimeline.svelte
index 169ee0e..34c8ef9 100644
--- a/src/lib/simulator/components/StepTimeline.svelte
+++ b/src/lib/simulator/components/StepTimeline.svelte
@@ -39,9 +39,7 @@
-
- Simulation Steps
-
+ Simulation Steps
{#each config.steps as step, i (step.id)}
{@const stepState = stepStates[i]}
@@ -73,7 +71,13 @@
aria-label="Go to step {i + 1}: {step.label}"
>
{#if isPast}
-
+
{:else}
@@ -97,13 +101,7 @@
{#if step.layers && step.layers.length > 0}
diff --git a/src/lib/simulator/components/actors/ActorIcon.svelte b/src/lib/simulator/components/actors/ActorIcon.svelte
index 2b7e5e2..5d1abbb 100644
--- a/src/lib/simulator/components/actors/ActorIcon.svelte
+++ b/src/lib/simulator/components/actors/ActorIcon.svelte
@@ -10,7 +10,16 @@
let { icon, color = '#94a3b8', size = 32 }: Props = $props();
-
+
{#if icon === 'client' || icon === 'browser'}
diff --git a/src/lib/simulator/components/actors/MessageArrow.svelte b/src/lib/simulator/components/actors/MessageArrow.svelte
index 12dbf01..a899fd4 100644
--- a/src/lib/simulator/components/actors/MessageArrow.svelte
+++ b/src/lib/simulator/components/actors/MessageArrow.svelte
@@ -36,7 +36,8 @@
diff --git a/src/lib/simulator/layers/amqp.ts b/src/lib/simulator/layers/amqp.ts
index b4a7e4d..f36e2fa 100644
--- a/src/lib/simulator/layers/amqp.ts
+++ b/src/lib/simulator/layers/amqp.ts
@@ -14,40 +14,35 @@ export function createAMQPLayer(
bits: 8,
value: overrides?.frameType ?? 'Method (1)',
editable: false,
- description:
- 'AMQP frame type β 1=Method, 2=Content Header, 3=Content Body, 8=Heartbeat'
+ description: 'AMQP frame type β 1=Method, 2=Content Header, 3=Content Body, 8=Heartbeat'
},
{
name: 'Channel',
bits: 16,
value: overrides?.channel ?? 0,
editable: false,
- description:
- 'Channel number β 0 for connection-level, 1+ for application channels'
+ description: 'Channel number β 0 for connection-level, 1+ for application channels'
},
{
name: 'Class.Method',
bits: 0,
value: overrides?.method ?? 'Connection.Start',
editable: false,
- description:
- 'AMQP class and method β Connection.Start, Channel.Open, Basic.Publish, etc.'
+ description: 'AMQP class and method β Connection.Start, Channel.Open, Basic.Publish, etc.'
},
{
name: 'Payload Size',
bits: 32,
value: overrides?.payloadSize ?? 128,
editable: false,
- description:
- 'Size of the method arguments or content body in bytes'
+ description: 'Size of the method arguments or content body in bytes'
},
{
name: 'Properties',
bits: 0,
value: overrides?.properties ?? '',
editable: false,
- description:
- 'Message properties β content-type, delivery-mode, correlation-id, headers'
+ description: 'Message properties β content-type, delivery-mode, correlation-id, headers'
},
{
name: 'Payload',
diff --git a/src/lib/simulator/layers/arp.ts b/src/lib/simulator/layers/arp.ts
index 127353a..9c9a362 100644
--- a/src/lib/simulator/layers/arp.ts
+++ b/src/lib/simulator/layers/arp.ts
@@ -64,8 +64,7 @@ export function createARPLayer(
bits: 48,
value: overrides?.targetMac ?? '00:00:00:00:00:00',
editable: false,
- description:
- 'MAC address of the target β all zeros in requests (unknown)'
+ description: 'MAC address of the target β all zeros in requests (unknown)'
},
{
name: 'Target IP',
diff --git a/src/lib/simulator/layers/bgp.ts b/src/lib/simulator/layers/bgp.ts
index e7cc6ae..f50bb77 100644
--- a/src/lib/simulator/layers/bgp.ts
+++ b/src/lib/simulator/layers/bgp.ts
@@ -14,24 +14,21 @@ export function createBGPLayer(
bits: 128,
value: overrides?.marker ?? '0xFFβ¦FF (all ones)',
editable: false,
- description:
- 'Sync marker β 16 bytes of all 1s for authentication and synchronization'
+ description: 'Sync marker β 16 bytes of all 1s for authentication and synchronization'
},
{
name: 'Length',
bits: 16,
value: overrides?.length ?? 29,
editable: false,
- description:
- 'Total message length in bytes (19β4096). Minimum 19 = header only (KEEPALIVE)'
+ description: 'Total message length in bytes (19β4096). Minimum 19 = header only (KEEPALIVE)'
},
{
name: 'Type',
bits: 8,
value: overrides?.type ?? 'OPEN (1)',
editable: false,
- description:
- 'Message type β OPEN (1), UPDATE (2), NOTIFICATION (3), KEEPALIVE (4)',
+ description: 'Message type β OPEN (1), UPDATE (2), NOTIFICATION (3), KEEPALIVE (4)',
color: '#DC2626'
},
{
@@ -39,8 +36,7 @@ export function createBGPLayer(
bits: 16,
value: overrides?.asNumber ?? 'AS 65001',
editable: false,
- description:
- 'Autonomous System number β identifies the routing domain'
+ description: 'Autonomous System number β identifies the routing domain'
},
{
name: 'Hold Time',
@@ -55,8 +51,7 @@ export function createBGPLayer(
bits: 0,
value: overrides?.payload ?? '',
editable: false,
- description:
- 'Type-specific data β NLRI prefixes, path attributes, error codes'
+ description: 'Type-specific data β NLRI prefixes, path attributes, error codes'
}
]
};
diff --git a/src/lib/simulator/layers/ble.ts b/src/lib/simulator/layers/ble.ts
index b651372..aeb0fba 100644
--- a/src/lib/simulator/layers/ble.ts
+++ b/src/lib/simulator/layers/ble.ts
@@ -30,7 +30,8 @@ export function createBLELinkLayer(
bits: 16,
value: overrides?.llHeader ?? 'PDU=ADV_IND, len=22',
editable: false,
- description: 'PDU type + RFU + TxAdd + RxAdd + length on advertising; LLID/NESN/SN/MD on data'
+ description:
+ 'PDU type + RFU + TxAdd + RxAdd + length on advertising; LLID/NESN/SN/MD on data'
},
{
name: 'PDU Body',
@@ -108,7 +109,8 @@ export function createATTLayer(
bits: 16,
value: overrides?.handle ?? '0x002A',
editable: false,
- description: 'Attribute handle β the address of a characteristic or descriptor in the GATT database'
+ description:
+ 'Attribute handle β the address of a characteristic or descriptor in the GATT database'
},
{
name: 'Value',
diff --git a/src/lib/simulator/layers/cellular.ts b/src/lib/simulator/layers/cellular.ts
index 5eeba1a..d6fd21d 100644
--- a/src/lib/simulator/layers/cellular.ts
+++ b/src/lib/simulator/layers/cellular.ts
@@ -102,7 +102,8 @@ export function createGTPULayer(
bits: 8,
value: '0x34 (v1, GTP, E=1)',
editable: false,
- description: 'Version=1, Protocol Type=GTP, E flag set when an Extension Header (PDU Session Container) follows'
+ description:
+ 'Version=1, Protocol Type=GTP, E flag set when an Extension Header (PDU Session Container) follows'
},
{
name: 'Message Type',
@@ -116,28 +117,32 @@ export function createGTPULayer(
bits: 16,
value: overrides?.length ?? 1380,
editable: false,
- description: 'Length of the GTP-U payload + extension headers, excluding the 8-byte mandatory header'
+ description:
+ 'Length of the GTP-U payload + extension headers, excluding the 8-byte mandatory header'
},
{
name: 'TEID',
bits: 32,
value: overrides?.teid ?? '0xC0FFEE01',
editable: false,
- description: 'Tunnel Endpoint Identifier β identifies which PDU session this packet belongs to'
+ description:
+ 'Tunnel Endpoint Identifier β identifies which PDU session this packet belongs to'
},
{
name: 'PDU Session Container',
bits: 0,
value: overrides?.qfi ?? 'QFI=9 (QoS flow)',
editable: false,
- description: 'Extension header carrying the QoS Flow Identifier; maps to the DRB on the air interface'
+ description:
+ 'Extension header carrying the QoS Flow Identifier; maps to the DRB on the air interface'
},
{
name: 'Inner IP Packet',
bits: 0,
value: overrides?.inner ?? 'IPv6 src=UE dst=internet β TCP/UDP/QUIC payload',
editable: false,
- description: "The UE's actual IP packet β what an application sees as 'the internet connection'"
+ description:
+ "The UE's actual IP packet β what an application sees as 'the internet connection'"
}
]
};
diff --git a/src/lib/simulator/layers/coap.ts b/src/lib/simulator/layers/coap.ts
index d55aa81..a42a387 100644
--- a/src/lib/simulator/layers/coap.ts
+++ b/src/lib/simulator/layers/coap.ts
@@ -21,8 +21,7 @@ export function createCoAPLayer(
bits: 2,
value: overrides?.type ?? 'CON (0)',
editable: false,
- description:
- 'Message type β CON (confirmable), NON (non-confirmable), ACK, RST'
+ description: 'Message type β CON (confirmable), NON (non-confirmable), ACK, RST'
},
{
name: 'Token Len',
@@ -37,8 +36,7 @@ export function createCoAPLayer(
bits: 8,
value: overrides?.code ?? '0.01 GET',
editable: false,
- description:
- 'Method or response code β 0.01 GET, 0.02 POST, 2.05 Content, 2.04 Changed',
+ description: 'Method or response code β 0.01 GET, 0.02 POST, 2.05 Content, 2.04 Changed',
color: '#78C257'
},
{
@@ -46,24 +44,21 @@ export function createCoAPLayer(
bits: 16,
value: overrides?.messageId ?? '0x7D34',
editable: false,
- description:
- '16-bit ID for matching ACKs to CON messages and detecting duplicates'
+ description: '16-bit ID for matching ACKs to CON messages and detecting duplicates'
},
{
name: 'Options',
bits: 0,
value: overrides?.options ?? '',
editable: false,
- description:
- 'CoAP options β Uri-Path, Content-Format, Observe, Max-Age, ETag'
+ description: 'CoAP options β Uri-Path, Content-Format, Observe, Max-Age, ETag'
},
{
name: 'Payload',
bits: 0,
value: overrides?.payload ?? '',
editable: false,
- description:
- 'Message payload β typically CBOR or JSON, preceded by 0xFF marker'
+ description: 'Message payload β typically CBOR or JSON, preceded by 0xFF marker'
}
]
};
diff --git a/src/lib/simulator/layers/dhcp.ts b/src/lib/simulator/layers/dhcp.ts
index e2ef260..8d27a79 100644
--- a/src/lib/simulator/layers/dhcp.ts
+++ b/src/lib/simulator/layers/dhcp.ts
@@ -22,8 +22,7 @@ export function createDHCPLayer(
bits: 32,
value: overrides?.xid ?? '0x3903F326',
editable: false,
- description:
- 'Transaction ID β random value chosen by client to match requests with replies'
+ description: 'Transaction ID β random value chosen by client to match requests with replies'
},
{
name: 'Client MAC',
@@ -44,8 +43,7 @@ export function createDHCPLayer(
bits: 8,
value: overrides?.messageType ?? 'DISCOVER',
editable: false,
- description:
- 'DHCP option 53 β DISCOVER, OFFER, REQUEST, ACK, NAK, RELEASE',
+ description: 'DHCP option 53 β DISCOVER, OFFER, REQUEST, ACK, NAK, RELEASE',
color: '#06B6D4'
},
{
@@ -53,8 +51,7 @@ export function createDHCPLayer(
bits: 0,
value: overrides?.options ?? '',
editable: false,
- description:
- 'DHCP options β subnet mask, router, DNS servers, lease time'
+ description: 'DHCP options β subnet mask, router, DNS servers, lease time'
}
]
};
diff --git a/src/lib/simulator/layers/ethernet.ts b/src/lib/simulator/layers/ethernet.ts
index 857443c..34812b9 100644
--- a/src/lib/simulator/layers/ethernet.ts
+++ b/src/lib/simulator/layers/ethernet.ts
@@ -1,6 +1,8 @@
import type { ProtocolLayer } from '../types';
-export function createEthernetLayer(overrides?: Partial>): ProtocolLayer {
+export function createEthernetLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'Ethernet Frame',
abbreviation: 'ETH',
diff --git a/src/lib/simulator/layers/ftp.ts b/src/lib/simulator/layers/ftp.ts
index 110111c..c774571 100644
--- a/src/lib/simulator/layers/ftp.ts
+++ b/src/lib/simulator/layers/ftp.ts
@@ -43,8 +43,7 @@ export function createFTPLayer(
bits: 0,
value: overrides?.channel ?? 'Control (21)',
editable: false,
- description:
- 'Which connection carries this data β Control (port 21) or Data (port 20)'
+ description: 'Which connection carries this data β Control (port 21) or Data (port 20)'
}
]
};
diff --git a/src/lib/simulator/layers/grpc.ts b/src/lib/simulator/layers/grpc.ts
index 3c7abac..7cc809c 100644
--- a/src/lib/simulator/layers/grpc.ts
+++ b/src/lib/simulator/layers/grpc.ts
@@ -1,6 +1,8 @@
import type { ProtocolLayer } from '../types';
-export function createGRPCLayer(overrides?: Partial>): ProtocolLayer {
+export function createGRPCLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'gRPC Message',
abbreviation: 'gRPC',
diff --git a/src/lib/simulator/layers/http2.ts b/src/lib/simulator/layers/http2.ts
index cbe89ae..04fde69 100644
--- a/src/lib/simulator/layers/http2.ts
+++ b/src/lib/simulator/layers/http2.ts
@@ -1,6 +1,8 @@
import type { ProtocolLayer } from '../types';
-export function createHTTP2FrameLayer(overrides?: Partial>): ProtocolLayer {
+export function createHTTP2FrameLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'HTTP/2 Frame',
abbreviation: 'H2',
@@ -33,7 +35,8 @@ export function createHTTP2FrameLayer(overrides?: Partial',
editable: false,
- description: 'In tunnel mode: the entire inner IP packet plus an ESP trailer (padding + next-header byte)'
+ description:
+ 'In tunnel mode: the entire inner IP packet plus an ESP trailer (padding + next-header byte)'
},
{
name: 'ICV (Auth Tag)',
diff --git a/src/lib/simulator/layers/ipv4.ts b/src/lib/simulator/layers/ipv4.ts
index 70d4ea7..c44f493 100644
--- a/src/lib/simulator/layers/ipv4.ts
+++ b/src/lib/simulator/layers/ipv4.ts
@@ -1,6 +1,8 @@
import type { ProtocolLayer } from '../types';
-export function createIPv4Layer(overrides?: Partial>): ProtocolLayer {
+export function createIPv4Layer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'IPv4 Packet',
abbreviation: 'IP',
@@ -38,7 +40,7 @@ export function createIPv4Layer(overrides?: Partial>): ProtocolLayer {
+export function createIPv6Layer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'IPv6 Packet',
abbreviation: 'IPv6',
@@ -47,7 +49,8 @@ export function createIPv6Layer(overrides?: Partial>): ProtocolLayer {
+export function createOSPFLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'OSPFv2 Packet',
abbreviation: 'OSPF',
diff --git a/src/lib/simulator/layers/quic.ts b/src/lib/simulator/layers/quic.ts
index b2f303c..7ac02fb 100644
--- a/src/lib/simulator/layers/quic.ts
+++ b/src/lib/simulator/layers/quic.ts
@@ -1,6 +1,8 @@
import type { ProtocolLayer } from '../types';
-export function createQUICLayer(overrides?: Partial>): ProtocolLayer {
+export function createQUICLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'QUIC Packet',
abbreviation: 'QUIC',
diff --git a/src/lib/simulator/layers/rtmp.ts b/src/lib/simulator/layers/rtmp.ts
index c5ea1c0..6edb20e 100644
--- a/src/lib/simulator/layers/rtmp.ts
+++ b/src/lib/simulator/layers/rtmp.ts
@@ -14,16 +14,14 @@ export function createRTMPLayer(
bits: 2,
value: overrides?.chunkType ?? 'Type 0 (full)',
editable: false,
- description:
- 'Chunk header format β Type 0 (12 bytes, full), Type 1-3 (compressed headers)'
+ description: 'Chunk header format β Type 0 (12 bytes, full), Type 1-3 (compressed headers)'
},
{
name: 'Chunk Stream ID',
bits: 6,
value: overrides?.chunkStreamId ?? 3,
editable: false,
- description:
- 'Multiplexing channel β 2=protocol control, 3+=application messages'
+ description: 'Multiplexing channel β 2=protocol control, 3+=application messages'
},
{
name: 'Message Type',
@@ -38,8 +36,7 @@ export function createRTMPLayer(
bits: 32,
value: overrides?.streamId ?? 0,
editable: false,
- description:
- 'Message stream ID β 0 for control, 1+ for published streams'
+ description: 'Message stream ID β 0 for control, 1+ for published streams'
},
{
name: 'Timestamp',
@@ -54,8 +51,7 @@ export function createRTMPLayer(
bits: 0,
value: overrides?.payload ?? '',
editable: false,
- description:
- 'AMF-encoded command, audio/video data, or metadata'
+ description: 'AMF-encoded command, audio/video data, or metadata'
}
]
};
diff --git a/src/lib/simulator/layers/rtp.ts b/src/lib/simulator/layers/rtp.ts
index a730582..af17337 100644
--- a/src/lib/simulator/layers/rtp.ts
+++ b/src/lib/simulator/layers/rtp.ts
@@ -14,8 +14,7 @@ export function createRTPLayer(
bits: 8,
value: overrides?.flags ?? '0x80',
editable: false,
- description:
- 'Version (2), Padding (1), Extension (1), CSRC Count (4) β V=2 is current'
+ description: 'Version (2), Padding (1), Extension (1), CSRC Count (4) β V=2 is current'
},
{
name: 'M/PT',
@@ -30,8 +29,7 @@ export function createRTPLayer(
bits: 16,
value: overrides?.seq ?? 1,
editable: false,
- description:
- 'Sequence number β increments per packet, used to detect loss and reorder'
+ description: 'Sequence number β increments per packet, used to detect loss and reorder'
},
{
name: 'Timestamp',
@@ -54,8 +52,7 @@ export function createRTPLayer(
bits: 0,
value: overrides?.payload ?? '',
editable: false,
- description:
- 'Encoded media data β audio samples (Opus, G.711) or video frames (H.264, VP8)'
+ description: 'Encoded media data β audio samples (Opus, G.711) or video frames (H.264, VP8)'
}
]
};
diff --git a/src/lib/simulator/layers/sctp.ts b/src/lib/simulator/layers/sctp.ts
index acb340d..e4d8b03 100644
--- a/src/lib/simulator/layers/sctp.ts
+++ b/src/lib/simulator/layers/sctp.ts
@@ -28,16 +28,14 @@ export function createSCTPLayer(
bits: 32,
value: overrides?.vTag ?? '0x00000000',
editable: false,
- description:
- 'Verification Tag β prevents blind attacks, must match the association\'s tag'
+ description: "Verification Tag β prevents blind attacks, must match the association's tag"
},
{
name: 'Chunk Type',
bits: 8,
value: overrides?.chunkType ?? 'INIT (1)',
editable: false,
- description:
- 'Chunk type β INIT, INIT-ACK, COOKIE-ECHO, COOKIE-ACK, DATA, SACK, HEARTBEAT',
+ description: 'Chunk type β INIT, INIT-ACK, COOKIE-ECHO, COOKIE-ACK, DATA, SACK, HEARTBEAT',
color: '#7C3AED'
},
{
@@ -52,8 +50,7 @@ export function createSCTPLayer(
bits: 0,
value: overrides?.payload ?? '',
editable: false,
- description:
- 'Chunk data β initiation parameters, cookie, or application data'
+ description: 'Chunk data β initiation parameters, cookie, or application data'
}
]
};
diff --git a/src/lib/simulator/layers/sip.ts b/src/lib/simulator/layers/sip.ts
index f3d70ca..757df78 100644
--- a/src/lib/simulator/layers/sip.ts
+++ b/src/lib/simulator/layers/sip.ts
@@ -14,8 +14,7 @@ export function createSIPLayer(
bits: 0,
value: overrides?.method ?? 'INVITE',
editable: false,
- description:
- 'SIP method β INVITE, ACK, BYE, CANCEL, REGISTER, OPTIONS'
+ description: 'SIP method β INVITE, ACK, BYE, CANCEL, REGISTER, OPTIONS'
},
{
name: 'Status',
@@ -30,32 +29,28 @@ export function createSIPLayer(
bits: 0,
value: overrides?.from ?? '',
editable: false,
- description:
- 'Caller SIP URI β identifies the initiator of the request (sip:user@domain)'
+ description: 'Caller SIP URI β identifies the initiator of the request (sip:user@domain)'
},
{
name: 'To',
bits: 0,
value: overrides?.to ?? '',
editable: false,
- description:
- 'Callee SIP URI β identifies the intended recipient of the request'
+ description: 'Callee SIP URI β identifies the intended recipient of the request'
},
{
name: 'Call-ID',
bits: 0,
value: overrides?.callId ?? '',
editable: false,
- description:
- 'Unique call identifier β groups all messages belonging to the same dialog'
+ description: 'Unique call identifier β groups all messages belonging to the same dialog'
},
{
name: 'Body',
bits: 0,
value: overrides?.body ?? '',
editable: false,
- description:
- 'Message body β typically SDP for media negotiation in INVITE/200 OK'
+ description: 'Message body β typically SDP for media negotiation in INVITE/200 OK'
}
]
};
diff --git a/src/lib/simulator/layers/smtp.ts b/src/lib/simulator/layers/smtp.ts
index 9e4bb54..6827876 100644
--- a/src/lib/simulator/layers/smtp.ts
+++ b/src/lib/simulator/layers/smtp.ts
@@ -21,8 +21,7 @@ export function createSMTPLayer(
bits: 0,
value: overrides?.parameter ?? 'client.example.com',
editable: false,
- description:
- 'Command parameter β hostname for EHLO, address for MAIL FROM/RCPT TO'
+ description: 'Command parameter β hostname for EHLO, address for MAIL FROM/RCPT TO'
},
{
name: 'Response Code',
diff --git a/src/lib/simulator/layers/soap.ts b/src/lib/simulator/layers/soap.ts
index 627152c..25990bb 100644
--- a/src/lib/simulator/layers/soap.ts
+++ b/src/lib/simulator/layers/soap.ts
@@ -14,24 +14,21 @@ export function createSOAPLayer(
bits: 0,
value: overrides?.envelope ?? 'soap:Envelope xmlns:soap="..."',
editable: false,
- description:
- 'Root XML element wrapping the entire SOAP message'
+ description: 'Root XML element wrapping the entire SOAP message'
},
{
name: 'Header',
bits: 0,
value: overrides?.header ?? '',
editable: false,
- description:
- 'Optional SOAP Header β authentication, routing, transaction context'
+ description: 'Optional SOAP Header β authentication, routing, transaction context'
},
{
name: 'Body',
bits: 0,
value: overrides?.body ?? 'GetUser(id: 42)',
editable: false,
- description:
- 'Required SOAP Body β contains the operation and parameters',
+ description: 'Required SOAP Body β contains the operation and parameters',
color: '#00D4FF'
},
{
@@ -39,16 +36,14 @@ export function createSOAPLayer(
bits: 0,
value: overrides?.namespace ?? 'http://example.com/users',
editable: false,
- description:
- 'XML namespace identifying the service schema and operations'
+ description: 'XML namespace identifying the service schema and operations'
},
{
name: 'SOAPAction',
bits: 0,
value: overrides?.soapAction ?? 'http://example.com/GetUser',
editable: false,
- description:
- 'HTTP header identifying the intended SOAP operation'
+ description: 'HTTP header identifying the intended SOAP operation'
}
]
};
diff --git a/src/lib/simulator/layers/ssh.ts b/src/lib/simulator/layers/ssh.ts
index 16f4435..ef675fe 100644
--- a/src/lib/simulator/layers/ssh.ts
+++ b/src/lib/simulator/layers/ssh.ts
@@ -1,6 +1,8 @@
import type { ProtocolLayer } from '../types';
-export function createSSHLayer(overrides?: Partial>): ProtocolLayer {
+export function createSSHLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'SSH Packet',
abbreviation: 'SSH',
@@ -26,7 +28,8 @@ export function createSSHLayer(overrides?: Partial>): ProtocolLayer {
+export function createSTUNLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'STUN Message',
abbreviation: 'STUN',
@@ -40,7 +42,8 @@ export function createSTUNLayer(overrides?: Partial>): ProtocolLayer {
+export function createTCPLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'TCP Segment',
abbreviation: 'TCP',
@@ -76,7 +78,8 @@ export function createTCPLayer(overrides?: Partial>): ProtocolLayer {
+export function createTLSRecordLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'TLS Record',
abbreviation: 'TLS',
@@ -12,7 +14,8 @@ export function createTLSRecordLayer(overrides?: Partial>): ProtocolLayer {
+export function createUDPLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'UDP Datagram',
abbreviation: 'UDP',
@@ -12,7 +14,7 @@ export function createUDPLayer(overrides?: Partial>): ProtocolLayer {
+export function createWebSocketFrameLayer(
+ overrides?: Partial>
+): ProtocolLayer {
return {
name: 'WebSocket Frame',
abbreviation: 'WS',
diff --git a/src/lib/simulator/layers/wifi.ts b/src/lib/simulator/layers/wifi.ts
index b0caac6..fd1d8f6 100644
--- a/src/lib/simulator/layers/wifi.ts
+++ b/src/lib/simulator/layers/wifi.ts
@@ -14,8 +14,7 @@ export function createWiFiLayer(
bits: 16,
value: overrides?.frameControl ?? '0x0841',
editable: false,
- description:
- 'Frame type and control bits β Data (0x08), To DS, Protected Frame',
+ description: 'Frame type and control bits β Data (0x08), To DS, Protected Frame',
color: '#F472B6'
},
{
@@ -31,8 +30,7 @@ export function createWiFiLayer(
bits: 48,
value: overrides?.addr1 ?? 'AA:BB:CC:DD:EE:FF',
editable: true,
- description:
- 'Receiver Address β the immediate next recipient (usually the access point)'
+ description: 'Receiver Address β the immediate next recipient (usually the access point)'
},
{
name: 'Addr 2 (TA)',
@@ -46,24 +44,21 @@ export function createWiFiLayer(
bits: 48,
value: overrides?.addr3 ?? 'CC:DD:EE:FF:00:11',
editable: true,
- description:
- 'Destination Address β the final destination on the network'
+ description: 'Destination Address β the final destination on the network'
},
{
name: 'Seq Control',
bits: 16,
value: overrides?.seqControl ?? '0x0010',
editable: false,
- description:
- 'Fragment and sequence number for reassembly and duplicate detection'
+ description: 'Fragment and sequence number for reassembly and duplicate detection'
},
{
name: 'Payload',
bits: 0,
value: overrides?.payload ?? '...',
editable: false,
- description:
- 'Encrypted data payload (up to 2304 bytes with WPA2/3 encryption)'
+ description: 'Encrypted data payload (up to 2304 bytes with WPA2/3 encryption)'
},
{
name: 'FCS',
diff --git a/src/lib/simulator/layers/wireguard.ts b/src/lib/simulator/layers/wireguard.ts
index 6153864..28890d3 100644
--- a/src/lib/simulator/layers/wireguard.ts
+++ b/src/lib/simulator/layers/wireguard.ts
@@ -30,14 +30,16 @@ export function createWireGuardLayer(
bits: 32,
value: overrides?.senderIndex ?? '0xABCD1234',
editable: false,
- description: 'Random 32-bit identifier the receiver echoes back; lets peers track parallel handshakes'
+ description:
+ 'Random 32-bit identifier the receiver echoes back; lets peers track parallel handshakes'
},
{
name: 'Receiver Index',
bits: 32,
value: overrides?.receiverIndex ?? '0x00000000',
editable: false,
- description: 'Echoed back in Handshake Response and Transport Data; zero in the initial handshake'
+ description:
+ 'Echoed back in Handshake Response and Transport Data; zero in the initial handshake'
},
{
name: 'Payload',
diff --git a/src/lib/simulator/layers/xmpp.ts b/src/lib/simulator/layers/xmpp.ts
index ea4f71f..c5d3a04 100644
--- a/src/lib/simulator/layers/xmpp.ts
+++ b/src/lib/simulator/layers/xmpp.ts
@@ -14,8 +14,7 @@ export function createXMPPLayer(
bits: 0,
value: overrides?.stanzaType ?? '',
editable: false,
- description:
- 'XML element type β , , , , '
+ description: 'XML element type β , , , , '
},
{
name: 'From',
@@ -30,8 +29,7 @@ export function createXMPPLayer(
bits: 0,
value: overrides?.to ?? '',
editable: false,
- description:
- 'Recipient JID β the destination user, room, or service'
+ description: 'Recipient JID β the destination user, room, or service'
},
{
name: 'ID',
diff --git a/src/lib/simulator/layers/zigbee.ts b/src/lib/simulator/layers/zigbee.ts
index efaf1b5..1dcf5a5 100644
--- a/src/lib/simulator/layers/zigbee.ts
+++ b/src/lib/simulator/layers/zigbee.ts
@@ -15,7 +15,8 @@ export function create802154Layer(
bits: 16,
value: overrides?.frameControl ?? '0x8841 (Data, AckReq=1, PAN-ID Compression)',
editable: false,
- description: 'Frame type (Data/Ack/Cmd), security on/off, AckReq, frame version, addressing modes'
+ description:
+ 'Frame type (Data/Ack/Cmd), security on/off, AckReq, frame version, addressing modes'
},
{
name: 'Seq Num',
@@ -86,7 +87,8 @@ export function createZigbeeNWKLayer(
bits: 16,
value: overrides?.dstAddr ?? '0x1234',
editable: false,
- description: 'NWK 16-bit short address β every node has a locally unique 16-bit address assigned at join'
+ description:
+ 'NWK 16-bit short address β every node has a locally unique 16-bit address assigned at join'
},
{
name: 'Src Addr',
@@ -114,7 +116,8 @@ export function createZigbeeNWKLayer(
bits: 0,
value: overrides?.security ?? 'AES-CCM* (frame counter 0x000ABCDE, MIC=4 bytes)',
editable: false,
- description: 'AES-128-CCM* encryption + integrity using the network key; 4/8/16-byte MIC appended'
+ description:
+ 'AES-128-CCM* encryption + integrity using the network key; 4/8/16-byte MIC appended'
},
{
name: 'Payload (APS frame)',
@@ -142,14 +145,16 @@ export function createZigbeeAPSLayer(
bits: 8,
value: overrides?.frameControl ?? '0x40 (Data, Unicast, no Ack)',
editable: false,
- description: 'Type (Data / Cmd / Ack), Delivery Mode (Unicast / Indirect / Broadcast / Group), Security, AckReq, Extended Hdr'
+ description:
+ 'Type (Data / Cmd / Ack), Delivery Mode (Unicast / Indirect / Broadcast / Group), Security, AckReq, Extended Hdr'
},
{
name: 'Dst Endpoint',
bits: 8,
value: overrides?.dstEp ?? 11,
editable: false,
- description: 'Endpoint within the destination device (1β240). Endpoint 11 is the standard Hue bulb endpoint.'
+ description:
+ 'Endpoint within the destination device (1β240). Endpoint 11 is the standard Hue bulb endpoint.'
},
{
name: 'Cluster ID',
diff --git a/src/lib/simulator/simulations/a2a-task.ts b/src/lib/simulator/simulations/a2a-task.ts
index 22b5e6f..c8f8f08 100644
--- a/src/lib/simulator/simulations/a2a-task.ts
+++ b/src/lib/simulator/simulations/a2a-task.ts
@@ -10,9 +10,21 @@ function httpRequestLayer(method: string, path: string, contentType: string) {
osiLayer: 7,
color: '#4B5563',
headerFields: [
- { name: 'Method', bits: 0, value: method, editable: false, description: `HTTP ${method} β A2A uses standard HTTP as its transport` },
+ {
+ name: 'Method',
+ bits: 0,
+ value: method,
+ editable: false,
+ description: `HTTP ${method} β A2A uses standard HTTP as its transport`
+ },
{ name: 'Path', bits: 0, value: path, editable: false, description: 'A2A endpoint path' },
- { name: 'Content-Type', bits: 0, value: contentType, editable: false, description: 'Request content type' }
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: contentType,
+ editable: false,
+ description: 'Request content type'
+ }
]
};
}
@@ -24,10 +36,34 @@ function a2aRequestLayer(method: string, params: string, id: string | number) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version β A2A uses JSON-RPC 2.0 as its wire format' },
- { name: 'Method', bits: 0, value: method, editable: false, description: 'A2A method to invoke on the remote agent' },
- { name: 'Params', bits: 0, value: params, editable: false, description: 'Method parameters as a JSON object' },
- { name: 'ID', bits: 0, value: String(id), editable: false, description: 'Request identifier β remote agent echoes this back to correlate the response' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version β A2A uses JSON-RPC 2.0 as its wire format'
+ },
+ {
+ name: 'Method',
+ bits: 0,
+ value: method,
+ editable: false,
+ description: 'A2A method to invoke on the remote agent'
+ },
+ {
+ name: 'Params',
+ bits: 0,
+ value: params,
+ editable: false,
+ description: 'Method parameters as a JSON object'
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: String(id),
+ editable: false,
+ description: 'Request identifier β remote agent echoes this back to correlate the response'
+ }
]
};
}
@@ -39,9 +75,28 @@ function a2aResponseLayer(result: string, id: string | number, color: string) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version' },
- { name: 'Result', bits: 0, value: result, editable: false, description: 'Response payload from the remote agent', color },
- { name: 'ID', bits: 0, value: String(id), editable: false, description: 'Matches the request ID β confirms which call this responds to' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version'
+ },
+ {
+ name: 'Result',
+ bits: 0,
+ value: result,
+ editable: false,
+ description: 'Response payload from the remote agent',
+ color
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: String(id),
+ editable: false,
+ description: 'Matches the request ID β confirms which call this responds to'
+ }
]
};
}
@@ -50,7 +105,7 @@ export const a2aTask: SimulationConfig = {
protocolId: 'a2a',
title: 'A2A β Agent Discovery & Task Lifecycle',
description:
- 'Watch an agent discover another agent and delegate a task. The client fetches the remote agent\'s card, sends a message, and receives streaming task updates β all using the Agent-to-Agent protocol.',
+ "Watch an agent discover another agent and delegate a task. The client fetches the remote agent's card, sends a message, and receives streaming task updates β all using the Agent-to-Agent protocol.",
tier: 'client',
actors: [
{ id: 'client', label: 'Client Agent', icon: 'browser', position: 'left' },
@@ -70,7 +125,7 @@ export const a2aTask: SimulationConfig = {
id: 'agent-card-request',
label: 'Agent Card Request',
description:
- 'Client agent sends an HTTP GET to the well-known agent card endpoint. This is how agents discover each other β the card describes the remote agent\'s identity, skills, and capabilities.',
+ "Client agent sends an HTTP GET to the well-known agent card endpoint. This is how agents discover each other β the card describes the remote agent's identity, skills, and capabilities.",
fromActor: 'client',
toActor: 'remote',
duration: 800,
@@ -85,9 +140,28 @@ export const a2aTask: SimulationConfig = {
osiLayer: 7,
color: '#4B5563',
headerFields: [
- { name: 'Method', bits: 0, value: 'GET', editable: false, description: 'HTTP GET β retrieving the agent\'s public card' },
- { name: 'Path', bits: 0, value: '/.well-known/agent.json', editable: false, description: 'Well-known URI for agent discovery β standardized path so clients know where to look' },
- { name: 'Accept', bits: 0, value: 'application/json', editable: false, description: 'Client expects a JSON agent card' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: 'GET',
+ editable: false,
+ description: "HTTP GET β retrieving the agent's public card"
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: '/.well-known/agent.json',
+ editable: false,
+ description:
+ 'Well-known URI for agent discovery β standardized path so clients know where to look'
+ },
+ {
+ name: 'Accept',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'Client expects a JSON agent card'
+ }
]
}
]
@@ -111,8 +185,21 @@ export const a2aTask: SimulationConfig = {
osiLayer: 7,
color: '#4B5563',
headerFields: [
- { name: 'Status', bits: 0, value: '200 OK', editable: false, description: 'Agent card found and returned', color: '#22c55e' },
- { name: 'Content-Type', bits: 0, value: 'application/json', editable: false, description: 'Agent card is JSON' }
+ {
+ name: 'Status',
+ bits: 0,
+ value: '200 OK',
+ editable: false,
+ description: 'Agent card found and returned',
+ color: '#22c55e'
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'Agent card is JSON'
+ }
]
},
{
@@ -121,11 +208,41 @@ export const a2aTask: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Name', bits: 0, value: '"TravelAgent"', editable: false, description: 'Human-readable agent name' },
- { name: 'Description', bits: 0, value: '"Books flights, hotels, and travel plans"', editable: false, description: 'What this agent can do' },
- { name: 'URL', bits: 0, value: '"https://travel.example.com/a2a"', editable: false, description: 'Endpoint for sending messages to this agent' },
- { name: 'Skills', bits: 0, value: '[{"id":"flight-search","name":"Flight Search"}]', editable: false, description: 'List of skills β each with an ID, name, and description' },
- { name: 'Version', bits: 0, value: '"0.2.1"', editable: false, description: 'A2A protocol version supported by this agent' }
+ {
+ name: 'Name',
+ bits: 0,
+ value: '"TravelAgent"',
+ editable: false,
+ description: 'Human-readable agent name'
+ },
+ {
+ name: 'Description',
+ bits: 0,
+ value: '"Books flights, hotels, and travel plans"',
+ editable: false,
+ description: 'What this agent can do'
+ },
+ {
+ name: 'URL',
+ bits: 0,
+ value: '"https://travel.example.com/a2a"',
+ editable: false,
+ description: 'Endpoint for sending messages to this agent'
+ },
+ {
+ name: 'Skills',
+ bits: 0,
+ value: '[{"id":"flight-search","name":"Flight Search"}]',
+ editable: false,
+ description: 'List of skills β each with an ID, name, and description'
+ },
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"0.2.1"',
+ editable: false,
+ description: 'A2A protocol version supported by this agent'
+ }
]
}
]
@@ -144,7 +261,11 @@ export const a2aTask: SimulationConfig = {
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 55100, dstPort: 443, flags: 'PSH,ACK' }),
httpRequestLayer('POST', '/a2a', 'application/json'),
- a2aRequestLayer('message/send', '{"message":{"role":"user","parts":[{"kind":"text","text":"Find flights NYC to London"}]}}', 1)
+ a2aRequestLayer(
+ 'message/send',
+ '{"message":{"role":"user","parts":[{"kind":"text","text":"Find flights NYC to London"}]}}',
+ 1
+ )
]
},
{
@@ -160,7 +281,11 @@ export const a2aTask: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 55100, flags: 'PSH,ACK' }),
- a2aResponseLayer('{"id":"task-001","status":{"state":"working","message":{"role":"agent","parts":[{"kind":"text","text":"Searching flights..."}]}}}', 1, '#eab308')
+ a2aResponseLayer(
+ '{"id":"task-001","status":{"state":"working","message":{"role":"agent","parts":[{"kind":"text","text":"Searching flights..."}]}}}',
+ 1,
+ '#eab308'
+ )
]
},
{
@@ -176,7 +301,11 @@ export const a2aTask: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 55100, flags: 'PSH,ACK' }),
- a2aResponseLayer('{"id":"task-001","status":{"state":"completed"},"artifacts":[{"name":"flights","parts":[{"kind":"text","text":"BA115 JFKβLHR 7pm $450"}]}]}', 1, '#22c55e')
+ a2aResponseLayer(
+ '{"id":"task-001","status":{"state":"completed"},"artifacts":[{"name":"flights","parts":[{"kind":"text","text":"BA115 JFKβLHR 7pm $450"}]}]}',
+ 1,
+ '#22c55e'
+ )
]
},
{
@@ -193,7 +322,11 @@ export const a2aTask: SimulationConfig = {
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 55100, dstPort: 443, flags: 'PSH,ACK' }),
httpRequestLayer('POST', '/a2a', 'application/json'),
- a2aRequestLayer('message/stream', '{"message":{"role":"user","parts":[{"kind":"text","text":"Find flights NYC to London"}]}}', 2)
+ a2aRequestLayer(
+ 'message/stream',
+ '{"message":{"role":"user","parts":[{"kind":"text","text":"Find flights NYC to London"}]}}',
+ 2
+ )
]
},
{
@@ -215,7 +348,14 @@ export const a2aTask: SimulationConfig = {
osiLayer: 7,
color: '#4B5563',
headerFields: [
- { name: 'Content-Type', bits: 0, value: 'text/event-stream', editable: false, description: 'Server-sent events β the server pushes updates over a long-lived HTTP connection' }
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'text/event-stream',
+ editable: false,
+ description:
+ 'Server-sent events β the server pushes updates over a long-lived HTTP connection'
+ }
]
},
{
@@ -224,9 +364,28 @@ export const a2aTask: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Event 1', bits: 0, value: '{"status":{"state":"working","message":"Searching..."}}', editable: false, description: 'First SSE event β task is now working' },
- { name: 'Event 2', bits: 0, value: '{"artifact":{"name":"flights","parts":[...],"append":true}}', editable: false, description: 'Artifact event β partial results streamed incrementally' },
- { name: 'Event 3', bits: 0, value: '{"status":{"state":"completed"},"final":true}', editable: false, description: 'Final event β task complete, stream closes', color: '#22c55e' }
+ {
+ name: 'Event 1',
+ bits: 0,
+ value: '{"status":{"state":"working","message":"Searching..."}}',
+ editable: false,
+ description: 'First SSE event β task is now working'
+ },
+ {
+ name: 'Event 2',
+ bits: 0,
+ value: '{"artifact":{"name":"flights","parts":[...],"append":true}}',
+ editable: false,
+ description: 'Artifact event β partial results streamed incrementally'
+ },
+ {
+ name: 'Event 3',
+ bits: 0,
+ value: '{"status":{"state":"completed"},"final":true}',
+ editable: false,
+ description: 'Final event β task complete, stream closes',
+ color: '#22c55e'
+ }
]
}
]
diff --git a/src/lib/simulator/simulations/amqp-messaging.ts b/src/lib/simulator/simulations/amqp-messaging.ts
index b7b8988..d5d4924 100644
--- a/src/lib/simulator/simulations/amqp-messaging.ts
+++ b/src/lib/simulator/simulations/amqp-messaging.ts
@@ -157,7 +157,8 @@ export const amqpMessaging: SimulationConfig = {
channel: 1,
method: 'Basic.Deliver',
payloadSize: 86,
- properties: 'Consumer-Tag: ctag-1, Delivery-Tag: 1, Exchange: orders, Routing-Key: order.created',
+ properties:
+ 'Consumer-Tag: ctag-1, Delivery-Tag: 1, Exchange: orders, Routing-Key: order.created',
payload: '{"event": "order.created", "orderId": "ORD-1234", "total": 59.99}'
})
]
diff --git a/src/lib/simulator/simulations/arp-resolution.ts b/src/lib/simulator/simulations/arp-resolution.ts
index aacc369..980bed8 100644
--- a/src/lib/simulator/simulations/arp-resolution.ts
+++ b/src/lib/simulator/simulations/arp-resolution.ts
@@ -58,7 +58,7 @@ export const arpResolution: SimulationConfig = {
id: 'arp-reply',
label: 'ARP Reply (unicast)',
description:
- 'Host B recognizes its own IP in the Target IP field and responds with a unicast ARP Reply. The reply fills in the missing piece: Sender MAC AA:BB:CC:DD:EE:FF. Notice this is unicast (directly to Host A\'s MAC), not broadcast β only Host A receives the reply. Host B also caches Host A\'s IP-to-MAC mapping from the request, since it will likely need it soon.',
+ "Host B recognizes its own IP in the Target IP field and responds with a unicast ARP Reply. The reply fills in the missing piece: Sender MAC AA:BB:CC:DD:EE:FF. Notice this is unicast (directly to Host A's MAC), not broadcast β only Host A receives the reply. Host B also caches Host A's IP-to-MAC mapping from the request, since it will likely need it soon.",
fromActor: 'host-b',
toActor: 'host-a',
duration: 800,
@@ -126,7 +126,7 @@ export const arpResolution: SimulationConfig = {
id: 'response',
label: 'Response (cache hit)',
description:
- 'Host B sends a response back to Host A. This time, no ARP is needed β Host B already cached Host A\'s MAC address when it processed the original ARP Request. This is a cache hit: the Ethernet frame is constructed immediately with the known destination MAC. Bidirectional communication now flows without any ARP overhead.',
+ "Host B sends a response back to Host A. This time, no ARP is needed β Host B already cached Host A's MAC address when it processed the original ARP Request. This is a cache hit: the Ethernet frame is constructed immediately with the known destination MAC. Bidirectional communication now flows without any ARP overhead.",
fromActor: 'host-b',
toActor: 'host-a',
duration: 600,
diff --git a/src/lib/simulator/simulations/bgp-peering.ts b/src/lib/simulator/simulations/bgp-peering.ts
index 780737c..bcf2cc1 100644
--- a/src/lib/simulator/simulations/bgp-peering.ts
+++ b/src/lib/simulator/simulations/bgp-peering.ts
@@ -63,7 +63,7 @@ export const bgpPeering: SimulationConfig = {
id: 'keepalive-a',
label: 'KEEPALIVE',
description:
- 'Router A confirms the session parameters by sending a KEEPALIVE. This is the smallest possible BGP message β just the 19-byte header with no payload. The KEEPALIVE serves double duty: it confirms the OPEN exchange and starts the hold timer. If either peer doesn\'t hear from the other within the hold time, the session is torn down.',
+ "Router A confirms the session parameters by sending a KEEPALIVE. This is the smallest possible BGP message β just the 19-byte header with no payload. The KEEPALIVE serves double duty: it confirms the OPEN exchange and starts the hold timer. If either peer doesn't hear from the other within the hold time, the session is torn down.",
fromActor: 'routerA',
toActor: 'routerB',
duration: 800,
@@ -129,7 +129,7 @@ export const bgpPeering: SimulationConfig = {
id: 'update-announce-b',
label: 'UPDATE (announce)',
description:
- 'Router B announces its own networks in return. The AS_PATH now shows AS 65002, and the NEXT_HOP points to Router B\'s address. When Router A receives this, it knows that to reach 172.16.0.0/12, it should send traffic to 10.0.0.2. This is how the internet\'s routing table is built β one UPDATE at a time.',
+ "Router B announces its own networks in return. The AS_PATH now shows AS 65002, and the NEXT_HOP points to Router B's address. When Router A receives this, it knows that to reach 172.16.0.0/12, it should send traffic to 10.0.0.2. This is how the internet's routing table is built β one UPDATE at a time.",
fromActor: 'routerB',
toActor: 'routerA',
duration: 1000,
@@ -173,7 +173,7 @@ export const bgpPeering: SimulationConfig = {
id: 'keepalive-periodic',
label: 'KEEPALIVE',
description:
- 'BGP peers send periodic KEEPALIVEs (typically every 30 seconds) to prove they\'re still alive. If no message is received within the hold time (90 seconds), the peer is declared dead and all its routes are withdrawn. This is why BGP misconfiguration can cause massive internet outages β if a major ISP\'s session drops, thousands of routes disappear.',
+ "BGP peers send periodic KEEPALIVEs (typically every 30 seconds) to prove they're still alive. If no message is received within the hold time (90 seconds), the peer is declared dead and all its routes are withdrawn. This is why BGP misconfiguration can cause massive internet outages β if a major ISP's session drops, thousands of routes disappear.",
fromActor: 'routerA',
toActor: 'routerB',
duration: 800,
diff --git a/src/lib/simulator/simulations/bluetooth-ble.ts b/src/lib/simulator/simulations/bluetooth-ble.ts
index d42b793..749a7ac 100644
--- a/src/lib/simulator/simulations/bluetooth-ble.ts
+++ b/src/lib/simulator/simulations/bluetooth-ble.ts
@@ -5,7 +5,7 @@ export const bluetoothBleGatt: SimulationConfig = {
protocolId: 'bluetooth',
title: 'BLE Connect, Pair, and GATT Read',
description:
- "Watch a phone (Central) discover a heart-rate sensor (Peripheral) on a BLE advertising channel, establish a connection, exchange MTU, pair with LE Secure Connections, and subscribe to notifications. This is the flow under every fitness tracker, AirTag, hearing aid, and Matter device commissioning over Bluetooth.",
+ 'Watch a phone (Central) discover a heart-rate sensor (Peripheral) on a BLE advertising channel, establish a connection, exchange MTU, pair with LE Secure Connections, and subscribe to notifications. This is the flow under every fitness tracker, AirTag, hearing aid, and Matter device commissioning over Bluetooth.',
tier: 'client',
actors: [
{ id: 'central', label: 'Central (Phone)', icon: 'device', position: 'left' },
diff --git a/src/lib/simulator/simulations/cellular-registration.ts b/src/lib/simulator/simulations/cellular-registration.ts
index 844a856..ef3736b 100644
--- a/src/lib/simulator/simulations/cellular-registration.ts
+++ b/src/lib/simulator/simulations/cellular-registration.ts
@@ -9,7 +9,7 @@ export const cellularRegistration: SimulationConfig = {
protocolId: 'cellular',
title: '5G Initial Registration + First PDU Session',
description:
- "Watch a phone power on and walk the 8 beats every 5G-SA UE walks every time it leaves airplane mode: RRC Setup β Registration Request β 5G-AKA β Security Mode β Registration Accept β PDU Session Establishment β UPF programming β user plane up. Every NGAP and GTP-U hop is wrapped in IPsec ESP per 3GPP TS 33.501.",
+ 'Watch a phone power on and walk the 8 beats every 5G-SA UE walks every time it leaves airplane mode: RRC Setup β Registration Request β 5G-AKA β Security Mode β Registration Accept β PDU Session Establishment β UPF programming β user plane up. Every NGAP and GTP-U hop is wrapped in IPsec ESP per 3GPP TS 33.501.',
tier: 'client',
actors: [
{ id: 'ue', label: 'UE (phone)', icon: 'device', position: 'left' },
@@ -44,7 +44,7 @@ export const cellularRegistration: SimulationConfig = {
id: 'rrc-setup',
label: 'RRC Setup (random access)',
description:
- "UE selects a cell from SSB measurements and runs random access: PRACH preamble (Msg1) β Random Access Response with timing advance + temporary C-RNTI (Msg2) β RRCSetupRequest (Msg3) β RRCSetup (Msg4). At this point the UE has SRB1 (signalling radio bearer) but no security context.",
+ 'UE selects a cell from SSB measurements and runs random access: PRACH preamble (Msg1) β Random Access Response with timing advance + temporary C-RNTI (Msg2) β RRCSetupRequest (Msg3) β RRCSetup (Msg4). At this point the UE has SRB1 (signalling radio bearer) but no security context.',
fromActor: 'ue',
toActor: 'gnb',
duration: 1300,
@@ -62,14 +62,16 @@ export const cellularRegistration: SimulationConfig = {
bits: 0,
value: 'mo-Signalling',
editable: false,
- description: 'Why the UE wants a connection β signalling, data, voice, emergency, etc.'
+ description:
+ 'Why the UE wants a connection β signalling, data, voice, emergency, etc.'
