Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nordic Ruby 2012: We don't know HTTP

Avatar for Konstantin Haase Konstantin Haase
June 15, 2012
Technology
5
810

Nordic Ruby 2012: We don't know HTTP

Slides for the talk I gave at Nordic Ruby 2012

Avatar for Konstantin Haase

Konstantin Haase

June 15, 2012
Tweet

More Decks by Konstantin Haase

See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
Avatar for Konstantin Haase rkh
0
200
How We Replaced Salary Negotiations with a Sinatra App
Avatar for Konstantin Haase rkh
17
4.2k
HTTP (RubyMonsters Edition)
Avatar for Konstantin Haase rkh
5
1.1k
GCRC 2015: Abstract Thoughts on Abstract Things
Avatar for Konstantin Haase rkh
1
360
Frozen Rails: Magenta - The Art Of Abstraction
Avatar for Konstantin Haase rkh
3
300
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
Avatar for Konstantin Haase rkh
0
930
Ancient City Ruby: Hack me, if you can!
Avatar for Konstantin Haase rkh
2
420
Boston I/O: Continuous Integration
Avatar for Konstantin Haase rkh
3
310
Steel City Ruby: Architecting Chaos
Avatar for Konstantin Haase rkh
4
930

Other Decks in Technology

See All in Technology
Skrub: machine-learning with dataframes
Avatar for Gael Varoquaux gaelvaroquaux
0
120
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
Avatar for nagisa_53 nagisa53
9
2.9k
5年目から始める Vue3 サイト改善 #frontendo
Avatar for Kihara, Takuya tacck
PRO
3
200
RSCの時代にReactとフレームワークの境界を探る
Avatar for uhyo uhyo
10
3.3k
Django's GeneratedField by example - DjangoCon US 2025
Avatar for Paolo Melchiorre pauloxnet
0
110
フィンテック養成勉強会#56
Avatar for フィンテック養成コミュニティ finengine
0
140
「全員プロダクトマネージャー」を実現する、Cursorによる仕様検討の自動運転
Avatar for Michiru Kato applism118
9
3.5k
【実演版】カンファレンス登壇者・スタッフにこそ知ってほしいマイクの使い方 / 大吉祥寺.pm 2025
Avatar for Arthur arthur1
1
580
Firestore → Spanner 移行 を成功させた段階的移行プロセス
Avatar for a-thug athug
1
420
Rustから学ぶ 非同期処理の仕組み
Avatar for skanehira skanehira
1
120
AIのグローバルトレンド2025 #scrummikawa / global ai trend
Avatar for kyonmm kyonmm
PRO
1
260
クラウドセキュリティを支える技術と運用の最前線 / Cutting-edge Technologies and Operations Supporting Cloud Security
Avatar for Yuji Oshima yuj1osm
2
310

Featured

See All Featured
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.9k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
910
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1.1k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
111
20k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.8k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
23
3.7k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
6.9k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
207
24k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
37
2.8k
Making Projects Easy
Avatar for Brett Harned brettharned
117
6.4k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
26
1.9k

Transcript

  1. we don’t know HTTP Konstantin Haase

  2. @konstantinhaase (I’m sorry about that) rkh on github

  3. Sinatra Rack, Tilt, Rubinius, ...

  4. None
  5. None

  6. RFC 2616

  7. Performance

  8. Scalability

  9. Security

  10. Interoperability

  11. HTTP has been made for this

  12. We just don’t know.

  13. Database Application Server

  14. Database Application Server Application Application

  15. Database Application Server Application Application Database Database

  16. Database Application Server Application Application Database Database Cache

  17. Database Application Server Application Application Database Database Cache Cache

  18. Database Application Server Application Application Database Database Cache Cache Cache

  19. Database Application Server Application Application Database Database Cache Cache Cache

    Cache Cache Cache

  20. Database Application Server Application Application Database Database !!! Cache !!!

    !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!

  21. How to scale further?

  22. Requests Resources Representation

  23. GET / HTTP/1.1 Accept: text/html

  24. Optimizing Requests

  25. Persistent Connections

  26. Pipelining

  27. SPDY

  28. HTTP 2.0

  29. Optimizing Resources

  30. aka RFC 2616 - The Good Parts

  31. GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH

  32. 1 GET / Repeatable! :) No state change! :) Deterministic!

    :)

  33. 1 2 PUT / 2 PUT / 2 Repeatable! :)

    State change! :( Deterministic! :)

  34. 1 DELETE / DELETE / Repeatable! :) State change! :(

    Deterministic! :)

  35. 1 2 PATCH / +1 3 PATCH / +1 Not

    repeatable! :( State change! :( Deterministic! :)

  36. Not repeatable! :( State change! :( Non-deterministic! :( 1 ?

    POST / ...

  37. Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)

    :( :( :) :( :( :(

  38. worst case PATCH = Lock on document + PUT

  39. worst case POST = Lock on system + PUT

  40. Resources Renderer Business Logic Business Data optional

  41. Before Request + Business Logic + DB Access + Rendering

    After Request + DB Access + Rendering

  42. Performance

  43. Resources Renderer Business Logic Business Data Renderer

  44. Resources Renderer Business Logic Business Data Renderer Business Logic

  45. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

  46. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

    Business Data

  47. Server Box A Box B GET GET

  48. Server Box A Box B PUT PUT PUT

  49. Server Box A Box B PATCH PATCH PUT + Lock

  50. Server POST ? :(

  51. Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>

  52. Locking? HTTP?

  53. Locking :(

  54. Optimistic Locking :)

  55. PATCH / If-Match: “XYZ”

  56. PUT / If-Non-Match: *

  57. DELETE / If-Match: *

  58. PATCH / If-Unmodified- Since: ...

  59. Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>

  60. Scalability

  61. Example Attack JSON CSRF

  62. // https://foo/secrets.json [“chunky”, “bacon”]

  63. <script ! src=”https://foo/secrets.json” ! type=”text/javascript” />

  64. Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET

    /secrets.json Accept: */*

  65. var captured = []; var oldArray = Array; function Array()

    { var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }

  66. Old Architecture Rerun Request Without Session Side-effects? Server load? :(

  67. New Architecture Don’t Authenticate with Session Yay!

  68. Security

  69. Also, Hypermedia! ;)

  70. Interoperability

  71. hej och tack för kaffet jag är glad att vara

    här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag