Hacker News new | ask | show | jobs
by e1g 1623 days ago
In case the email collection form gets hugged to death, here's a mirror https://web.archive.org/web/20220111162712/https://files.abl...

In our experience, many enterprise networks/vpns/firewalls still break websocket connections even when using wss, and it should not be used as the only communication channel even if you target evergreen browsers.
2 comments
paddybyers 1623 days ago
Disclaimer: I work for Ably. I agree in principle, so the libraries that handle websockets and also fallback transports using comet (eg SocketIO) are still widely used for that reason, and the commercial pub/sub service providers generally also support comet fallbacks. However, we now find that it is really very rare that clients are unable to use wss.
link
e1g 1623 days ago
WSS breaking is surprisingly common for clusters of our enterprise users, to the order of 5-10%. Specifically, when business users connect through security networks like Zscaler, often their employers will MITM all connections (similar to how AdGuard works) but in a way that breaks WSS. We have rigorous monitoring for both frontend and backend, and can trace these failures with accuracy - consistently, both the frontend and the ingress firewall think that the other one cancelled the connection attempt, so some network hop in-between did that. Every other network connection during that time works as expected (long polling/SSE over H2), but WSS get interrupted and sometimes can't reconnect. We still love the aliveness of web sockets, but have to architect data fetching in a way that doesn't depend on them working.
link
matt_oriordan 1623 days ago
That's surprising to hear, we definitely don't see anywhere near the order of 5-10%, at best on order of magnitude less.

Out of interest, what geography and industries are you operating in where you see such a high rate of incompatibiltiy?

Matt, Ably co-founder

link
e1g 1623 days ago
China and LATAM are definitely overrepresented. We deal with conglomerates and manufacturers, so it's vaguely industrial + heavy industry, but all these users are corporate folks using standard-issue BigCo laptops (almost certainly loaded with standard "security" layers from a dozen different vendors, making detailed diagnosis nearly impossible for us as a SaaS provider).
link
matt_oriordan 1623 days ago
Thanks for the explanation, useful to know.
link
app4soft 1623 days ago
Thank You for mirror!
link