},
{
name: 'C-RNTI',
bits: 16,
value: '0x4A2F',
editable: false,
- description: 'Cell Radio Network Temporary Identifier β the UE\'s short-lived ID in this cell'
+ description:
+ "Cell Radio Network Temporary Identifier β the UE's short-lived ID in this cell"
},
{
name: 'SRB1',
@@ -86,7 +88,7 @@ export const cellularRegistration: SimulationConfig = {
id: 'reg-req',
label: 'Registration Request (NAS)',
description:
- 'UE sends a Registration Request over SRB1. The gNB doesn\'t look at the NAS payload β it just forwards it to the AMF inside an NGAP Initial UE Message on SCTP/38412 (wrapped in IPsec ESP). The Request carries the **SUCI** (public-key-encrypted SUPI), requested NSSAI, and UE security capabilities.',
+ "UE sends a Registration Request over SRB1. The gNB doesn't look at the NAS payload β it just forwards it to the AMF inside an NGAP Initial UE Message on SCTP/38412 (wrapped in IPsec ESP). The Request carries the **SUCI** (public-key-encrypted SUPI), requested NSSAI, and UE security capabilities.",
fromActor: 'gnb',
toActor: 'core',
duration: 1400,
@@ -112,7 +114,7 @@ export const cellularRegistration: SimulationConfig = {
id: 'aka',
label: '5G-AKA Authentication',
description:
- 'AMF asks AUSF β AUSF asks UDM β UDM\'s SIDF decrypts SUCI to SUPI, generates an authentication vector. RAND/AUTN traverse all the way down to the UE. The USIM checks AUTN.MAC against f1(K, SQN, RAND), computes RES* via KDF(CK β IK). AUSF compares RES* to HRES*. Mutual authentication.',
+ "AMF asks AUSF β AUSF asks UDM β UDM's SIDF decrypts SUCI to SUPI, generates an authentication vector. RAND/AUTN traverse all the way down to the UE. The USIM checks AUTN.MAC against f1(K, SQN, RAND), computes RES* via KDF(CK β IK). AUSF compares RES* to HRES*. Mutual authentication.",
fromActor: 'core',
toActor: 'ue',
duration: 1500,
@@ -136,7 +138,7 @@ export const cellularRegistration: SimulationConfig = {
id: 'security-mode',
label: 'NAS Security Mode Command',
description:
- "AMF picks ciphering (128-NEA2 = AES-CTR) and integrity (128-NIA2 = AES-CMAC). Sends Security Mode Command integrity-protected with the freshly-derived K_NASint. UE responds with Security Mode Complete ciphered+integrity-protected. From this point every NAS message is wrapped in `(Security Header, MAC, sequence)`.",
+ 'AMF picks ciphering (128-NEA2 = AES-CTR) and integrity (128-NIA2 = AES-CMAC). Sends Security Mode Command integrity-protected with the freshly-derived K_NASint. UE responds with Security Mode Complete ciphered+integrity-protected. From this point every NAS message is wrapped in `(Security Header, MAC, sequence)`.',
fromActor: 'core',
toActor: 'ue',
duration: 1300,
@@ -208,7 +210,7 @@ export const cellularRegistration: SimulationConfig = {
id: 'pdu-session-accept',
label: 'PDU Session Establishment Accept',
description:
- "SMF allocated the UE\'s [[ipv6|IPv6]] prefix from the pool, programmed PDR/FAR/QER/URR on the UPF, set up the N3 GTP-U tunnel TEID, and returned the allocated address + DNS servers back to the UE through the AMF. The gNB issues an RRCReconfiguration to map the QoS flow β DRB. The DRB is now up.",
+ "SMF allocated the UE's [[ipv6|IPv6]] prefix from the pool, programmed PDR/FAR/QER/URR on the UPF, set up the N3 GTP-U tunnel TEID, and returned the allocated address + DNS servers back to the UE through the AMF. The gNB issues an RRCReconfiguration to map the QoS flow β DRB. The DRB is now up.",
fromActor: 'core',
toActor: 'ue',
duration: 1300,
@@ -232,7 +234,7 @@ export const cellularRegistration: SimulationConfig = {
id: 'user-plane',
label: 'First user-plane packet (GTP-U on N3)',
description:
- "The N3 tunnel is up. First user-plane packet flows. UE sends an HTTPS request to 2606:4700:4700::1111 (Cloudflare DNS). The packet travels: UE β gNB (radio) β gNB wraps in GTP-U + IPsec ESP β N3 to UPF β UPF unwraps β public internet. The encapsulation is *the* lesson of cellular protocol design.",
+ 'The N3 tunnel is up. First user-plane packet flows. UE sends an HTTPS request to 2606:4700:4700::1111 (Cloudflare DNS). The packet travels: UE β gNB (radio) β gNB wraps in GTP-U + IPsec ESP β N3 to UPF β UPF unwraps β public internet. The encapsulation is *the* lesson of cellular protocol design.',
fromActor: 'gnb',
toActor: 'core',
duration: 1500,
diff --git a/src/lib/simulator/simulations/coap-request.ts b/src/lib/simulator/simulations/coap-request.ts
index 038e7c9..8adf22f 100644
--- a/src/lib/simulator/simulations/coap-request.ts
+++ b/src/lib/simulator/simulations/coap-request.ts
@@ -100,7 +100,7 @@ export const coapRequest: SimulationConfig = {
id: 'ack-changed',
label: 'ACK 2.04 Changed',
description:
- 'The server confirms the resource was updated successfully. Code 2.04 Changed is the CoAP equivalent of HTTP 204 No Content. The empty payload is typical for update confirmations β the client already knows what it sent. CoAP\'s simplicity makes it ideal for battery-powered sensors.',
+ "The server confirms the resource was updated successfully. Code 2.04 Changed is the CoAP equivalent of HTTP 204 No Content. The empty payload is typical for update confirmations β the client already knows what it sent. CoAP's simplicity makes it ideal for battery-powered sensors.",
fromActor: 'server',
toActor: 'sensor',
duration: 600,
diff --git a/src/lib/simulator/simulations/dash-streaming.ts b/src/lib/simulator/simulations/dash-streaming.ts
index c3c05d6..80267fc 100644
--- a/src/lib/simulator/simulations/dash-streaming.ts
+++ b/src/lib/simulator/simulations/dash-streaming.ts
@@ -11,8 +11,20 @@ function dashRequestLayer(path: string): ProtocolLayer {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Method', bits: 0, value: 'GET', editable: false, description: 'DASH uses standard HTTP GET β fully CDN-compatible' },
- { name: 'Path', bits: 0, value: path, editable: false, description: 'Resource path β MPD manifest or media segment' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: 'GET',
+ editable: false,
+ description: 'DASH uses standard HTTP GET β fully CDN-compatible'
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: path,
+ editable: false,
+ description: 'Resource path β MPD manifest or media segment'
+ }
]
};
}
@@ -24,8 +36,20 @@ function dashPayloadLayer(contentType: string, content: string): ProtocolLayer {
osiLayer: 7,
color: '#F472B6',
headerFields: [
- { name: 'Content-Type', bits: 0, value: contentType, editable: false, description: 'MIME type β application/dash+xml for MPD, video/mp4 for segments' },
- { name: 'Content', bits: 0, value: content, editable: false, description: 'MPD manifest or CMAF/fMP4 segment data' }
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: contentType,
+ editable: false,
+ description: 'MIME type β application/dash+xml for MPD, video/mp4 for segments'
+ },
+ {
+ name: 'Content',
+ bits: 0,
+ value: content,
+ editable: false,
+ description: 'MPD manifest or CMAF/fMP4 segment data'
+ }
]
};
}
@@ -45,7 +69,7 @@ export const dashStreaming: SimulationConfig = {
id: 'mpd',
label: 'GET MPD',
description:
- 'The player fetches the Media Presentation Description (MPD), an XML document that describes the entire stream structure. It lists Periods (timeline), Adaptation Sets (media types), and Representations (quality levels). The MPD is DASH\'s equivalent of HLS\'s master playlist.',
+ "The player fetches the Media Presentation Description (MPD), an XML document that describes the entire stream structure. It lists Periods (timeline), Adaptation Sets (media types), and Representations (quality levels). The MPD is DASH's equivalent of HLS's master playlist.",
fromActor: 'player',
toActor: 'cdn',
duration: 800,
@@ -54,9 +78,15 @@ export const dashStreaming: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 53400, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
dashRequestLayer('/content/manifest.mpd'),
- dashPayloadLayer('application/dash+xml', ' Period β AdaptationSet(video) β Rep 1080p@5Mbps, 720p@2.5Mbps, 480p@1Mbps')
+ dashPayloadLayer(
+ 'application/dash+xml',
+ ' Period β AdaptationSet(video) β Rep 1080p@5Mbps, 720p@2.5Mbps, 480p@1Mbps'
+ )
]
},
{
@@ -72,7 +102,10 @@ export const dashStreaming: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 53400, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
dashPayloadLayer('video/mp4', 'fMP4 init β moov box, H.264 codec config, 1080p, 24fps')
]
},
@@ -89,7 +122,10 @@ export const dashStreaming: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 53400, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
dashRequestLayer('/content/video/1080p/seg-1.m4s'),
dashPayloadLayer('video/mp4', 'fMP4 segment β 4.0s, 1080p, H.264, 2.5 MB')
]
@@ -107,7 +143,10 @@ export const dashStreaming: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 53400, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
dashRequestLayer('/content/video/720p/seg-2.m4s'),
dashPayloadLayer('video/mp4', 'fMP4 segment β 4.0s, 720p, H.264, 1.2 MB (ABR switch)')
]
diff --git a/src/lib/simulator/simulations/dhcp-dora.ts b/src/lib/simulator/simulations/dhcp-dora.ts
index 80ff7f2..60a447d 100644
--- a/src/lib/simulator/simulations/dhcp-dora.ts
+++ b/src/lib/simulator/simulations/dhcp-dora.ts
@@ -65,7 +65,7 @@ export const dhcpDora: SimulationConfig = {
id: 'request',
label: 'REQUEST',
description:
- 'The device broadcasts its acceptance of a specific server\'s offer. This broadcast ensures that all DHCP servers on the network know which offer was chosen, so declined servers can return their proposed addresses to their pools.',
+ "The device broadcasts its acceptance of a specific server's offer. This broadcast ensures that all DHCP servers on the network know which offer was chosen, so declined servers can return their proposed addresses to their pools.",
fromActor: 'client',
toActor: 'server',
duration: 1000,
diff --git a/src/lib/simulator/simulations/dns-resolution.ts b/src/lib/simulator/simulations/dns-resolution.ts
index 1fb508e..9b6c034 100644
--- a/src/lib/simulator/simulations/dns-resolution.ts
+++ b/src/lib/simulator/simulations/dns-resolution.ts
@@ -14,13 +14,43 @@ function dnsQueryLayers(srcIp: string, dstIp: string) {
osiLayer: 7,
color: '#2DD4BF',
headerFields: [
- { name: 'ID', bits: 16, value: '0xA1B2', editable: false, description: 'Transaction ID β matches queries to responses' },
+ {
+ name: 'ID',
+ bits: 16,
+ value: '0xA1B2',
+ editable: false,
+ description: 'Transaction ID β matches queries to responses'
+ },
{ name: 'QR', bits: 1, value: 0, editable: false, description: '0 = Query, 1 = Response' },
{ name: 'Opcode', bits: 4, value: 0, editable: false, description: '0 = Standard query' },
- { name: 'RD', bits: 1, value: 1, editable: false, description: 'Recursion Desired β ask the resolver to recurse on our behalf' },
- { name: 'QDCount', bits: 16, value: 1, editable: false, description: 'Number of questions β we are asking about one domain' },
- { name: 'QNAME', bits: 0, value: 'example.com', editable: false, description: 'The domain name we want to resolve' },
- { name: 'QTYPE', bits: 16, value: 'A', editable: false, description: 'Query type A β requesting an IPv4 address' }
+ {
+ name: 'RD',
+ bits: 1,
+ value: 1,
+ editable: false,
+ description: 'Recursion Desired β ask the resolver to recurse on our behalf'
+ },
+ {
+ name: 'QDCount',
+ bits: 16,
+ value: 1,
+ editable: false,
+ description: 'Number of questions β we are asking about one domain'
+ },
+ {
+ name: 'QNAME',
+ bits: 0,
+ value: 'example.com',
+ editable: false,
+ description: 'The domain name we want to resolve'
+ },
+ {
+ name: 'QTYPE',
+ bits: 16,
+ value: 'A',
+ editable: false,
+ description: 'Query type A β requesting an IPv4 address'
+ }
]
}
];
@@ -37,14 +67,57 @@ function dnsResponseLayers(srcIp: string, dstIp: string, answer: string) {
osiLayer: 7,
color: '#2DD4BF',
headerFields: [
- { name: 'ID', bits: 16, value: '0xA1B2', editable: false, description: 'Same transaction ID β matches our query' },
+ {
+ name: 'ID',
+ bits: 16,
+ value: '0xA1B2',
+ editable: false,
+ description: 'Same transaction ID β matches our query'
+ },
{ name: 'QR', bits: 1, value: 1, editable: false, description: '1 = Response' },
- { name: 'AA', bits: 1, value: 1, editable: false, description: 'Authoritative Answer β this server owns the domain' },
- { name: 'ANCount', bits: 16, value: 1, editable: false, description: 'Number of answer records' },
- { name: 'NAME', bits: 0, value: 'example.com', editable: false, description: 'The domain name we asked about' },
- { name: 'TYPE', bits: 16, value: 'A', editable: false, description: 'Answer type β A record (IPv4 address)' },
- { name: 'TTL', bits: 32, value: 3600, editable: false, description: 'Time to live β cache this answer for 3600 seconds (1 hour)' },
- { name: 'RDATA', bits: 32, value: answer, editable: false, description: 'The resolved IPv4 address', color: '#2DD4BF' }
+ {
+ name: 'AA',
+ bits: 1,
+ value: 1,
+ editable: false,
+ description: 'Authoritative Answer β this server owns the domain'
+ },
+ {
+ name: 'ANCount',
+ bits: 16,
+ value: 1,
+ editable: false,
+ description: 'Number of answer records'
+ },
+ {
+ name: 'NAME',
+ bits: 0,
+ value: 'example.com',
+ editable: false,
+ description: 'The domain name we asked about'
+ },
+ {
+ name: 'TYPE',
+ bits: 16,
+ value: 'A',
+ editable: false,
+ description: 'Answer type β A record (IPv4 address)'
+ },
+ {
+ name: 'TTL',
+ bits: 32,
+ value: 3600,
+ editable: false,
+ description: 'Time to live β cache this answer for 3600 seconds (1 hour)'
+ },
+ {
+ name: 'RDATA',
+ bits: 32,
+ value: answer,
+ editable: false,
+ description: 'The resolved IPv4 address',
+ color: '#2DD4BF'
+ }
]
}
];
@@ -97,7 +170,7 @@ export const dnsResolution: SimulationConfig = {
id: 'root-referral',
label: 'Root Referral',
description:
- 'The root nameserver doesn\'t know example.com, but it knows who handles all .com domains. It responds with a referral to the .com TLD nameserver.',
+ "The root nameserver doesn't know example.com, but it knows who handles all .com domains. It responds with a referral to the .com TLD nameserver.",
fromActor: 'nameserver',
toActor: 'resolver',
duration: 1000,
diff --git a/src/lib/simulator/simulations/ethernet-frame.ts b/src/lib/simulator/simulations/ethernet-frame.ts
index 5210862..55223f4 100644
--- a/src/lib/simulator/simulations/ethernet-frame.ts
+++ b/src/lib/simulator/simulations/ethernet-frame.ts
@@ -67,7 +67,7 @@ export const ethernetFrame: SimulationConfig = {
id: 'arp-reply',
label: 'ARP Reply (unicast)',
description:
- 'Host B recognizes its own IP (192.168.1.50) in the ARP Request and sends a unicast ARP Reply directly to Host A\'s MAC. The reply contains Host B\'s MAC address AA:BB:CC:DD:EE:FF, which is the information Host A was looking for. This is unicast β only the requesting host receives it.',
+ "Host B recognizes its own IP (192.168.1.50) in the ARP Request and sends a unicast ARP Reply directly to Host A's MAC. The reply contains Host B's MAC address AA:BB:CC:DD:EE:FF, which is the information Host A was looking for. This is unicast β only the requesting host receives it.",
fromActor: 'host-b',
toActor: 'host-a',
duration: 800,
@@ -91,7 +91,7 @@ export const ethernetFrame: SimulationConfig = {
id: 'data-frame',
label: 'Data Frame (Host A β Switch)',
description:
- 'Now that Host A knows Host B\'s MAC, it constructs a proper Ethernet frame with the correct destination MAC AA:BB:CC:DD:EE:FF. The EtherType reverts to 0x0800 (IPv4) since this is a regular data packet. The IP payload is encapsulated inside the Ethernet frame β this is Layer 2 encapsulation of a Layer 3 packet.',
+ "Now that Host A knows Host B's MAC, it constructs a proper Ethernet frame with the correct destination MAC AA:BB:CC:DD:EE:FF. The EtherType reverts to 0x0800 (IPv4) since this is a regular data packet. The IP payload is encapsulated inside the Ethernet frame β this is Layer 2 encapsulation of a Layer 3 packet.",
fromActor: 'host-a',
toActor: 'switch',
duration: 600,
@@ -111,7 +111,7 @@ export const ethernetFrame: SimulationConfig = {
id: 'switch-forward',
label: 'Switch Forwards to Host B',
description:
- 'The switch looks up destination MAC AA:BB:CC:DD:EE:FF in its forwarding table and finds a match β it learned this MAC when Host B sent the ARP Reply. Instead of flooding, the switch forwards the frame only to Host B\'s port. This is the efficiency of a switch over a hub: unicast traffic stays on the relevant port.',
+ "The switch looks up destination MAC AA:BB:CC:DD:EE:FF in its forwarding table and finds a match β it learned this MAC when Host B sent the ARP Reply. Instead of flooding, the switch forwards the frame only to Host B's port. This is the efficiency of a switch over a hub: unicast traffic stays on the relevant port.",
fromActor: 'switch',
toActor: 'host-b',
duration: 600,
@@ -131,7 +131,7 @@ export const ethernetFrame: SimulationConfig = {
id: 'response-frame',
label: 'Response Frame (Host B β Switch)',
description:
- 'Host B processes the received data and sends a response back. The Ethernet frame has swapped source and destination MACs β Host B\'s MAC is now the source, Host A\'s MAC is the destination. The switch already has both MACs in its forwarding table, so this frame will be switched efficiently.',
+ "Host B processes the received data and sends a response back. The Ethernet frame has swapped source and destination MACs β Host B's MAC is now the source, Host A's MAC is the destination. The switch already has both MACs in its forwarding table, so this frame will be switched efficiently.",
fromActor: 'host-b',
toActor: 'switch',
duration: 600,
@@ -151,7 +151,7 @@ export const ethernetFrame: SimulationConfig = {
id: 'response-forward',
label: 'Switch Forwards to Host A',
description:
- 'The switch forwards the response directly to Host A\'s port using its learned MAC table entry. Both directions are now fully learned β no more flooding is needed for traffic between these two hosts. The forwarding table entries will age out after a timeout (typically 300 seconds) if no traffic is seen.',
+ "The switch forwards the response directly to Host A's port using its learned MAC table entry. Both directions are now fully learned β no more flooding is needed for traffic between these two hosts. The forwarding table entries will age out after a timeout (typically 300 seconds) if no traffic is seen.",
fromActor: 'switch',
toActor: 'host-a',
duration: 600,
diff --git a/src/lib/simulator/simulations/ftp-transfer.ts b/src/lib/simulator/simulations/ftp-transfer.ts
index 503cb5c..ba05381 100644
--- a/src/lib/simulator/simulations/ftp-transfer.ts
+++ b/src/lib/simulator/simulations/ftp-transfer.ts
@@ -94,7 +94,7 @@ export const ftpTransfer: SimulationConfig = {
id: 'pass',
label: 'PASS',
description:
- 'The client sends the password. On success, the server responds with 230 (User logged in). FTP\'s plain-text credentials are a well-known security weakness, which is why modern file transfer uses SFTP or FTPS with TLS encryption.',
+ "The client sends the password. On success, the server responds with 230 (User logged in). FTP's plain-text credentials are a well-known security weakness, which is why modern file transfer uses SFTP or FTPS with TLS encryption.",
fromActor: 'client',
toActor: 'server',
duration: 800,
diff --git a/src/lib/simulator/simulations/graphql-operation.ts b/src/lib/simulator/simulations/graphql-operation.ts
index 59f6ec2..a8081c6 100644
--- a/src/lib/simulator/simulations/graphql-operation.ts
+++ b/src/lib/simulator/simulations/graphql-operation.ts
@@ -4,32 +4,100 @@ import { createIPv4Layer } from '../layers/ipv4';
import { createEthernetLayer } from '../layers/ethernet';
import { createTLSRecordLayer } from '../layers/tls';
-function gqlRequestLayer(operation: string, name: string, variables: string, selectionSet: string): ProtocolLayer {
+function gqlRequestLayer(): ProtocolLayer {
return {
name: 'HTTP Request',
abbreviation: 'HTTP',
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Method', bits: 0, value: 'POST', editable: false, description: 'GraphQL always uses POST β the query is in the request body, not the URL' },
- { name: 'Path', bits: 0, value: '/graphql', editable: false, description: 'Single endpoint β unlike REST, all operations go to the same URL' },
- { name: 'Content-Type', bits: 0, value: 'application/json', editable: false, description: 'GraphQL request bodies are JSON-encoded' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: 'POST',
+ editable: false,
+ description: 'GraphQL always uses POST β the query is in the request body, not the URL'
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: '/graphql',
+ editable: false,
+ description: 'Single endpoint β unlike REST, all operations go to the same URL'
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'GraphQL request bodies are JSON-encoded'
+ }
]
};
}
-function gqlLayer(operation: string, name: string, variables: string, selectionSet: string, responseData: string): ProtocolLayer {
+function gqlLayer(
+ operation: string,
+ name: string,
+ variables: string,
+ selectionSet: string,
+ responseData: string
+): ProtocolLayer {
return {
name: 'GraphQL Operation',
abbreviation: 'GQL',
osiLayer: 7,
color: '#E535AB',
headerFields: [
- { name: 'Operation', bits: 0, value: operation, editable: false, description: 'GraphQL operation type β query (read), mutation (write), or subscription (stream)' },
- { name: 'Name', bits: 0, value: name, editable: false, description: 'Operation name β used for debugging and server-side logging' },
- ...(variables ? [{ name: 'Variables', bits: 0, value: variables, editable: false, description: 'Variables passed to the operation β typed inputs that parameterize the query' }] : []),
- ...(selectionSet ? [{ name: 'Selection Set', bits: 0, value: selectionSet, editable: false, description: 'The fields requested β determines the exact shape of the response' }] : []),
- ...(responseData ? [{ name: 'Response Data', bits: 0, value: responseData, editable: false, description: 'JSON response body β mirrors the selection set structure exactly' }] : [])
+ {
+ name: 'Operation',
+ bits: 0,
+ value: operation,
+ editable: false,
+ description:
+ 'GraphQL operation type β query (read), mutation (write), or subscription (stream)'
+ },
+ {
+ name: 'Name',
+ bits: 0,
+ value: name,
+ editable: false,
+ description: 'Operation name β used for debugging and server-side logging'
+ },
+ ...(variables
+ ? [
+ {
+ name: 'Variables',
+ bits: 0,
+ value: variables,
+ editable: false,
+ description:
+ 'Variables passed to the operation β typed inputs that parameterize the query'
+ }
+ ]
+ : []),
+ ...(selectionSet
+ ? [
+ {
+ name: 'Selection Set',
+ bits: 0,
+ value: selectionSet,
+ editable: false,
+ description: 'The fields requested β determines the exact shape of the response'
+ }
+ ]
+ : []),
+ ...(responseData
+ ? [
+ {
+ name: 'Response Data',
+ bits: 0,
+ value: responseData,
+ editable: false,
+ description: 'JSON response body β mirrors the selection set structure exactly'
+ }
+ ]
+ : [])
]
};
}
@@ -41,8 +109,22 @@ function gqlResponseLayer(status: string): ProtocolLayer {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Status', bits: 0, value: status, editable: false, description: 'GraphQL always returns 200 β errors are in the response body, not HTTP status codes', color: '#22c55e' },
- { name: 'Content-Type', bits: 0, value: 'application/json', editable: false, description: 'Response body is JSON with data and/or errors fields' }
+ {
+ name: 'Status',
+ bits: 0,
+ value: status,
+ editable: false,
+ description:
+ 'GraphQL always returns 200 β errors are in the response body, not HTTP status codes',
+ color: '#22c55e'
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'Response body is JSON with data and/or errors fields'
+ }
]
};
}
@@ -80,9 +162,18 @@ export const graphqlOperation: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 52400, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
- gqlRequestLayer('query', 'GetUser', '{ "id": "42" }', '{ user { name email } }'),
- gqlLayer('query', 'GetUser', '{ "id": "42" }', '{ user(id: $id) { name email posts { title } } }', '')
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
+ gqlRequestLayer(),
+ gqlLayer(
+ 'query',
+ 'GetUser',
+ '{ "id": "42" }',
+ '{ user(id: $id) { name email posts { title } } }',
+ ''
+ )
]
},
{
@@ -98,9 +189,18 @@ export const graphqlOperation: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 52400, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
gqlResponseLayer('200 OK'),
- gqlLayer('query', 'GetUser', '', '', '{ user: { name: "Alice", email: "alice@...", posts: [{ title: "Getting Started" }] } }')
+ gqlLayer(
+ 'query',
+ 'GetUser',
+ '',
+ '',
+ '{ user: { name: "Alice", email: "alice@...", posts: [{ title: "Getting Started" }] } }'
+ )
]
},
{
@@ -116,9 +216,18 @@ export const graphqlOperation: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 52400, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
- gqlRequestLayer('mutation', 'CreatePost', '{ "title": "New Post" }', '{ createPost { id title } }'),
- gqlLayer('mutation', 'CreatePost', '{ "title": "New Post", "authorId": "42" }', '{ createPost(input: $input) { id title author { name } } }', '')
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
+ gqlRequestLayer(),
+ gqlLayer(
+ 'mutation',
+ 'CreatePost',
+ '{ "title": "New Post", "authorId": "42" }',
+ '{ createPost(input: $input) { id title author { name } } }',
+ ''
+ )
]
},
{
@@ -134,9 +243,18 @@ export const graphqlOperation: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 52400, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
gqlResponseLayer('200 OK'),
- gqlLayer('mutation', 'CreatePost', '', '', '{ createPost: { id: "99", title: "New Post", author: { name: "Alice" } } }')
+ gqlLayer(
+ 'mutation',
+ 'CreatePost',
+ '',
+ '',
+ '{ createPost: { id: "99", title: "New Post", author: { name: "Alice" } } }'
+ )
]
}
]
diff --git a/src/lib/simulator/simulations/hls-streaming.ts b/src/lib/simulator/simulations/hls-streaming.ts
index b73b511..693d58a 100644
--- a/src/lib/simulator/simulations/hls-streaming.ts
+++ b/src/lib/simulator/simulations/hls-streaming.ts
@@ -11,9 +11,27 @@ function hlsRequestLayer(path: string, accept: string): ProtocolLayer {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Method', bits: 0, value: 'GET', editable: false, description: 'HLS uses standard HTTP GET β works through any CDN and proxy' },
- { name: 'Path', bits: 0, value: path, editable: false, description: 'Resource path β playlist manifest or media segment' },
- { name: 'Accept', bits: 0, value: accept, editable: false, description: 'Expected content type for the response' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: 'GET',
+ editable: false,
+ description: 'HLS uses standard HTTP GET β works through any CDN and proxy'
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: path,
+ editable: false,
+ description: 'Resource path β playlist manifest or media segment'
+ },
+ {
+ name: 'Accept',
+ bits: 0,
+ value: accept,
+ editable: false,
+ description: 'Expected content type for the response'
+ }
]
};
}
@@ -25,8 +43,21 @@ function hlsResponseLayer(contentType: string, body: string): ProtocolLayer {
osiLayer: 7,
color: '#3B82F6',
headerFields: [
- { name: 'Content-Type', bits: 0, value: contentType, editable: false, description: 'MIME type β application/vnd.apple.mpegurl for playlists, video/MP2T for segments' },
- { name: 'Content', bits: 0, value: body, editable: false, description: 'Playlist directives or media segment data' }
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: contentType,
+ editable: false,
+ description:
+ 'MIME type β application/vnd.apple.mpegurl for playlists, video/MP2T for segments'
+ },
+ {
+ name: 'Content',
+ bits: 0,
+ value: body,
+ editable: false,
+ description: 'Playlist directives or media segment data'
+ }
]
};
}
@@ -55,7 +86,10 @@ export const hlsStreaming: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 53100, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
hlsRequestLayer('/live/stream.m3u8', 'application/vnd.apple.mpegurl')
]
},
@@ -72,8 +106,14 @@ export const hlsStreaming: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 53100, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
- hlsResponseLayer('application/vnd.apple.mpegurl', '#EXTM3U, #EXT-X-TARGETDURATION:6, #EXTINF:6.0, seg001.ts, seg002.ts, seg003.ts')
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
+ hlsResponseLayer(
+ 'application/vnd.apple.mpegurl',
+ '#EXTM3U, #EXT-X-TARGETDURATION:6, #EXTINF:6.0, seg001.ts, seg002.ts, seg003.ts'
+ )
]
},
{
@@ -89,7 +129,10 @@ export const hlsStreaming: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 53100, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
hlsRequestLayer('/live/720p/seg001.ts', 'video/MP2T'),
hlsResponseLayer('video/MP2T', 'MPEG-TS segment β 6.0s, 720p, H.264+AAC, 1.2 MB')
]
@@ -107,7 +150,10 @@ export const hlsStreaming: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 53100, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
hlsRequestLayer('/live/720p/seg002.ts', 'video/MP2T'),
hlsResponseLayer('video/MP2T', 'MPEG-TS segment β 6.0s, 720p, H.264+AAC, 1.1 MB')
]
diff --git a/src/lib/simulator/simulations/http-request.ts b/src/lib/simulator/simulations/http-request.ts
index f17861b..4c4ff43 100644
--- a/src/lib/simulator/simulations/http-request.ts
+++ b/src/lib/simulator/simulations/http-request.ts
@@ -48,8 +48,7 @@ export const httpRequest: SimulationConfig = {
{
id: 'tcp-synack',
label: 'TCP SYN-ACK',
- description:
- 'Server responds with SYN-ACK, agreeing to establish the connection.',
+ description: 'Server responds with SYN-ACK, agreeing to establish the connection.',
fromActor: 'server',
toActor: 'browser',
duration: 800,
@@ -95,12 +94,48 @@ export const httpRequest: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Method', bits: 0, value: 'GET', editable: false, description: 'HTTP method β what action to perform' },
- { name: 'Path', bits: 0, value: '/index.html', editable: false, description: 'Resource path on the server' },
- { name: 'Version', bits: 0, value: 'HTTP/1.1', editable: false, description: 'Protocol version' },
- { name: 'Host', bits: 0, value: 'example.com', editable: false, description: 'Host header β which server to contact' },
- { name: 'Accept', bits: 0, value: 'text/html', editable: false, description: 'What content types the browser accepts' },
- { name: 'Connection', bits: 0, value: 'keep-alive', editable: false, description: 'Keep the TCP connection open for more requests' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: 'GET',
+ editable: false,
+ description: 'HTTP method β what action to perform'
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: '/index.html',
+ editable: false,
+ description: 'Resource path on the server'
+ },
+ {
+ name: 'Version',
+ bits: 0,
+ value: 'HTTP/1.1',
+ editable: false,
+ description: 'Protocol version'
+ },
+ {
+ name: 'Host',
+ bits: 0,
+ value: 'example.com',
+ editable: false,
+ description: 'Host header β which server to contact'
+ },
+ {
+ name: 'Accept',
+ bits: 0,
+ value: 'text/html',
+ editable: false,
+ description: 'What content types the browser accepts'
+ },
+ {
+ name: 'Connection',
+ bits: 0,
+ value: 'keep-alive',
+ editable: false,
+ description: 'Keep the TCP connection open for more requests'
+ }
]
}
]
@@ -116,7 +151,12 @@ export const httpRequest: SimulationConfig = {
highlight: ['Status', 'Content-Type'],
layers: [
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
- createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6, totalLength: 1420 }),
+ createIPv4Layer({
+ srcIp: '93.184.216.34',
+ dstIp: '192.168.1.100',
+ protocol: 6,
+ totalLength: 1420
+ }),
createTCPLayer({ srcPort: 80, dstPort: 52000, seq: 301, ack: 321, flags: 'PSH,ACK' }),
{
name: 'HTTP Response',
@@ -124,11 +164,42 @@ export const httpRequest: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: 'HTTP/1.1', editable: false, description: 'Protocol version' },
- { name: 'Status', bits: 0, value: '200 OK', editable: false, description: 'Success β the resource was found and returned', color: '#22c55e' },
- { name: 'Content-Type', bits: 0, value: 'text/html', editable: false, description: 'MIME type of the response body' },
- { name: 'Content-Length', bits: 0, value: '1256', editable: false, description: 'Size of the response body in bytes' },
- { name: 'Body', bits: 0, value: '...', editable: false, description: 'The HTML content of the page' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: 'HTTP/1.1',
+ editable: false,
+ description: 'Protocol version'
+ },
+ {
+ name: 'Status',
+ bits: 0,
+ value: '200 OK',
+ editable: false,
+ description: 'Success β the resource was found and returned',
+ color: '#22c55e'
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'text/html',
+ editable: false,
+ description: 'MIME type of the response body'
+ },
+ {
+ name: 'Content-Length',
+ bits: 0,
+ value: '1256',
+ editable: false,
+ description: 'Size of the response body in bytes'
+ },
+ {
+ name: 'Body',
+ bits: 0,
+ value: '...',
+ editable: false,
+ description: 'The HTML content of the page'
+ }
]
}
]
diff --git a/src/lib/simulator/simulations/imap-session.ts b/src/lib/simulator/simulations/imap-session.ts
index 279029a..2e74557 100644
--- a/src/lib/simulator/simulations/imap-session.ts
+++ b/src/lib/simulator/simulations/imap-session.ts
@@ -116,7 +116,7 @@ export const imapSession: SimulationConfig = {
id: 'select-response',
label: 'A002 OK',
description:
- 'The server returns the complete mailbox state: 47 messages exist, 2 are recent (new since last check), and the available flags for messages. The UIDVALIDITY value ensures the client\'s cached UIDs are still valid β if it changes, the client must re-sync everything.',
+ "The server returns the complete mailbox state: 47 messages exist, 2 are recent (new since last check), and the available flags for messages. The UIDVALIDITY value ensures the client's cached UIDs are still valid β if it changes, the client must re-sync everything.",
fromActor: 'server',
toActor: 'client',
duration: 1000,
@@ -138,7 +138,7 @@ export const imapSession: SimulationConfig = {
id: 'fetch',
label: 'A003 FETCH',
description:
- 'The client requests the newest message\'s envelope (sender, subject, date) and body text. IMAP can fetch specific parts of messages β just headers, just the text body, or individual MIME attachments β without downloading the entire message. This is one of IMAP\'s key advantages over POP3.',
+ "The client requests the newest message's envelope (sender, subject, date) and body text. IMAP can fetch specific parts of messages β just headers, just the text body, or individual MIME attachments β without downloading the entire message. This is one of IMAP's key advantages over POP3.",
fromActor: 'client',
toActor: 'server',
duration: 800,
diff --git a/src/lib/simulator/simulations/ip-routing.ts b/src/lib/simulator/simulations/ip-routing.ts
index 89a437d..fee3c1c 100644
--- a/src/lib/simulator/simulations/ip-routing.ts
+++ b/src/lib/simulator/simulations/ip-routing.ts
@@ -18,7 +18,7 @@ export const ipRouting: SimulationConfig = {
id: 'construct',
label: 'Construct IP Packet',
description:
- 'The source host constructs an IP packet with TTL=64 (the standard initial value on Linux). The destination IP 93.184.216.34 is not on the local 192.168.1.0/24 subnet, so the host knows it must send the packet to its default gateway. The Ethernet destination MAC is set to the router\'s MAC β not the final destination\'s MAC.',
+ "The source host constructs an IP packet with TTL=64 (the standard initial value on Linux). The destination IP 93.184.216.34 is not on the local 192.168.1.0/24 subnet, so the host knows it must send the packet to its default gateway. The Ethernet destination MAC is set to the router's MAC β not the final destination's MAC.",
fromActor: 'source',
toActor: 'source',
duration: 800,
@@ -40,7 +40,7 @@ export const ipRouting: SimulationConfig = {
id: 'send-to-gateway',
label: 'Send to Default Gateway',
description:
- 'The packet is placed on the wire toward the default gateway (the router). The Ethernet frame is addressed to the router\'s MAC CC:DD:EE:FF:00:11, but the IP destination remains 93.184.216.34. This is the key insight: Layer 2 addressing is hop-by-hop, while Layer 3 addressing is end-to-end.',
+ "The packet is placed on the wire toward the default gateway (the router). The Ethernet frame is addressed to the router's MAC CC:DD:EE:FF:00:11, but the IP destination remains 93.184.216.34. This is the key insight: Layer 2 addressing is hop-by-hop, while Layer 3 addressing is end-to-end.",
fromActor: 'source',
toActor: 'router',
duration: 600,
@@ -84,7 +84,7 @@ export const ipRouting: SimulationConfig = {
id: 'router-forwards',
label: 'Router Forwards (new MACs)',
description:
- 'The router re-encapsulates the IP packet in a brand-new Ethernet frame for the next link. Notice: the source and destination IPs are completely unchanged, but the Ethernet MACs are entirely different β the router\'s outbound interface MAC is now the source, and the next hop\'s MAC is the destination. This MAC rewriting happens at every hop.',
+ "The router re-encapsulates the IP packet in a brand-new Ethernet frame for the next link. Notice: the source and destination IPs are completely unchanged, but the Ethernet MACs are entirely different β the router's outbound interface MAC is now the source, and the next hop's MAC is the destination. This MAC rewriting happens at every hop.",
fromActor: 'router',
toActor: 'dest',
duration: 600,
@@ -150,7 +150,7 @@ export const ipRouting: SimulationConfig = {
id: 'return-route',
label: 'Return Route (TTL 63)',
description:
- 'The router decrements TTL from 64 to 63 and re-encapsulates with new Ethernet MACs for the source\'s local network. The source\'s MAC is now the Ethernet destination, and the router\'s LAN-side MAC is the source. The IP addresses remain 93.184.216.34 β 192.168.1.100, unchanged across the entire return path.',
+ "The router decrements TTL from 64 to 63 and re-encapsulates with new Ethernet MACs for the source's local network. The source's MAC is now the Ethernet destination, and the router's LAN-side MAC is the source. The IP addresses remain 93.184.216.34 β 192.168.1.100, unchanged across the entire return path.",
fromActor: 'router',
toActor: 'source',
duration: 600,
diff --git a/src/lib/simulator/simulations/ipsec-tunnel.ts b/src/lib/simulator/simulations/ipsec-tunnel.ts
index f3f0024..2a8250d 100644
--- a/src/lib/simulator/simulations/ipsec-tunnel.ts
+++ b/src/lib/simulator/simulations/ipsec-tunnel.ts
@@ -86,7 +86,7 @@ export const ipsecTunnel: SimulationConfig = {
id: 'ike-intermediate',
label: 'IKE_INTERMEDIATE',
description:
- "RFC 9242. PQ public keys are too large for a single UDP-fragmentable IKE_SA_INIT. IKE_INTERMEDIATE runs *inside* the IKE SA (encrypted), before identity is revealed, and can carry chained KEMs per RFC 9370 β here adding FrodoKEM as a second-line PQ backup.",
+ 'RFC 9242. PQ public keys are too large for a single UDP-fragmentable IKE_SA_INIT. IKE_INTERMEDIATE runs *inside* the IKE SA (encrypted), before identity is revealed, and can carry chained KEMs per RFC 9370 β here adding FrodoKEM as a second-line PQ backup.',
fromActor: 'hq',
toActor: 'branch',
duration: 1300,
@@ -107,7 +107,7 @@ export const ipsecTunnel: SimulationConfig = {
id: 'ike-auth',
label: 'IKE_AUTH (req)',
description:
- "HQ proves identity (`IDi`) with its certificate and signs the IKE_SA_INIT messages (`AUTH`). The first **Child SA** β a one-direction ESP key β is negotiated in the same exchange via `SAi2`, `TSi`, `TSr`. After this round trip, ESP traffic can flow.",
+ 'HQ proves identity (`IDi`) with its certificate and signs the IKE_SA_INIT messages (`AUTH`). The first **Child SA** β a one-direction ESP key β is negotiated in the same exchange via `SAi2`, `TSi`, `TSr`. After this round trip, ESP traffic can flow.',
fromActor: 'hq',
toActor: 'branch',
duration: 1400,
@@ -128,7 +128,7 @@ export const ipsecTunnel: SimulationConfig = {
id: 'esp-traffic-1',
label: 'ESP (HQ β Branch)',
description:
- "Child SA up. An inner [[ip|IP]] packet (10.0.0.5 β 10.1.0.42, payload `GET /index.html`) is encrypted with AES-GCM-256 and wrapped in ESP with SPI=0xC0FFEE01. Outer header is the public-internet IP pair. Receiver looks up SA by SPI, validates the 128-bit auth tag, decrypts, and forwards the inner packet.",
+ 'Child SA up. An inner [[ip|IP]] packet (10.0.0.5 β 10.1.0.42, payload `GET /index.html`) is encrypted with AES-GCM-256 and wrapped in ESP with SPI=0xC0FFEE01. Outer header is the public-internet IP pair. Receiver looks up SA by SPI, validates the 128-bit auth tag, decrypts, and forwards the inner packet.',
fromActor: 'hq',
toActor: 'branch',
duration: 1400,
diff --git a/src/lib/simulator/simulations/ipv6-ndp.ts b/src/lib/simulator/simulations/ipv6-ndp.ts
index 81a222e..f63713c 100644
--- a/src/lib/simulator/simulations/ipv6-ndp.ts
+++ b/src/lib/simulator/simulations/ipv6-ndp.ts
@@ -6,7 +6,7 @@ export const ipv6Ndp: SimulationConfig = {
protocolId: 'ipv6',
title: 'IPv6 β Neighbor Discovery and Routing',
description:
- 'Watch an IPv6 packet traverse a network using Neighbor Discovery Protocol (NDP) instead of ARP. Unlike IPv4\'s broadcast-based ARP, NDP uses efficient solicited-node multicast to resolve addresses. Observe how the fixed 40-byte header simplifies router processing, and how Hop Limit (IPv6\'s TTL) decrements at each hop.',
+ "Watch an IPv6 packet traverse a network using Neighbor Discovery Protocol (NDP) instead of ARP. Unlike IPv4's broadcast-based ARP, NDP uses efficient solicited-node multicast to resolve addresses. Observe how the fixed 40-byte header simplifies router processing, and how Hop Limit (IPv6's TTL) decrements at each hop.",
tier: 'client',
actors: [
{ id: 'source', label: 'Source Host', icon: 'client', position: 'left' },
@@ -41,7 +41,7 @@ export const ipv6Ndp: SimulationConfig = {
id: 'ndp-solicitation',
label: 'Neighbor Solicitation (NDP)',
description:
- 'Before sending data, the source must resolve the router\'s IPv6 address to a MAC address. Instead of IPv4\'s ARP broadcast to FF:FF:FF:FF:FF:FF, IPv6 uses NDP Neighbor Solicitation (ICMPv6 Type 135) sent to the solicited-node multicast address ff02::1:ff00:1 β only the target and a handful of other nodes process this packet, not the entire network. This is dramatically more efficient than ARP broadcasts.',
+ "Before sending data, the source must resolve the router's IPv6 address to a MAC address. Instead of IPv4's ARP broadcast to FF:FF:FF:FF:FF:FF, IPv6 uses NDP Neighbor Solicitation (ICMPv6 Type 135) sent to the solicited-node multicast address ff02::1:ff00:1 β only the target and a handful of other nodes process this packet, not the entire network. This is dramatically more efficient than ARP broadcasts.",
fromActor: 'source',
toActor: 'router',
duration: 600,
@@ -64,7 +64,7 @@ export const ipv6Ndp: SimulationConfig = {
id: 'ndp-advertisement',
label: 'Neighbor Advertisement (reply)',
description:
- 'The router responds with a Neighbor Advertisement (ICMPv6 Type 136) containing its link-layer MAC address. The source now caches this mapping in its Neighbor Cache (IPv6\'s equivalent of the ARP cache). The Solicited flag is set, indicating this is a direct response. Unlike ARP\'s simple request/reply, NDP also supports Duplicate Address Detection (DAD) and Router Redirect.',
+ "The router responds with a Neighbor Advertisement (ICMPv6 Type 136) containing its link-layer MAC address. The source now caches this mapping in its Neighbor Cache (IPv6's equivalent of the ARP cache). The Solicited flag is set, indicating this is a direct response. Unlike ARP's simple request/reply, NDP also supports Duplicate Address Detection (DAD) and Router Redirect.",
fromActor: 'router',
toActor: 'source',
duration: 600,
@@ -110,7 +110,7 @@ export const ipv6Ndp: SimulationConfig = {
id: 'router-process',
label: 'Router Processes (Hop Limit 63)',
description:
- 'The router examines the IPv6 header. Unlike IPv4, there is no header checksum to recalculate β this was removed by design since upper layers (TCP, UDP) already have checksums. The router decrements Hop Limit from 64 to 63 (equivalent to IPv4\'s TTL). If Hop Limit reached 0, the router would send an ICMPv6 Time Exceeded message. It consults the routing table for 2001:db8:2::/64 and determines the outbound interface.',
+ "The router examines the IPv6 header. Unlike IPv4, there is no header checksum to recalculate β this was removed by design since upper layers (TCP, UDP) already have checksums. The router decrements Hop Limit from 64 to 63 (equivalent to IPv4's TTL). If Hop Limit reached 0, the router would send an ICMPv6 Time Exceeded message. It consults the routing table for 2001:db8:2::/64 and determines the outbound interface.",
fromActor: 'router',
toActor: 'router',
duration: 800,
@@ -133,7 +133,7 @@ export const ipv6Ndp: SimulationConfig = {
id: 'router-forward',
label: 'Forward with New MACs',
description:
- 'The router re-encapsulates the IPv6 packet in a new Ethernet frame for the destination\'s network segment. Just like IPv4 routing: the IPv6 addresses stay constant end-to-end, but the Ethernet MACs change at every hop. The router\'s outbound MAC becomes the new source, and the destination\'s MAC (resolved via NDP on that segment) becomes the new destination. No fragmentation by routers β IPv6 requires the source to use Path MTU Discovery.',
+ "The router re-encapsulates the IPv6 packet in a new Ethernet frame for the destination's network segment. Just like IPv4 routing: the IPv6 addresses stay constant end-to-end, but the Ethernet MACs change at every hop. The router's outbound MAC becomes the new source, and the destination's MAC (resolved via NDP on that segment) becomes the new destination. No fragmentation by routers β IPv6 requires the source to use Path MTU Discovery.",
fromActor: 'router',
toActor: 'dest',
duration: 600,
diff --git a/src/lib/simulator/simulations/json-rpc-call.ts b/src/lib/simulator/simulations/json-rpc-call.ts
index d6dddb2..29e9bea 100644
--- a/src/lib/simulator/simulations/json-rpc-call.ts
+++ b/src/lib/simulator/simulations/json-rpc-call.ts
@@ -10,10 +10,34 @@ function jsonRpcRequestLayer(method: string, params: string, id: string | number
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version β always "2.0"' },
- { name: 'Method', bits: 0, value: method, editable: false, description: 'Name of the method to invoke on the server' },
- { name: 'Params', bits: 0, value: params, editable: false, description: 'Method arguments β can be by-position (array) or by-name (object)' },
- { name: 'ID', bits: 0, value: String(id), editable: false, description: 'Request identifier β server echoes this back to correlate the response' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version β always "2.0"'
+ },
+ {
+ name: 'Method',
+ bits: 0,
+ value: method,
+ editable: false,
+ description: 'Name of the method to invoke on the server'
+ },
+ {
+ name: 'Params',
+ bits: 0,
+ value: params,
+ editable: false,
+ description: 'Method arguments β can be by-position (array) or by-name (object)'
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: String(id),
+ editable: false,
+ description: 'Request identifier β server echoes this back to correlate the response'
+ }
]
};
}
@@ -25,9 +49,28 @@ function jsonRpcResponseLayer(result: string, id: string | number, color: string
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version' },
- { name: 'Result', bits: 0, value: result, editable: false, description: 'Method return value β present on success, absent on error', color },
- { name: 'ID', bits: 0, value: String(id), editable: false, description: 'Matches the request ID β confirms which call this responds to' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version'
+ },
+ {
+ name: 'Result',
+ bits: 0,
+ value: result,
+ editable: false,
+ description: 'Method return value β present on success, absent on error',
+ color
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: String(id),
+ editable: false,
+ description: 'Matches the request ID β confirms which call this responds to'
+ }
]
};
}
@@ -39,10 +82,36 @@ function jsonRpcErrorLayer(code: number, message: string, id: string | number) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version' },
- { name: 'Error Code', bits: 0, value: String(code), editable: false, description: 'Standard error code β negative numbers are reserved by the spec', color: '#ef4444' },
- { name: 'Error Message', bits: 0, value: message, editable: false, description: 'Human-readable error description', color: '#ef4444' },
- { name: 'ID', bits: 0, value: String(id), editable: false, description: 'Matches the request ID β even errors are correlated' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version'
+ },
+ {
+ name: 'Error Code',
+ bits: 0,
+ value: String(code),
+ editable: false,
+ description: 'Standard error code β negative numbers are reserved by the spec',
+ color: '#ef4444'
+ },
+ {
+ name: 'Error Message',
+ bits: 0,
+ value: message,
+ editable: false,
+ description: 'Human-readable error description',
+ color: '#ef4444'
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: String(id),
+ editable: false,
+ description: 'Matches the request ID β even errors are correlated'
+ }
]
};
}
@@ -54,10 +123,36 @@ function jsonRpcNotificationLayer(method: string, params: string) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version' },
- { name: 'Method', bits: 0, value: method, editable: false, description: 'Notification method name β server will not reply' },
- { name: 'Params', bits: 0, value: params, editable: false, description: 'Notification parameters' },
- { name: 'ID', bits: 0, value: '(absent)', editable: false, description: 'No ID field β this is a notification, not a request. The server MUST NOT reply.', color: '#a855f7' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version'
+ },
+ {
+ name: 'Method',
+ bits: 0,
+ value: method,
+ editable: false,
+ description: 'Notification method name β server will not reply'
+ },
+ {
+ name: 'Params',
+ bits: 0,
+ value: params,
+ editable: false,
+ description: 'Notification parameters'
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: '(absent)',
+ editable: false,
+ description:
+ 'No ID field β this is a notification, not a request. The server MUST NOT reply.',
+ color: '#a855f7'
+ }
]
};
}
@@ -69,9 +164,28 @@ function httpRequestWrapper() {
osiLayer: 7,
color: '#4B5563',
headerFields: [
- { name: 'Method', bits: 0, value: 'POST', editable: false, description: 'JSON-RPC always uses HTTP POST β the method is inside the JSON, not in the URL' },
- { name: 'Path', bits: 0, value: '/rpc', editable: false, description: 'Single endpoint β all methods go to the same URL' },
- { name: 'Content-Type', bits: 0, value: 'application/json', editable: false, description: 'JSON-RPC payload is always JSON' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: 'POST',
+ editable: false,
+ description:
+ 'JSON-RPC always uses HTTP POST β the method is inside the JSON, not in the URL'
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: '/rpc',
+ editable: false,
+ description: 'Single endpoint β all methods go to the same URL'
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'JSON-RPC payload is always JSON'
+ }
]
};
}
@@ -183,7 +297,7 @@ export const jsonRpcCall: SimulationConfig = {
id: 'batch-request',
label: 'Batch Request',
description:
- 'Client sends an array of JSON-RPC calls in a single HTTP request. This is one of JSON-RPC\'s killer features β multiple independent calls in one round trip. The array can mix requests and notifications.',
+ "Client sends an array of JSON-RPC calls in a single HTTP request. This is one of JSON-RPC's killer features β multiple independent calls in one round trip. The array can mix requests and notifications.",
fromActor: 'client',
toActor: 'server',
duration: 1000,
@@ -199,9 +313,27 @@ export const jsonRpcCall: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Call 1', bits: 0, value: '{"method":"add","params":[1,2],"id":"a"}', editable: false, description: 'First call in the batch β will get a response' },
- { name: 'Call 2', bits: 0, value: '{"method":"log","params":["hi"]}', editable: false, description: 'Notification in the batch β no response expected' },
- { name: 'Call 3', bits: 0, value: '{"method":"multiply","params":[3,4],"id":"b"}', editable: false, description: 'Third call β will get a response' }
+ {
+ name: 'Call 1',
+ bits: 0,
+ value: '{"method":"add","params":[1,2],"id":"a"}',
+ editable: false,
+ description: 'First call in the batch β will get a response'
+ },
+ {
+ name: 'Call 2',
+ bits: 0,
+ value: '{"method":"log","params":["hi"]}',
+ editable: false,
+ description: 'Notification in the batch β no response expected'
+ },
+ {
+ name: 'Call 3',
+ bits: 0,
+ value: '{"method":"multiply","params":[3,4],"id":"b"}',
+ editable: false,
+ description: 'Third call β will get a response'
+ }
]
}
]
@@ -225,9 +357,30 @@ export const jsonRpcCall: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Result 1', bits: 0, value: '{"result":3,"id":"a"}', editable: false, description: 'Response for add(1,2) = 3', color: '#22c55e' },
- { name: 'Result 2', bits: 0, value: '{"result":12,"id":"b"}', editable: false, description: 'Response for multiply(3,4) = 12', color: '#22c55e' },
- { name: 'Note', bits: 0, value: 'No entry for notification', editable: false, description: 'The log notification had no id, so no response was generated', color: '#a855f7' }
+ {
+ name: 'Result 1',
+ bits: 0,
+ value: '{"result":3,"id":"a"}',
+ editable: false,
+ description: 'Response for add(1,2) = 3',
+ color: '#22c55e'
+ },
+ {
+ name: 'Result 2',
+ bits: 0,
+ value: '{"result":12,"id":"b"}',
+ editable: false,
+ description: 'Response for multiply(3,4) = 12',
+ color: '#22c55e'
+ },
+ {
+ name: 'Note',
+ bits: 0,
+ value: 'No entry for notification',
+ editable: false,
+ description: 'The log notification had no id, so no response was generated',
+ color: '#a855f7'
+ }
]
}
]
diff --git a/src/lib/simulator/simulations/kafka-events.ts b/src/lib/simulator/simulations/kafka-events.ts
index 5cad17c..751c3d8 100644
--- a/src/lib/simulator/simulations/kafka-events.ts
+++ b/src/lib/simulator/simulations/kafka-events.ts
@@ -8,7 +8,7 @@ export const kafkaEvents: SimulationConfig = {
protocolId: 'kafka',
title: 'Kafka β Event Streaming',
description:
- 'Follow a producer connecting to a Kafka broker, discovering topic metadata, and publishing an event. Kafka\'s binary wire protocol uses API keys and versioning for backward-compatible evolution.',
+ "Follow a producer connecting to a Kafka broker, discovering topic metadata, and publishing an event. Kafka's binary wire protocol uses API keys and versioning for backward-compatible evolution.",
tier: 'client',
actors: [
{ id: 'producer', label: 'Producer', icon: 'client', position: 'left' },
@@ -124,7 +124,7 @@ export const kafkaEvents: SimulationConfig = {
id: 'produce-ack',
label: 'Produce ACK',
description:
- 'The broker acknowledges the produce request after all in-sync replicas have written the records. The response includes the base offset β the position in the partition\'s append-only log where the records were written. Consumers use offsets to track their read position.',
+ "The broker acknowledges the produce request after all in-sync replicas have written the records. The response includes the base offset β the position in the partition's append-only log where the records were written. Consumers use offsets to track their read position.",
fromActor: 'broker',
toActor: 'producer',
duration: 800,
diff --git a/src/lib/simulator/simulations/kerberos-auth.ts b/src/lib/simulator/simulations/kerberos-auth.ts
index 408713d..87a4d97 100644
--- a/src/lib/simulator/simulations/kerberos-auth.ts
+++ b/src/lib/simulator/simulations/kerberos-auth.ts
@@ -8,7 +8,7 @@ export const kerberosAuth: SimulationConfig = {
protocolId: 'kerberos',
title: 'Kerberos Authentication β TGT β Service Ticket β AP-REQ',
description:
- "Watch Alice log into a Kerberos realm, acquire a Ticket Granting Ticket, fetch a service ticket for a web server, and authenticate to that server β all without sending her password on the wire. Same flow that runs in every Active Directory domain and every Hadoop cluster on Earth.",
+ 'Watch Alice log into a Kerberos realm, acquire a Ticket Granting Ticket, fetch a service ticket for a web server, and authenticate to that server β all without sending her password on the wire. Same flow that runs in every Active Directory domain and every Hadoop cluster on Earth.',
tier: 'client',
actors: [
{ id: 'client', label: 'Client (Alice)', icon: 'client', position: 'left' },
@@ -60,8 +60,7 @@ export const kerberosAuth: SimulationConfig = {
appTag: '[APPLICATION 10] AS-REQ',
msgType: 10,
cname: 'alice@EXAMPLE.COM',
- body:
- 'kdc-options: forwardable, renewable; sname: krbtgt/EXAMPLE.COM; padata: PA-ENC-TIMESTAMP (enc with K_alice); nonce: 0xA1B2C3D4; etype: { AES-256, AES-128 }'
+ body: 'kdc-options: forwardable, renewable; sname: krbtgt/EXAMPLE.COM; padata: PA-ENC-TIMESTAMP (enc with K_alice); nonce: 0xA1B2C3D4; etype: { AES-256, AES-128 }'
})
]
},
@@ -69,7 +68,7 @@ export const kerberosAuth: SimulationConfig = {
id: 'as-rep',
label: 'AS-REP β TGT delivered',
description:
- 'KDC looks up Alice\'s long-term key, generates a fresh session key, returns the AS-REP with **two encrypted blobs**: (a) the **TGT** encrypted under the krbtgt principal\'s key β only the KDC can later decrypt it, (b) the session key encrypted under Alice\'s long-term key β only Alice can decrypt it. Alice never sees her own password fly over the wire.',
+ "KDC looks up Alice's long-term key, generates a fresh session key, returns the AS-REP with **two encrypted blobs**: (a) the **TGT** encrypted under the krbtgt principal's key β only the KDC can later decrypt it, (b) the session key encrypted under Alice's long-term key β only Alice can decrypt it. Alice never sees her own password fly over the wire.",
fromActor: 'kdc',
toActor: 'client',
duration: 1300,
@@ -82,8 +81,7 @@ export const kerberosAuth: SimulationConfig = {
appTag: '[APPLICATION 11] AS-REP',
msgType: 11,
cname: 'alice@EXAMPLE.COM',
- body:
- 'ticket: TGT enc[krbtgt key] { K_session, flags, times }; enc-part: enc[K_alice] { K_session, nonce echoed, sname=krbtgt }'
+ body: 'ticket: TGT enc[krbtgt key] { K_session, flags, times }; enc-part: enc[K_alice] { K_session, nonce echoed, sname=krbtgt }'
})
]
},
@@ -91,7 +89,7 @@ export const kerberosAuth: SimulationConfig = {
id: 'tgs-req',
label: 'TGS-REQ β request a service ticket',
description:
- 'Alice now wants to access HTTP/web1.example.com. She sends a TGS-REQ to the KDC\'s Ticket Granting Service, presenting her TGT (proves who she is) plus a fresh **authenticator** encrypted under the TGT\'s session key (proves she just got it). No password again.',
+ "Alice now wants to access HTTP/web1.example.com. She sends a TGS-REQ to the KDC's Ticket Granting Service, presenting her TGT (proves who she is) plus a fresh **authenticator** encrypted under the TGT's session key (proves she just got it). No password again.",
fromActor: 'client',
toActor: 'kdc',
duration: 1300,
@@ -104,8 +102,7 @@ export const kerberosAuth: SimulationConfig = {
appTag: '[APPLICATION 12] TGS-REQ',
msgType: 12,
cname: 'alice@EXAMPLE.COM',
- body:
- 'sname: HTTP/web1.example.com; padata: PA-TGS-REQ (AP-REQ with TGT + authenticator); nonce: 0xE5F60718; etype: { AES-256 }'
+ body: 'sname: HTTP/web1.example.com; padata: PA-TGS-REQ (AP-REQ with TGT + authenticator); nonce: 0xE5F60718; etype: { AES-256 }'
})
]
},
@@ -126,8 +123,7 @@ export const kerberosAuth: SimulationConfig = {
appTag: '[APPLICATION 13] TGS-REP',
msgType: 13,
cname: 'alice@EXAMPLE.COM',
- body:
- 'ticket: ServiceTicket enc[web1 keytab] { K_svc, flags, times }; enc-part: enc[K_TGT_session] { K_svc, sname=HTTP/web1, times }'
+ body: 'ticket: ServiceTicket enc[web1 keytab] { K_svc, flags, times }; enc-part: enc[K_TGT_session] { K_svc, sname=HTTP/web1, times }'
})
]
},
@@ -169,8 +165,7 @@ export const kerberosAuth: SimulationConfig = {
appTag: '[APPLICATION 14] AP-REQ',
msgType: 14,
cname: 'alice@EXAMPLE.COM',
- body:
- 'ticket: ServiceTicket enc[web1 keytab] { K_svc }; authenticator: enc[K_svc] { ctime, cusec, seq-number, subkey? }'
+ body: 'ticket: ServiceTicket enc[web1 keytab] { K_svc }; authenticator: enc[K_svc] { ctime, cusec, seq-number, subkey? }'
})
]
},
@@ -247,7 +242,8 @@ export const kerberosAuth: SimulationConfig = {
bits: 0,
value: 'enc[K_svc] { user payload, seq-number }',
editable: false,
- description: 'For protocols that want Kerberos confidentiality (rare β most use TLS for that)'
+ description:
+ 'For protocols that want Kerberos confidentiality (rare β most use TLS for that)'
}
]
}
diff --git a/src/lib/simulator/simulations/mcp-session.ts b/src/lib/simulator/simulations/mcp-session.ts
index c9fadf1..ef67ebc 100644
--- a/src/lib/simulator/simulations/mcp-session.ts
+++ b/src/lib/simulator/simulations/mcp-session.ts
@@ -10,10 +10,34 @@ function mcpRequestLayer(method: string, params: string, id: string | number) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version β MCP uses JSON-RPC 2.0 as its wire format' },
- { name: 'Method', bits: 0, value: method, editable: false, description: 'MCP method to invoke on the server' },
- { name: 'Params', bits: 0, value: params, editable: false, description: 'Method parameters as a JSON object' },
- { name: 'ID', bits: 0, value: String(id), editable: false, description: 'Request identifier β server echoes this back to correlate the response' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version β MCP uses JSON-RPC 2.0 as its wire format'
+ },
+ {
+ name: 'Method',
+ bits: 0,
+ value: method,
+ editable: false,
+ description: 'MCP method to invoke on the server'
+ },
+ {
+ name: 'Params',
+ bits: 0,
+ value: params,
+ editable: false,
+ description: 'Method parameters as a JSON object'
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: String(id),
+ editable: false,
+ description: 'Request identifier β server echoes this back to correlate the response'
+ }
]
};
}
@@ -25,9 +49,28 @@ function mcpResponseLayer(result: string, id: string | number, color: string) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version' },
- { name: 'Result', bits: 0, value: result, editable: false, description: 'Response payload β contains the requested data or confirmation', color },
- { name: 'ID', bits: 0, value: String(id), editable: false, description: 'Matches the request ID β confirms which call this responds to' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version'
+ },
+ {
+ name: 'Result',
+ bits: 0,
+ value: result,
+ editable: false,
+ description: 'Response payload β contains the requested data or confirmation',
+ color
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: String(id),
+ editable: false,
+ description: 'Matches the request ID β confirms which call this responds to'
+ }
]
};
}
@@ -39,10 +82,36 @@ function mcpNotificationLayer(method: string, params: string) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: '"2.0"', editable: false, description: 'JSON-RPC protocol version' },
- { name: 'Method', bits: 0, value: method, editable: false, description: 'Notification method β server acknowledges but MUST NOT reply' },
- { name: 'Params', bits: 0, value: params, editable: false, description: 'Notification parameters' },
- { name: 'ID', bits: 0, value: '(absent)', editable: false, description: 'No ID field β this is a notification, not a request. The server MUST NOT reply.', color: '#a855f7' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: '"2.0"',
+ editable: false,
+ description: 'JSON-RPC protocol version'
+ },
+ {
+ name: 'Method',
+ bits: 0,
+ value: method,
+ editable: false,
+ description: 'Notification method β server acknowledges but MUST NOT reply'
+ },
+ {
+ name: 'Params',
+ bits: 0,
+ value: params,
+ editable: false,
+ description: 'Notification parameters'
+ },
+ {
+ name: 'ID',
+ bits: 0,
+ value: '(absent)',
+ editable: false,
+ description:
+ 'No ID field β this is a notification, not a request. The server MUST NOT reply.',
+ color: '#a855f7'
+ }
]
};
}
@@ -54,9 +123,21 @@ function httpTransportLayer(method: string, path: string) {
osiLayer: 7,
color: '#4B5563',
headerFields: [
- { name: 'Method', bits: 0, value: method, editable: false, description: 'HTTP method β MCP uses POST for JSON-RPC messages over Streamable HTTP' },
+ {
+ name: 'Method',
+ bits: 0,
+ value: method,
+ editable: false,
+ description: 'HTTP method β MCP uses POST for JSON-RPC messages over Streamable HTTP'
+ },
{ name: 'Path', bits: 0, value: path, editable: false, description: 'MCP endpoint path' },
- { name: 'Content-Type', bits: 0, value: 'application/json', editable: false, description: 'JSON-RPC payload is always JSON' }
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'JSON-RPC payload is always JSON'
+ }
]
};
}
@@ -95,7 +176,11 @@ export const mcpSession: SimulationConfig = {
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 54200, dstPort: 443, flags: 'PSH,ACK' }),
httpTransportLayer('POST', '/mcp'),
- mcpRequestLayer('initialize', '{"protocolVersion":"2025-03-26","capabilities":{"roots":{"listChanged":true}},"clientInfo":{"name":"MyAIApp","version":"1.0"}}', 1)
+ mcpRequestLayer(
+ 'initialize',
+ '{"protocolVersion":"2025-03-26","capabilities":{"roots":{"listChanged":true}},"clientInfo":{"name":"MyAIApp","version":"1.0"}}',
+ 1
+ )
]
},
{
@@ -111,7 +196,11 @@ export const mcpSession: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 54200, flags: 'PSH,ACK' }),
- mcpResponseLayer('{"protocolVersion":"2025-03-26","capabilities":{"tools":{"listChanged":true}},"serverInfo":{"name":"WeatherServer","version":"2.0"}}', 1, '#22c55e')
+ mcpResponseLayer(
+ '{"protocolVersion":"2025-03-26","capabilities":{"tools":{"listChanged":true}},"serverInfo":{"name":"WeatherServer","version":"2.0"}}',
+ 1,
+ '#22c55e'
+ )
]
},
{
@@ -161,7 +250,11 @@ export const mcpSession: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 54200, flags: 'PSH,ACK' }),
- mcpResponseLayer('{"tools":[{"name":"weather","description":"Get current weather","inputSchema":{"type":"object","properties":{"city":{"type":"string"}},"required":["city"]}}]}', 2, '#22c55e')
+ mcpResponseLayer(
+ '{"tools":[{"name":"weather","description":"Get current weather","inputSchema":{"type":"object","properties":{"city":{"type":"string"}},"required":["city"]}}]}',
+ 2,
+ '#22c55e'
+ )
]
},
{
@@ -194,7 +287,11 @@ export const mcpSession: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 54200, flags: 'PSH,ACK' }),
- mcpResponseLayer('{"content":[{"type":"text","text":"San Francisco: 62\u00b0F, partly cloudy, wind 12mph W"}],"isError":false}', 3, '#22c55e')
+ mcpResponseLayer(
+ '{"content":[{"type":"text","text":"San Francisco: 62\u00b0F, partly cloudy, wind 12mph W"}],"isError":false}',
+ 3,
+ '#22c55e'
+ )
]
}
]
diff --git a/src/lib/simulator/simulations/mdns-discovery.ts b/src/lib/simulator/simulations/mdns-discovery.ts
index be42939..908c74e 100644
--- a/src/lib/simulator/simulations/mdns-discovery.ts
+++ b/src/lib/simulator/simulations/mdns-discovery.ts
@@ -8,7 +8,7 @@ export const mdnsDiscovery: SimulationConfig = {
protocolId: 'mdns-dns-sd',
title: 'mDNS / DNS-SD β Probe, Announce, Discover, Goodbye',
description:
- "Watch a new printer claim `office-printer.local`, announce its IPP service, get discovered by a laptop browsing for `_ipp._tcp`, and send a clean goodbye on shutdown. The full Bonjour lifecycle on one link.",
+ 'Watch a new printer claim `office-printer.local`, announce its IPP service, get discovered by a laptop browsing for `_ipp._tcp`, and send a clean goodbye on shutdown. The full Bonjour lifecycle on one link.',
tier: 'server',
actors: [
{ id: 'printer', label: 'Printer (responder)', icon: 'device', position: 'left' },
@@ -142,7 +142,7 @@ export const mdnsDiscovery: SimulationConfig = {
id: 'sd-response',
label: 'PTR Response (unicast)',
description:
- "Printer responds β unicast this time (because the querier set the unicast-response bit). Just the PTR pointing to its service instance. The laptop will follow up with SRV+TXT+A queries to complete the resolution.",
+ 'Printer responds β unicast this time (because the querier set the unicast-response bit). Just the PTR pointing to its service instance. The laptop will follow up with SRV+TXT+A queries to complete the resolution.',
fromActor: 'printer',
toActor: 'laptop',
duration: 1200,
diff --git a/src/lib/simulator/simulations/mptcp-multipath.ts b/src/lib/simulator/simulations/mptcp-multipath.ts
index f0820e7..c8c5686 100644
--- a/src/lib/simulator/simulations/mptcp-multipath.ts
+++ b/src/lib/simulator/simulations/mptcp-multipath.ts
@@ -42,7 +42,7 @@ export const mptcpMultipath: SimulationConfig = {
id: 'synack-capable',
label: 'SYN-ACK + MP_CAPABLE',
description:
- 'The server responds with SYN-ACK and its own MP_CAPABLE option containing the server\'s key. Both keys are now exchanged β the client and server can derive tokens from each other\'s keys to authenticate additional subflows later. The primary subflow is established.',
+ "The server responds with SYN-ACK and its own MP_CAPABLE option containing the server's key. Both keys are now exchanged β the client and server can derive tokens from each other's keys to authenticate additional subflows later. The primary subflow is established.",
fromActor: 'server',
toActor: 'client',
duration: 800,
@@ -88,7 +88,7 @@ export const mptcpMultipath: SimulationConfig = {
id: 'join',
label: 'SYN + MP_JOIN',
description:
- 'The phone adds a second subflow over cellular. MP_JOIN uses a token derived from the server\'s key to identify which MPTCP connection to join. The server verifies the HMAC to ensure this is a legitimate subflow and not an attack. Data can now be split across both Wi-Fi and cellular paths.',
+ "The phone adds a second subflow over cellular. MP_JOIN uses a token derived from the server's key to identify which MPTCP connection to join. The server verifies the HMAC to ensure this is a legitimate subflow and not an attack. Data can now be split across both Wi-Fi and cellular paths.",
fromActor: 'client',
toActor: 'server',
duration: 1000,
diff --git a/src/lib/simulator/simulations/mqtt-pubsub.ts b/src/lib/simulator/simulations/mqtt-pubsub.ts
index e23ad49..742b300 100644
--- a/src/lib/simulator/simulations/mqtt-pubsub.ts
+++ b/src/lib/simulator/simulations/mqtt-pubsub.ts
@@ -51,7 +51,7 @@ export const mqttPubSub: SimulationConfig = {
id: 'connack',
label: 'CONNACK',
description:
- 'The broker validates the client\'s credentials and session state, then responds with CONNACK. A return code of 0 means the connection is accepted. The broker can also signal whether a previous session exists for this client ID.',
+ "The broker validates the client's credentials and session state, then responds with CONNACK. A return code of 0 means the connection is accepted. The broker can also signal whether a previous session exists for this client ID.",
fromActor: 'broker',
toActor: 'device',
duration: 800,
diff --git a/src/lib/simulator/simulations/nat-traversal.ts b/src/lib/simulator/simulations/nat-traversal.ts
index 1cd76ec..37f9b14 100644
--- a/src/lib/simulator/simulations/nat-traversal.ts
+++ b/src/lib/simulator/simulations/nat-traversal.ts
@@ -56,7 +56,7 @@ export const natTraversalIce: SimulationConfig = {
id: 'stun-bind-resp',
label: 'STUN Binding Success',
description:
- 'STUN replies with what it saw β Alice\'s public ip:port encoded in XOR-MAPPED-ADDRESS (XORed against the magic cookie so middleboxes can\'t rewrite it). That\'s Alice\'s **server-reflexive candidate**.',
+ "STUN replies with what it saw β Alice's public ip:port encoded in XOR-MAPPED-ADDRESS (XORed against the magic cookie so middleboxes can't rewrite it). That's Alice's **server-reflexive candidate**.",
fromActor: 'server',
toActor: 'alice',
duration: 1200,
@@ -91,7 +91,8 @@ export const natTraversalIce: SimulationConfig = {
createSTUNLayer({
type: 'Allocate Request',
length: 96,
- attribute: 'REQUESTED-TRANSPORT=17 (UDP), LIFETIME=600, USERNAME, REALM, NONCE, MESSAGE-INTEGRITY-256'
+ attribute:
+ 'REQUESTED-TRANSPORT=17 (UDP), LIFETIME=600, USERNAME, REALM, NONCE, MESSAGE-INTEGRITY-256'
})
]
},
@@ -122,7 +123,7 @@ export const natTraversalIce: SimulationConfig = {
id: 'ice-check-alice-bob',
label: 'ICE Connectivity Check (A β B)',
description:
- 'Alice sends a STUN Binding Request directly to Bob\'s reflexive candidate, using short-term ICE credentials (the ufrag/pwd exchanged via SDP). PRIORITY carries the candidate priority; ICE-CONTROLLING carries a 64-bit tiebreaker.',
+ "Alice sends a STUN Binding Request directly to Bob's reflexive candidate, using short-term ICE credentials (the ufrag/pwd exchanged via SDP). PRIORITY carries the candidate priority; ICE-CONTROLLING carries a 64-bit tiebreaker.",
fromActor: 'alice',
toActor: 'bob',
duration: 1400,
@@ -134,7 +135,8 @@ export const natTraversalIce: SimulationConfig = {
createSTUNLayer({
type: 'Binding Request',
length: 32,
- attribute: 'USERNAME (bob:alice), PRIORITY, ICE-CONTROLLING, MESSAGE-INTEGRITY, FINGERPRINT'
+ attribute:
+ 'USERNAME (bob:alice), PRIORITY, ICE-CONTROLLING, MESSAGE-INTEGRITY, FINGERPRINT'
})
]
},
diff --git a/src/lib/simulator/simulations/nfc-tap.ts b/src/lib/simulator/simulations/nfc-tap.ts
index 7df42db..80df977 100644
--- a/src/lib/simulator/simulations/nfc-tap.ts
+++ b/src/lib/simulator/simulations/nfc-tap.ts
@@ -5,7 +5,7 @@ export const nfcTap: SimulationConfig = {
protocolId: 'nfc',
title: 'NFC Tap β Apple Pay / EMV Contactless',
description:
- "Watch a phone present an EMV cryptogram to a contactless terminal in ~300 ms. The same nine beats β REQA β ATQA β SEL β SAK β RATS β ATS β SELECT PPSE β SELECT AID β GPO β READ RECORD β GENERATE AC β that runs ~$7.6 trillion in annualised Apple Pay transactions and every plastic contactless card on Earth.",
+ 'Watch a phone present an EMV cryptogram to a contactless terminal in ~300 ms. The same nine beats β REQA β ATQA β SEL β SAK β RATS β ATS β SELECT PPSE β SELECT AID β GPO β READ RECORD β GENERATE AC β that runs ~$7.6 trillion in annualised Apple Pay transactions and every plastic contactless card on Earth.',
tier: 'client',
actors: [
{ id: 'phone', label: 'Phone (PICC)', icon: 'device', position: 'left' },
@@ -44,18 +44,32 @@ export const nfcTap: SimulationConfig = {
toActor: 'terminal',
duration: 800,
highlight: ['Carrier'],
- layers: [createNFCALayer({ frame: 'RF field (continuous)', direction: '13.56 MHz carrier from PCD', payload: 'Power transfer + clock recovery', crc: '(none β physical layer)' })]
+ layers: [
+ createNFCALayer({
+ frame: 'RF field (continuous)',
+ direction: '13.56 MHz carrier from PCD',
+ payload: 'Power transfer + clock recovery',
+ crc: '(none β physical layer)'
+ })
+ ]
},
{
id: 'reqa',
label: 'REQA β terminal asks "any Type A cards here?"',
description:
- "The terminal sends a 7-bit short frame `0x26` β Request-A β on the carrier. Any IDLE Type A PICC in the field transitions to READY and prepares to answer. (For deep-sleep cards the terminal would use `WUPA = 0x52` instead, which also wakes HALT cards.)",
+ 'The terminal sends a 7-bit short frame `0x26` β Request-A β on the carrier. Any IDLE Type A PICC in the field transitions to READY and prepares to answer. (For deep-sleep cards the terminal would use `WUPA = 0x52` instead, which also wakes HALT cards.)',
fromActor: 'terminal',
toActor: 'phone',
duration: 700,
highlight: ['Frame', 'Payload'],
- layers: [createNFCALayer({ frame: 'Short frame (7 bits, no CRC)', direction: 'PCD β PICC', payload: '0x26 (REQA)', crc: '(none β short frame)' })]
+ layers: [
+ createNFCALayer({
+ frame: 'Short frame (7 bits, no CRC)',
+ direction: 'PCD β PICC',
+ payload: '0x26 (REQA)',
+ crc: '(none β short frame)'
+ })
+ ]
},
{
id: 'atqa',
@@ -66,29 +80,50 @@ export const nfcTap: SimulationConfig = {
toActor: 'terminal',
duration: 700,
highlight: ['Frame', 'Payload'],
- layers: [createNFCALayer({ frame: 'Standard frame (16 bits, no CRC)', direction: 'PICC β PCD', payload: '0x04 0x00 (ATQA β 4-byte UID, std anti-collision)', crc: '(none)' })]
+ layers: [
+ createNFCALayer({
+ frame: 'Standard frame (16 bits, no CRC)',
+ direction: 'PICC β PCD',
+ payload: '0x04 0x00 (ATQA β 4-byte UID, std anti-collision)',
+ crc: '(none)'
+ })
+ ]
},
{
id: 'sel',
label: 'SEL/NVB β bit-frame anti-collision converges on the UID',
description:
- "The terminal sends `SEL = 0x93` (cascade level 1), `NVB = 0x20` (no bits known yet). The card returns its 4 UID bytes + BCC (the XOR check byte). The terminal echoes them back with `NVB = 0x70` and a CRC_A. The card responds with `SAK = 0x28` β bit 6 set says *I support ISO 14443-4* (so RATS/ATS will follow); bit 3 clear says *the UID is complete, no further cascade needed*.",
+ 'The terminal sends `SEL = 0x93` (cascade level 1), `NVB = 0x20` (no bits known yet). The card returns its 4 UID bytes + BCC (the XOR check byte). The terminal echoes them back with `NVB = 0x70` and a CRC_A. The card responds with `SAK = 0x28` β bit 6 set says *I support ISO 14443-4* (so RATS/ATS will follow); bit 3 clear says *the UID is complete, no further cascade needed*.',
fromActor: 'terminal',
toActor: 'phone',
duration: 900,
highlight: ['Frame', 'Payload', 'CRC_A'],
- layers: [createNFCALayer({ frame: 'Full frame (CRC_A protected)', direction: 'PCD β PICC (multi-frame exchange)', payload: 'SEL=0x93 NVB=0x20 β UID=04 1A 2B 3C BCC=4D β SEL=0x93 NVB=0x70 ... β SAK=0x28', crc: 'CRC_A on SEL+NVB+UID' })]
+ layers: [
+ createNFCALayer({
+ frame: 'Full frame (CRC_A protected)',
+ direction: 'PCD β PICC (multi-frame exchange)',
+ payload: 'SEL=0x93 NVB=0x20 β UID=04 1A 2B 3C BCC=4D β SEL=0x93 NVB=0x70 ... β SAK=0x28',
+ crc: 'CRC_A on SEL+NVB+UID'
+ })
+ ]
},
{
id: 'rats',
label: 'RATS / ATS β negotiate frame size and timing',
description:
- "Now in 14443-4 mode. The terminal sends `RATS = 0xE0 0x80` (Request for ATS, with CID=0 and FSDI=8 meaning *I can accept up to 256-byte frames*). The phone replies with **ATS** β `06 75 33 81 02 80` β declaring its Frame Size for the Card (FSCI=5 = 64 bytes max), Frame Waiting Time (FWI=3), and supports CID/NAD options. Both ends now know the framing budget for the rest of the conversation.",
+ 'Now in 14443-4 mode. The terminal sends `RATS = 0xE0 0x80` (Request for ATS, with CID=0 and FSDI=8 meaning *I can accept up to 256-byte frames*). The phone replies with **ATS** β `06 75 33 81 02 80` β declaring its Frame Size for the Card (FSCI=5 = 64 bytes max), Frame Waiting Time (FWI=3), and supports CID/NAD options. Both ends now know the framing budget for the rest of the conversation.',
fromActor: 'terminal',
toActor: 'phone',
duration: 800,
highlight: ['Frame', 'Payload'],
- layers: [createNFCALayer({ frame: 'Full frame (CRC_A protected)', direction: 'PCD β PICC', payload: 'RATS=E0 80 β ATS=06 75 33 81 02 80 (FSCI=5, FWI=3, CID supported)', crc: 'CRC_A' })]
+ layers: [
+ createNFCALayer({
+ frame: 'Full frame (CRC_A protected)',
+ direction: 'PCD β PICC',
+ payload: 'RATS=E0 80 β ATS=06 75 33 81 02 80 (FSCI=5, FWI=3, CID supported)',
+ crc: 'CRC_A'
+ })
+ ]
},
{
id: 'ppse',
@@ -99,7 +134,15 @@ export const nfcTap: SimulationConfig = {
toActor: 'phone',
duration: 900,
highlight: ['CLA INS P1 P2', 'Data', 'Response Data / SW1 SW2'],
- layers: [createAPDULayer({ header: '00 A4 04 00', lc: '0E', data: "32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 (PPSE AID '2PAY.SYS.DDF01')", le: '00', response: '6F .. A5 .. BF0C 1C 61 1A 4F 07 A0000000041010 50 0A MASTERCARD ... 90 00' })]
+ layers: [
+ createAPDULayer({
+ header: '00 A4 04 00',
+ lc: '0E',
+ data: "32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 (PPSE AID '2PAY.SYS.DDF01')",
+ le: '00',
+ response: '6F .. A5 .. BF0C 1C 61 1A 4F 07 A0000000041010 50 0A MASTERCARD ... 90 00'
+ })
+ ]
},
{
id: 'select-aid',
@@ -110,7 +153,15 @@ export const nfcTap: SimulationConfig = {
toActor: 'phone',
duration: 900,
highlight: ['CLA INS P1 P2', 'Data', 'Response Data / SW1 SW2'],
- layers: [createAPDULayer({ header: '00 A4 04 00', lc: '07', data: 'A0 00 00 00 04 10 10 (AID: Mastercard credit/debit)', le: '00', response: '6F .. A5 .. 9F38 (PDOL list: amount, currency, country, TVR, ...) 90 00' })]
+ layers: [
+ createAPDULayer({
+ header: '00 A4 04 00',
+ lc: '07',
+ data: 'A0 00 00 00 04 10 10 (AID: Mastercard credit/debit)',
+ le: '00',
+ response: '6F .. A5 .. 9F38 (PDOL list: amount, currency, country, TVR, ...) 90 00'
+ })
+ ]
},
{
id: 'gpo',
@@ -121,18 +172,35 @@ export const nfcTap: SimulationConfig = {
toActor: 'phone',
duration: 1100,
highlight: ['CLA INS P1 P2', 'Data', 'Response Data / SW1 SW2'],
- layers: [createAPDULayer({ header: '80 A8 00 00', lc: '23', data: '83 21 ...PDOL filled: amount Β£28.50, currency GBP, country UK, TVR, UN...', le: '00', response: '77 .. 82 02 19 80 (AIP: CDA, CVM, RRP) 94 0C 18 01 02 00 ... (AFL) 90 00' })]
+ layers: [
+ createAPDULayer({
+ header: '80 A8 00 00',
+ lc: '23',
+ data: '83 21 ...PDOL filled: amount Β£28.50, currency GBP, country UK, TVR, UN...',
+ le: '00',
+ response: '77 .. 82 02 19 80 (AIP: CDA, CVM, RRP) 94 0C 18 01 02 00 ... (AFL) 90 00'
+ })
+ ]
},
{
id: 'read-records',
label: 'READ RECORD ΓN β pull PAN, expiry, public-key certificates',
description:
- "For each entry in the AFL, the terminal issues `00 B2 <(sfi<<3)|0x04>` READ RECORD. The card returns the **PAN-equivalent** (DPAN, not the real card number β that lives at the issuer), expiry, CDOL1 (which tags GENERATE AC needs), the **Issuer Public-Key Certificate** and **ICC Public-Key Certificate** for offline CDA verification. Three to five READ RECORDs is typical.",
+ 'For each entry in the AFL, the terminal issues `00 B2 <(sfi<<3)|0x04>` READ RECORD. The card returns the **PAN-equivalent** (DPAN, not the real card number β that lives at the issuer), expiry, CDOL1 (which tags GENERATE AC needs), the **Issuer Public-Key Certificate** and **ICC Public-Key Certificate** for offline CDA verification. Three to five READ RECORDs is typical.',
fromActor: 'terminal',
toActor: 'phone',
duration: 1100,
highlight: ['CLA INS P1 P2', 'Data', 'Response Data / SW1 SW2'],
- layers: [createAPDULayer({ header: '00 B2 01 0C', lc: '(none)', data: '(no command body)', le: '00', response: '70 .. 5F24 (expiry 12/27) 5A 08 5413 33xx xxxx xxxx (DPAN) 8F 01 ... (cert chain) 90 00' })]
+ layers: [
+ createAPDULayer({
+ header: '00 B2 01 0C',
+ lc: '(none)',
+ data: '(no command body)',
+ le: '00',
+ response:
+ '70 .. 5F24 (expiry 12/27) 5A 08 5413 33xx xxxx xxxx (DPAN) 8F 01 ... (cert chain) 90 00'
+ })
+ ]
},
{
id: 'generate-ac',
@@ -143,18 +211,35 @@ export const nfcTap: SimulationConfig = {
toActor: 'phone',
duration: 1300,
highlight: ['CLA INS P1 P2', 'Data', 'Response Data / SW1 SW2'],
- layers: [createAPDULayer({ header: '80 AE 80 00', lc: '1F', data: '...CDOL1 data: amount Β£28.50, currency GBP, TVR, UN 0x9C2A3B4D...', le: '00', response: '77 .. 9F27 80 (CID=ARQC) 9F36 02 00 7A (ATC) 9F26 08 1A 2B 3C 4D 5E 6F 70 81 (Application Cryptogram) 9F10 ...IAD... 90 00' })]
+ layers: [
+ createAPDULayer({
+ header: '80 AE 80 00',
+ lc: '1F',
+ data: '...CDOL1 data: amount Β£28.50, currency GBP, TVR, UN 0x9C2A3B4D...',
+ le: '00',
+ response:
+ '77 .. 9F27 80 (CID=ARQC) 9F36 02 00 7A (ATC) 9F26 08 1A 2B 3C 4D 5E 6F 70 81 (Application Cryptogram) 9F10 ...IAD... 90 00'
+ })
+ ]
},
{
id: 'authorize',
label: 'Issuer authorisation β terminal sends ARQC online, gets ARPC back',
description:
- "The terminal hands the ARQC to the acquirer (Stripe, Square, Worldpay), which routes it through the payment network (Mastercard) to the **issuing bank**. The issuer verifies the cryptogram against the per-DPAN key in its HSM and returns an **ARPC** (Authorisation Response Cryptogram) β `APPROVED`. Total time including network round-trip: typically 300β800 ms. The terminal beeps green; the phone vibrates with the Apple Pay success animation. Total airtime in the magnetic field was less than half a second.",
+ 'The terminal hands the ARQC to the acquirer (Stripe, Square, Worldpay), which routes it through the payment network (Mastercard) to the **issuing bank**. The issuer verifies the cryptogram against the per-DPAN key in its HSM and returns an **ARPC** (Authorisation Response Cryptogram) β `APPROVED`. Total time including network round-trip: typically 300β800 ms. The terminal beeps green; the phone vibrates with the Apple Pay success animation. Total airtime in the magnetic field was less than half a second.',
fromActor: 'terminal',
toActor: 'phone',
duration: 1000,
highlight: ['Response Data / SW1 SW2'],
- layers: [createAPDULayer({ header: '(issuer round-trip via acquirer + payment network β not in-field)', lc: 'β', data: 'ARQC β issuer HSM β ARPC (APPROVED, ARC=00)', le: 'β', response: 'Terminal beeps green; phone shows Apple Pay tick' })]
+ layers: [
+ createAPDULayer({
+ header: '(issuer round-trip via acquirer + payment network β not in-field)',
+ lc: 'β',
+ data: 'ARQC β issuer HSM β ARPC (APPROVED, ARC=00)',
+ le: 'β',
+ response: 'Terminal beeps green; phone shows Apple Pay tick'
+ })
+ ]
}
]
};
@@ -163,7 +248,7 @@ export const nfcTagRead: SimulationConfig = {
protocolId: 'nfc',
title: 'NFC Tag Read β Type 2 NDEF Smart Poster',
description:
- "Watch a phone pick up an NDEF URL from a passive transit-poster tag in a single tap. Same physics as Apple Pay, simpler stack: REQA β ATQA β SEL β SAK (without 14443-4) β T2T READ β NDEF parse β hand off to the browser.",
+ 'Watch a phone pick up an NDEF URL from a passive transit-poster tag in a single tap. Same physics as Apple Pay, simpler stack: REQA β ATQA β SEL β SAK (without 14443-4) β T2T READ β NDEF parse β hand off to the browser.',
tier: 'client',
actors: [
{ id: 'phone', label: 'Phone (PCD)', icon: 'device', position: 'left' },
@@ -175,7 +260,12 @@ export const nfcTagRead: SimulationConfig = {
label: 'Tag type',
type: 'select',
defaultValue: 'NTAG216 (T2T, 924 bytes)',
- options: ['NTAG213 (T2T, 144 bytes)', 'NTAG216 (T2T, 924 bytes)', 'MIFARE Classic 1k (legacy)', 'ICODE SLIX2 (T5T)']
+ options: [
+ 'NTAG213 (T2T, 144 bytes)',
+ 'NTAG216 (T2T, 924 bytes)',
+ 'MIFARE Classic 1k (legacy)',
+ 'ICODE SLIX2 (T5T)'
+ ]
}
],
steps: [
@@ -188,40 +278,69 @@ export const nfcTagRead: SimulationConfig = {
toActor: 'tag',
duration: 800,
highlight: ['Frame', 'Payload'],
- layers: [createNFCALayer({ frame: 'Short β standard frames', direction: 'PCD β PICC β PCD', payload: 'REQA 0x26 β ATQA 0x00 0x44 (7-byte UID)', crc: '(none / short)' })]
+ layers: [
+ createNFCALayer({
+ frame: 'Short β standard frames',
+ direction: 'PCD β PICC β PCD',
+ payload: 'REQA 0x26 β ATQA 0x00 0x44 (7-byte UID)',
+ crc: '(none / short)'
+ })
+ ]
},
{
id: 'sel',
label: 'SEL cascade β converge on the 7-byte UID',
description:
- "Two cascade levels are needed for a 7-byte UID. Level 1 (SEL=0x93) returns bytes 0β3 (with the cascade tag CT=0x88 in byte 0) + BCC. Level 2 (SEL=0x95) returns bytes 4β6 + BCC. Final SAK is `0x00` β meaning *Type 2 tag, no ISO 14443-4*. We go straight to T2T commands.",
+ 'Two cascade levels are needed for a 7-byte UID. Level 1 (SEL=0x93) returns bytes 0β3 (with the cascade tag CT=0x88 in byte 0) + BCC. Level 2 (SEL=0x95) returns bytes 4β6 + BCC. Final SAK is `0x00` β meaning *Type 2 tag, no ISO 14443-4*. We go straight to T2T commands.',
fromActor: 'phone',
toActor: 'tag',
duration: 900,
highlight: ['Frame', 'Payload', 'CRC_A'],
- layers: [createNFCALayer({ frame: 'Full frame, multi-step', direction: 'PCD β PICC', payload: 'CL1 β UID-CL1 (with CT=0x88) + BCC β CL2 β UID-CL2 + BCC β SAK 0x00 (T2T)', crc: 'CRC_A' })]
+ layers: [
+ createNFCALayer({
+ frame: 'Full frame, multi-step',
+ direction: 'PCD β PICC',
+ payload: 'CL1 β UID-CL1 (with CT=0x88) + BCC β CL2 β UID-CL2 + BCC β SAK 0x00 (T2T)',
+ crc: 'CRC_A'
+ })
+ ]
},
{
id: 'read-cc',
label: 'T2T READ β fetch the Capability Container',
description:
- "NDEF tags begin with a CC at page 3 (16 bytes). T2T READ command (`0x30 0x03`) returns 4 pages = 16 bytes. The CC is the first 4 bytes: `E1 10 6D 00` β magic byte 0xE1, version 1.0, memory size 0x6D Γ 8 = 872 bytes available, read/write access flags 0x00. The reader knows this tag has NDEF content.",
+ 'NDEF tags begin with a CC at page 3 (16 bytes). T2T READ command (`0x30 0x03`) returns 4 pages = 16 bytes. The CC is the first 4 bytes: `E1 10 6D 00` β magic byte 0xE1, version 1.0, memory size 0x6D Γ 8 = 872 bytes available, read/write access flags 0x00. The reader knows this tag has NDEF content.',
fromActor: 'phone',
toActor: 'tag',
duration: 800,
highlight: ['Frame', 'Payload'],
- layers: [createNFCALayer({ frame: 'Full frame, CRC_A', direction: 'PCD β PICC', payload: 'READ 0x30 0x03 β 16 bytes: E1 10 6D 00 (CC) + first NDEF page', crc: 'CRC_A' })]
+ layers: [
+ createNFCALayer({
+ frame: 'Full frame, CRC_A',
+ direction: 'PCD β PICC',
+ payload: 'READ 0x30 0x03 β 16 bytes: E1 10 6D 00 (CC) + first NDEF page',
+ crc: 'CRC_A'
+ })
+ ]
},
{
id: 'read-ndef',
label: 'T2T READ β pull the NDEF TLV',
description:
- "Continue reading pages 4..N. Tag memory has an NDEF TLV: byte 0x03 (NDEF Message), 1-byte length, then the NDEF message bytes. One TLV may chain multiple NDEF records.",
+ 'Continue reading pages 4..N. Tag memory has an NDEF TLV: byte 0x03 (NDEF Message), 1-byte length, then the NDEF message bytes. One TLV may chain multiple NDEF records.',
fromActor: 'phone',
toActor: 'tag',
duration: 800,
highlight: ['Frame', 'Payload'],
- layers: [createNFCALayer({ frame: 'Full frame, CRC_A', direction: 'PCD β PICC', payload: 'READ 0x30 0x04..., 0x30 0x08, ...: 03 19 D1 01 15 55 03 t r a n s i t . e x a m p l e . c o m / q r', crc: 'CRC_A' })]
+ layers: [
+ createNFCALayer({
+ frame: 'Full frame, CRC_A',
+ direction: 'PCD β PICC',
+ payload:
+ 'READ 0x30 0x04..., 0x30 0x08, ...: 03 19 D1 01 15 55 03 t r a n s i t . e x a m p l e . c o m / q r',
+ crc: 'CRC_A'
+ })
+ ]
},
{
id: 'parse-ndef',
@@ -232,19 +351,35 @@ export const nfcTagRead: SimulationConfig = {
toActor: 'phone',
duration: 800,
highlight: ['Header byte', 'Type', 'Payload'],
- layers: [createNDEFLayer({ header: 'MB=1 ME=1 SR=1 IL=0 TNF=1 (Well-Known)', typeLen: 1, payloadLen: 21, type: "'U' (URI Record)", payload: '0x03 transit.example.com/qr β https://transit.example.com/qr' })]
+ layers: [
+ createNDEFLayer({
+ header: 'MB=1 ME=1 SR=1 IL=0 TNF=1 (Well-Known)',
+ typeLen: 1,
+ payloadLen: 21,
+ type: "'U' (URI Record)",
+ payload: '0x03 transit.example.com/qr β https://transit.example.com/qr'
+ })
+ ]
},
{
id: 'handoff',
label: 'Hand-off β phone OS opens the URL',
description:
- "The phone OS receives the parsed NDEF URL and hands it off to the default browser. On iOS the tap-to-launch notification appears (if `com.apple.developer.nfc.readersession.iso7816.select-identifiers` is in the app entitlement); on Android the URL launches directly. Total time from tap to browser load: typically <300 ms.",
+ 'The phone OS receives the parsed NDEF URL and hands it off to the default browser. On iOS the tap-to-launch notification appears (if `com.apple.developer.nfc.readersession.iso7816.select-identifiers` is in the app entitlement); on Android the URL launches directly. Total time from tap to browser load: typically <300 ms.',
fromActor: 'phone',
toActor: 'tag',
duration: 800,
highlight: ['Payload'],
data: 'OS opens https://transit.example.com/qr',
- layers: [createNDEFLayer({ header: 'parsed', typeLen: 1, payloadLen: 21, type: "'U' (URI)", payload: 'https://transit.example.com/qr β handed to default browser' })]
+ layers: [
+ createNDEFLayer({
+ header: 'parsed',
+ typeLen: 1,
+ payloadLen: 21,
+ type: "'U' (URI)",
+ payload: 'https://transit.example.com/qr β handed to default browser'
+ })
+ ]
}
]
};
diff --git a/src/lib/simulator/simulations/oauth2-flow.ts b/src/lib/simulator/simulations/oauth2-flow.ts
index 883e989..fa2fb01 100644
--- a/src/lib/simulator/simulations/oauth2-flow.ts
+++ b/src/lib/simulator/simulations/oauth2-flow.ts
@@ -52,8 +52,7 @@ function httpRequestLayer(
bits: 0,
value: extra.auth,
editable: false,
- description:
- 'Authorization header β carries the Bearer access token',
+ description: 'Authorization header β carries the Bearer access token',
color: '#2DD4BF'
}
]
@@ -128,7 +127,7 @@ export const oauth2Flow: SimulationConfig = {
protocolId: 'oauth2',
title: 'OAuth 2.0 Authorization Code + PKCE',
description:
- 'See how OAuth 2.0 delegates authorization through a three-party redirect flow. The app never sees the user\'s password β instead it receives a scoped access token after the user consents at the authorization server.',
+ "See how OAuth 2.0 delegates authorization through a three-party redirect flow. The app never sees the user's password β instead it receives a scoped access token after the user consents at the authorization server.",
tier: 'client',
actors: [
{ id: 'app', label: 'Your App', icon: 'browser', position: 'left' },
@@ -149,7 +148,7 @@ export const oauth2Flow: SimulationConfig = {
id: 'pkce-redirect',
label: 'Authorization Request',
description:
- 'App generates a random code_verifier and its SHA-256 hash (code_challenge) for PKCE. Then it redirects the user\'s browser to the authorization server with client_id, scope, state, and the code_challenge.',
+ "App generates a random code_verifier and its SHA-256 hash (code_challenge) for PKCE. Then it redirects the user's browser to the authorization server with client_id, scope, state, and the code_challenge.",
fromActor: 'app',
toActor: 'auth',
duration: 800,
@@ -182,7 +181,7 @@ export const oauth2Flow: SimulationConfig = {
id: 'user-consent',
label: 'User Consent',
description:
- 'Auth server presents a consent screen showing what the app is requesting. The user authenticates (if not already logged in) and approves the requested scopes. The app never sees the user\'s credentials.',
+ "Auth server presents a consent screen showing what the app is requesting. The user authenticates (if not already logged in) and approves the requested scopes. The app never sees the user's credentials.",
fromActor: 'auth',
toActor: 'app',
duration: 1200,
@@ -215,7 +214,7 @@ export const oauth2Flow: SimulationConfig = {
id: 'auth-code',
label: 'Authorization Code',
description:
- 'After consent, the auth server redirects the browser back to the app\'s callback URL with a short-lived authorization code and the original state parameter for CSRF verification.',
+ "After consent, the auth server redirects the browser back to the app's callback URL with a short-lived authorization code and the original state parameter for CSRF verification.",
fromActor: 'auth',
toActor: 'app',
duration: 800,
@@ -368,11 +367,7 @@ export const oauth2Flow: SimulationConfig = {
cipherSuite: 'AES-256-GCM',
length: 384
}),
- httpResponseLayer(
- '200 OK',
- '#22c55e',
- '{id:42, name:"Alice", email:"alice@example.com"}'
- )
+ httpResponseLayer('200 OK', '#22c55e', '{id:42, name:"Alice", email:"alice@example.com"}')
]
}
]
diff --git a/src/lib/simulator/simulations/ospf-adjacency.ts b/src/lib/simulator/simulations/ospf-adjacency.ts
index 0415c48..5fc341e 100644
--- a/src/lib/simulator/simulations/ospf-adjacency.ts
+++ b/src/lib/simulator/simulations/ospf-adjacency.ts
@@ -7,7 +7,7 @@ export const ospfAdjacency: SimulationConfig = {
protocolId: 'ospf',
title: 'OSPF Adjacency β Cold Boot to Full',
description:
- "Watch two routers walk the eight-state OSPF adjacency machine, synchronise their link-state databases, and converge. The protocol runs directly on IP (protocol 89) using link-local multicast 224.0.0.5 β no TCP, no UDP.",
+ 'Watch two routers walk the eight-state OSPF adjacency machine, synchronise their link-state databases, and converge. The protocol runs directly on IP (protocol 89) using link-local multicast 224.0.0.5 β no TCP, no UDP.',
tier: 'server',
actors: [
{ id: 'r1', label: 'Router R1', icon: 'router', position: 'left' },
@@ -154,7 +154,7 @@ export const ospfAdjacency: SimulationConfig = {
id: 'lsack',
label: 'LSAck (Full)',
description:
- "R1 acknowledges every LSA. OSPF implements reliable delivery on top of raw IP β no TCP underneath. Both routers are now Full: identical LSDB, ready to run Dijkstra.",
+ 'R1 acknowledges every LSA. OSPF implements reliable delivery on top of raw IP β no TCP underneath. Both routers are now Full: identical LSDB, ready to run Dijkstra.',
fromActor: 'r1',
toActor: 'r2',
duration: 1000,
@@ -190,23 +190,26 @@ export const ospfAdjacency: SimulationConfig = {
{
name: 'Algorithm',
bits: 0,
- value: "Dijkstra (E.W. Dijkstra, 1956)",
+ value: 'Dijkstra (E.W. Dijkstra, 1956)',
editable: false,
- description: 'The shortest-path-first algorithm β every link-state router runs it locally on its own LSDB'
+ description:
+ 'The shortest-path-first algorithm β every link-state router runs it locally on its own LSDB'
},
{
name: 'Throttle',
bits: 0,
value: 'RFC 8405: 50 / 200 / 5000 ms',
editable: false,
- description: 'SPF back-off: INITIAL, SHORT_WAIT, LONG_WAIT β prevents thrashing on rapid topology churn'
+ description:
+ 'SPF back-off: INITIAL, SHORT_WAIT, LONG_WAIT β prevents thrashing on rapid topology churn'
},
{
name: 'Result',
bits: 0,
value: 'Shortest-path tree from R1 installed into FIB',
editable: false,
- description: 'The forwarding information base β what hardware actually uses to forward packets'
+ description:
+ 'The forwarding information base β what hardware actually uses to forward packets'
}
]
}
diff --git a/src/lib/simulator/simulations/quic-connection.ts b/src/lib/simulator/simulations/quic-connection.ts
index 6d64d12..6ba2dc8 100644
--- a/src/lib/simulator/simulations/quic-connection.ts
+++ b/src/lib/simulator/simulations/quic-connection.ts
@@ -43,7 +43,7 @@ export const quicConnection: SimulationConfig = {
id: 'handshake',
label: 'Handshake',
description:
- 'The server responds with an Initial packet (containing ServerHello) followed by a Handshake packet with its certificate and Finished message. The server\'s Initial carries the TLS ServerHello, while the Handshake packet carries encrypted certificate data. This completes the server side of the cryptographic handshake.',
+ "The server responds with an Initial packet (containing ServerHello) followed by a Handshake packet with its certificate and Finished message. The server's Initial carries the TLS ServerHello, while the Handshake packet carries encrypted certificate data. This completes the server side of the cryptographic handshake.",
fromActor: 'server',
toActor: 'client',
duration: 1000,
@@ -115,7 +115,7 @@ export const quicConnection: SimulationConfig = {
id: 'close',
label: 'Connection Close',
description:
- 'Either side can close the connection immediately with a CONNECTION_CLOSE frame. Unlike TCP\'s four-way FIN handshake, QUIC closes in a single packet. The frame includes an error code (0 = no error) and an optional reason phrase. The peer enters a draining period before freeing connection state.',
+ "Either side can close the connection immediately with a CONNECTION_CLOSE frame. Unlike TCP's four-way FIN handshake, QUIC closes in a single packet. The frame includes an error code (0 = no error) and an optional reason phrase. The peer enters a draining period before freeing connection state.",
fromActor: 'client',
toActor: 'server',
duration: 600,
diff --git a/src/lib/simulator/simulations/rest-api.ts b/src/lib/simulator/simulations/rest-api.ts
index 6483d99..8f34cc2 100644
--- a/src/lib/simulator/simulations/rest-api.ts
+++ b/src/lib/simulator/simulations/rest-api.ts
@@ -10,13 +10,59 @@ function httpRequestLayer(method: string, path: string, body?: string) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Method', bits: 0, value: method, editable: false, description: `HTTP method β ${method} retrieves or modifies a resource` },
- { name: 'Path', bits: 0, value: path, editable: false, description: 'REST resource path β follows /resource/{id} convention' },
- { name: 'Version', bits: 0, value: 'HTTP/1.1', editable: false, description: 'Protocol version' },
- { name: 'Host', bits: 0, value: 'api.example.com', editable: false, description: 'API server hostname' },
- { name: 'Content-Type', bits: 0, value: 'application/json', editable: false, description: 'MIME type β REST APIs typically use JSON' },
- ...(body ? [{ name: 'Body', bits: 0, value: body, editable: false, description: 'JSON request body β the resource representation' }] : []),
- { name: 'Accept', bits: 0, value: 'application/json', editable: false, description: 'Client tells the server it expects JSON responses' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: method,
+ editable: false,
+ description: `HTTP method β ${method} retrieves or modifies a resource`
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: path,
+ editable: false,
+ description: 'REST resource path β follows /resource/{id} convention'
+ },
+ {
+ name: 'Version',
+ bits: 0,
+ value: 'HTTP/1.1',
+ editable: false,
+ description: 'Protocol version'
+ },
+ {
+ name: 'Host',
+ bits: 0,
+ value: 'api.example.com',
+ editable: false,
+ description: 'API server hostname'
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'MIME type β REST APIs typically use JSON'
+ },
+ ...(body
+ ? [
+ {
+ name: 'Body',
+ bits: 0,
+ value: body,
+ editable: false,
+ description: 'JSON request body β the resource representation'
+ }
+ ]
+ : []),
+ {
+ name: 'Accept',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'Client tells the server it expects JSON responses'
+ }
]
};
}
@@ -28,10 +74,35 @@ function httpResponseLayer(status: string, body: string, statusColor: string) {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Version', bits: 0, value: 'HTTP/1.1', editable: false, description: 'Protocol version' },
- { name: 'Status', bits: 0, value: status, editable: false, description: `HTTP status code β ${status}`, color: statusColor },
- { name: 'Content-Type', bits: 0, value: 'application/json', editable: false, description: 'Response body is JSON-encoded' },
- { name: 'Body', bits: 0, value: body, editable: false, description: 'JSON response body β the resource representation' }
+ {
+ name: 'Version',
+ bits: 0,
+ value: 'HTTP/1.1',
+ editable: false,
+ description: 'Protocol version'
+ },
+ {
+ name: 'Status',
+ bits: 0,
+ value: status,
+ editable: false,
+ description: `HTTP status code β ${status}`,
+ color: statusColor
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'application/json',
+ editable: false,
+ description: 'Response body is JSON-encoded'
+ },
+ {
+ name: 'Body',
+ bits: 0,
+ value: body,
+ editable: false,
+ description: 'JSON response body β the resource representation'
+ }
]
};
}
diff --git a/src/lib/simulator/simulations/rtp-media.ts b/src/lib/simulator/simulations/rtp-media.ts
index 8b5e80f..aeb4d47 100644
--- a/src/lib/simulator/simulations/rtp-media.ts
+++ b/src/lib/simulator/simulations/rtp-media.ts
@@ -11,10 +11,34 @@ function createRTCPLayer(reportType: string, ssrc: string, payload: string): Pro
osiLayer: 7,
color: '#BE185D',
headerFields: [
- { name: 'Version', bits: 2, value: 2, editable: false, description: 'RTCP version β always 2' },
- { name: 'Report Type', bits: 8, value: reportType, editable: false, description: 'RTCP packet type β SR (200), RR (201), SDES (202), BYE (203)' },
- { name: 'SSRC', bits: 32, value: ssrc, editable: false, description: 'SSRC of the report sender' },
- { name: 'Report Data', bits: 0, value: payload, editable: false, description: 'Statistics β NTP timestamp, packet count, jitter, loss fraction' }
+ {
+ name: 'Version',
+ bits: 2,
+ value: 2,
+ editable: false,
+ description: 'RTCP version β always 2'
+ },
+ {
+ name: 'Report Type',
+ bits: 8,
+ value: reportType,
+ editable: false,
+ description: 'RTCP packet type β SR (200), RR (201), SDES (202), BYE (203)'
+ },
+ {
+ name: 'SSRC',
+ bits: 32,
+ value: ssrc,
+ editable: false,
+ description: 'SSRC of the report sender'
+ },
+ {
+ name: 'Report Data',
+ bits: 0,
+ value: payload,
+ editable: false,
+ description: 'Statistics β NTP timestamp, packet count, jitter, loss fraction'
+ }
]
};
}
@@ -89,7 +113,11 @@ export const rtpMedia: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 17 }),
createUDPLayer({ srcPort: 5005, dstPort: 5005 }),
- createRTCPLayer('SR (200)', '0x12345678', 'NTP: 2026-03-13 14:30:00, Packets: 1500, Bytes: 240000')
+ createRTCPLayer(
+ 'SR (200)',
+ '0x12345678',
+ 'NTP: 2026-03-13 14:30:00, Packets: 1500, Bytes: 240000'
+ )
]
},
{
@@ -105,7 +133,11 @@ export const rtpMedia: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 17 }),
createUDPLayer({ srcPort: 5005, dstPort: 5005 }),
- createRTCPLayer('RR (201)', '0x87654321', 'Loss: 0.5%, Jitter: 12ms, Last SR: 14:30:00, Delay: 45ms')
+ createRTCPLayer(
+ 'RR (201)',
+ '0x87654321',
+ 'Loss: 0.5%, Jitter: 12ms, Last SR: 14:30:00, Delay: 45ms'
+ )
]
}
]
diff --git a/src/lib/simulator/simulations/sctp-association.ts b/src/lib/simulator/simulations/sctp-association.ts
index 8535a0f..2e4b4dd 100644
--- a/src/lib/simulator/simulations/sctp-association.ts
+++ b/src/lib/simulator/simulations/sctp-association.ts
@@ -7,7 +7,7 @@ export const sctpAssociation: SimulationConfig = {
protocolId: 'sctp',
title: 'SCTP β Multi-Stream Association',
description:
- 'Watch SCTP\'s four-way handshake that establishes a multi-stream association. Unlike TCP\'s three-way handshake, SCTP uses a cookie mechanism to prevent SYN flood attacks. SCTP also supports multi-homing β a single association can span multiple IP addresses for failover.',
+ "Watch SCTP's four-way handshake that establishes a multi-stream association. Unlike TCP's three-way handshake, SCTP uses a cookie mechanism to prevent SYN flood attacks. SCTP also supports multi-homing β a single association can span multiple IP addresses for failover.",
tier: 'client',
actors: [
{ id: 'client', label: 'Client', icon: 'client', position: 'left' },
@@ -40,7 +40,7 @@ export const sctpAssociation: SimulationConfig = {
id: 'init-ack',
label: 'INIT-ACK',
description:
- 'The server responds with INIT-ACK containing its own parameters and a State Cookie. The cookie is a signed bundle of both sides\' parameters β crucially, the server still allocates no state. This cookie-based design makes SCTP immune to SYN flood denial-of-service attacks.',
+ "The server responds with INIT-ACK containing its own parameters and a State Cookie. The cookie is a signed bundle of both sides' parameters β crucially, the server still allocates no state. This cookie-based design makes SCTP immune to SYN flood denial-of-service attacks.",
fromActor: 'server',
toActor: 'client',
duration: 800,
diff --git a/src/lib/simulator/simulations/sdp-negotiation.ts b/src/lib/simulator/simulations/sdp-negotiation.ts
index e5e820f..e5e1bfc 100644
--- a/src/lib/simulator/simulations/sdp-negotiation.ts
+++ b/src/lib/simulator/simulations/sdp-negotiation.ts
@@ -10,9 +10,28 @@ function createSDPLayer(type: string, fields: string, media: string): ProtocolLa
osiLayer: 7,
color: '#A855F7',
headerFields: [
- { name: 'Type', bits: 0, value: type, editable: false, description: 'SDP role β Offer (initial proposal) or Answer (accepted subset)' },
- { name: 'Session Fields', bits: 0, value: fields, editable: false, description: 'Session-level fields β v= (version), o= (origin), s= (session name), t= (timing)' },
- { name: 'Media', bits: 0, value: media, editable: false, description: 'Media descriptions β m= lines with port, protocol, and format list' },
+ {
+ name: 'Type',
+ bits: 0,
+ value: type,
+ editable: false,
+ description: 'SDP role β Offer (initial proposal) or Answer (accepted subset)'
+ },
+ {
+ name: 'Session Fields',
+ bits: 0,
+ value: fields,
+ editable: false,
+ description:
+ 'Session-level fields β v= (version), o= (origin), s= (session name), t= (timing)'
+ },
+ {
+ name: 'Media',
+ bits: 0,
+ value: media,
+ editable: false,
+ description: 'Media descriptions β m= lines with port, protocol, and format list'
+ }
]
};
}
@@ -24,8 +43,20 @@ function signalingLayer(action: string): ProtocolLayer {
osiLayer: 7,
color: '#6366F1',
headerFields: [
- { name: 'Action', bits: 0, value: action, editable: false, description: 'Signaling action β carried over WebSocket, HTTP, or SIP' },
- { name: 'Content-Type', bits: 0, value: 'application/sdp', editable: false, description: 'The payload is an SDP description' }
+ {
+ name: 'Action',
+ bits: 0,
+ value: action,
+ editable: false,
+ description: 'Signaling action β carried over WebSocket, HTTP, or SIP'
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'application/sdp',
+ editable: false,
+ description: 'The payload is an SDP description'
+ }
]
};
}
diff --git a/src/lib/simulator/simulations/sip-call.ts b/src/lib/simulator/simulations/sip-call.ts
index 031e966..b94f95a 100644
--- a/src/lib/simulator/simulations/sip-call.ts
+++ b/src/lib/simulator/simulations/sip-call.ts
@@ -65,7 +65,7 @@ export const sipCall: SimulationConfig = {
id: 'ringing',
label: '180 Ringing',
description:
- 'The callee\'s phone is ringing. The 180 Ringing response is forwarded back through the proxy chain. The caller can now play a ringback tone. This provisional response can optionally include early media (ringback from the callee\'s network) via SDP.',
+ "The callee's phone is ringing. The 180 Ringing response is forwarded back through the proxy chain. The caller can now play a ringback tone. This provisional response can optionally include early media (ringback from the callee's network) via SDP.",
fromActor: 'server',
toActor: 'caller',
duration: 800,
diff --git a/src/lib/simulator/simulations/smtp-delivery.ts b/src/lib/simulator/simulations/smtp-delivery.ts
index 8664a46..89b5f07 100644
--- a/src/lib/simulator/simulations/smtp-delivery.ts
+++ b/src/lib/simulator/simulations/smtp-delivery.ts
@@ -160,7 +160,7 @@ export const smtpDelivery: SimulationConfig = {
id: 'queued',
label: '250 Queued',
description:
- 'The server accepts the message for delivery and returns a queue ID. The 250 code means the server has taken responsibility for delivering this email. The message will now be relayed to the recipient\'s mail server by looking up MX records in DNS.',
+ "The server accepts the message for delivery and returns a queue ID. The 250 code means the server has taken responsibility for delivering this email. The message will now be relayed to the recipient's mail server by looking up MX records in DNS.",
fromActor: 'server',
toActor: 'client',
duration: 800,
diff --git a/src/lib/simulator/simulations/soap-request.ts b/src/lib/simulator/simulations/soap-request.ts
index 1c3e00d..2c19d3c 100644
--- a/src/lib/simulator/simulations/soap-request.ts
+++ b/src/lib/simulator/simulations/soap-request.ts
@@ -58,8 +58,7 @@ function httpRequestLayer(
bits: 0,
value: extra.soapAction,
editable: false,
- description:
- 'HTTP header identifying the SOAP operation β required by SOAP 1.1'
+ description: 'HTTP header identifying the SOAP operation β required by SOAP 1.1'
}
]
: [])
@@ -252,11 +251,7 @@ export const soapRequest: SimulationConfig = {
protocol: 6
}),
createTCPLayer({ srcPort: 80, dstPort: 51400, flags: 'PSH,ACK' }),
- httpResponseLayer(
- '500 Internal Server Error',
- 'text/xml; charset=utf-8',
- '#ef4444'
- ),
+ httpResponseLayer('500 Internal Server Error', 'text/xml; charset=utf-8', '#ef4444'),
createSOAPLayer({
body: 'Fault(code: "Client", string: "Invalid user ID")',
header: 'faultactor: http://example.com/UserService'
diff --git a/src/lib/simulator/simulations/sse-stream.ts b/src/lib/simulator/simulations/sse-stream.ts
index 56384e0..d206e70 100644
--- a/src/lib/simulator/simulations/sse-stream.ts
+++ b/src/lib/simulator/simulations/sse-stream.ts
@@ -11,11 +11,41 @@ function sseRequestLayer(): ProtocolLayer {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Method', bits: 0, value: 'GET', editable: false, description: 'SSE uses a standard GET request β no upgrade or special handshake needed' },
- { name: 'Path', bits: 0, value: '/events', editable: false, description: 'Event stream endpoint β the server will hold this connection open' },
- { name: 'Accept', bits: 0, value: 'text/event-stream', editable: false, description: 'Tells the server the client wants an SSE stream, not a regular response' },
- { name: 'Cache-Control', bits: 0, value: 'no-cache', editable: false, description: 'Prevents caching β events should always be received fresh from the server' },
- { name: 'Connection', bits: 0, value: 'keep-alive', editable: false, description: 'The connection stays open for the stream duration' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: 'GET',
+ editable: false,
+ description: 'SSE uses a standard GET request β no upgrade or special handshake needed'
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: '/events',
+ editable: false,
+ description: 'Event stream endpoint β the server will hold this connection open'
+ },
+ {
+ name: 'Accept',
+ bits: 0,
+ value: 'text/event-stream',
+ editable: false,
+ description: 'Tells the server the client wants an SSE stream, not a regular response'
+ },
+ {
+ name: 'Cache-Control',
+ bits: 0,
+ value: 'no-cache',
+ editable: false,
+ description: 'Prevents caching β events should always be received fresh from the server'
+ },
+ {
+ name: 'Connection',
+ bits: 0,
+ value: 'keep-alive',
+ editable: false,
+ description: 'The connection stays open for the stream duration'
+ }
]
};
}
