$30 off During Our Annual Pro Sale. View Details »

Nordic Ruby 2012: We don't know HTTP

Konstantin Haase
June 15, 2012
Technology
5
780

Nordic Ruby 2012: We don't know HTTP

Slides for the talk I gave at Nordic Ruby 2012

Konstantin Haase

June 15, 2012
Tweet

More Decks by Konstantin Haase

See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
rkh
0
170
How We Replaced Salary Negotiations with a Sinatra App
rkh
17
3.8k
HTTP (RubyMonsters Edition)
rkh
5
850
GCRC 2015: Abstract Thoughts on Abstract Things
rkh
1
330
Frozen Rails: Magenta - The Art Of Abstraction
rkh
3
260
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
rkh
0
640
Ancient City Ruby: Hack me, if you can!
rkh
2
370
Boston I/O: Continuous Integration
rkh
3
260
Steel City Ruby: Architecting Chaos
rkh
4
760

Other Decks in Technology

See All in Technology
AutoGenで作るLLM Agen
peisuke
1
350
Parsing case study in Go / Go Conference mini 2023 Winter IN KYOTO
k1low
2
400
GPTsによるアシスタント業務の改善
neonankiti
3
380
継続的なコツコツ技術広報とブランディング磨き込みの過程と課題/engineering-brand
nishiuma
0
120
Autonomous Database サービス・アップデート (FY24)
oracle4engineer
PRO
0
170
AWSに関わる全ての エンジニアへの変革!
ysasago
2
140
ARR100億超SaaSをさらに成長させるPdM組織の立ち上げと今後について
rakus_dev
0
150
device mapperによるディスクI/O障害のエミュレーション
sat
PRO
7
2.4k
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.7k
How to use GPT with your Symfony application [EN]
el_stoffel
2
280
The future is already here – Mastering the challenges of the coming years
ufried
0
320
Micro Frontends for Java Microservices - SF JUG 2023
mraible
PRO
1
230

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
271
12k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
2.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
64k
How GitHub Uses GitHub to Build GitHub
holman
467
280k
Designing the Hi-DPI Web
ddemaree
274
33k
The Cult of Friendly URLs
andyhume
71
5.4k
Navigating Team Friction
lara
177
13k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
1
1.1k
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
Robots, Beer and Maslow
schacon
154
7.7k
Rebuilding a faster, lazier Slack
samanthasiow
71
8k
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.7k

Transcript

  1. we don’t know
    HTTP
    Konstantin Haase

    View Slide

  2. @konstantinhaase
    (I’m sorry about that)
    rkh on github

    View Slide

  3. Sinatra
    Rack, Tilt, Rubinius, ...

    View Slide

  4. View Slide

  5. View Slide

  6. RFC 2616

    View Slide

  7. Performance

    View Slide

  8. Scalability

    View Slide

  9. Security

    View Slide

  10. Interoperability

    View Slide

  11. HTTP has
    been made
    for this

    View Slide

  12. We just don’t know.

    View Slide

  13. Database
    Application
    Server

    View Slide

  14. Database
    Application
    Server
    Application Application

    View Slide

  15. Database
    Application
    Server
    Application Application
    Database
    Database

    View Slide

  16. Database
    Application
    Server
    Application Application
    Database
    Database
    Cache

    View Slide

  17. Database
    Application
    Server
    Application Application
    Database
    Database
    Cache
    Cache

    View Slide

  18. Database
    Application
    Server
    Application Application
    Database
    Database
    Cache
    Cache
    Cache

    View Slide

  19. Database
    Application
    Server
    Application Application
    Database
    Database
    Cache
    Cache
    Cache
    Cache Cache Cache

    View Slide

  20. Database
    Application
    Server
    Application Application
    Database
    Database
    !!! Cache !!!
    !!! Cache !!!
    !!! Cache !!!
    !!! Cache !!! !!! Cache !!! !!! Cache !!!

