Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nordic Ruby 2012: We don't know HTTP

Avatar for Konstantin Haase Konstantin Haase
June 15, 2012
Technology
810
5

Nordic Ruby 2012: We don't know HTTP

Slides for the talk I gave at Nordic Ruby 2012

Avatar for Konstantin Haase

Konstantin Haase

June 15, 2012

More Decks by Konstantin Haase

See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
Avatar for Konstantin Haase rkh
0
230
How We Replaced Salary Negotiations with a Sinatra App
Avatar for Konstantin Haase rkh
17
4.3k
HTTP (RubyMonsters Edition)
Avatar for Konstantin Haase rkh
5
1.2k
GCRC 2015: Abstract Thoughts on Abstract Things
Avatar for Konstantin Haase rkh
1
390
Frozen Rails: Magenta - The Art Of Abstraction
Avatar for Konstantin Haase rkh
3
340
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
Avatar for Konstantin Haase rkh
0
980
Ancient City Ruby: Hack me, if you can!
Avatar for Konstantin Haase rkh
2
460
Boston I/O: Continuous Integration
Avatar for Konstantin Haase rkh
3
330
Steel City Ruby: Architecting Chaos
Avatar for Konstantin Haase rkh
4
980

Other Decks in Technology

See All in Technology
エージェント時代の UIとAPI、CLI戦略
Avatar for coincheck coincheck_recruit
0
160
Fabric MCPの紹介と使い分け
Avatar for Ryoma Nagata ryomaru0825
1
150
2026年春のAgentCoreアプデ 細かいやつ全部まとめ
Avatar for みのるん minorun365
3
200
ServiceによるKubernetes通信制御ーClusterIPを例に
Avatar for 周学勤(Zhou Xueqin) miku01
1
150
Building Production-Ready Agents Microsoft Agent Framework
Avatar for Mert Metin _mertmetin
0
160
AI時代に、 データアナリストがデータエンジニアに異動して
Avatar for jackojacko_ jackojacko_
0
250
Percolatorを廃止し、マルチ検索サービスへ刷新した話 / Search Engineering Tech Talk 2026 Spring
Avatar for Visional Engineering & Design visional_engineering_and_design
0
330
AIエージェントの支払い基盤 AgentCore Payments概要
Avatar for たけのこ kmiya84377
1
140
巨大プラットフォームを進化させる「第3のROI」
Avatar for Recruit recruitengineers
PRO
2
2.5k
The 7 pitfalls of AI
Avatar for Uwe Friedrichsen ufried
0
200
自動テストだけで
リリース判断できるチームへ - 鍵はテストの量ではなくリリース判断基準の再設計にあった / Redesigning Release Criteria for Lightweight Releases
Avatar for えわ ewa
7
3.5k
ボトムアップの改善の火を灯し続けろ!〜支援現場で学んだ、消えないための3つの打ち手〜 / 20260509 Kazuki Mori
Avatar for SHIFT EVOLVE shift_evolve
PRO
2
590

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.7k
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
290
AI Search:
Where Are We & What Can We Do About It?
Avatar for Aleyda Solis aleyda
0
7.4k
ラッコキーワード サービス紹介資料
Avatar for ラッコ株式会社 rakko
1
3.2M
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
10
37k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
330
How to build a perfect <img>
Avatar for Jono Alderson jonoalderson
1
5.5k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
1
3.6k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
55
8.1k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.3k
The Curious Case for Waylosing
Avatar for Cassini Nazir cassininazir
0
340

Transcript

  1. we don’t know HTTP Konstantin Haase

  2. @konstantinhaase (I’m sorry about that) rkh on github

  3. Sinatra Rack, Tilt, Rubinius, ...

  4. None
  5. None

  6. RFC 2616

  7. Performance

  8. Scalability

  9. Security

  10. Interoperability

  11. HTTP has been made for this

  12. We just don’t know.

  13. Database Application Server

  14. Database Application Server Application Application

  15. Database Application Server Application Application Database Database

  16. Database Application Server Application Application Database Database Cache

  17. Database Application Server Application Application Database Database Cache Cache

  18. Database Application Server Application Application Database Database Cache Cache Cache

  19. Database Application Server Application Application Database Database Cache Cache Cache

    Cache Cache Cache

  20. Database Application Server Application Application Database Database !!! Cache !!!

    !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!

  21. How to scale further?

  22. Requests Resources Representation

  23. GET / HTTP/1.1 Accept: text/html

  24. Optimizing Requests

  25. Persistent Connections

  26. Pipelining

  27. SPDY

  28. HTTP 2.0

  29. Optimizing Resources

  30. aka RFC 2616 - The Good Parts

  31. GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH

  32. 1 GET / Repeatable! :) No state change! :) Deterministic!

    :)

  33. 1 2 PUT / 2 PUT / 2 Repeatable! :)

    State change! :( Deterministic! :)

  34. 1 DELETE / DELETE / Repeatable! :) State change! :(

    Deterministic! :)

  35. 1 2 PATCH / +1 3 PATCH / +1 Not

    repeatable! :( State change! :( Deterministic! :)

  36. Not repeatable! :( State change! :( Non-deterministic! :( 1 ?

    POST / ...

  37. Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)

    :( :( :) :( :( :(

  38. worst case PATCH = Lock on document + PUT

  39. worst case POST = Lock on system + PUT

  40. Resources Renderer Business Logic Business Data optional

  41. Before Request + Business Logic + DB Access + Rendering

    After Request + DB Access + Rendering

  42. Performance

  43. Resources Renderer Business Logic Business Data Renderer

  44. Resources Renderer Business Logic Business Data Renderer Business Logic

  45. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

  46. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

    Business Data

  47. Server Box A Box B GET GET

  48. Server Box A Box B PUT PUT PUT

  49. Server Box A Box B PATCH PATCH PUT + Lock

  50. Server POST ? :(

  51. Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>

  52. Locking? HTTP?

  53. Locking :(

  54. Optimistic Locking :)

  55. PATCH / If-Match: “XYZ”

  56. PUT / If-Non-Match: *

  57. DELETE / If-Match: *

  58. PATCH / If-Unmodified- Since: ...

  59. Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>

  60. Scalability

  61. Example Attack JSON CSRF

  62. // https://foo/secrets.json [“chunky”, “bacon”]

  63. <script ! src=”https://foo/secrets.json” ! type=”text/javascript” />

  64. Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET

    /secrets.json Accept: */*

  65. var captured = []; var oldArray = Array; function Array()

    { var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }

  66. Old Architecture Rerun Request Without Session Side-effects? Server load? :(

  67. New Architecture Don’t Authenticate with Session Yay!

  68. Security

  69. Also, Hypermedia! ;)

  70. Interoperability

  71. hej och tack för kaffet jag är glad att vara

    här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag