Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Evented Web

The Evented Web

Given at the Denver Open Source Users Group (@dosug) Nov. 1, 2011

Mike Brevoort

November 01, 2011
Tweet

More Decks by Mike Brevoort

Other Decks in Programming

Transcript

  1. The Evented Web webhooks and websockets the dynamic duo Mike

    Brevoort @ mbrevoort Denver Open Source User Group November 1, 2011 1
  2. • The evented What? Why? • Webhooks • Websockets •

    Asynchronous I/O and node.js • Putting it all together 2
  3. 1990 HTML 1993 Common Gateway Interface (CGI) 1997 Java servlets

    1999 XMLHTTP ActiveX control 2004 Gmail, “web 2.0” 2005 AJAX coined CometD/Bayeux 2006 2010 (Dec 2009) Websockets Draft 4
  4. boiling yet? boiling yet? boiling yet? boiling yet? boiling yet?

    boiling yet? boiling yet? boiling yet? boiling yet? boiling yet? boiling yet? http://www.charlesculp.com/isleroyale07/BoilingWater_IMG_3487_800_160.jpg 8
  5. I will call them Webhooks. And they will be good

    Jeff Lindsay @progrium 2006 11
  6. what is a Webhook? callbacks over HTTP ... an HTTP

    POST that occurs when something happens 12
  7. 15

  8. receive data in real time Facebook User removes app HTTP

    POST signed request w/ user id Superpoke /remove 19
  9. receive data, do something, pass it on $ cat apple.txt

    | wc | mail -s "The count" [email protected] http://www.flickr.com/photos/russmorris/2713018257 21
  10. Customer Pays Yo’ App Yo’ Warehouse event New Order HTTP

    POST New Order HTTP PO ST Come and get it HTTP POST 22
  11. process data, give something in return like a typical API

    call but the contract is dictated by the caller (not the callee) 23
  12. process data, give something in return like a typical API

    call but the contract is dictated by the caller (not the callee) when something happens, I’m going to send you Y 23
  13. process data, give something in return like a typical API

    call but the contract is dictated by the caller (not the callee) when something happens, I’m going to send you Y OK 23
  14. process data, give something in return like a typical API

    call but the contract is dictated by the caller (not the callee) when something happens, I’m going to send you Y just tell me where 23
  15. process data, give something in return like a typical API

    call but the contract is dictated by the caller (not the callee) when something happens, I’m going to send you Y just tell me where OK 23
  16. process data, give something in return like a typical API

    call but the contract is dictated by the caller (not the callee) when something happens, I’m going to send you Y just tell me where Respond back with X OR call me back HERE 23
  17. process data, give something in return like a typical API

    call but the contract is dictated by the caller (not the callee) when something happens, I’m going to send you Y just tell me where Respond back with X OR call me back HERE OK 23
  18. process data, give something in return like a typical API

    call but the contract is dictated by the caller (not the callee) when something happens, I’m going to send you Y just tell me where Respond back with X OR call me back HERE OK 23
  19. 24

  20. Webhook Standards? • Yes, it’s called HTTP • OK, but

    there are a few related conventions/standards including RESTFul webhooks, pubsubhubbub, etc 25
  21. Webhook Standards? • Yes, it’s called HTTP • OK, but

    there are a few related conventions/standards including RESTFul webhooks, pubsubhubbub, etc “even a baby can do it” 25
  22. W3C API and IETF Protocol Shares ports with HTTP/S (80,

    443) Cross-Origin Works across firewalls, proxies and routers (theoretically) Websockets 37
  23. Comet long held HTTP requests umbrella term for multiple techniques

    aka “Ajax Push”, “Reverse Ajax”, “HTTP Streaming” compatible 38
  24. Flash Sockets raw TCP socket requires Flash runtime proxy and

    router woes can implement websocket protocol 39
  25. Why not comet? • an inefficient hack? • 1/2 duplex

