Daniel Stenberg’s new tool for parsing & manipulating URLs might fit nicely into HTTP your utility belt.
URLs are tricky to parse and there are numerous security problems in software because of this. trurl wants to help soften this problem by taking away the need for script and command line authors everywhere to re-invent the wheel over and over.
Scott Antipa:
I’m working on a flowchart editor that runs in the browser, and I wanted a way for people to use it without having to sign in, or store any data on our server. I wanted to give them control over their data and to be able to store it locally to open and edit later. And also easily share it with other people. It’s easy to do this by supporting file upload/download, but I wanted something simpler, like the ability to share by sending a url. I also didn’t want to store anything on the backend (at least for the free tier).
What he decided on was to base64 encode the entire application state and store it in the fragment section of the URL. I love all the upsides of this approach and it’s pretty trivial to accomplish. Here’s the pseudocode that Scott provides in his post:
const stateString = JSON.stringify(appState); // appState is a json object
const compressed = compress(stateString);
const encoded = Base64.encode(compressed);
// Push that `encoded` string to the url
// ... Later, on page load or on undo/redo we read the url and
// do the following
const decoded = Base64.decode(encoded); // same encoded as above, but read from url
const uncompressed = uncompress(decoded);
const newState = JSON.parse(uncompressed);
// Now load your application with the newState
This looks a lot like the early days of Postman. Built with Vue.js.
You can think of this like fetch() or curl but entirely in SQL:
select request_url, response_status, response_headers
from http_get('http://httpbin.org/get');
The cool thing is you can save everything from the request: status code, headers, the body (of course), timestamps, and more. Great for archiving!
-- initialize a table
create table snapshots as
select * from http_get('https://changelog.com');
-- To add more rows later on
insert into snapshots
select * from http_get('https://changelog.com');
Matt Holt (creator of Caddy) gives a deep dive into how the web server works and some of the design decisions and patterns that make it reliable, extensible, and delightful.
One of the interesting things about the design of Caddy is that its core is just configuration management. It pushes out all other functionality into modules so that basically the only thing left in core is accepting and reacting to configuration changes.
Connect’s creators call it a “better gRPC”, but I am in no position to evaluate that claim so I will leave it as an exercise for you. Here’s what they have to say about it:
Connect is production-ready — focused, simple, and debuggable — and it’s fully compatible with gRPC clients and servers. If you’re frustrated by the complexity and instability of today’s gRPC libraries, we think you’ll find Connect a breath of fresh air.
Go library out now. Connect for TypeScript is “coming soon”
Matt Holt & Mohammed S. Al Sahaf sit down with Natalie & Jon to discuss every gopher’s favorite open source web server with automatic HTTPS!
In addition to laying out what Caddy is and why it’s interesting, we dive deep into how you can (and why you might want to) extend Caddy as a result of its modular architecture.
Florin Lipan managed to squeeze a fully-functional static web server into a Docker image that has a 186KB footprint! Here I was thinking FROM alpine was a skinny starting point…
There are a lot of HTTP client tools out there. This one is neat because of its simple/repeatable plain text API that I’d imagine works great for writing integration tests.
# Get home:
GET https://example.net
HTTP/1.1 200
[Captures]
csrf_token: xpath "string(//meta[@name='_csrf_token']/@content)"
# Do login!
POST https://example.net/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}
HTTP/1.1 302
This may seem silly at first, but DeepfakeHTTP actually has a bunch of interesting use cases:
Matt Holt joins Jon Calhoun to discuss Caddy, its history, and the process of creating a v2 of the popular web server. In the episode they discuss some of the challenges encountered while building the v2, reasons for doing a major rewrite, and more.
A deep-dive on what conditional HTTP requests are, reviewing the main pieces of the RFC, explaining the semantics of validators and preconditions, then showing examples how you can implement conditional HTTP GETs in your web app.
Prestige rivals rich HTTP clients such as Postman and Insomnia by being… less rich. BUT. All you have to do is fire it up in your browser and type out some plain text. So straight forward!
Althttpd is a simple webserver that has run the sqlite.org website since 2004. Althttpd strives for simplicity, security, and low resource usage.
As of 2018, the althttpd instance for sqlite.org answers about 500,000 HTTP requests per day (about 5 or 6 per second) delivering about 50GB of content per day (about 4.6 megabits/second) on a $40/month Linode. The load average on this machine normally stays around 0.1 or 0.2. About 19% of the HTTP requests are CGI to various Fossil source-code repositories.
Richard has a knack for creating simple, high quality tools. When we did our (now legendary) show with him back in 2016, he was quite keen on coming back at some point to discuss Fossil. Should we make that happen?
Learn the history and evolution of same-origin policy and CORS, understand CORS and the different types of cross-origin access in depth, and learn (some) best practices.
We have to stop insisting that software updates, etc. need to be distributed over HTTPS. Let me tell you why this is not an ideal way of going about it.
Sometimes a seemingly simple and straightforward function hides a surprising performance profile.
This blog post shows how to combine a few tools available with Elixir, OTP, and related ecosystem in order to understand and improve the memory footprint of an HTTP call.
Caddy has been around for a while, so this is a major release for the project. Hard to believe this is true today (emphasis added)
Still the only web server to use TLS automatically and by default.
Caddy 2’s new architecture was inspired by 5 years of experience with Caddy 1 and took 14 months to design. There’s a lot here, so we probably need to get the team on The Changelog or Go Time to discuss in depth.
I love internet history articles like this one from Cloudflare:
On the 11th of January 1982 twenty-two computer scientists met to discuss an issue with ‘computer mail’ (now known as email). Attendees included the guy who would create Sun Microsystems, the guy who made Zork, the NTP guy, and the guy who convinced the government to pay for Unix. The problem was simple: there were 455 hosts on the ARPANET and the situation was getting out of control.
I know the Go community isn’t one for frameworks, but as a long time framework user myself, I’ve never quite understood the resistance. Fiber doesn’t hide the ball. It comes right out and says “this is a web framework written in Go”. Here’s the philosophy behind that:
New gophers that make the switch from Node.js to Go are dealing with a learning curve before they can start building their web applications or microservices. Fiber, as a web framework, was created with the idea of minimalism and follow UNIX way, so that new gophers can quickly enter the world of Go with a warm and trusted welcome.
Fiber is inspired by Express, the most popular web framework on the Internet. We combined the ease of Express and raw performance of Go. If you have ever implemented a web application on Node.js (using Express or similar), then many methods and principles will seem very common to you.
Deno (the new JS/TS runtime from Node creator Ryan Dahl) is nearing its 1.0 release, so it’s getting a first (or second) look by many curious devs out there.
HTTP/3 is the next protocol for network communication across the Web, which is meant to partially replace HTTP/1 and HTTP/2. One month before the next QUIC Working Group meeting, to be held in Zurich next February, it may be useful to recap what HTTP/3 promises and what its current client/server support looks like.
It’s been awhile since we discussed QUIC and HTTP/3 with curl’s Daniel Stenberg. A lot has happened since then, and this InfoQ article will do a good job of catching you up. Browser support is still limited, but things are coming along nicely.
localdots combines Caddy and smallstep/certificates with automated configuration and hot reload.
- Generates SSL/TLS certificates automatically
- Reloads Caddy automatically with every change
An activity diagram to describe the resolution of HTTP response status codes, given various headers, implemented via semantical callbacks.
This would look cool hanging on your wall (or the wall of a special web developer in your life 😉).
