Most of us are familiar with HTTP, but when it actually comes to creating cacheable web content, there is still a lot to be learned. In this presentation I will show you how to leverage specific mechanism to achieve a good hit rate without losing touch with some of the challenges of real-life web projects. Keywords: cache control, cache variations, conditional requests, stateful content, HTTP fragments, invalidation. The goals is to empower developers to control the behavior of reverse caching proxies like Varnish, Content Delivery Networks, or even browser cache, using the power of HTTP.
More information about this HTTP caching talk can be found on https://feryn.eu/speaking/leverage-http-to-deliver-cacheable-websites-codemotion-rome-2018/
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...NoNameCon
https://cfp.nonamecon.org/nnc2020/talk/9LMJAH/
For many years, injection-based vulnerabilities such as XSS and SQL-injection have dominated the web security landscape. However, as browsers and applications are becoming increasingly complex, new vulnerability classes surface. One of these new-kids-on-the-block is XSLeaks, a vulnerability class that exploit side-channel leaks in the browser to extract information across origins. In this presentation, I will describe the various types of leaks in different browser features and the network layer, and discuss how these issues can be exploited to extract sensitive information from an unwitting victim. Furthermore, the talk will cover the numerous (new) defences that need to be adopted in order to safeguard web applications (SameSite cookies, COOP, COEP, ...), and their potential shortcomings. Finally, we will take a peak into the future, and discuss how XSLeaks will likely evolve in the coming months and years.
200, 404, 302. Is it a lock combination? A phone number? No, they're HTTP status codes! As we develop Web applications, we encounter these status codes and others, and often we make decisions about which ones to return without giving much thought to their meaning or context. It's time to take a deeper look at HTTP. Knowing the methods, headers, and status codes, what they mean, and how to use them can help you develop richer Internet applications. Join Ben Ramsey as he takes you on a journey through RFC 2616 to discover some of the gems of HTTP.
Most of us are familiar with HTTP, but when it actually comes to creating cacheable web content, there is still a lot to be learned. In this presentation I will show you how to leverage specific mechanism to achieve a good hit rate without losing touch with some of the challenges of real-life web projects. Keywords: cache control, cache variations, conditional requests, stateful content, HTTP fragments, invalidation. The goals is to empower developers to control the behavior of reverse caching proxies like Varnish, Content Delivery Networks, or even browser cache, using the power of HTTP.
More information about this HTTP caching talk can be found on https://feryn.eu/speaking/leverage-http-to-deliver-cacheable-websites-codemotion-rome-2018/
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...NoNameCon
https://cfp.nonamecon.org/nnc2020/talk/9LMJAH/
For many years, injection-based vulnerabilities such as XSS and SQL-injection have dominated the web security landscape. However, as browsers and applications are becoming increasingly complex, new vulnerability classes surface. One of these new-kids-on-the-block is XSLeaks, a vulnerability class that exploit side-channel leaks in the browser to extract information across origins. In this presentation, I will describe the various types of leaks in different browser features and the network layer, and discuss how these issues can be exploited to extract sensitive information from an unwitting victim. Furthermore, the talk will cover the numerous (new) defences that need to be adopted in order to safeguard web applications (SameSite cookies, COOP, COEP, ...), and their potential shortcomings. Finally, we will take a peak into the future, and discuss how XSLeaks will likely evolve in the coming months and years.
200, 404, 302. Is it a lock combination? A phone number? No, they're HTTP status codes! As we develop Web applications, we encounter these status codes and others, and often we make decisions about which ones to return without giving much thought to their meaning or context. It's time to take a deeper look at HTTP. Knowing the methods, headers, and status codes, what they mean, and how to use them can help you develop richer Internet applications. Join Ben Ramsey as he takes you on a journey through RFC 2616 to discover some of the gems of HTTP.
Scaling out on the cloud is easy. Especially, if you have a software provisioning system that helps you to deploy your environment wherever you want. This session will give you an overview of the fantastic new features of HAProxy V 1.5, and how you can integrate it into your environment to build a high available environment, using open source software. Starting with a single-webserver + mysql setup provisioned via chef, we will deploy an HA Proxy Cluster in front and scale out your nginx and mysql database backend.
In this presentation, I show the audience how to implement HTTP caching best practices in a non-intrusive way in PHP Symfony 4 code base.
This presentation focuses on topics like:
- Caching using cache-control headers
- Cache variations using the Vary header
- Conditional requests using headers like ETag & If-None-Match
- ESI discovery & parsing using headers like Surrogate-Capability & Surrogate-Control
- Caching stateful content using JSON Web Token Validation in Varnish
More information about this presentation is available at https://feryn.eu/speaking/developing-cacheable-php-applications-php-limburg-be/
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Michele Orru
Browser exploits are a primary attack vector to compromise a victims internal network, but they have major restrictions including; limited current browser exploits; the huge price for 0-day browser exploits; and exploit complexity due to sandboxing. So, instead of exploiting the victims browser, what if the victims browser exploited internal systems for you?
The new "BeEF Bind Exploit Proxy" module does this! This BeEF (Browser Exploitation Framework) module will allow penetration testers to proxy exploits through a victims web browser to compromise internal services. Not only this, but the new "BeEF Bind" shellcode also enables the communication channel to the attacker to pass back through the existing browser session.
This attack technique (Inter-protocol Exploitation) removes browser-based attacks from being dependent upon browser vulnerabilities. It increases the number of potential exploits to include many service vulnerabilities throughout the internal corporate network. This includes whatever service can be contacted via a browser request. This increases the success rate of client-side exploitation attempts by dramatically increasing the number of vulnerabilities accessible to the attacker.
So how does the new BeEF Bind Exploit Proxy work? BeEF is configured to use the BeEF Bind Exploit Proxy, and is set as the payload for XSS exploits or Phishing attacks. Once the victim visits the malicious site, their web browser becomes hooked and performs JavaScript port scanning across the internal corporate network looking for chosen open ports. Once a server has been identified, the BeEF server is notified and begins to send exploits through the hooked web browser to the service on the internal server. Each of these exploits are configured to use the new BeEF Bind shellcode.
Once an exploit has successfully triggered a vulnerability within the internal service, the BeEF Bind shellcode is executed. This shellcode is designed to setup a web-listener that proxies commands through to a shell on the compromised server. This allows the attacker to send commands through the hooked web browser to the BeEF Bind payload. The command is executed on the compromised server and returned to the web browser in HTTP responses. The hooked web browser is then able to receive the command output and proxy it back to the attacker at the BeEF server.
Penetration testers can now inject steroids into their XSS exploits by replacing simple alert boxes with demonstrations of actual compromised internal machines. They can also now increase the scope and success rate of their Phishing attacks to compromise internal servers. This new approach also minimizes the likelihood of IDS/IPS detection, and does not require an additional socket open back to the attacker via the firewall.
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveCheckmarx
Presented by Paulo Silva, Security Researcher at Checkmarx on October 31, 2018 at Polytechnic Institute of Cávado and Ave.
Learn all about the OWASP Top 10 from his talk:
Part I
Web Application architecture
The HTTP protocol
HTTP Request walk-through
Part II
What is OWASP
What is the OWASP TOP 10
OWASP Top 10 walk - through
Hosting Client Websites on a WordPress Multisite Networkpeterwilsoncc
Presentation from the WordPress Melbourne meetup on May 11, 2011.
This presentation was based on an earlier post http://bit.ly/hMsFKg
---
Peter Wilson will be showing us how to use WordPress Multisite to host your client websites.
This reduces maintenance time because upgrading all of your client sites becomes almost as easy as upgrading it for one.
WordPress multisite was a popular topic at our March meetup, so come along and learn all about WordPress Multisite.
Scaling out on the cloud is easy. Especially, if you have a software provisioning system that helps you to deploy your environment wherever you want. This session will give you an overview of the fantastic new features of HAProxy V 1.5, and how you can integrate it into your environment to build a high available environment, using open source software. Starting with a single-webserver + mysql setup provisioned via chef, we will deploy an HA Proxy Cluster in front and scale out your nginx and mysql database backend.
In this presentation, I show the audience how to implement HTTP caching best practices in a non-intrusive way in PHP Symfony 4 code base.
This presentation focuses on topics like:
- Caching using cache-control headers
- Cache variations using the Vary header
- Conditional requests using headers like ETag & If-None-Match
- ESI discovery & parsing using headers like Surrogate-Capability & Surrogate-Control
- Caching stateful content using JSON Web Token Validation in Varnish
More information about this presentation is available at https://feryn.eu/speaking/developing-cacheable-php-applications-php-limburg-be/
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Michele Orru
Browser exploits are a primary attack vector to compromise a victims internal network, but they have major restrictions including; limited current browser exploits; the huge price for 0-day browser exploits; and exploit complexity due to sandboxing. So, instead of exploiting the victims browser, what if the victims browser exploited internal systems for you?
The new "BeEF Bind Exploit Proxy" module does this! This BeEF (Browser Exploitation Framework) module will allow penetration testers to proxy exploits through a victims web browser to compromise internal services. Not only this, but the new "BeEF Bind" shellcode also enables the communication channel to the attacker to pass back through the existing browser session.
This attack technique (Inter-protocol Exploitation) removes browser-based attacks from being dependent upon browser vulnerabilities. It increases the number of potential exploits to include many service vulnerabilities throughout the internal corporate network. This includes whatever service can be contacted via a browser request. This increases the success rate of client-side exploitation attempts by dramatically increasing the number of vulnerabilities accessible to the attacker.
So how does the new BeEF Bind Exploit Proxy work? BeEF is configured to use the BeEF Bind Exploit Proxy, and is set as the payload for XSS exploits or Phishing attacks. Once the victim visits the malicious site, their web browser becomes hooked and performs JavaScript port scanning across the internal corporate network looking for chosen open ports. Once a server has been identified, the BeEF server is notified and begins to send exploits through the hooked web browser to the service on the internal server. Each of these exploits are configured to use the new BeEF Bind shellcode.
Once an exploit has successfully triggered a vulnerability within the internal service, the BeEF Bind shellcode is executed. This shellcode is designed to setup a web-listener that proxies commands through to a shell on the compromised server. This allows the attacker to send commands through the hooked web browser to the BeEF Bind payload. The command is executed on the compromised server and returned to the web browser in HTTP responses. The hooked web browser is then able to receive the command output and proxy it back to the attacker at the BeEF server.
Penetration testers can now inject steroids into their XSS exploits by replacing simple alert boxes with demonstrations of actual compromised internal machines. They can also now increase the scope and success rate of their Phishing attacks to compromise internal servers. This new approach also minimizes the likelihood of IDS/IPS detection, and does not require an additional socket open back to the attacker via the firewall.
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveCheckmarx
Presented by Paulo Silva, Security Researcher at Checkmarx on October 31, 2018 at Polytechnic Institute of Cávado and Ave.
Learn all about the OWASP Top 10 from his talk:
Part I
Web Application architecture
The HTTP protocol
HTTP Request walk-through
Part II
What is OWASP
What is the OWASP TOP 10
OWASP Top 10 walk - through
Hosting Client Websites on a WordPress Multisite Networkpeterwilsoncc
Presentation from the WordPress Melbourne meetup on May 11, 2011.
This presentation was based on an earlier post http://bit.ly/hMsFKg
---
Peter Wilson will be showing us how to use WordPress Multisite to host your client websites.
This reduces maintenance time because upgrading all of your client sites becomes almost as easy as upgrading it for one.
WordPress multisite was a popular topic at our March meetup, so come along and learn all about WordPress Multisite.
This afternoon I gave a very short introduction to computer programming at Trade School (tradeschool.ourgoods.org). I used JavaScript to illustrate the process of learning how to program, mainly because there's nothing to install and it has many practical uses.
Each technological age has been marked by a shift in how the industrial platform enables companies to rethink their business processes and create wealth. In the talk I argue that we are limiting our view of what this next industrial/digital age can offer because of how we read, measure and through that perceive the world (how we cherry pick data). Companies are locked in metrics and quantitative measures, data that can fit into a spreadsheet. And by that they see the digital transformation merely as an efficiency tool to the fossil fuel age. But we need to stretch further…
Web Application Security 101 - 02 The BasicsWebsecurify
In part 2 of Web Application Security 101 we cover the basics of HTTP, HTML, XML, JSON, JavaScript, CSS and more in order to get you up to speed with the technology. This knowledge will be used during the rest of the course to explore the various security aspects effecting web applications today.
An overview of the HTTP protocol showing the protocol basics such as protocol versions, messages, headers, status codes, connection management, cookies and more.
But it still remains an overview without in-depth information. Also some key aspects are left out (because of limited time) such as authentication, content negotiation, robots, web architecture etc..
#Cache can be our best friend or our worst enemy, that is why understanding this issue is so important. Good cache configuration can easily improve user web experience.
Cache can be our best friend or our worst enemy, that is why understanding this issue is so important . Good cache configuration can easily improve user web experience.
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol.
To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQ
How HTTP/2 will change the web as we know itWoorank
The future is here with one of the biggest changes since the existence of the internet: HTTP/2. The second coming of the internet! But what does it actually mean? How do I make my website ready for it? And will it affect rankings? In this talk we’ll look at the new protocol from the SEO’s perspective and try to find answers for all these questions. The presentation was given by Nils De Moor, CTO and co-founder of Woorank, at BrightonSEO in September 2016.
Walks through the basics of the HTTP protocol, URLs, cookies and caching, with tricks and tips that can be used by web developers. From a Geek.class I did on Oct 6, 2011 for Meet the Geeks.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
2. Hi!
• I’m Dan, ITP alum 2007
• Projects I’ve worked on: ShiftSpace, You Are
Not Here, Atlas Gloves
• More recently: MoMA.org, Future
Archaeology, photography
3. Agenda
• Big picture stuff
• Client-side
• Server-side
• Data storage
• AJAX & Comet
4. Big picture
• The web is about clients talking to servers
• The language is HTTP
• Invented by (Sir) Tim Berners-Lee
• Mosaic browser released in 1993
• Graphical-based web is a teenager
5. Web client
• Being a client is all about asking for stuff
• Clients make HTTP requests, get back data
• Data is turned into webpages, podcasts,
iPhone apps, etc.
6. Web server
• Being a server is all about giving stuff out
• Servers get an HTTP request, send data
• Once data is sent, job is done (mostly)
9. How you get stuff
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
10. The request
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK Initiated by a browser, the web client
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
11. The response
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
The site’s web server decides how to treat the request
12. Headers
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
Both the request and response include headers of the form key: value¬
13. Request method
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
14. Request method
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1 GET + POST are the request
Cache-Control: private, max-age=0 methods we care about
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws GET HEAD
Content-Length: 3533 POST TRACE
X-XSS-Protection: 0 PUT OPTIONS
DELETE CONNECT
15. Request path
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
16. Request path
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1 Other path examples
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8 /page.html
Content-Encoding: gzip /?q=cat%20pictures&btn=...
Server: gws /images/title.png
Content-Length: 3533
X-XSS-Protection: 0 /2009/10/19/naval-gazing
17. Status code
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
18. Status code
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1 Common status codes
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8 200 OK
Content-Encoding: gzip 302 Found
Server: gws 304 Not modified
Content-Length: 3533
X-XSS-Protection: 0 404 Not found
500 Server error
19. The page HTML
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
<!doctype html><html><head><meta http-equiv="content-type" content="text/
html; charset=UTF-8"><title>Google</title>...
20. The page HTML
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=1b1e370406541f31:U=cbfc7563400e91be:LD=en:NR=10:TM=12546...
HTTP/1.x 200 OK
Date: Sun, 18 Oct 2009 23:43:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 3533
X-XSS-Protection: 0
<!doctype html><html><head><meta http-equiv="content-type" content="text/
html; charset=UTF-8"><title>Google</title>...
21. Repeat for each file
The same HTTP request, response process is repeated for each of the six
files that compose this Google page view
23. JavaScript
• Simple, flexible, and slightly weird
• C-like syntax, inspired by Self and Lisp
• See also: Ecmascript, Dynamic-HTML
(DHTML), AJAX, Comet
• Uses the Document Object Model (DOM) API
• Frameworks (Prototype, jQuery, Dojo,
MooTools, etc.) abstract the DOM away
27. Flash
• First: Animated movies! On the internets!
• Then: interactive swishy things! Fun!
• Now: Videos! On the internets!
28. Flash is essential for...
• Sound (stream an MP3 file)
• Full screen
• Brochure-ware (a’la nike.com)
• sIFR (use any font, consistently)
• Various other things (multi-file uploads,
quasi-WebSockets, annoying advertising)
29. Flash <embeds>
• Popular way to embed videos
• Embeds are over-complicated and often
don’t pass validation
• I like the SWFObject library, or Swiff utility
in MooTools
30. HTML5
• Not really a “Flash-killer”
• Collection of new HTML standards
• <canvas> for graphics
• <video> and <audio> for media
• Plus a whole lot of other stuff
31. Why HTML5 is good
• Vendor-driven instead of standards-driven
• Open process with a single guiding vision
(Ian Hickson from Google)
• See: Dive Into HTML5
32. Server-side
• Languages: PHP, Ruby, Python, Java, C#
• Frameworks: Ruby on Rails, Django,
CakePHP, Symfony, .NET, WordPress
• Some crazy people even write JavaScript on
the server-side
33. PHP
• Quick & dirty workhorse
• Upload a .php file, load it in a browser, done!
• Good for small websites
34. Ruby on Rails
• More “fussy” and “magical”
• Relies on Model/View/Controller pattern
• The Passenger/mod_rails project makes it
work nicely on the Apache web server
• Good for medium-sized projects
35. Java
• I don’t know much about Java
• More enterprise-y
• Good for big sites
36. Data storage
• Data stores keep data & code separate
• MySQL, PostgreSQL, SQL Server are relational
databases (RDBMS) and use SQL
• CouchDB and others known as “no-SQL” are
gaining traction
• SQL is more established, but not as simple to
learn
37. AJAX
• Stands for: Asynchronous JavaScript & XML
• Invented by Microsoft, popularized by
Adaptive Path
• Synonymous with interactive JavaScript
• Put more stuff onto the page without
reloading the whole page
38. Comet
• Used for things like GMail & Facebook chat
• Allows the server to send you data
• Still mostly faking it with long polling
• New standard called WebSockets is in the
works
39. Thanks!
• Send me email: dan@phiffer.org
• Catch me on Twitter: @dphiffer
• Talk to me in the lounge!