Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nordic Ruby 2012: We don't know HTTP

Avatar for Konstantin Haase Konstantin Haase
June 15, 2012
Technology
5
810

Nordic Ruby 2012: We don't know HTTP

Slides for the talk I gave at Nordic Ruby 2012
Avatar for Konstantin Haase

Konstantin Haase

June 15, 2012
Tweet

More Decks by Konstantin Haase

See All by Konstantin Haase
RubyConf Philippines 2017: Magenta is a Lie
Avatar for Konstantin Haase rkh
0
190
How We Replaced Salary Negotiations with a Sinatra App
Avatar for Konstantin Haase rkh
17
4.2k
HTTP (RubyMonsters Edition)
Avatar for Konstantin Haase rkh
5
1.1k
GCRC 2015: Abstract Thoughts on Abstract Things
Avatar for Konstantin Haase rkh
1
360
Frozen Rails: Magenta - The Art Of Abstraction
Avatar for Konstantin Haase rkh
3
300
RedDotRubyConf 2014: Magenta is a Lie - and other tales of abstraction
Avatar for Konstantin Haase rkh
0
920
Ancient City Ruby: Hack me, if you can!
Avatar for Konstantin Haase rkh
2
420
Boston I/O: Continuous Integration
Avatar for Konstantin Haase rkh
3
310
Steel City Ruby: Architecting Chaos
Avatar for Konstantin Haase rkh
4
920

Other Decks in Technology

See All in Technology
クラウド開発の舞台裏とSRE文化の醸成 / SRE NEXT 2025 Lunch Session
Avatar for kazeburo kazeburo
1
450
話題の MCP と巡る OCI RAG ソリューションの旅 - Select AI with RAG と Generative AI Agents ディープダイブ
Avatar for oracle4engineer oracle4engineer
PRO
5
110
サイバーエージェントグループのSRE10年の歩みとAI時代の生存戦略
Avatar for shotaTsuge shotatsuge
4
830
セキュアな社内Dify運用と外部連携の両立 ~AIによるAPIリスク評価~
Avatar for ZOZO Developers zozotech
PRO
0
100
「クラウドコスト絶対削減」を支える技術—FinOpsを超えた徹底的なクラウドコスト削減の実践論
Avatar for 株式会社DELTA delta_tech
4
190
How to Quickly Call American Airlines®️ U.S. Customer Care : Full Guide
Avatar for goldfinch3710 flyaahelpguide
0
240
伴走から自律へ: 形式知へと導くSREイネーブリングによる プロダクトチームの信頼性オーナーシップ向上 / SRE NEXT 2025
Avatar for Visional Engineering & Design visional_engineering_and_design
3
230
敢えて生成AIを使わないマネジメント業務
Avatar for Kazuki Maeda kzkmaeda
2
510
Enhancing SaaS Product Reliability and Release Velocity through Optimized Testing Approach
Avatar for ropQa ropqa
1
250
DatabricksにOLTPデータベース『Lakebase』がやってきた!
Avatar for Takeru Ino inoutk
0
150
Zero Data Loss Autonomous Recovery Service サービス概要
Avatar for oracle4engineer oracle4engineer
PRO
2
7.8k
ロールが細分化された組織でSREは何をするか?
Avatar for norimichi.osanai tgidgd
1
200

Featured

See All Featured
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.6k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
35
6.7k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3.1k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
107
19k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
18
980
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
299
21k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
83
9.1k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.5k

Transcript

  1. we don’t know HTTP Konstantin Haase

  2. @konstantinhaase (I’m sorry about that) rkh on github

  3. Sinatra Rack, Tilt, Rubinius, ...

  4. None
  5. None

  6. RFC 2616

  7. Performance

  8. Scalability

  9. Security

  10. Interoperability

  11. HTTP has been made for this

  12. We just don’t know.

  13. Database Application Server

  14. Database Application Server Application Application

  15. Database Application Server Application Application Database Database

  16. Database Application Server Application Application Database Database Cache

  17. Database Application Server Application Application Database Database Cache Cache

  18. Database Application Server Application Application Database Database Cache Cache Cache

  19. Database Application Server Application Application Database Database Cache Cache Cache

    Cache Cache Cache

  20. Database Application Server Application Application Database Database !!! Cache !!!

    !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!! !!! Cache !!!

  21. How to scale further?

  22. Requests Resources Representation

  23. GET / HTTP/1.1 Accept: text/html

  24. Optimizing Requests

  25. Persistent Connections

  26. Pipelining

  27. SPDY

  28. HTTP 2.0

  29. Optimizing Resources

  30. aka RFC 2616 - The Good Parts

  31. GET, HEAD, OPTIONS, TRACE PUT, DELETE POST, PATCH

  32. 1 GET / Repeatable! :) No state change! :) Deterministic!

    :)

  33. 1 2 PUT / 2 PUT / 2 Repeatable! :)

    State change! :( Deterministic! :)

  34. 1 DELETE / DELETE / Repeatable! :) State change! :(

    Deterministic! :)

  35. 1 2 PATCH / +1 3 PATCH / +1 Not

    repeatable! :( State change! :( Deterministic! :)

  36. Not repeatable! :( State change! :( Non-deterministic! :( 1 ?

    POST / ...

  37. Safe: Idempotent: PATCH: POST: :) :) :) :) :( :)

    :( :( :) :( :( :(

  38. worst case PATCH = Lock on document + PUT

  39. worst case POST = Lock on system + PUT

  40. Resources Renderer Business Logic Business Data optional

  41. Before Request + Business Logic + DB Access + Rendering

    After Request + DB Access + Rendering

  42. Performance

  43. Resources Renderer Business Logic Business Data Renderer

  44. Resources Renderer Business Logic Business Data Renderer Business Logic

  45. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

  46. Resources Renderer Business Logic Business Data Renderer Business Logic Resources

    Business Data

  47. Server Box A Box B GET GET

  48. Server Box A Box B PUT PUT PUT

  49. Server Box A Box B PATCH PATCH PUT + Lock

  50. Server POST ? :(

  51. Browser support? :( <a href=”/” method=”delete”> <form method=”patch”>

  52. Locking? HTTP?

  53. Locking :(

  54. Optimistic Locking :)

  55. PATCH / If-Match: “XYZ”

  56. PUT / If-Non-Match: *

  57. DELETE / If-Match: *

  58. PATCH / If-Unmodified- Since: ...

  59. Browser support? :( <form if-match=”...”> <form if-unmodified-since=”...”>

  60. Scalability

  61. Example Attack JSON CSRF

  62. // https://foo/secrets.json [“chunky”, “bacon”]

  63. <script ! src=”https://foo/secrets.json” ! type=”text/javascript” />

  64. Browser support? :( <script ! src=”https://foo/secrets.json” ! type=”text/javascript” /> GET

    /secrets.json Accept: */*

  65. var captured = []; var oldArray = Array; function Array()

    { var obj = this, id = 0, capture = function(value) { obj.__defineSetter__(id++, capture); if (value) captured.push(value); }; capture(); }

  66. Old Architecture Rerun Request Without Session Side-effects? Server load? :(

  67. New Architecture Don’t Authenticate with Session Yay!

  68. Security

  69. Also, Hypermedia! ;)

  70. Interoperability

  71. hej och tack för kaffet jag är glad att vara

    här sätt på en kanna till för jag stannar ett tag hej och tack för kaffet jag är glad att vara här sätt på en kanna till för jag stannar ett tag