Web heresies


Published on

5 Heresies for a Better World: some playful challenges to everyone's assumptions about building for the modern web.

(From some time back in 2008, so some of the references have been forgotten by now. The points about having to think, and not just following the crowd without thinking, and cats being evil and about to make us all obsolete slaves, are still pretty relevant thought.)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Web heresies

  1. 1. 5 Heresies James Aylett Kittens with JetpacksThursday, 27 October 2011
  2. 2. 5 Heresies For A Better World James Aylett Kittens with JetpacksThursday, 27 October 2011
  3. 3. 1: Don’t use a web frameworkThursday, 27 October 2011Web frameworks make it easier to do the repetitive tasks involved in creating a web appthat weren’t terribly difficult in the first place. Which saves time, but has some problems.So what actually happens when you start using the latest, sexiest framework?
  4. 4. Thursday, 27 October 2011Whee! This Nightshade framework is so cool. I wrote my web app in 10 minutes. Give melots of money!
  5. 5. Thursday, 27 October 2011Then you do the usual things with a new site - you squash bugs...
  6. 6. Thursday, 27 October 2011and get distracted by dinosaurs.
  7. 7. Thursday, 27 October 2011And next you start getting some real users (ie not your mum), and things get a bitslower, and your investors come calling because they can’t get on your site to look at theattractive coeds. So you do the sensible thing and add some more machines in, prayingto god that you understood the idea of shared-nothing and that your database isn’t tooshabby.
  8. 8. Thursday, 27 October 2011For bonus points, you read Cal’s book.
  9. 9. Thursday, 27 October 2011Then you get more bugs, and more users, and more bugs - and eventually you’re notfixing your own bugs, you’re diving into the framework and fixing theirs.
  10. 10. Thursday, 27 October 2011At least they’re nice people who say thank you.
  11. 11. Thursday, 27 October 2011And, if you’re really lucky, you get enough users that you end up with a room full ofservers, and learn about all the nasty details of how mysql prevents deadlocking, or howyour storage server distributed file blocks across spindles, or how web browsers fuck upTCP congestion control algorithms. And of course you start running into those weird rarebits of the framework that don’t actually scale for you.
  12. 12. Thursday, 27 October 2011Because of aliens.
  13. 13. Thursday, 27 October 2011And this goes on until your database freezes solid, your site goes down for days on end,and your users remember they didn’t actually need it in the first place. Your investorsstart screaming...
  14. 14. Thursday, 27 October 2011... and if you’re really famous, so does Michael Arrington.
  15. 15. Thursday, 27 October 2011In the best case scenario, one of your investors was Y Combinator, and you rewrite theentire thing in arc.
  16. 16. Thursday, 27 October 2011
  17. 17. Thursday, 27 October 2011
  18. 18. Thursday, 27 October 2011Frameworks give you a number of really import things: a templating system which isn’tthe one you want, a URI dispatcher, which doesn’t match your URI scheme, an ORMthat’s less powerful than the one you would have used otherwise (and that’s certainlyless powerful than just using your database directly), and finally...
  19. 19. Thursday, 27 October 2011... an octopus higher up your call stack. The problem is that while frameworks save you atonne of time, YOU DON’T UNDERSTAND YOUR FRAMEWORK, unless you wrote it. Atsome point it will stop being a help and start being a hindrance, because their problemspace is not yours.
  20. 20. Thursday, 27 October 2011Besides, it’s lazy. Standing on the shoulders of giants is pretty awesome, but it’s really awaste of time unless you’re looking for something high up.
  21. 21. Thursday, 27 October 2011Most websites aren’t up there, and while you’re looking around, your competitors areeating you. Or the shrubs, depending on how good they are.
  22. 22. Thursday, 27 October 2011So let’s go back to our new framework Nightshade. It’s got all the standard stuff...
  23. 23. Thursday, 27 October 2011and then people start adding new features.
  24. 24. Thursday, 27 October 2011Many of these are really important.
  25. 25. Thursday, 27 October 2011But many are increasing complexity of the framework without actually giving YOU anyadvantages.
  26. 26. Thursday, 27 October 2011Features become optional, which generally either increases the length of the callstackbefore it hits your code or at best makes it harder to just pick up an instance of theframework and figure out what’s going on, because some core section has been replacedsomewhere in a config file.
  27. 27. Thursday, 27 October 2011In any case, people keep on adding new features...
  28. 28. Thursday, 27 October 2011Until we pass the Zawinski threshold, and it starts reading your email.
  29. 29. Thursday, 27 October 2011Of course, that’s pretty helpful in a web app, so people don’t really notice.
  30. 30. Thursday, 27 October 2011And features keep on being added until someone has a REALLY smart idea of adding
  31. 31. Thursday, 27 October 2011a user scripting system. At the most extreme, this is itself a framework that allows youto use a DSL rather than writing code in your base language. Typically this starts in thetemplating layer, but if it’s designed well, hell you might as well start using it fortriggers in your models, or for flexible configuration, or to run deployment scripts.
  32. 32. Thursday, 27 October 2011And then someone has the REALLY smart idea of just reimplementing the entireframework in terms of the scripting system...
  33. 33. Thursday, 27 October 2011Which of course makes perfect sense. Except that then you’ve just obeyed Greenspan’s10th Law, which really just means ...
  34. 34. Thursday, 27 October 2011you’ve built emacs. And we’ve probably got enough of them already.
  35. 35. Thursday, 27 October 2011However NONE of this actually helps you once you start to hit serious scale. For thatyou’re going to need architecture.
  36. 36. Thursday, 27 October 2011And I’m afraid for that you’re going to have to think.
  37. 37. 2: Don’t build an APIThursday, 27 October 2011Look, you could have built an API. But you chose to build a website. If you have decentURI design, and use microformats, and you were only thinking of building a read-onlyAPI anyway, then just don’t bother. Which is probably just as well, because you’d onlyget it wrong.
  38. 38. Thursday, 27 October 2011And everyone is watching.
  39. 39. Thursday, 27 October 2011In fact, APIs are notoriously difficult to get right. Here’s are just a few ways you can getthem wrong.
  40. 40. Thursday, 27 October 2011Firstly, you could use XML. It’s not that XML’s a bad language for moving data around;it’s really not. But there are lots of exciting ways of getting it wrong. Actually, it’sdifficult to see why. This guy’s Tim Bray, one of the guys who invented XML. He said:
  41. 41. “Anyone who can’t make [...] well-formed XML is an incompetent fool” - Tim BrayThursday, 27 October 2011Which is true. Unfortunately we’re all incompetent fools. I am, you are, and lots ofimportant people reckon XML’s too hard to generate. They include James Clark, and thisguy:
  42. 42. Thursday, 27 October 2011Henri Sivonen, who went to the lengths of coming up with a list of things to do and notto to make sure you get XML right. Turns out there are 19 points! So maybe trying to getall them right isn’t such a great idea.
  43. 43. Thursday, 27 October 2011Another popular choice for moving data around these days is JSON. JSON’s pretty simple,although there are a couple of simple mistakes you can make. But there are goodlibraries for it (although to be fair, if everyone used good XML libraries, that wouldn’t bea problem either). However there’s an interesting wrinkle that comes out of using JSON.
  44. 44.  Thursday, 27 October 2011JSON isn’t HTML. It’s NOTHING TO DO WITH HTML. But these little HTML named entityescapes have a tendency to creep into JSON outputs of APIs, often because the APIs wereoriginally intended for internal use in loading little chunks of data to quickly spit out intoinnerHTML. This doesn’t help very much when people start using it for other things.
  45. 45. Thursday, 27 October 2011And then there’s REST. No one understands REST. Okay, Roy T. Fielding probablyunderstands it, but given that he makes it looks like industrial plumbing, we’re probablynot going to get it right. The trouble is, you really don’t want to use SOAP (or you’llmake Mark Baker cry), so you’re going to have to try. If you get it wrong...
  46. 46. Thursday, 27 October 2011... and REST purists will burn you in effigy. And you’re limiting the ability of larger sitesto use you without killing your servers.
  47. 47. Thursday, 27 October 2011But there is a chance that some big site will come along, have a look at your lovely API,and
  48. 48. Thursday, 27 October 2011Suck all of your data out. But there aren’t many that will do that, except in Russia andChina, so you can probably ignore that. Of course, lots of other startups probably wantyour data, but they’re going to be subtle about it - they’ll buy a couple of hackers, and abotnet. In Russia or China. So you could just block those countries. And if you do that, ofcourse you don’t really need to bother internationalising and localising your API. Or website.
  49. 49. Thursday, 27 October 2011Oh - except that Richard Ishida will eat your children. Here he is, demonstrating how todirect traffic in both France and Japan at the same time.
  50. 50. Thursday, 27 October 2011So APIs require you to think. This may become a theme. Of course, you don’t have tothink.
  51. 51. Thursday, 27 October 2011You could not build an API, as I suggested. Or I suppose you could hire me.
  52. 52. 3: Don’t make ′em prettyThursday, 27 October 2011
  53. 53. Thursday, 27 October 2011Lots of people can do this. Maybe not that many of them work for MSN. But moreimportant than making things pretty is making them useful - ignore the flashy bits for amoment and concentrate on the CONTENT. The DATA.
  54. 54. Thursday, 27 October 2011MSN doesn’t have much of that either.
  55. 55. Thursday, 27 October 2011This is your website if you haven’t thought about the data. It’s a disaster.
  56. 56. Thursday, 27 October 2011This is if you make it pretty.
  57. 57. Thursday, 27 October 2011Of course, if you take this perfectly-designed site, suited to its purpose, there is a riskthat by making it pretty THEN
  58. 58. Thursday, 27 October 2011you’ll throw away the utility.
  59. 59. Thursday, 27 October 2011Yeah, you’re going to have to think again.
  60. 60. 4: Don’t build websitesThursday, 27 October 2011You know, it’s just a lot easier not to bother building websites. I’m not even talkingabout using Flash, or Silverlight, or JavaFX. They still live within the browser. There’ssome problems serving stuff over HTTP in the first place, and certainly one of theseproblems is the browsers. Or should I say the user agents.
  61. 61. Thursday, 27 October 2011You’ve all heard of these user agents. Hopefully you make sure your websites work withthem. But you don’t have to worry too much about them implementing HTTP differently.
  62. 62. Thursday, 27 October 2011This is still true as we think about some more unusual web browsers.
  63. 63. Thursday, 27 October 2011Although they may surprise you with their support, or lack of, for CSS, Javascript, bits ofHTML, SSL support.
  64. 64. Thursday, 27 October 2011Then we have automated processes, one of which is probably the most important useragent your site will encounter.
  65. 65. Thursday, 27 October 2011This is the point where you really want to be speaking HTTP correctly yourself, becauseGoogle will reward you. You’ll get cookies or something.
  66. 66. Thursday, 27 October 2011There are a whole load of other things that talk to your website. Here’s a couple ofinteresting ones.
  67. 67. Thursday, 27 October 2011Package managers for your operating system, be it Windows, Mac OS, Linux, whatever.apt is interesting because it deliberately has an unusual interpretation of HTTP which bitme recently when I tried to reorganise a URI tree. It still seems to obey the rules though.
  68. 68. Thursday, 27 October 2011These guys might not. If they’re not raping your data, they might be trying to take yoursite down if you’re successful enough. It does happen. Buffer overruns, web processexploits - and that’s just at the HTTP layer. You’ll also get lower-level attacks at the TCPand IP layers. If you think you haven’t got competitors who’ll stoop to this, you still haveto cope with random hackers.
  69. 69. Thursday, 27 October 2011We’re starting to get interesting things on the internet as well. Clocks, refrigerators,robots...
  70. 70. Thursday, 27 October 2011... rabbits. At least some of these can’t speak HTTP properly. Some of them can’t speakTCP properly, because they have abbreviated network stacks because they only have 1Kof memory. Some of them are rabbits.
  71. 71. Thursday, 27 October 2011Oh, and there are these crazy people who’ll just telnet straight to your web server orload balancer and start typing away.
  72. 72. Thursday, 27 October 2011One of them’s me.
  73. 73. Thursday, 27 October 2011And we can make mistakes; instead of typing GET /girlfriend I could make a typo andinstead try to PET your girlfriend. Although that might not be a mistake. The correctresponse in this case is 405. Or 301 if you’ve sent her to a convent.
  74. 74. Thursday, 27 October 2011Then there’s stuff we haven’t even dreamed of. Or we’ve dreamed it, but we don’tbelieve it yet. And this is beginning to feel a bit like a medieval map of places we don’tknow very well, which is a fairly accurate description of all the things that can hammeron your web server.
  75. 75. Thursday, 27 October 2011And of course here be lizards.
  76. 76. Thursday, 27 October 2011This guy, if I remember correctly, is the roman God Janus. He’s a gatekeeper. His headpoints in both directions, and he enjoys close harmony singing. He’s a pretty goodanalogy for the routers and gateways that make up the internet. I had this whole way ofexplaining packet routing using a banana, but it kept on getting more complex, and inthe end it was going to take half an hour all by itself and at the end we’d have hadsomething closer to a pie than a banana, so you’re going to have to take my word for itthat Janus is sometimes going to chew up your packets, drop them on the floor, ordrown out all the local Januses with his off-key singing.
  77. 77. Thursday, 27 October 2011Then there’s the topology of the network between you and the people trying to use yourwebsite.
  78. 78. Thursday, 27 October 2011And those users might have their computers set up weirdly. Most of these things willbite you even if you don’t build websites, if you just build desktop software thatfunctions over the network. Life would be easier if you just built little desktopapplications that ignore the network. Or you could just play guitar in a band, becauseyou only really need three chords.
  79. 79. Thursday, 27 October 2011Yet again, you’re going to have to think. Unless you get really good at guitar.
  80. 80. 5: Be evil; get a catThursday, 27 October 2011Firstly, because being evil is fun.
  81. 81. Thursday, 27 October 2011And cats are evil. This one’s about to steal your watch.
  82. 82. Thursday, 27 October 2011
  83. 83. Thursday, 27 October 2011The good news is that cats are smarter than you, so actually you don’t have to thinkafter all. Unfortunately they are also more evil, so when they rev the social structure ofthe universe...
  84. 84. Thursday, 27 October 2011... we’ll all be out of jobs.
  85. 85. Thursday, 27 October 2011
  86. 86. Thursday, 27 October 2011
  87. 87. http://www.flickr.com/photos/jimgris/ http://www.flickr.com/photos/thomashawk/ http://www.flickr.com/photos/pip/ http://www.flickr.com/photos/protohiro/ http://www.flickr.com/photos/psd/ http://www.flickr.com/photos/leralle/ http://www.flickr.com/photos/martinalvarez/ http://www.flickr.com/photos/maguisso/ http://www.flickr.com/photos/m-i-k-e/ http://www.flickr.com/photos/samuraifiction/ http://www.flickr.com/photos/ericasimone/ http://www.flickr.com/photos/johnmueller/ http://www.flickr.com/photos/millzero/Thursday, 27 October 2011
  88. 88. Questions?Thursday, 27 October 2011