    View Slide

  21. How to scale
    further?

    View Slide

  22. Requests
    Resources
    Representation

    View Slide

  23. GET / HTTP/1.1
    Accept: text/html

    View Slide

  24. Optimizing
    Requests

    View Slide

  25. Persistent Connections

    View Slide

  26. Pipelining

    View Slide

  27. SPDY

    View Slide

  28. HTTP 2.0

    View Slide

  29. Optimizing
    Resources

    View Slide

  30. aka
    RFC 2616 - The
    Good Parts

    View Slide

  31. GET, HEAD,
    OPTIONS, TRACE
    PUT, DELETE
    POST, PATCH

    View Slide

  32. 1
    GET /
    Repeatable! :)
    No state change! :)
    Deterministic! :)

    View Slide

  33. 1 2
    PUT /
    2
    PUT /
    2
    Repeatable! :)
    State change! :(
    Deterministic! :)

    View Slide

  34. 1
    DELETE /
    DELETE /
    Repeatable! :)
    State change! :(
    Deterministic! :)

    View Slide

  35. 1 2
    PATCH /
    +1
    3
    PATCH /
    +1
    Not repeatable! :(
    State change! :(
    Deterministic! :)

    View Slide

  36. Not repeatable! :(
    State change! :(
    Non-deterministic! :(
    1 ?
    POST /
    ...

    View Slide

  37. Safe:
    Idempotent:
    PATCH:
    POST:
    :) :) :)
    :) :( :)
    :( :( :)
    :( :( :(

    View Slide

  38. worst case
    PATCH = Lock on
    document + PUT

    View Slide

  39. worst case
    POST = Lock on
    system + PUT

    View Slide

  40. Resources
    Renderer
    Business Logic
    Business Data
    optional

    View Slide

  41. Before
    Request + Business Logic +
    DB Access + Rendering
    After
    Request + DB Access +
    Rendering

    View Slide

  42. Performance

    View Slide

  43. Resources
    Renderer
    Business Logic
    Business Data
    Renderer

    View Slide

  44. Resources
    Renderer
    Business Logic
    Business Data
    Renderer
    Business Logic

    View Slide

  45. Resources
    Renderer
    Business Logic
    Business Data
    Renderer
    Business Logic
    Resources

    View Slide

  46. Resources
    Renderer
    Business Logic
    Business Data
    Renderer
    Business Logic
    Resources
    Business Data

    View Slide

  47. Server
    Box A
    Box B
    GET
    GET

    View Slide

  48. Server
    Box A
    Box B
    PUT
    PUT
    PUT

    View Slide

  49. Server
    Box A
    Box B
    PATCH
    PATCH
    PUT + Lock

    View Slide

  50. Server
    POST ?
    :(

    View Slide

  51. Browser support? :(


    View Slide

  52. Locking? HTTP?

    View Slide

  53. Locking :(

    View Slide

  54. Optimistic Locking :)

    View Slide

  55. PATCH /
    If-Match: “XYZ”

    View Slide

  56. PUT /
    If-Non-Match: *

    View Slide

  57. DELETE /
    If-Match: *

    View Slide

  58. PATCH /
    If-Unmodified-
    Since: ...

    View Slide

  59. Browser support? :(


    View Slide

  60. Scalability

    View Slide

  61. Example Attack
    JSON CSRF

    View Slide

  62. // https://foo/secrets.json
    [“chunky”, “bacon”]

    View Slide

  63. ! src=”https://foo/secrets.json”
    ! type=”text/javascript” />

    View Slide

  64. Browser support? :(
    ! src=”https://foo/secrets.json”
    ! type=”text/javascript” />
    GET /secrets.json
    Accept: */*

    View Slide

  65. var captured = [];
    var oldArray = Array;
    function Array() {
    var obj = this, id = 0, capture = function(value) {
    obj.__defineSetter__(id++, capture);
    if (value)
    captured.push(value);
    };
    capture();
    }

    View Slide

  66. Old Architecture
    Rerun Request Without Session
    Side-effects? Server load? :(

    View Slide

  67. New Architecture
    Don’t Authenticate with Session
    Yay!

    View Slide

  68. Security

    View Slide

  69. Also, Hypermedia! ;)

    View Slide

  70. Interoperability

    View Slide

  71. hej och tack för kaffet
    jag är glad att vara här
    sätt på en kanna till
    för jag stannar ett tag
    hej och tack för kaffet
    jag är glad att vara här
    sätt på en kanna till
    för jag stannar ett tag

    View Slide