    • HTTP Overhead • latency http://websocket.org/quantum.html 41
  26. an API http://dev.w3.org/html5/websockets/ var socket = new WebSocket("ws://host/socket/"); socket.onopen =

    function() { ! console.log("viva la socket!"); } socket.onmessage = function(msg) { ! console.log(msg);! } Websockets 46
  27. Security Flaw • secure Websockets (wss://) not affected • not

    specifically Websockets, rather affects all sockets over HTTP including Flash and Java • IETF study of 47,338 HTTP proxies tested found 0.37% and 0.017% were vulnerable to the two attack types • Browser vendors want to bulletproof Websocket wire protocol to handle even buggy implementations of intercepting proxies • Websocket protocol R6 introduced 2/6/2011, actively being reviewed. More info: http://tools.ietf.org/wg/hybi/ http://security.sys-con.com/node/1642956 Websockets 48
  28. Security Flaw • secure Websockets (wss://) not affected • not

    specifically Websockets, rather affects all sockets over HTTP including Flash and Java • IETF study of 47,338 HTTP proxies tested found 0.37% and 0.017% were vulnerable to the two attack types • Browser vendors want to bulletproof Websocket wire protocol to handle even buggy implementations of intercepting proxies • Websocket protocol R6 introduced 2/6/2011, actively being reviewed. More info: http://tools.ietf.org/wg/hybi/ http://security.sys-con.com/node/1642956 Websockets Resolved 48
  29. Why? All these webhooks and websockets mean orders of magnitude

    more concurrent, long lived connections Thread per connection is not scalable So much time is wasted waiting... on I/O 51
  30. Typical I/O Latency L1: 3 cycles L2: 14 cycles RAM:

    250 cycles DISK: 41,000,000 cycles NETWORK: 240,000,000 cycles http://nodejs.org/jsconf.pdf L1 L2 RAM Disk Network 0 60,000,000 120,000,000 180,000,000 240,000,000 300,000,000 52
  31. var result = db.query("select * from T"); // wait for

    result // use result console.log( result[0].C ); What’s wrong with this? waiting idle blocking for 240,000,000 cycles 53
  32. Some of the contenders • Twisted (python) • EventMachine (Ruby)

    • Node.js (javascript) • etc. (non-blocking, asyncronous I/O, event loop) 58
  33. provide an easy way to build scalable network programs. •

    server-side Javascript • client-side development likeness • Javascript designed specifically to be used with an event loop • non-blocking libraries • FAST, underpinned by V8 • community momentum 59
  34. a different way of thinking var callback = function(response) {

    // do something with response }; obj.getSomething(data, callback); 60
  35. 62

  36. Don’t be ridiculous. We can use fallbacks! With Socket.io we

    can eat IE6’s lunch! and IE7 and IE8 62
  37. Don’t be ridiculous. We can use fallbacks! With Socket.io we

    can eat IE6’s lunch! and IE7 and IE8 and IE9 62
  38. Don’t be ridiculous. We can use fallbacks! With Socket.io we

    can eat IE6’s lunch! and IE7 and IE8 and IE9 *sigh* I’m getting too old for this crap 62
  39. Socket.io Socket.IO aims to make realtime apps possible in every

    browser and mobile device, blurring the differences between the different transport mechanisms 63
  40. IE 5.5+ Chrome 4+ Firefox 3+ Safari 3+ iOS Safari

    Android Webkit WebOs Webkit Opera 10.6 Socket.io 65
  41. Demo webhooks + websockets 1. Call 2. New Call GET

    (webhook) /twillio /socket.io 67
  42. Demo webhooks + websockets 1. Call 2. New Call GET

    (webhook) 3. Status (websocket) /twillio /socket.io 67
  43. Demo webhooks + websockets 1. Call 2. New Call GET

    (webhook) 3. Status (websocket) 4. Respond Say + Record /twillio /socket.io 67
  44. Demo webhooks + websockets 1. Call 2. New Call GET

    (webhook) 3. Status (websocket) 4. Respond Say + Record 5. Say /twillio /socket.io 67
  45. Demo webhooks + websockets 1. Call 2. New Call GET

    (webhook) 3. Status (websocket) 4. Respond Say + Record 5. Say 6. Record /twillio /socket.io 67
  46. Demo webhooks + websockets 1. Call 2. New Call GET

    (webhook) 3. Status (websocket) 4. Respond Say + Record 5. Say 6. Record 7. New Recording POST (webhook) /twillio /socket.io 67
  47. Demo webhooks + websockets 1. Call 2. New Call GET

    (webhook) 3. Status (websocket) 4. Respond Say + Record 5. Say 6. Record 8. Recording (websocket) 7. New Recording POST (webhook) /twillio /socket.io 67
  48. Demo webhooks + websockets 1. Call 2. New Call GET

    (webhook) 3. Status (websocket) 4. Respond Say + Record 5. Say 6. Record 8. Recording (websocket) 7. New Recording POST (webhook) /twillio /socket.io 9. <audio/> GET Recording 67