@@ -27,25 +57,85 @@ function sseResponseLayer(): ProtocolLayer {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Status', bits: 0, value: '200 OK', editable: false, description: 'Stream opened successfully β data will follow incrementally', color: '#22c55e' },
- { name: 'Content-Type', bits: 0, value: 'text/event-stream', editable: false, description: 'SSE MIME type β tells the browser to use EventSource API' },
- { name: 'Cache-Control', bits: 0, value: 'no-cache', editable: false, description: 'No caching for live event streams' },
- { name: 'Connection', bits: 0, value: 'keep-alive', editable: false, description: 'Connection remains open β no Content-Length since the stream is infinite' }
+ {
+ name: 'Status',
+ bits: 0,
+ value: '200 OK',
+ editable: false,
+ description: 'Stream opened successfully β data will follow incrementally',
+ color: '#22c55e'
+ },
+ {
+ name: 'Content-Type',
+ bits: 0,
+ value: 'text/event-stream',
+ editable: false,
+ description: 'SSE MIME type β tells the browser to use EventSource API'
+ },
+ {
+ name: 'Cache-Control',
+ bits: 0,
+ value: 'no-cache',
+ editable: false,
+ description: 'No caching for live event streams'
+ },
+ {
+ name: 'Connection',
+ bits: 0,
+ value: 'keep-alive',
+ editable: false,
+ description: 'Connection remains open β no Content-Length since the stream is infinite'
+ }
]
};
}
-function sseEventLayer(eventType: string, eventId: string, data: string, retry: string): ProtocolLayer {
+function sseEventLayer(
+ eventType: string,
+ eventId: string,
+ data: string,
+ retry: string
+): ProtocolLayer {
return {
name: 'SSE Event',
abbreviation: 'SSE',
osiLayer: 7,
color: '#EF4444',
headerFields: [
- { name: 'Event Type', bits: 0, value: eventType, editable: false, description: 'Named event type β clients listen for specific types with addEventListener()' },
- { name: 'Event ID', bits: 0, value: eventId, editable: false, description: 'Unique event identifier β sent as Last-Event-ID on reconnect for resumption' },
- { name: 'Data', bits: 0, value: data, editable: false, description: 'Event payload β UTF-8 text, typically JSON. Multiple data: lines are joined with newlines' },
- ...(retry ? [{ name: 'Retry', bits: 0, value: retry, editable: false, description: 'Reconnection interval in milliseconds β browser waits this long before reconnecting' }] : [])
+ {
+ name: 'Event Type',
+ bits: 0,
+ value: eventType,
+ editable: false,
+ description: 'Named event type β clients listen for specific types with addEventListener()'
+ },
+ {
+ name: 'Event ID',
+ bits: 0,
+ value: eventId,
+ editable: false,
+ description: 'Unique event identifier β sent as Last-Event-ID on reconnect for resumption'
+ },
+ {
+ name: 'Data',
+ bits: 0,
+ value: data,
+ editable: false,
+ description:
+ 'Event payload β UTF-8 text, typically JSON. Multiple data: lines are joined with newlines'
+ },
+ ...(retry
+ ? [
+ {
+ name: 'Retry',
+ bits: 0,
+ value: retry,
+ editable: false,
+ description:
+ 'Reconnection interval in milliseconds β browser waits this long before reconnecting'
+ }
+ ]
+ : [])
]
};
}
@@ -83,7 +173,10 @@ export const sseStream: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 52500, dstPort: 443, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
sseRequestLayer()
]
},
@@ -100,7 +193,10 @@ export const sseStream: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 52500, flags: 'PSH,ACK' }),
- createTLSRecordLayer({ contentType: 'Application Data (23)', handshakeType: 'N/A (encrypted)' }),
+ createTLSRecordLayer({
+ contentType: 'Application Data (23)',
+ handshakeType: 'N/A (encrypted)'
+ }),
sseResponseLayer()
]
},
@@ -149,7 +245,12 @@ export const sseStream: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 52500, flags: 'PSH,ACK' }),
- sseEventLayer('notification', 'evt-003', '{"alert": "System maintenance in 10 minutes"}', '5000')
+ sseEventLayer(
+ 'notification',
+ 'evt-003',
+ '{"alert": "System maintenance in 10 minutes"}',
+ '5000'
+ )
]
},
{
diff --git a/src/lib/simulator/simulations/stomp-subscription.ts b/src/lib/simulator/simulations/stomp-subscription.ts
index ac13794..10d8de3 100644
--- a/src/lib/simulator/simulations/stomp-subscription.ts
+++ b/src/lib/simulator/simulations/stomp-subscription.ts
@@ -28,7 +28,7 @@ export const stompSubscription: SimulationConfig = {
id: 'connect',
label: 'CONNECT',
description:
- 'The client sends a CONNECT frame with login credentials and protocol version. STOMP frames are human-readable text: a command line, headers as key:value pairs, a blank line, an optional body, and a null character terminator. This simplicity is STOMP\'s main advantage.',
+ "The client sends a CONNECT frame with login credentials and protocol version. STOMP frames are human-readable text: a command line, headers as key:value pairs, a blank line, an optional body, and a null character terminator. This simplicity is STOMP's main advantage.",
fromActor: 'client',
toActor: 'broker',
duration: 800,
diff --git a/src/lib/simulator/simulations/tcp-handshake.ts b/src/lib/simulator/simulations/tcp-handshake.ts
index fc70e0e..534505c 100644
--- a/src/lib/simulator/simulations/tcp-handshake.ts
+++ b/src/lib/simulator/simulations/tcp-handshake.ts
@@ -50,7 +50,7 @@ export const tcpHandshake: SimulationConfig = {
id: 'syn-ack',
label: 'SYN-ACK',
description:
- 'Server acknowledges the client\'s SYN and sends its own SYN. The ACK number equals the client\'s sequence + 1, confirming receipt.',
+ "Server acknowledges the client's SYN and sends its own SYN. The ACK number equals the client's sequence + 1, confirming receipt.",
fromActor: 'server',
toActor: 'client',
duration: 1200,
@@ -78,7 +78,7 @@ export const tcpHandshake: SimulationConfig = {
id: 'ack',
label: 'ACK',
description:
- 'Client completes the handshake by acknowledging the server\'s SYN. The connection is now ESTABLISHED β both sides agree on sequence numbers.',
+ "Client completes the handshake by acknowledging the server's SYN. The connection is now ESTABLISHED β both sides agree on sequence numbers.",
fromActor: 'client',
toActor: 'server',
duration: 1000,
diff --git a/src/lib/simulator/simulations/tls-handshake.ts b/src/lib/simulator/simulations/tls-handshake.ts
index 9334393..aaee2f8 100644
--- a/src/lib/simulator/simulations/tls-handshake.ts
+++ b/src/lib/simulator/simulations/tls-handshake.ts
@@ -82,7 +82,7 @@ export const tlsHandshake: SimulationConfig = {
createTLSRecordLayer({
handshakeType: 'Certificate + Verify',
cipherSuite: 'TLS_AES_256_GCM_SHA384',
- extensions: 'CN=example.com, Issuer=Let\'s Encrypt',
+ extensions: "CN=example.com, Issuer=Let's Encrypt",
length: 2048
})
]
diff --git a/src/lib/simulator/simulations/udp-datagram.ts b/src/lib/simulator/simulations/udp-datagram.ts
index d2e111e..f4cd1f0 100644
--- a/src/lib/simulator/simulations/udp-datagram.ts
+++ b/src/lib/simulator/simulations/udp-datagram.ts
@@ -27,7 +27,7 @@ export const udpDatagram: SimulationConfig = {
id: 'dgram-1',
label: 'Datagram #1',
description:
- 'UDP sends the first datagram immediately β no connection setup needed. Notice the minimal 8-byte header compared to TCP\'s 20 bytes.',
+ "UDP sends the first datagram immediately β no connection setup needed. Notice the minimal 8-byte header compared to TCP's 20 bytes.",
fromActor: 'sender',
toActor: 'receiver',
duration: 800,
@@ -42,7 +42,13 @@ export const udpDatagram: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Payload', bits: 0, value: 'Packet #1: Hello!', editable: false, description: 'Application payload β sent without waiting for acknowledgment' }
+ {
+ name: 'Payload',
+ bits: 0,
+ value: 'Packet #1: Hello!',
+ editable: false,
+ description: 'Application payload β sent without waiting for acknowledgment'
+ }
]
}
]
@@ -51,7 +57,7 @@ export const udpDatagram: SimulationConfig = {
id: 'dgram-2',
label: 'Datagram #2',
description:
- 'The second datagram is sent right away β UDP doesn\'t wait for the first one to be acknowledged. Each datagram is independent.',
+ "The second datagram is sent right away β UDP doesn't wait for the first one to be acknowledged. Each datagram is independent.",
fromActor: 'sender',
toActor: 'receiver',
duration: 800,
@@ -66,7 +72,13 @@ export const udpDatagram: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Payload', bits: 0, value: 'Packet #2: World!', editable: false, description: 'Another independent datagram' }
+ {
+ name: 'Payload',
+ bits: 0,
+ value: 'Packet #2: World!',
+ editable: false,
+ description: 'Another independent datagram'
+ }
]
}
]
@@ -90,7 +102,14 @@ export const udpDatagram: SimulationConfig = {
osiLayer: 7,
color: '#ef4444',
headerFields: [
- { name: 'Payload', bits: 0, value: 'Packet #3: Lost!', editable: false, description: 'This datagram never arrives β lost in the network', color: '#ef4444' }
+ {
+ name: 'Payload',
+ bits: 0,
+ value: 'Packet #3: Lost!',
+ editable: false,
+ description: 'This datagram never arrives β lost in the network',
+ color: '#ef4444'
+ }
]
}
]
@@ -99,7 +118,7 @@ export const udpDatagram: SimulationConfig = {
id: 'dgram-4',
label: 'Datagram #4',
description:
- 'The sender keeps going, unaware that datagram #3 was lost. This is the trade-off: UDP is fast because it doesn\'t wait, but unreliable.',
+ "The sender keeps going, unaware that datagram #3 was lost. This is the trade-off: UDP is fast because it doesn't wait, but unreliable.",
fromActor: 'sender',
toActor: 'receiver',
duration: 800,
@@ -113,7 +132,13 @@ export const udpDatagram: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Payload', bits: 0, value: 'Packet #4: Still here', editable: false, description: 'The sender continues without knowing about the loss' }
+ {
+ name: 'Payload',
+ bits: 0,
+ value: 'Packet #4: Still here',
+ editable: false,
+ description: 'The sender continues without knowing about the loss'
+ }
]
}
]
@@ -122,7 +147,7 @@ export const udpDatagram: SimulationConfig = {
id: 'dgram-5',
label: 'Datagram #5',
description:
- 'Final datagram sent. The receiver got packets 1, 2, 4, and 5 β but not 3. If ordering matters, the application must handle that itself (UDP doesn\'t).',
+ "Final datagram sent. The receiver got packets 1, 2, 4, and 5 β but not 3. If ordering matters, the application must handle that itself (UDP doesn't).",
fromActor: 'sender',
toActor: 'receiver',
duration: 800,
@@ -136,7 +161,13 @@ export const udpDatagram: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Payload', bits: 0, value: 'Packet #5: Done', editable: false, description: 'Last datagram β receiver reconstructs what it can' }
+ {
+ name: 'Payload',
+ bits: 0,
+ value: 'Packet #5: Done',
+ editable: false,
+ description: 'Last datagram β receiver reconstructs what it can'
+ }
]
}
]
diff --git a/src/lib/simulator/simulations/uwb-ranging.ts b/src/lib/simulator/simulations/uwb-ranging.ts
index f0465f7..6ddb4ea 100644
--- a/src/lib/simulator/simulations/uwb-ranging.ts
+++ b/src/lib/simulator/simulations/uwb-ranging.ts
@@ -5,7 +5,7 @@ export const uwbRanging: SimulationConfig = {
protocolId: 'uwb',
title: 'UWB Ranging β BLE bootstrap β DS-TWR β distance',
description:
- "The five beats every consumer UWB session walks: BLE advertise β BLE GATT pairing + STS_KEY transport β UWB Poll β UWB Response β UWB Final β distance. Same flow under AirTag Precision Finding, BMW Digital Key, Aqara U400 hands-free unlock, and (from Feb 2026) Aliro 1.0 for everyone else.",
+ 'The five beats every consumer UWB session walks: BLE advertise β BLE GATT pairing + STS_KEY transport β UWB Poll β UWB Response β UWB Final β distance. Same flow under AirTag Precision Finding, BMW Digital Key, Aqara U400 hands-free unlock, and (from Feb 2026) Aliro 1.0 for everyone else.',
tier: 'client',
actors: [
{ id: 'phone', label: 'iPhone (Initiator)', icon: 'device', position: 'left' },
@@ -17,10 +17,7 @@ export const uwbRanging: SimulationConfig = {
label: 'UWB channel',
type: 'select',
defaultValue: 'Channel 9 (7987.2 MHz)',
- options: [
- 'Channel 5 (6489.6 MHz, universal)',
- 'Channel 9 (7987.2 MHz, restricted in Japan)'
- ]
+ options: ['Channel 5 (6489.6 MHz, universal)', 'Channel 9 (7987.2 MHz, restricted in Japan)']
},
{
id: 'mode',
@@ -165,7 +162,7 @@ export const uwbRanging: SimulationConfig = {
id: 'compute-tof',
label: 'Compute ToF β DS-TWR cross-product cancels clock drift',
description:
- "The anchor (or phone, in some implementations) plugs all six timestamps into the cross-product:\n\n`ToF = (T_round1 Β· T_round2 β T_reply1 Β· T_reply2) / (T_round1 + T_round2 + T_reply1 + T_reply2)`\n\nwhere `T_round1 = t4βt1`, `T_reply1 = t3βt2`, `T_round2 = t6βt3`, `T_reply2 = t5βt4`. The cross-product cancels relative clock drift to first order β DS-TWR is insensitive to 20 ppm crystal offsets, where SS-TWR would yield ~1.2 m of bias under the same conditions. Multiply ToF by `c β 0.299792458 m/ns` to get distance.",
+ 'The anchor (or phone, in some implementations) plugs all six timestamps into the cross-product:\n\n`ToF = (T_round1 Β· T_round2 β T_reply1 Β· T_reply2) / (T_round1 + T_round2 + T_reply1 + T_reply2)`\n\nwhere `T_round1 = t4βt1`, `T_reply1 = t3βt2`, `T_round2 = t6βt3`, `T_reply2 = t5βt4`. The cross-product cancels relative clock drift to first order β DS-TWR is insensitive to 20 ppm crystal offsets, where SS-TWR would yield ~1.2 m of bias under the same conditions. Multiply ToF by `c β 0.299792458 m/ns` to get distance.',
fromActor: 'anchor',
toActor: 'phone',
duration: 800,
diff --git a/src/lib/simulator/simulations/webrtc-peer.ts b/src/lib/simulator/simulations/webrtc-peer.ts
index 01c455f..f7ec031 100644
--- a/src/lib/simulator/simulations/webrtc-peer.ts
+++ b/src/lib/simulator/simulations/webrtc-peer.ts
@@ -38,7 +38,8 @@ function createSDPLayer(type: 'Offer' | 'Answer') {
bits: 0,
value: 'sha-256 AB:CD:...',
editable: false,
- description: 'DTLS certificate fingerprint β verified during DTLS handshake for authentication'
+ description:
+ 'DTLS certificate fingerprint β verified during DTLS handshake for authentication'
}
]
};
@@ -170,7 +171,7 @@ export const webrtcPeer: SimulationConfig = {
id: 'sdp-answer-relay',
label: 'SDP Answer (relay)',
description:
- 'Signaling server relays the answer to Peer A. Both peers now know each other\'s capabilities. Next, ICE connectivity checks will find the best direct path between them.',
+ "Signaling server relays the answer to Peer A. Both peers now know each other's capabilities. Next, ICE connectivity checks will find the best direct path between them.",
fromActor: 'signal',
toActor: 'peerA',
duration: 600,
@@ -186,7 +187,7 @@ export const webrtcPeer: SimulationConfig = {
id: 'ice-stun',
label: 'ICE / STUN',
description:
- 'Peers exchange STUN Binding Requests directly to test connectivity. ICE tries multiple candidate paths (host, server-reflexive, relay) and picks the best one. STUN reveals each peer\'s public IP.',
+ "Peers exchange STUN Binding Requests directly to test connectivity. ICE tries multiple candidate paths (host, server-reflexive, relay) and picks the best one. STUN reveals each peer's public IP.",
fromActor: 'peerA',
toActor: 'peerB',
duration: 1000,
diff --git a/src/lib/simulator/simulations/websocket.ts b/src/lib/simulator/simulations/websocket.ts
index 5b6f060..4a8b2e3 100644
--- a/src/lib/simulator/simulations/websocket.ts
+++ b/src/lib/simulator/simulations/websocket.ts
@@ -43,12 +43,49 @@ export const websocketConnection: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Method', bits: 0, value: 'GET', editable: false, description: 'WebSocket upgrade always starts with GET' },
- { name: 'Path', bits: 0, value: '/ws/chat', editable: false, description: 'WebSocket endpoint path' },
- { name: 'Upgrade', bits: 0, value: 'websocket', editable: false, description: 'Requests protocol switch to WebSocket' },
- { name: 'Connection', bits: 0, value: 'Upgrade', editable: false, description: 'Signals this is a connection upgrade, not a normal request' },
- { name: 'Sec-WebSocket-Key', bits: 0, value: 'dGhlIHNhbXBsZ...', editable: false, description: 'Base64-encoded random key β server hashes it to prove it supports WebSocket' },
- { name: 'Sec-WebSocket-Version', bits: 0, value: '13', editable: false, description: 'WebSocket protocol version (13 is the only current version)' }
+ {
+ name: 'Method',
+ bits: 0,
+ value: 'GET',
+ editable: false,
+ description: 'WebSocket upgrade always starts with GET'
+ },
+ {
+ name: 'Path',
+ bits: 0,
+ value: '/ws/chat',
+ editable: false,
+ description: 'WebSocket endpoint path'
+ },
+ {
+ name: 'Upgrade',
+ bits: 0,
+ value: 'websocket',
+ editable: false,
+ description: 'Requests protocol switch to WebSocket'
+ },
+ {
+ name: 'Connection',
+ bits: 0,
+ value: 'Upgrade',
+ editable: false,
+ description: 'Signals this is a connection upgrade, not a normal request'
+ },
+ {
+ name: 'Sec-WebSocket-Key',
+ bits: 0,
+ value: 'dGhlIHNhbXBsZ...',
+ editable: false,
+ description:
+ 'Base64-encoded random key β server hashes it to prove it supports WebSocket'
+ },
+ {
+ name: 'Sec-WebSocket-Version',
+ bits: 0,
+ value: '13',
+ editable: false,
+ description: 'WebSocket protocol version (13 is the only current version)'
+ }
]
}
]
@@ -72,10 +109,36 @@ export const websocketConnection: SimulationConfig = {
osiLayer: 7,
color: '#00D4FF',
headerFields: [
- { name: 'Status', bits: 0, value: '101 Switching Protocols', editable: false, description: 'Server agrees to switch from HTTP to WebSocket', color: '#22c55e' },
- { name: 'Upgrade', bits: 0, value: 'websocket', editable: false, description: 'Confirms the protocol switch' },
- { name: 'Connection', bits: 0, value: 'Upgrade', editable: false, description: 'Connection is now upgraded' },
- { name: 'Sec-WebSocket-Accept', bits: 0, value: 's3pPLMBiTxaQ9k...', editable: false, description: 'SHA-1 hash of the client key + magic GUID β proves server supports WebSocket' }
+ {
+ name: 'Status',
+ bits: 0,
+ value: '101 Switching Protocols',
+ editable: false,
+ description: 'Server agrees to switch from HTTP to WebSocket',
+ color: '#22c55e'
+ },
+ {
+ name: 'Upgrade',
+ bits: 0,
+ value: 'websocket',
+ editable: false,
+ description: 'Confirms the protocol switch'
+ },
+ {
+ name: 'Connection',
+ bits: 0,
+ value: 'Upgrade',
+ editable: false,
+ description: 'Connection is now upgraded'
+ },
+ {
+ name: 'Sec-WebSocket-Accept',
+ bits: 0,
+ value: 's3pPLMBiTxaQ9k...',
+ editable: false,
+ description:
+ 'SHA-1 hash of the client key + magic GUID β proves server supports WebSocket'
+ }
]
}
]
@@ -109,7 +172,12 @@ export const websocketConnection: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 52200, flags: 'PSH,ACK' }),
- createWebSocketFrameLayer({ opcode: 'Text (0x1)', mask: 0, maskingKey: 'N/A', payload: 'Message received!' })
+ createWebSocketFrameLayer({
+ opcode: 'Text (0x1)',
+ mask: 0,
+ maskingKey: 'N/A',
+ payload: 'Message received!'
+ })
]
},
{
@@ -125,7 +193,13 @@ export const websocketConnection: SimulationConfig = {
createEthernetLayer({ srcMac: 'AA:BB:CC:DD:EE:FF', dstMac: '00:1A:2B:3C:4D:5E' }),
createIPv4Layer({ srcIp: '93.184.216.34', dstIp: '192.168.1.100', protocol: 6 }),
createTCPLayer({ srcPort: 443, dstPort: 52200, flags: 'PSH,ACK' }),
- createWebSocketFrameLayer({ opcode: 'Ping (0x9)', mask: 0, payloadLength: 0, maskingKey: 'N/A', payload: '' })
+ createWebSocketFrameLayer({
+ opcode: 'Ping (0x9)',
+ mask: 0,
+ payloadLength: 0,
+ maskingKey: 'N/A',
+ payload: ''
+ })
]
},
{
@@ -141,7 +215,12 @@ export const websocketConnection: SimulationConfig = {
createEthernetLayer(),
createIPv4Layer({ protocol: 6 }),
createTCPLayer({ srcPort: 52200, dstPort: 443, flags: 'PSH,ACK' }),
- createWebSocketFrameLayer({ opcode: 'Close (0x8)', payloadLength: 2, payload: '1000 (Normal)', maskingKey: '0x55AA33CC' })
+ createWebSocketFrameLayer({
+ opcode: 'Close (0x8)',
+ payloadLength: 2,
+ payload: '1000 (Normal)',
+ maskingKey: '0x55AA33CC'
+ })
]
}
]
diff --git a/src/lib/simulator/simulations/wifi-association.ts b/src/lib/simulator/simulations/wifi-association.ts
index 50f80ed..81cd1c6 100644
--- a/src/lib/simulator/simulations/wifi-association.ts
+++ b/src/lib/simulator/simulations/wifi-association.ts
@@ -38,7 +38,7 @@ export const wifiAssociation: SimulationConfig = {
id: 'auth',
label: 'Authentication',
description:
- 'The laptop sends an Authentication frame to the AP using WPA3\'s Simultaneous Authentication of Equals (SAE). Unlike WPA2\'s simple open-system authentication, SAE performs a zero-knowledge proof β neither side reveals the password, yet both can verify the other knows it. This prevents offline dictionary attacks.',
+ "The laptop sends an Authentication frame to the AP using WPA3's Simultaneous Authentication of Equals (SAE). Unlike WPA2's simple open-system authentication, SAE performs a zero-knowledge proof β neither side reveals the password, yet both can verify the other knows it. This prevents offline dictionary attacks.",
fromActor: 'laptop',
toActor: 'ap',
duration: 800,
@@ -57,7 +57,7 @@ export const wifiAssociation: SimulationConfig = {
id: 'assoc-request',
label: 'Association Request',
description:
- 'After successful authentication, the laptop sends an Association Request to join the BSS (Basic Service Set). This frame advertises the laptop\'s capabilities: supported PHY rates, power management mode, and QoS support. The AP uses this to decide whether the station is compatible and which rates to use.',
+ "After successful authentication, the laptop sends an Association Request to join the BSS (Basic Service Set). This frame advertises the laptop's capabilities: supported PHY rates, power management mode, and QoS support. The AP uses this to decide whether the station is compatible and which rates to use.",
fromActor: 'laptop',
toActor: 'ap',
duration: 800,
@@ -136,7 +136,7 @@ export const wifiAssociation: SimulationConfig = {
id: 'bridge-to-ethernet',
label: 'Bridge to Ethernet',
description:
- 'The AP decrypts the Wi-Fi frame and re-encapsulates the IP packet into a standard Ethernet frame for the wired LAN. The AP\'s MAC becomes the Ethernet source, and the LAN server\'s MAC becomes the destination. This bridging is transparent β the server sees a normal Ethernet frame and has no idea the traffic originated from a wireless client.',
+ "The AP decrypts the Wi-Fi frame and re-encapsulates the IP packet into a standard Ethernet frame for the wired LAN. The AP's MAC becomes the Ethernet source, and the LAN server's MAC becomes the destination. This bridging is transparent β the server sees a normal Ethernet frame and has no idea the traffic originated from a wireless client.",
fromActor: 'ap',
toActor: 'server',
duration: 600,
diff --git a/src/lib/simulator/simulations/wireguard-handshake.ts b/src/lib/simulator/simulations/wireguard-handshake.ts
index c0aadc4..461499a 100644
--- a/src/lib/simulator/simulations/wireguard-handshake.ts
+++ b/src/lib/simulator/simulations/wireguard-handshake.ts
@@ -8,7 +8,7 @@ export const wireguardHandshake: SimulationConfig = {
protocolId: 'wireguard',
title: 'WireGuard β Noise_IKpsk2 Handshake and Transport',
description:
- "Watch two WireGuard peers β Alice and Bob β complete a one-round-trip Noise_IKpsk2 handshake and start exchanging encrypted IP packets. Then watch the 120-second rekey, the design that gives WireGuard per-handshake forward secrecy.",
+ 'Watch two WireGuard peers β Alice and Bob β complete a one-round-trip Noise_IKpsk2 handshake and start exchanging encrypted IP packets. Then watch the 120-second rekey, the design that gives WireGuard per-handshake forward secrecy.',
tier: 'client',
actors: [
{ id: 'alice', label: 'Peer A (Alice)', icon: 'client', position: 'left' },
@@ -48,7 +48,8 @@ export const wireguardHandshake: SimulationConfig = {
type: '1 (Handshake Init)',
senderIndex: '0xABCD1234',
receiverIndex: '0x00000000',
- payload: 'ephemeral_pub (32 B) + enc_static (32+16 B) + enc_TAI64N (12+16 B) + MAC1 (16 B) + MAC2 (16 B)'
+ payload:
+ 'ephemeral_pub (32 B) + enc_static (32+16 B) + enc_TAI64N (12+16 B) + MAC1 (16 B) + MAC2 (16 B)'
})
]
},
@@ -99,7 +100,7 @@ export const wireguardHandshake: SimulationConfig = {
id: 'transport-data-2',
label: 'Transport Data (B β A)',
description:
- "Reverse direction uses a *different* key (WireGuard keys are unidirectional β separate `T_send` and `T_recv` derived from the same chaining key) and a *separate* counter. Each direction has its own anti-replay window.",
+ 'Reverse direction uses a *different* key (WireGuard keys are unidirectional β separate `T_send` and `T_recv` derived from the same chaining key) and a *separate* counter. Each direction has its own anti-replay window.',
fromActor: 'bob',
toActor: 'alice',
duration: 1300,
@@ -142,7 +143,7 @@ export const wireguardHandshake: SimulationConfig = {
id: 'rekey',
label: 'Rekey at REKEY_AFTER_TIME (120 s)',
description:
- "At 120 seconds, Alice (whoever sent the first handshake) initiates a fresh handshake. A new pair of ephemeral keys; the chaining key is freshly derived; the old session keys are wiped. **Per-handshake forward secrecy** across sessions, **per-message forward secrecy** within a session.",
+ 'At 120 seconds, Alice (whoever sent the first handshake) initiates a fresh handshake. A new pair of ephemeral keys; the chaining key is freshly derived; the old session keys are wiped. **Per-handshake forward secrecy** across sessions, **per-message forward secrecy** within a session.',
fromActor: 'alice',
toActor: 'bob',
duration: 1400,
diff --git a/src/lib/simulator/simulations/zigbee-join.ts b/src/lib/simulator/simulations/zigbee-join.ts
index bf2fc6a..f53b26f 100644
--- a/src/lib/simulator/simulations/zigbee-join.ts
+++ b/src/lib/simulator/simulations/zigbee-join.ts
@@ -5,7 +5,7 @@ export const zigbeeJoin: SimulationConfig = {
protocolId: 'zigbee',
title: 'Zigbee Device Join β Coordinator β new bulb β first OnOff command',
description:
- "Watch a new Zigbee 3.0 bulb join a Trust Centerβcentralised network with an install code: beacon scan β Association β Transport-Key β Toggle. Same flow under every Philips Hue join, IKEA TrΓ₯dfri pairing, and Aqara device commissioning in 2026.",
+ 'Watch a new Zigbee 3.0 bulb join a Trust Centerβcentralised network with an install code: beacon scan β Association β Transport-Key β Toggle. Same flow under every Philips Hue join, IKEA TrΓ₯dfri pairing, and Aqara device commissioning in 2026.',
tier: 'client',
actors: [
{ id: 'bulb', label: 'New Bulb (Joiner)', icon: 'device', position: 'left' },
@@ -18,14 +18,23 @@ export const zigbeeJoin: SimulationConfig = {
label: 'Zigbee channel',
type: 'select',
defaultValue: '25 (2475 MHz)',
- options: ['15 (2425 MHz, avoids Wi-Fi 6)', '20 (2450 MHz)', '25 (2475 MHz)', '26 (2480 MHz, regulatory limit)']
+ options: [
+ '15 (2425 MHz, avoids Wi-Fi 6)',
+ '20 (2450 MHz)',
+ '25 (2475 MHz)',
+ '26 (2480 MHz, regulatory limit)'
+ ]
},
{
id: 'auth',
label: 'Pre-configured link key',
type: 'select',
defaultValue: 'Install code (secure)',
- options: ['Install code (secure)', 'ZigBeeAlliance09 default (legacy)', 'R23 Dynamic Link Key (SPEKE/Curve25519)']
+ options: [
+ 'Install code (secure)',
+ 'ZigBeeAlliance09 default (legacy)',
+ 'R23 Dynamic Link Key (SPEKE/Curve25519)'
+ ]
},
{
id: 'panId',
@@ -92,7 +101,8 @@ export const zigbeeJoin: SimulationConfig = {
dstPan: '0x1A62',
dstAddr: '0x0000 (Coordinator)',
srcAddr: 'EUI-64 of the joiner',
- payload: 'MAC Cmd 0x01 β Association Request. Capability=0x8E (FFD, mains-powered, security-capable, allocate-short)'
+ payload:
+ 'MAC Cmd 0x01 β Association Request. Capability=0x8E (FFD, mains-powered, security-capable, allocate-short)'
})
]
},
@@ -112,7 +122,8 @@ export const zigbeeJoin: SimulationConfig = {
dstPan: '0x1A62',
dstAddr: 'EUI-64 of joiner',
srcAddr: '0x0000 (Coordinator EUI-64)',
- payload: 'MAC Cmd 0x02 β Association Response. Allocated short=0x3F4E. Status=0x00 (success)'
+ payload:
+ 'MAC Cmd 0x02 β Association Response. Allocated short=0x3F4E. Status=0x00 (success)'
})
]
},
@@ -127,13 +138,15 @@ export const zigbeeJoin: SimulationConfig = {
highlight: ['Frame Control', 'Aux Sec Hdr / MIC', 'Payload (APS frame)'],
layers: [
createZigbeeNWKLayer({
- frameControl: '0x0048 (Data, ProtoVer=2, NWK Security off β APS-level only on Transport-Key)',
+ frameControl:
+ '0x0048 (Data, ProtoVer=2, NWK Security off β APS-level only on Transport-Key)',
dstAddr: '0x3F4E',
srcAddr: '0x0000',
radius: 1,
seq: 0x10,
security: '(none at NWK; APS encrypts under pre-conf link key)',
- payload: 'APS Cmd 0x05 β Transport-Key (Network Key). Encrypted under install-code-derived link key.'
+ payload:
+ 'APS Cmd 0x05 β Transport-Key (Network Key). Encrypted under install-code-derived link key.'
})
]
},
@@ -141,7 +154,7 @@ export const zigbeeJoin: SimulationConfig = {
id: 'device-announce',
label: 'Device Announce β bulb broadcasts its arrival',
description:
- "The joiner now has both a short address and the network key. It NWK-broadcasts a **Device Announce** ZDO message (cluster 0x0013) β *I am 0x3F4E, EUI-64 = β¦, capability = β¦* β so every router knows to add it to their routing tables and binding tables. From here the device is on the mesh.",
+ 'The joiner now has both a short address and the network key. It NWK-broadcasts a **Device Announce** ZDO message (cluster 0x0013) β *I am 0x3F4E, EUI-64 = β¦, capability = β¦* β so every router knows to add it to their routing tables and binding tables. From here the device is on the mesh.',
fromActor: 'bulb',
toActor: 'router',
duration: 900,
@@ -162,7 +175,7 @@ export const zigbeeJoin: SimulationConfig = {
id: 'onoff-toggle',
label: 'First command β ZCL OnOff.Toggle = 0x02',
description:
- "A switch (or the Hue app via the bridge) sends a ZCL OnOff Toggle command to the new bulb. APS frame: Cluster 0x0006 (OnOff), Profile 0x0104 (Home Automation), Cmd 0x02 (Toggle). The ZCL FrameCtrl byte 0x11 says *cluster-specific, clientβserver, disable default response*. The whole on-the-wire payload is roughly 40 bytes including all the headers.",
+ 'A switch (or the Hue app via the bridge) sends a ZCL OnOff Toggle command to the new bulb. APS frame: Cluster 0x0006 (OnOff), Profile 0x0104 (Home Automation), Cmd 0x02 (Toggle). The ZCL FrameCtrl byte 0x11 says *cluster-specific, clientβserver, disable default response*. The whole on-the-wire payload is roughly 40 bytes including all the headers.',
fromActor: 'coord',
toActor: 'bulb',
duration: 1000,
diff --git a/src/lib/tour/app-tour.ts b/src/lib/tour/app-tour.ts
index e420262..d3a0e60 100644
--- a/src/lib/tour/app-tour.ts
+++ b/src/lib/tour/app-tour.ts
@@ -33,8 +33,7 @@ export async function startTour(appState: AppState, allNodes: GraphNode[]): Prom
// destroy so the user lands back where they started.
const savedPath = window.location.pathname + window.location.search;
const baseHome = `${base}/`;
- const isAtHome =
- window.location.pathname === baseHome || window.location.pathname === base;
+ const isAtHome = window.location.pathname === baseHome || window.location.pathname === base;
if (!isAtHome) {
await goto(baseHome, { replaceState: false, keepFocus: true });
}
@@ -68,9 +67,7 @@ export async function startTour(appState: AppState, allNodes: GraphNode[]): Prom
const PANEL_ANIM_MS = 380;
- let tourDriver: ReturnType;
-
- tourDriver = driver({
+ const tourDriver = driver({
showProgress: true,
animate: true,
overlayColor: '#0f172a',
@@ -428,8 +425,8 @@ export async function startTour(appState: AppState, allNodes: GraphNode[]): Prom
appState.activeTour = { destroy: () => tourDriver.destroy() };
// Expose for dev testing (tree-shaken in prod via __dev check)
- if (typeof window !== 'undefined' && (window as any).__dev) {
- (window as any).__tourDriver = tourDriver;
+ if (typeof window !== 'undefined' && window.__dev) {
+ window.__tourDriver = tourDriver;
}
tourDriver.drive();
diff --git a/src/lib/utils/colors.test.ts b/src/lib/utils/colors.test.ts
new file mode 100644
index 0000000..47aef4b
--- /dev/null
+++ b/src/lib/utils/colors.test.ts
@@ -0,0 +1,54 @@
+import { describe, it, expect } from 'vitest';
+import { hexToRgba, shiftHsl, themedDomColor } from './colors';
+
+describe('hexToRgba', () => {
+ it('converts a 6-digit hex + alpha to an rgba() string', () => {
+ expect(hexToRgba('#ff8800', 0.5)).toBe('rgba(255, 136, 0, 0.5)');
+ expect(hexToRgba('#000000', 1)).toBe('rgba(0, 0, 0, 1)');
+ });
+});
+
+describe('shiftHsl', () => {
+ it('returns the input unchanged for non-hex values', () => {
+ expect(shiftHsl('rgb(1,2,3)', 0.1)).toBe('rgb(1,2,3)');
+ expect(shiftHsl('not-a-color', 0.1)).toBe('not-a-color');
+ });
+
+ it('round-trips a color (dl=0) to within rounding error', () => {
+ // Pure HSLβRGBβHSL with no shift should reproduce the input Β±1 per channel.
+ const out = shiftHsl('#3366cc', 0);
+ expect(out).toMatch(/^#[0-9a-f]{6}$/);
+ const chan = (s: string, i: number) => parseInt(s.slice(1 + i * 2, 3 + i * 2), 16);
+ for (let i = 0; i < 3; i++) {
+ expect(Math.abs(chan(out, i) - chan('#3366cc', i))).toBeLessThanOrEqual(2);
+ }
+ });
+
+ it('lightens with positive dl and darkens with negative dl', () => {
+ const luminance = (hex: string) =>
+ parseInt(hex.slice(1, 3), 16) + parseInt(hex.slice(3, 5), 16) + parseInt(hex.slice(5, 7), 16);
+ const base = '#3366cc';
+ expect(luminance(shiftHsl(base, 0.2))).toBeGreaterThan(luminance(base));
+ expect(luminance(shiftHsl(base, -0.2))).toBeLessThan(luminance(base));
+ });
+
+ it('expands 3-digit shorthand hex', () => {
+ expect(shiftHsl('#abc', 0)).toMatch(/^#[0-9a-f]{6}$/);
+ });
+});
+
+describe('themedDomColor', () => {
+ it('passes colors through unchanged in dark theme', () => {
+ expect(themedDomColor('#abcdef', 'dark')).toBe('#abcdef');
+ });
+
+ it('darkens an unmapped bright color for light backgrounds', () => {
+ const out = themedDomColor('#ffff00', 'light'); // very bright yellow
+ expect(out).not.toBe('#ffff00');
+ expect(out).toMatch(/^#[0-9a-f]{6}$/);
+ });
+
+ it('leaves non-hex values alone in light theme', () => {
+ expect(themedDomColor('currentColor', 'light')).toBe('currentColor');
+ });
+});
diff --git a/src/lib/utils/math.test.ts b/src/lib/utils/math.test.ts
new file mode 100644
index 0000000..a5515d4
--- /dev/null
+++ b/src/lib/utils/math.test.ts
@@ -0,0 +1,64 @@
+import { describe, it, expect } from 'vitest';
+import {
+ lerp,
+ clamp,
+ distance,
+ pointInCircle,
+ easeOutCubic,
+ easeInOutCubic,
+ normalizeAngle
+} from './math';
+
+describe('lerp', () => {
+ it('returns endpoints at t=0 and t=1', () => {
+ expect(lerp(10, 20, 0)).toBe(10);
+ expect(lerp(10, 20, 1)).toBe(20);
+ });
+ it('interpolates the midpoint and extrapolates past the range', () => {
+ expect(lerp(0, 100, 0.5)).toBe(50);
+ expect(lerp(0, 10, 1.5)).toBe(15);
+ });
+});
+
+describe('clamp', () => {
+ it('bounds values to [min, max]', () => {
+ expect(clamp(5, 0, 10)).toBe(5);
+ expect(clamp(-3, 0, 10)).toBe(0);
+ expect(clamp(42, 0, 10)).toBe(10);
+ });
+});
+
+describe('distance / pointInCircle', () => {
+ it('computes euclidean distance (3-4-5)', () => {
+ expect(distance(0, 0, 3, 4)).toBe(5);
+ });
+ it('treats the radius as inclusive', () => {
+ expect(pointInCircle(3, 4, 0, 0, 5)).toBe(true);
+ expect(pointInCircle(3, 4, 0, 0, 4.99)).toBe(false);
+ });
+});
+
+describe('easing', () => {
+ it('easeOutCubic maps [0,1] to [0,1] monotonically', () => {
+ expect(easeOutCubic(0)).toBe(0);
+ expect(easeOutCubic(1)).toBe(1);
+ expect(easeOutCubic(0.5)).toBeCloseTo(0.875, 5);
+ });
+ it('easeInOutCubic is symmetric around 0.5', () => {
+ expect(easeInOutCubic(0)).toBe(0);
+ expect(easeInOutCubic(1)).toBe(1);
+ expect(easeInOutCubic(0.5)).toBeCloseTo(0.5, 5);
+ // symmetry: f(t) + f(1-t) === 1
+ expect(easeInOutCubic(0.2) + easeInOutCubic(0.8)).toBeCloseTo(1, 5);
+ });
+});
+
+describe('normalizeAngle', () => {
+ const TAU = 2 * Math.PI;
+ it('wraps into [0, 2Ο)', () => {
+ expect(normalizeAngle(0)).toBeCloseTo(0, 5);
+ expect(normalizeAngle(TAU)).toBeCloseTo(0, 5);
+ expect(normalizeAngle(-Math.PI)).toBeCloseTo(Math.PI, 5);
+ expect(normalizeAngle(3 * TAU + 1)).toBeCloseTo(1, 5);
+ });
+});
diff --git a/src/lib/utils/mermaid-helpers.ts b/src/lib/utils/mermaid-helpers.ts
index 771834c..51dc748 100644
--- a/src/lib/utils/mermaid-helpers.ts
+++ b/src/lib/utils/mermaid-helpers.ts
@@ -1,9 +1,38 @@
/**
- * Shared mermaid rendering utilities used by MermaidDiagram and DiagramModal.
+ * Shared mermaid rendering utilities used by the diagram components.
*/
import { stripRichTextMarkup } from '$lib/utils/text-parser';
+type MermaidApi = typeof import('mermaid').default;
+
+/** Per-diagram-kind config merged onto the shared base. Values are passed
+ * straight to mermaid; kept loose so this module never statically imports
+ * mermaid's types (which would pull the library into the initial bundle). */
+interface MermaidOverrides {
+ sequence?: Record;
+ flowchart?: Record;
+}
+
+/**
+ * Dynamically import mermaid (~200 KB β deliberately kept out of the initial
+ * bundle) and initialize it with the shared base config plus any per-component
+ * overrides. Every diagram component should go through this so the base theme /
+ * security / font settings live in exactly one place.
+ */
+export async function loadMermaid(overrides: MermaidOverrides = {}): Promise {
+ const mod = await import('mermaid');
+ const config = {
+ startOnLoad: false,
+ theme: 'dark',
+ securityLevel: 'loose',
+ fontFamily: 'ui-sans-serif, system-ui, -apple-system, sans-serif',
+ ...overrides
+ };
+ mod.default.initialize(config as Parameters[0]);
+ return mod.default;
+}
+
export function buildThemedDefinition(
rawDef: string,
color: string,
diff --git a/src/lib/utils/sequence-parser.test.ts b/src/lib/utils/sequence-parser.test.ts
new file mode 100644
index 0000000..bb9bd3a
--- /dev/null
+++ b/src/lib/utils/sequence-parser.test.ts
@@ -0,0 +1,93 @@
+import { describe, it, expect } from 'vitest';
+import { parseSequenceSteps, visibleSteps } from './sequence-parser';
+
+describe('parseSequenceSteps', () => {
+ it('ignores diagram preamble, declarations, comments and blank lines', () => {
+ const src = `sequenceDiagram
+ autonumber
+ participant A
+ actor B
+ %% a comment
+
+ `;
+ expect(parseSequenceSteps(src)).toEqual([]);
+ });
+
+ it('parses notes with placement and multiple actors', () => {
+ const steps = parseSequenceSteps('Note over A,B: shared state');
+ expect(steps).toEqual([
+ { kind: 'note', placement: 'over', actors: ['A', 'B'], text: 'shared state' }
+ ]);
+ });
+
+ it('maps "left of" / "right of" placements', () => {
+ expect(parseSequenceSteps('Note left of A: x')[0]).toMatchObject({ placement: 'left' });
+ expect(parseSequenceSteps('Note right of A: y')[0]).toMatchObject({ placement: 'right' });
+ });
+
+ it('classifies all arrow kinds and prefers the longest token', () => {
+ const arrows = parseSequenceSteps(
+ [
+ 'A->B: solid',
+ 'A->>B: solid-head',
+ 'A-->B: dashed',
+ 'A-->>B: dashed-head',
+ 'A-xB: lost-solid',
+ 'A--xB: lost-dashed'
+ ].join('\n')
+ );
+ expect(arrows.map((s) => (s.kind === 'message' ? s.arrow : null))).toEqual([
+ 'solid',
+ 'solid',
+ 'dashed',
+ 'dashed',
+ 'lost-solid',
+ 'lost-dashed'
+ ]);
+ });
+
+ it('captures message from/to/text', () => {
+ const [msg] = parseSequenceSteps('Client->>Server: SYN');
+ expect(msg).toEqual({
+ kind: 'message',
+ from: 'Client',
+ to: 'Server',
+ arrow: 'solid',
+ text: 'SYN'
+ });
+ });
+
+ it('parses block markers (par/loop/alt/opt/and/else/end)', () => {
+ const steps = parseSequenceSteps(
+ ['par fan out', 'and branch', 'end', 'alt ok', 'else fail', 'end', 'loop retry', 'end'].join(
+ '\n'
+ )
+ );
+ expect(steps.map((s) => s.kind)).toEqual([
+ 'block-start',
+ 'block-and',
+ 'block-end',
+ 'block-start',
+ 'block-and',
+ 'block-end',
+ 'block-start',
+ 'block-end'
+ ]);
+ expect(steps[0]).toMatchObject({ type: 'par', label: 'fan out' });
+ expect(steps[3]).toMatchObject({ type: 'alt', label: 'ok' });
+ });
+
+ it('preserves source order across mixed content', () => {
+ const steps = parseSequenceSteps(
+ ['Note over A: start', 'A->>B: req', 'B-->>A: res'].join('\n')
+ );
+ expect(steps.map((s) => s.kind)).toEqual(['note', 'message', 'message']);
+ });
+});
+
+describe('visibleSteps', () => {
+ it('keeps only notes and messages, dropping block markers', () => {
+ const steps = parseSequenceSteps(['par x', 'A->>B: hi', 'Note over A: n', 'end'].join('\n'));
+ expect(visibleSteps(steps).map((s) => s.kind)).toEqual(['message', 'note']);
+ });
+});
diff --git a/src/lib/utils/text-parser.test.ts b/src/lib/utils/text-parser.test.ts
new file mode 100644
index 0000000..d2ad7e1
--- /dev/null
+++ b/src/lib/utils/text-parser.test.ts
@@ -0,0 +1,120 @@
+import { describe, it, expect } from 'vitest';
+import { parseRichText, parseParagraphs, stripRichTextMarkup } from './text-parser';
+
+describe('parseRichText β primitives', () => {
+ it('returns a single text segment for plain prose', () => {
+ expect(parseRichText('just words')).toEqual([{ type: 'text', value: 'just words' }]);
+ });
+
+ it('parses **bold**, `code`, and *italic*', () => {
+ expect(parseRichText('**b**')).toEqual([{ type: 'bold', value: 'b' }]);
+ expect(parseRichText('`x = 1`')).toEqual([{ type: 'code', value: 'x = 1' }]);
+ expect(parseRichText('*em*')).toEqual([{ type: 'italic', value: 'em' }]);
+ });
+
+ it('does NOT treat spaced asterisks as italic (math-multiplication guard)', () => {
+ const segs = parseRichText('a * b * c');
+ expect(segs).toEqual([{ type: 'text', value: 'a * b * c' }]);
+ });
+
+ it('preserves leading/trailing text around a match in order', () => {
+ expect(parseRichText('see **this** now')).toEqual([
+ { type: 'text', value: 'see ' },
+ { type: 'bold', value: 'this' },
+ { type: 'text', value: ' now' }
+ ]);
+ });
+});
+
+describe('parseRichText β cross references', () => {
+ it('parses a protocol link and fills the label from the registry', () => {
+ expect(parseRichText('[[tcp|TCP]]')).toEqual([
+ { type: 'protocol-link', protocolId: 'tcp', label: 'TCP' }
+ ]);
+ // Bare form resolves the label from the protocol registry (abbreviation).
+ expect(parseRichText('[[tcp]]')).toEqual([
+ { type: 'protocol-link', protocolId: 'tcp', label: 'TCP' }
+ ]);
+ });
+
+ it('parses a typed rfc: reference', () => {
+ const segs = parseRichText('[[rfc:9293|RFC 9293]]');
+ expect(segs).toEqual([{ type: 'rfc-ref', number: '9293', label: 'RFC 9293' }]);
+ });
+
+ it('parses a concept tooltip token', () => {
+ expect(parseRichText('{{handshake|the handshake}}')).toEqual([
+ { type: 'concept', conceptId: 'handshake', label: 'the handshake' }
+ ]);
+ });
+
+ it('falls back to visible plain text for an unknown [[prefix:β¦]]', () => {
+ // Surfacing typos rather than dropping them silently.
+ expect(parseRichText('[[bogus:xyz|Label]]')).toEqual([
+ { type: 'text', value: '[[bogus:xyz|Label]]' }
+ ]);
+ });
+});
+
+describe('parseRichText β bold-wrapped variants', () => {
+ it('parses **{{concept}}** as a bold-concept', () => {
+ expect(parseRichText('**{{handshake|Handshake}}**')).toEqual([
+ { type: 'bold-concept', conceptId: 'handshake', label: 'Handshake' }
+ ]);
+ });
+
+ it('parses **[[tcp|TCP]]** as a bold-protocol-link', () => {
+ expect(parseRichText('**[[tcp|TCP]]**')).toEqual([
+ { type: 'bold-protocol-link', protocolId: 'tcp', label: 'TCP' }
+ ]);
+ });
+
+ it('parses **bold with {{nested}}** as a recursive bold-group', () => {
+ const segs = parseRichText('**see {{handshake|the handshake}} live**');
+ expect(segs).toHaveLength(1);
+ expect(segs[0].type).toBe('bold-group');
+ if (segs[0].type === 'bold-group') {
+ expect(segs[0].segments.map((s) => s.type)).toEqual(['text', 'concept', 'text']);
+ }
+ });
+});
+
+describe('parseParagraphs', () => {
+ it('splits on blank lines into one segment list per paragraph', () => {
+ const paras = parseParagraphs('one **two**\n\nthree');
+ expect(paras).toHaveLength(2);
+ expect(paras[0].map((s) => s.type)).toEqual(['text', 'bold']);
+ expect(paras[1]).toEqual([{ type: 'text', value: 'three' }]);
+ });
+});
+
+describe('stripRichTextMarkup', () => {
+ it('reduces atoms to their visible label', () => {
+ expect(stripRichTextMarkup('[[tcp|TCP]] over {{ip|IP}} is **fast**')).toBe(
+ 'TCP over IP is fast'
+ );
+ });
+
+ it('does not eat the outer brackets of a nested Mermaid-style construct', () => {
+ // NODE[[[id|Label]]] β the id char-class excludes `[` so the inner wrap
+ // resolves to its label and the surrounding brackets survive.
+ expect(stripRichTextMarkup('NODE[[[tcp|TCP]]]')).toBe('NODE[TCP]');
+ });
+
+ it('is idempotent on already-plain text', () => {
+ expect(stripRichTextMarkup('nothing to strip')).toBe('nothing to strip');
+ });
+
+ it('resolves a bare [[id]] to its label instead of dropping it', () => {
+ // Regression: previously a label-less ref stripped to '' and the word
+ // vanished from tooltips / aria-labels.
+ expect(stripRichTextMarkup('runs on [[tcp]] today')).toBe('runs on TCP today');
+ expect(stripRichTextMarkup('see [[rfc:9293]]')).toBe('see RFC 9293');
+ });
+
+ it('resolves a bare {{concept}} to its term', () => {
+ const out = stripRichTextMarkup('the {{handshake}} step');
+ expect(out).not.toContain('{{');
+ expect(out.toLowerCase()).toContain('handshake');
+ });
+});
diff --git a/src/lib/utils/text-parser.ts b/src/lib/utils/text-parser.ts
index 3ed025a..a9859a9 100644
--- a/src/lib/utils/text-parser.ts
+++ b/src/lib/utils/text-parser.ts
@@ -182,7 +182,7 @@ export function parseRichText(raw: string): TextSegment[] {
// recursively parse it and emit a bold-group; otherwise
// keep the cheap `bold` segment so simple cases stay flat.
const inner = match[9];
- if (/[\[{`*]/.test(inner)) {
+ if (/[[{`*]/.test(inner)) {
segments.push({ type: 'bold-group', segments: parseRichText(inner) });
} else {
segments.push({ type: 'bold', value: inner });
@@ -214,6 +214,35 @@ export function parseParagraphs(raw: string): TextSegment[][] {
return raw.split('\n\n').map((p) => parseRichText(p));
}
+/**
+ * Resolve a bracketed ref to the label text it should display when no explicit
+ * `|label` was given β mirrors {@link buildBracketSegment} so stripped text
+ * matches rendered text. A bare `[[tcp]]` becomes "TCP", not an empty string.
+ */
+function bracketFallbackLabel(rawId: string): string {
+ const colonIdx = rawId.indexOf(':');
+ const prefix = colonIdx === -1 ? 'protocol' : rawId.slice(0, colonIdx);
+ const id = colonIdx === -1 ? rawId : rawId.slice(colonIdx + 1);
+ switch (prefix) {
+ case 'protocol':
+ return getProtocolById(id)?.abbreviation ?? id.toUpperCase();
+ case 'rfc':
+ return `RFC ${id}`;
+ case 'outage':
+ return getOutageById(id)?.title ?? id;
+ case 'pioneer':
+ return getPioneerById(id)?.name ?? id;
+ case 'glossary':
+ return getConceptById(id)?.term ?? id;
+ case 'frontier':
+ return getFrontierById(id)?.title ?? id;
+ case 'chapter':
+ return id.includes('/') ? id.slice(id.indexOf('/') + 1) : id;
+ default:
+ return rawId;
+ }
+}
+
/**
* Strip rich-text atoms ([[β¦]] / {{β¦}} / **β¦**) down to their label
* text. For surfaces that render strings as raw DOM text (screen-reader
@@ -227,8 +256,17 @@ export function stripRichTextMarkup(raw: string): string {
// outer brackets when an author nests a wrap inside another bracketed
// construct β e.g. Mermaid's `NODE[[[id|Label]]]`. A legitimate id is
// always a slug, so disallowing `[`/`{` inside it is strictly correct.
+ //
+ // A bare ref with no `|label` resolves to its display label (protocol
+ // abbreviation, concept term, β¦) rather than vanishing β otherwise a bare
+ // `[[tcp]]` in a stripped field (tooltip / aria-label) would silently drop
+ // the word.
return raw
- .replace(/\[\[[^\]\[|]+(?:\|([^\]]+))?\]\]/g, (_m, label) => label ?? '')
- .replace(/\{\{[^}{|]+(?:\|([^}]+))?\}\}/g, (_m, label) => label ?? '')
+ .replace(/\[\[([^\][|]+)(?:\|([^\]]+))?\]\]/g, (_m, id, label) =>
+ label != null ? label : bracketFallbackLabel(id)
+ )
+ .replace(/\{\{([^}{|]+)(?:\|([^}]+))?\}\}/g, (_m, id, label) =>
+ label != null ? label : (getConceptById(id)?.term ?? id)
+ )
.replace(/\*\*([^*]+)\*\*/g, '$1');
}
diff --git a/src/routes/demo/+page.svelte b/src/routes/demo/+page.svelte
deleted file mode 100644
index 372e8bc..0000000
--- a/src/routes/demo/+page.svelte
+++ /dev/null
@@ -1,5 +0,0 @@
-
-
-playwright
diff --git a/src/routes/demo/playwright/+page.svelte b/src/routes/demo/playwright/+page.svelte
deleted file mode 100644
index 5f0f2c9..0000000
--- a/src/routes/demo/playwright/+page.svelte
+++ /dev/null
@@ -1 +0,0 @@
-Playwright e2e test demo
diff --git a/src/routes/demo/playwright/page.svelte.e2e.ts b/src/routes/demo/playwright/page.svelte.e2e.ts
deleted file mode 100644
index 1000be6..0000000
--- a/src/routes/demo/playwright/page.svelte.e2e.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-test('has expected h1', async ({ page }) => {
- await page.goto('/demo/playwright');
- await expect(page.locator('h1')).toBeVisible();
-});
diff --git a/src/routes/layout.css b/src/routes/layout.css
index a5ff270..f644435 100644
--- a/src/routes/layout.css
+++ b/src/routes/layout.css
@@ -2,6 +2,23 @@
@import 'driver.js/dist/driver.css';
@plugin '@tailwindcss/typography';
+/* ββ Reduced-motion reset ββ
+ When a user asks the OS for reduced motion, collapse all CSS animations,
+ transitions, and smooth scrolling to near-instant. Covers entrance
+ animations (detail panel, modals, tooltips, simulator arrows) in one place.
+ The canvas graph honors the same preference in JS (see GraphCanvas/
+ prefersReducedMotion). */
+@media (prefers-reduced-motion: reduce) {
+ *,
+ *::before,
+ *::after {
+ animation-duration: 0.01ms !important;
+ animation-iteration-count: 1 !important;
+ transition-duration: 0.01ms !important;
+ scroll-behavior: auto !important;
+ }
+}
+
/* ββ Semantic theme variables ββ */
:root {
--theme-bg: #090e1a;
@@ -16,7 +33,13 @@
--theme-scrollbar: rgba(255, 255, 255, 0.12);
--theme-scrollbar-thumb: rgba(255, 255, 255, 0.1);
--theme-scrollbar-thumb-hover: rgba(255, 255, 255, 0.2);
- --theme-panel-desktop: linear-gradient(to right, rgb(9 14 26 / 0.6), rgb(9 14 26 / 0.88) 25%, rgb(7 10 20 / 0.98) 70%, rgb(5 8 16 / 1));
+ --theme-panel-desktop: linear-gradient(
+ to right,
+ rgb(9 14 26 / 0.6),
+ rgb(9 14 26 / 0.88) 25%,
+ rgb(7 10 20 / 0.98) 70%,
+ rgb(5 8 16 / 1)
+ );
--theme-panel-mobile: rgb(5 8 16 / 0.98);
--theme-tooltip-bg: rgba(15, 23, 42, 0.92);
--theme-shadow-color: rgba(0, 0, 0, 0.3);
@@ -37,7 +60,13 @@
--theme-scrollbar: rgba(0, 0, 0, 0.08);
--theme-scrollbar-thumb: rgba(0, 0, 0, 0.12);
--theme-scrollbar-thumb-hover: rgba(0, 0, 0, 0.2);
- --theme-panel-desktop: linear-gradient(to right, rgb(219 234 254 / 0.55), rgb(232 238 246 / 0.92) 25%, rgb(241 245 249 / 0.98) 70%, rgb(248 250 252 / 1));
+ --theme-panel-desktop: linear-gradient(
+ to right,
+ rgb(219 234 254 / 0.55),
+ rgb(232 238 246 / 0.92) 25%,
+ rgb(241 245 249 / 0.98) 70%,
+ rgb(248 250 252 / 1)
+ );
--theme-panel-mobile: rgb(241 245 249 / 0.98);
--theme-tooltip-bg: rgba(248, 250, 252, 0.95);
--theme-shadow-color: rgba(0, 0, 0, 0.08);
diff --git a/static/og-image.png b/static/og-image.png
index 16d131c..755fe6c 100644
Binary files a/static/og-image.png and b/static/og-image.png differ
diff --git a/static/screenshot.png b/static/screenshot.png
deleted file mode 100644
index 16d131c..0000000
Binary files a/static/screenshot.png and /dev/null differ
diff --git a/vite.config.ts b/vite.config.ts
index 56f40c7..139c4c5 100644
--- a/vite.config.ts
+++ b/vite.config.ts
@@ -1,5 +1,14 @@
+///
import tailwindcss from '@tailwindcss/vite';
import { sveltekit } from '@sveltejs/kit/vite';
import { defineConfig } from 'vite';
-export default defineConfig({ plugins: [tailwindcss(), sveltekit()] });
+export default defineConfig({
+ plugins: [tailwindcss(), sveltekit()],
+ test: {
+ // Pure-logic unit tests (parsers, layout/sim math, utils, data validation).
+ // Component/DOM behavior is covered by the Playwright e2e suite instead.
+ include: ['src/**/*.{test,spec}.{js,ts}'],
+ environment: 'node'
+ }
+});