Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nordic Ruby 2012: We don't know HTTP

Konstantin Haase
June 15, 2012
Technology
5
800

Nordic Ruby 2012: We don't know HTTP

Slides for the talk I gave at Nordic Ruby 2012

Konstantin Haase

June 15, 2012
Tweet

More Decks by Konstantin Haase

See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
rkh
0
180
How We Replaced Salary Negotiations with a Sinatra App
rkh
17
4.1k
HTTP (RubyMonsters Edition)
rkh
5
1k
GCRC 2015: Abstract Thoughts on Abstract Things
rkh
1
340
Frozen Rails: Magenta - The Art Of Abstraction
rkh
3
280
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
rkh
0
830
Ancient City Ruby: Hack me, if you can!
rkh
2
400
Boston I/O: Continuous Integration
rkh
3
300
Steel City Ruby: Architecting Chaos
rkh
4
890

Other Decks in Technology

See All in Technology
Re:Define 可用性を支える モニタリング、パフォーマンス最適化、そしてセキュリティ
pyama86
9
4.7k
なぜfreeeはハブ・アンド・スポーク型の データメッシュアーキテクチャにチャレンジするのか?
shinichiro_joya
3
900
企業テックブログにおける執筆ネタの考え方・見つけ方・広げ方 / How to Think of, Find, and Expand Writing Topics for Corporate Tech Blogs
honyanya
0
680
ObservabilityCON on the Road Tokyoの見どころ
hamadakoji
0
110
srekaigi2025-hajimete-ippo-aws
masakichieng
0
130
論文紹介 ”Long-Context LLMs Meet RAG: Overcoming Challenges for Long Inputs in RAG” @GDG Tokyo
shukob
0
240
スクラムマスターの活動と組織からの期待のズレへの対応 / Dealing with the gap between Scrum Master activities and organizational expectations
pauli
2
980
データ基盤におけるIaCの重要性とその運用
mtpooh
5
790
トラブルシュートを楽しもう (wakamonog meeting 15)
recuraki
5
1.1k
コスト削減と精度維持を両立!類似画像検索システムの内製化成功事例
shutotakahashi
0
340
消し忘れリソースゼロへ!私のResource Explorer活用法
cuorain
0
120
横断SREの立ち上げと、AWSセキュリティへの取り組みの軌跡
rvirus0817
3
3.6k

Featured

See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.4k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Code Review Best Practice
trishagee
65
17k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.5k
Site-Speed That Sticks
csswizardry
3
300
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2k
GraphQLとの向き合い方2022年版
quramy
44
13k
Thoughts on Productivity
jonyablonski
68
4.4k
Designing for humans not robots
tammielis
250
25k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
98
18k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
A Tale of Four Properties
chriscoyier
157
23k

Transcript

  1. we don’t know HTTP Konstantin Haase

  2. @konstantinhaase (I’m sorry about that) rkh on github

  3. Sinatra Rack, Tilt, Rubinius, ...

  4. None
  5. None

  6. RFC 2616

  7. Performance

  8. Scalability

  9. Security

  10. Interoperability

  11. HTTP has been made for this

  12. We just don’t know.

  13. Database Application Server

  14. Database Application Server Application Application

  15. Database Application Server Application Application Database Database

  16. Database Application Server Application Application Database Database Cache

  17. Database Application Server Application Application Database Database Cache Cache

  18. Database Application Server Application Application Database Database Cache Cache Cache

  19. Database Application Server Application Application Database Database Cache Cache Cache

    Cache Cache Cache

  20. Database Application Server Application Application Database Database !!! Cache !!!

    !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!

  21. How to scale further?

  22. Requests Resources Representation

  23. GET / HTTP/1.1 Accept: text/html

  24. Optimizing Requests

  25. Persistent Connections

  26. Pipelining

  27. SPDY

  28. HTTP 2.0

  29. Optimizing Resources

  30. aka RFC 2616 - The Good Parts

  31. GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH

  32. 1 GET / Repeatable! :) No state change! :) Deterministic!

    :)

  33. 1 2 PUT / 2 PUT / 2 Repeatable! :)

    State change! :( Deterministic! :)

  34. 1 DELETE / DELETE / Repeatable! :) State change! :(

    Deterministic! :)

  35. 1 2 PATCH / +1 3 PATCH / +1 Not

    repeatable! :( State change! :( Deterministic! :)

  36. Not repeatable! :( State change! :( Non-deterministic! :( 1 ?

    POST / ...

  37. Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)

    :( :( :) :( :( :(

  38. worst case PATCH = Lock on document + PUT

  39. worst case POST = Lock on system + PUT

  40. Resources Renderer Business Logic Business Data optional

  41. Before Request + Business Logic + DB Access + Rendering

    After Request + DB Access + Rendering

  42. Performance

  43. Resources Renderer Business Logic Business Data Renderer

  44. Resources Renderer Business Logic Business Data Renderer Business Logic

  45. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

  46. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

    Business Data

  47. Server Box A Box B GET GET

  48. Server Box A Box B PUT PUT PUT

  49. Server Box A Box B PATCH PATCH PUT + Lock

  50. Server POST ? :(

  51. Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>

  52. Locking? HTTP?

  53. Locking :(

  54. Optimistic Locking :)

  55. PATCH / If-Match: “XYZ”

  56. PUT / If-Non-Match: *

  57. DELETE / If-Match: *

  58. PATCH / If-Unmodified- Since: ...

  59. Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>

  60. Scalability

  61. Example Attack JSON CSRF

  62. // https://foo/secrets.json [“chunky”, “bacon”]

  63. <script ! src=”https://foo/secrets.json” ! type=”text/javascript” />

  64. Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET

    /secrets.json Accept: */*

  65. var captured = []; var oldArray = Array; function Array()

    { var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }

  66. Old Architecture Rerun Request Without Session Side-effects? Server load? :(

  67. New Architecture Don’t Authenticate with Session Yay!

  68. Security

  69. Also, Hypermedia! ;)

  70. Interoperability

  71. hej och tack för kaffet jag är glad att vara

    här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag