Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nordic Ruby 2012: We don't know HTTP

Avatar for Konstantin Haase Konstantin Haase
June 15, 2012
Technology
810
5

Nordic Ruby 2012: We don't know HTTP

Slides for the talk I gave at Nordic Ruby 2012

Avatar for Konstantin Haase

Konstantin Haase

June 15, 2012

More Decks by Konstantin Haase

See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
Avatar for Konstantin Haase rkh
0
230
How We Replaced Salary Negotiations with a Sinatra App
Avatar for Konstantin Haase rkh
17
4.3k
HTTP (RubyMonsters Edition)
Avatar for Konstantin Haase rkh
5
1.2k
GCRC 2015: Abstract Thoughts on Abstract Things
Avatar for Konstantin Haase rkh
1
390
Frozen Rails: Magenta - The Art Of Abstraction
Avatar for Konstantin Haase rkh
3
340
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
Avatar for Konstantin Haase rkh
0
990
Ancient City Ruby: Hack me, if you can!
Avatar for Konstantin Haase rkh
2
470
Boston I/O: Continuous Integration
Avatar for Konstantin Haase rkh
3
340
Steel City Ruby: Architecting Chaos
Avatar for Konstantin Haase rkh
4
980

Other Decks in Technology

See All in Technology
ACE-Step-1.5で見る 音楽生成AIのしくみと“破綻だけ直す”Retake機能の開発【zennfes spring 2026 登壇資料】
Avatar for asap personabb
1
140
200個のGitHubリポジトリを横断調査したかった
Avatar for Issei.Komori icck
0
110
2026TECHFRESH畢業分享會 - 葬送的通靈師:化系統與用戶雜訊成行動訊號
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
820
FDE という解 ― 暗黙知と明示知をつなぐ、伴走型エンジニアリング ―
Avatar for 太田 博三 otanet
0
130
Chainlitで作るお手軽チャットUI
Avatar for tomo ynt0485
0
200
AIソロプレナー時代に2ヶ月で20人増員した事業創造会社の開発組織の話
Avatar for Koji Miyata miyatakoji
0
600
作って終わりにしない タイミーのセマンティックレイヤー育成の現在地
Avatar for chanyou0311 chanyou0311
4
2.2k
Claude Code の Sandbox 機能を Anthropic Sandbox Runtime(srt) で試そう!/lets-play-anthropic-sandbox-runtime
Avatar for tomoki10 tomoki10
1
540
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
Avatar for Eric Deandrea edeandrea
PRO
1
140
失敗を経て、Harness Engineering で 大切にしたいことを考える / Learning from Failure: What Matters in Harness Engineering
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
PRO
1
320
攻撃者視点で考えるDetection Engineering
Avatar for Ruslan Sayfiev cryptopeg
1
1.2k
2026TECHFRESH畢業分享會 - 原生還是跨平台? App 開發踩坑實錄
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
830

Featured

See All Featured
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
46
2.9k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
160
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
15k
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
230
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
10k
Navigating the moral maze — ethical principles for Al-driven product design
Avatar for Skipper Chong Warson skipperchong
2
390
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
200
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.9k
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
270
The Curse of the Amulet
Avatar for Matthew Lei leimatthew05
1
13k
Redefining SEO in the New Era of Traffic Generation
Avatar for Szymon Słowik szymonslowik
1
330

Transcript

  1. we don’t know HTTP Konstantin Haase

  2. @konstantinhaase (I’m sorry about that) rkh on github

  3. Sinatra Rack, Tilt, Rubinius, ...

  4. None
  5. None

  6. RFC 2616

  7. Performance

  8. Scalability

  9. Security

  10. Interoperability

  11. HTTP has been made for this

  12. We just don’t know.

  13. Database Application Server

  14. Database Application Server Application Application

  15. Database Application Server Application Application Database Database

  16. Database Application Server Application Application Database Database Cache

  17. Database Application Server Application Application Database Database Cache Cache

  18. Database Application Server Application Application Database Database Cache Cache Cache

  19. Database Application Server Application Application Database Database Cache Cache Cache

    Cache Cache Cache

  20. Database Application Server Application Application Database Database !!! Cache !!!

    !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!

  21. How to scale further?

  22. Requests Resources Representation

  23. GET / HTTP/1.1 Accept: text/html

  24. Optimizing Requests

  25. Persistent Connections

  26. Pipelining

  27. SPDY

  28. HTTP 2.0

  29. Optimizing Resources

  30. aka RFC 2616 - The Good Parts

  31. GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH

  32. 1 GET / Repeatable! :) No state change! :) Deterministic!

    :)

  33. 1 2 PUT / 2 PUT / 2 Repeatable! :)

    State change! :( Deterministic! :)

  34. 1 DELETE / DELETE / Repeatable! :) State change! :(

    Deterministic! :)

  35. 1 2 PATCH / +1 3 PATCH / +1 Not

    repeatable! :( State change! :( Deterministic! :)

  36. Not repeatable! :( State change! :( Non-deterministic! :( 1 ?

    POST / ...

  37. Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)

    :( :( :) :( :( :(

  38. worst case PATCH = Lock on document + PUT

  39. worst case POST = Lock on system + PUT

  40. Resources Renderer Business Logic Business Data optional

  41. Before Request + Business Logic + DB Access + Rendering

    After Request + DB Access + Rendering

  42. Performance

  43. Resources Renderer Business Logic Business Data Renderer

  44. Resources Renderer Business Logic Business Data Renderer Business Logic

  45. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

  46. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

    Business Data

  47. Server Box A Box B GET GET

  48. Server Box A Box B PUT PUT PUT

  49. Server Box A Box B PATCH PATCH PUT + Lock

  50. Server POST ? :(

  51. Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>

  52. Locking? HTTP?

  53. Locking :(

  54. Optimistic Locking :)

  55. PATCH / If-Match: “XYZ”

  56. PUT / If-Non-Match: *

  57. DELETE / If-Match: *

  58. PATCH / If-Unmodified- Since: ...

  59. Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>

  60. Scalability

  61. Example Attack JSON CSRF

  62. // https://foo/secrets.json [“chunky”, “bacon”]

  63. <script ! src=”https://foo/secrets.json” ! type=”text/javascript” />

  64. Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET

    /secrets.json Accept: */*

  65. var captured = []; var oldArray = Array; function Array()

    { var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }

  66. Old Architecture Rerun Request Without Session Side-effects? Server load? :(

  67. New Architecture Don’t Authenticate with Session Yay!

  68. Security

  69. Also, Hypermedia! ;)

  70. Interoperability

  71. hej och tack för kaffet jag är glad att vara

    här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag