Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nordic Ruby 2012: We don't know HTTP

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Konstantin Haase Konstantin Haase
June 15, 2012
Technology
810
5

Nordic Ruby 2012: We don't know HTTP

Slides for the talk I gave at Nordic Ruby 2012

Avatar for Konstantin Haase

Konstantin Haase

June 15, 2012

More Decks by Konstantin Haase

See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
Avatar for Konstantin Haase rkh
0
230
How We Replaced Salary Negotiations with a Sinatra App
Avatar for Konstantin Haase rkh
17
4.3k
HTTP (RubyMonsters Edition)
Avatar for Konstantin Haase rkh
5
1.2k
GCRC 2015: Abstract Thoughts on Abstract Things
Avatar for Konstantin Haase rkh
1
390
Frozen Rails: Magenta - The Art Of Abstraction
Avatar for Konstantin Haase rkh
3
340
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
Avatar for Konstantin Haase rkh
0
980
Ancient City Ruby: Hack me, if you can!
Avatar for Konstantin Haase rkh
2
460
Boston I/O: Continuous Integration
Avatar for Konstantin Haase rkh
3
330
Steel City Ruby: Architecting Chaos
Avatar for Konstantin Haase rkh
4
980

Other Decks in Technology

See All in Technology
【新卒研修】ライブデモ + compose.yaml読解_講義資料
Avatar for ディップ株式会社 dip_tech
PRO
0
130
Sansan Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
4.5k
【2026年版】プロジェクトマネジメント実践論|現役エンジニアが語る!~チームでモノづくりをする時のコツとは?~
Avatar for MIXI ENGINEERS mixi_engineers
PRO
1
120
layerx-fde-practices
Avatar for cipepser cipepser
1
260
Pythonでベイズモデリング
Avatar for Soogie soogie
0
170
The Making of AI Chips
Avatar for Preferred Networks pfn
PRO
0
660
Geek Woman の育ち方 〜コミュニティとAIと〜
Avatar for chicaco chicaco
0
200
インプロセスQAのための要因から捉えるプロジェクトリスクマネジメントnano #1 開発リソース効率状態への対処 #jasstnano
Avatar for barus_qa_dev barus_qa
0
220
エムスリーテクノロジーズ株式会社 エンジニア向け紹介資料 / M3 Technologies Company Deck
Avatar for M3 Engineering m3_engineering
0
210
[4] Power BI Deep Dive [2026-05]
Avatar for Ohata Masatoshi ohata_bi
0
110
Slack MCPでインシデント対応とFAQ生成を加速する:社内ワークショップの実践
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
120
AI全盛の今だからこそ、あえてもう一度振り返るAPIの基礎
Avatar for Makky12 smt7174
3
150

Featured

See All Featured
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.5k
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
170
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
280
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
62k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
Avatar for Kenny Baas-Schwegler baasie
0
550
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
Avatar for Sara Fernández Carmona sarafernandez
0
180
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
250
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
20k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.2k
The Impact of AI in SEO - AI Overviews June 2024 Edition
Avatar for Aleyda Solis aleyda
5
1.1k

Transcript

  1. we don’t know HTTP Konstantin Haase

  2. @konstantinhaase (I’m sorry about that) rkh on github

  3. Sinatra Rack, Tilt, Rubinius, ...

  4. None
  5. None

  6. RFC 2616

  7. Performance

  8. Scalability

  9. Security

  10. Interoperability

  11. HTTP has been made for this

  12. We just don’t know.

  13. Database Application Server

  14. Database Application Server Application Application

  15. Database Application Server Application Application Database Database

  16. Database Application Server Application Application Database Database Cache

  17. Database Application Server Application Application Database Database Cache Cache

  18. Database Application Server Application Application Database Database Cache Cache Cache

  19. Database Application Server Application Application Database Database Cache Cache Cache

    Cache Cache Cache

  20. Database Application Server Application Application Database Database !!! Cache !!!

    !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!

  21. How to scale further?

  22. Requests Resources Representation

  23. GET / HTTP/1.1 Accept: text/html

  24. Optimizing Requests

  25. Persistent Connections

  26. Pipelining

  27. SPDY

  28. HTTP 2.0

  29. Optimizing Resources

  30. aka RFC 2616 - The Good Parts

  31. GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH

  32. 1 GET / Repeatable! :) No state change! :) Deterministic!

    :)

  33. 1 2 PUT / 2 PUT / 2 Repeatable! :)

    State change! :( Deterministic! :)

  34. 1 DELETE / DELETE / Repeatable! :) State change! :(

    Deterministic! :)

  35. 1 2 PATCH / +1 3 PATCH / +1 Not

    repeatable! :( State change! :( Deterministic! :)

  36. Not repeatable! :( State change! :( Non-deterministic! :( 1 ?

    POST / ...

  37. Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)

    :( :( :) :( :( :(

  38. worst case PATCH = Lock on document + PUT

  39. worst case POST = Lock on system + PUT

  40. Resources Renderer Business Logic Business Data optional

  41. Before Request + Business Logic + DB Access + Rendering

    After Request + DB Access + Rendering

  42. Performance

  43. Resources Renderer Business Logic Business Data Renderer

  44. Resources Renderer Business Logic Business Data Renderer Business Logic

  45. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

  46. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

    Business Data

  47. Server Box A Box B GET GET

  48. Server Box A Box B PUT PUT PUT

  49. Server Box A Box B PATCH PATCH PUT + Lock

  50. Server POST ? :(

  51. Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>

  52. Locking? HTTP?

  53. Locking :(

  54. Optimistic Locking :)

  55. PATCH / If-Match: “XYZ”

  56. PUT / If-Non-Match: *

  57. DELETE / If-Match: *

  58. PATCH / If-Unmodified- Since: ...

  59. Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>

  60. Scalability

  61. Example Attack JSON CSRF

  62. // https://foo/secrets.json [“chunky”, “bacon”]

  63. <script ! src=”https://foo/secrets.json” ! type=”text/javascript” />

  64. Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET

    /secrets.json Accept: */*

  65. var captured = []; var oldArray = Array; function Array()

    { var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }

  66. Old Architecture Rerun Request Without Session Side-effects? Server load? :(

  67. New Architecture Don’t Authenticate with Session Yay!

  68. Security

  69. Also, Hypermedia! ;)

  70. Interoperability

  71. hej och tack för kaffet jag är glad att vara

    här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag