Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nordic Ruby 2012: We don't know HTTP
Search
Konstantin Haase
June 15, 2012
Technology
5
810
Nordic Ruby 2012: We don't know HTTP
Slides for the talk I gave at Nordic Ruby 2012
Konstantin Haase
June 15, 2012
Tweet
Share
More Decks by Konstantin Haase
See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
rkh
0
190
How We Replaced Salary Negotiations with a Sinatra App
rkh
17
4.2k
HTTP (RubyMonsters Edition)
rkh
5
1.1k
GCRC 2015: Abstract Thoughts on Abstract Things
rkh
1
360
Frozen Rails: Magenta - The Art Of Abstraction
rkh
3
300
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
rkh
0
920
Ancient City Ruby: Hack me, if you can!
rkh
2
420
Boston I/O: Continuous Integration
rkh
3
310
Steel City Ruby: Architecting Chaos
rkh
4
920
Other Decks in Technology
See All in Technology
クラウド開発の舞台裏とSRE文化の醸成 / SRE NEXT 2025 Lunch Session
kazeburo
1
450
話題の MCP と巡る OCI RAG ソリューションの旅 - Select AI with RAG と Generative AI Agents ディープダイブ
oracle4engineer
PRO
5
110
サイバーエージェントグループのSRE10年の歩みとAI時代の生存戦略
shotatsuge
4
830
セキュアな社内Dify運用と外部連携の両立 ~AIによるAPIリスク評価~
zozotech
PRO
0
100
「クラウドコスト絶対削減」を支える技術—FinOpsを超えた徹底的なクラウドコスト削減の実践論
delta_tech
4
190
How to Quickly Call American Airlines®️ U.S. Customer Care : Full Guide
flyaahelpguide
0
240
伴走から自律へ: 形式知へと導くSREイネーブリングによる プロダクトチームの信頼性オーナーシップ向上 / SRE NEXT 2025
visional_engineering_and_design
3
230
敢えて生成AIを使わないマネジメント業務
kzkmaeda
2
510
Enhancing SaaS Product Reliability and Release Velocity through Optimized Testing Approach
ropqa
1
250
DatabricksにOLTPデータベース『Lakebase』がやってきた!
inoutk
0
150
Zero Data Loss Autonomous Recovery Service サービス概要
oracle4engineer
PRO
2
7.8k
ロールが細分化された組織でSREは何をするか?
tgidgd
1
200
Featured
See All Featured
Designing Experiences People Love
moore
142
24k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
107
19k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
980
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Facilitating Awesome Meetings
lara
54
6.5k
Transcript
we don’t know HTTP Konstantin Haase
@konstantinhaase (I’m sorry about that) rkh on github
Sinatra Rack, Tilt, Rubinius, ...
None
None
RFC 2616
Performance
Scalability
Security
Interoperability
HTTP has been made for this
We just don’t know.
Database Application Server
Database Application Server Application Application
Database Application Server Application Application Database Database
Database Application Server Application Application Database Database Cache
Database Application Server Application Application Database Database Cache Cache
Database Application Server Application Application Database Database Cache Cache Cache
Database Application Server Application Application Database Database Cache Cache Cache
Cache Cache Cache
Database Application Server Application Application Database Database !!! Cache !!!
!!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!
How to scale further?
Requests Resources Representation
GET / HTTP/1.1 Accept: text/html
Optimizing Requests
Persistent Connections
Pipelining
SPDY
HTTP 2.0
Optimizing Resources
aka RFC 2616 - The Good Parts
GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH
1 GET / Repeatable! :) No state change! :) Deterministic!
:)
1 2 PUT / 2 PUT / 2 Repeatable! :)
State change! :( Deterministic! :)
1 DELETE / DELETE / Repeatable! :) State change! :(
Deterministic! :)
1 2 PATCH / +1 3 PATCH / +1 Not
repeatable! :( State change! :( Deterministic! :)
Not repeatable! :( State change! :( Non-deterministic! :( 1 ?
POST / ...
Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)
:( :( :) :( :( :(
worst case PATCH = Lock on document + PUT
worst case POST = Lock on system + PUT
Resources Renderer Business Logic Business Data optional
Before Request + Business Logic + DB Access + Rendering
After Request + DB Access + Rendering
Performance
Resources Renderer Business Logic Business Data Renderer
Resources Renderer Business Logic Business Data Renderer Business Logic
Resources Renderer Business Logic Business Data Renderer Business Logic Resources
Resources Renderer Business Logic Business Data Renderer Business Logic Resources
Business Data
Server Box A Box B GET GET
Server Box A Box B PUT PUT PUT
Server Box A Box B PATCH PATCH PUT + Lock
Server POST ? :(
Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>
Locking? HTTP?
Locking :(
Optimistic Locking :)
PATCH / If-Match: “XYZ”
PUT / If-Non-Match: *
DELETE / If-Match: *
PATCH / If-Unmodified- Since: ...
Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>
Scalability
Example Attack JSON CSRF
// https://foo/secrets.json [“chunky”, “bacon”]
<script ! src=”https://foo/secrets.json” ! type=”text/javascript” />
Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET
/secrets.json Accept: */*
var captured = []; var oldArray = Array; function Array()
{ var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }
Old Architecture Rerun Request Without Session Side-effects? Server load? :(
New Architecture Don’t Authenticate with Session Yay!
Security
Also, Hypermedia! ;)
Interoperability
hej och tack för kaffet jag är glad att vara
här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag