He is a gift that keeps on giving A fundamental explanation of making a simple webserver in 25 LOC for easy understanding of its components A lecturer that 1. Uses Rust 2. Uses a framework laptop 3. USES NEOVIM very nice
@@samwalker4438 the smile is nice but it totally wrecks the value of the video. You're a bad teacher if you can't teach something clearly without going "oh disregard this part" every five seconds.
@@Ybby999 Actually in this context it helps to reduce the information down to the relevant bits. How else would you expect him to write and explain a server in less than 15 minutes?
I had this professor for a few lectures in my undergrad during covid. He was very enthusiastic, funny and explained things really well. He was also was explaining concepts with his neovim + rust setup. Happy to see him again on computerphile!
There's a degree of knowing I.T. being seen as knowing how to use Word and Excel. Been this way for a couple of decades at least. Very few people seem to know the basics.
I fully expected Python, the Visual Basic of the modern age. It's the only reason I clicked the link, to see if I was right, since for any modern environment you can write a "web server" with three statements: import web library, set default response string, invoke the listener.
Don't know if it's a coincidence, but the code really reminded of the one in the first chapters of the Rust Book - Building a Multithreaded Web Server. I've just been reading it a couple of weeks ago, and can definitely recommend taking a look if you're interested! Though it's worth mentioning that the code does contain some difficult Rust
@@vincei4252 unfortunately I can't make this comparison since I barely know C++, let alone "modern" C++. Rust does meta-programming using things called macros - from what I've heard, they're quite powerful and reasonably easy to understand? Though they're definitely WIP, so there're a couple of rough edges here and there. There was a talk recently, called something like "Anything you can do, I can do it worse with macro_rules!", where the host showed a somewhat extreme example - a macro they created that can automatically create a fully functional XML representation of a token tree of Rust code
@@vincei4252they’re as bad as each other syntactically, Rust is probably a little more coherent, but the precision demanded by the Rust compiler is simultaneously much more reassuring and frustrating. Whereas modern C++ is less coherent, but quicker to get running, but only if you accept all the footguns that come with it.
or write all of the code in one line, even if we dont strip down the server to the bare minimum, a full server is still just 1 line of code if you format it in such a way that its all on the same line.
I always recommend everyone trying to one up their programming skill is to create web server using the HTTP spec. It really teaches a lot about what programming is. There is a document that you have to follow and the expected behaviour, how you handle edge cases, how you optimize some algorithm, etc. Why HTTP and not anything else is jusy because the sheer number of implementation available that you can use as a reference.
The funny thing is, there's an async tutorial in the Rust Book that explains how to use threads with a web server do handle 4 workers. If I remember correctly it's not even 10 lines more. Would've been a cool addition!
Although my English is not good, I spent an afternoon watching and learning from this video. This video is really simple and easy to understand for beginners like me.
Great video! Just a few weeks ago my collegues and I were chatting about a web project I was working on, and the question of "How exactly does a web server even work?" came up. At the time we didn't look too deep into it, since we are all high level programmers who don't remember our college days. This really pointed out how simple you can really do it!
Tried it and damn! It worked! Utterly brilliant. What a fantastic way to learn! Yesterday it was Rust hello world for me, now I have a basic web server running.
awesome. even though i am a fullstack dev, this seemed always daunting and i never wanted to look into it but its actually super super easy. really well made!
Best channel in you tube ... i am surprised by how well and simply everything is explained. I don't use rust but i already figured out how to do it in Python!
I like this transition. We went from Perl one liners or insane algorithimic one liners to now people applying creativity to web servers and api designs. I was just thinking about how computer science is getting boring nowadays but I’m glad that there’s still a few breaths left until it totally becomes the next accounting-esque profession.
I’m not sure it will ever be an accounting-esque profession. The amount of creativity involved and flexibility of tooling, and solutions are always going to be more open ended than accounting.
@@sofianikiforova7790 I agree but I think the creativity part of it is tied behind the language. once people can code in their native languages I think more or less the syntactical accuracy will become a matter of just putting the right structure in place. So, more or less like accounting. Similarly how people still do creative stuff with accounting (eg new ways of building ledgers like crypto) but the basic premise has converged onto a more or less singular agreed-upon convention. Computer Science was fighting that premise at its very core I think with several languages and several programming paradigms. But with the advent of AI the programming paradigms or "code structure" might become meaningless. A computer for example doesn't care if the JS file is minified or beautified. We do.
One difficulty with supporting multiple sites in a webserver is that you have to support it using both raw HTTP ... and TLS SNI (ServerName Indication) and ideally TLS ESNI (Encrypted SNI)
This was really nice! I'm so used to getting everything low-level served to you as a library call when you actually need so little of the library you could just do the thing yourself.
@@sofianikiforova7790 Yes he does. I only showed one way to access directories you don't want other people to access. It wasn't meant as a "gotcha" moment. 😉
@@Turalcar I'm not sure if it would have worked on that server, tbh. In any case, I would have written the comment in the same way as it makes it easier to read/recognize, and RUclips comments are not suitable for this as anything resembling a URL is easily caught by the scam filter.
First of all, fantastic video. It's amazing how you managed to simplify such a complex topic. Second of all - as a software engineer - your corner cutting made my skin crawl. 😅
You can make a secure web site with about 60 lines of C that is extensible. Did this 28 years ago and was used as part of one the the first internet proxy firewalls.
"Those libraries" he's using one library and it's the relatively tiny Rust standard library. Try writing to stdout in less than 25 lines without calling 50 lines of C or another binary that does just that.
@@CramBLOh stop. It's just a bait title. So much is going on behind the scenes. People slowly forgetting how much work has been done by others in the past, and it boils down to "in 25 lines". It's a bit tiring. And it's all going to be forgotten if anything major happens and people don't know how to fix the problems. Cos all we'll have are the imports and no one knows the magic inside. Just 1 billion lazy devs that know the 25 lines.
Crazy to think we've abstracted all the low level aspects for creating a web server. Just going through all the standards/protocols invented to get this web server going that looks simplistic would take a lot of computer science courses to get a deep understanding of it all.
What I want to know it, how to connect a TCP socket to a serial COM port and then write a crude web server on an Arduino to simplify remote connections to embedded projects.
Glad to see Rust having reached a point where it's no longer "Building a web server in Rust" but just building a web server, oh and btw we chose this whatever language because it's mainstream enough and understandable enough to not take away from the main point of the lesson.
it's probably worth noting that even after fixing the path traversal attack, there are a number of other vulnerabilities in this implementation that make it very unlikely for me to recommend it for even small-scale deployments. just off the top of my head: rate limiting of any kind is nonexistent, resource exhaustion is trivially possible by sending an arbitrarily large request, any client can take down the server by requesting a nonexistent file, etc.. there are also a number of more subtle path traversals; even if you check for paths that contain `..` segments, you still have to account for paths that start with two slashes, etc..
While its nice to see this broken down for people, I also want to stress how dangerous this is without proper security and exploit handling. It is almost always better to implement some well known http server library if you need this functionality. It's not just handling files to have basic security here. There are all sorts of RCE via injection you have to be concerned with, etc, depending on which language you implement this in. However, this is a great exercise for learning this!
I remember a time when this webserver would have sufficed, when we could "leave our doors unlocked" metaphorically speaking, when the most malicious of actors were simply trying to bypass front door security for the sake of learning. But that time predates the webserver, the web, and even _The Cuckoo's Egg._
Could use cap-std instead of std for the file access to eliminate all the path traversal vulnerabilities, although that's obviously not the point of the video.
Laurence Tratt and @Computerphile, I hope you'll soon make a video explain how an why this naive server is so damn *vulnerable* to many sorts of attacks, particularly BF, DoS and LL attacks.
It'll also be very informative to show people how to build a http server in C in 100 lines, with socket(), recv() etc. Rust already wraps things in pretty std packages, and it has syntax noise which can confuse people who aren't familiar with it (compared to the simplicity of C)
Using a slightly different one eh? I checked, and I spot some OpenBSD httpd! High Five Laurence Tratt! (And OpenBSD does run very nice on the Framework laptop. :D )
ok I thought it was impossible to do this with such a simple view. I going to try and create this in c++ using websockets which I have used before but have failed.
I guess this useful if I wanted to build a server for an embedded system or one of those wireless sensor networks? It should take almost no space and minimum processing, given that we have single user.
Thank you for this. I work for a hosting provider and deal with Web Services of all kinds so It's really cool get an idea of how it all works under the hood. But for real though, you need to iron that shirt! 😅🤣😂
Would you say there is a use case for this in Internet of Things projects? I've heard of MQTT and other messaging technologies but for a private home network behind a firewall this is pretty low point of entry. I guess I should look into Rust and add that to my Resume too.
I have a question! How come the binary files are still served properly? I mean pics. Is the browser smart enough to figure out the media type without telling it??
The response has to include a “Content-Type:” header which identifies the MIME type of the data. In many cases there may also need to be a “Content-Encoding:” which indicates whether the data is ASCII text vs UTF-8, raw vs. gzip compressed, etc.
A normal web server would send the proper response headers detailing the information. Ours however doesn’t, the browser simply receives the data and looks into the first byte of the file, if it’s a well known magic bit it’s recognized. If not, it checks if the contents is valid ascii/utf8 if yes, it will be rendered as html. If not it’s simply a byte stream and is downloaded.
@@trevinbeattie4888 Yeah exactly, this server doesn't do that. I think the browser must be making educated guesses as to the content type of each file
The browser is the one requesting the file and knows what type of file it's requesting. If it's expecting a text file, it will render it as text. Same for images. It's not up to the server to make that determination. The contents of the file should be defined by the html page requesting it (whether it's an image file, another text based web page, etc). You can write a web page referencing nothing but files on your local computer, and it will render just fine without any webserver between the browser and your file system. Fundamentally, a web server if just a file server giving out the binary data of the files that were asked of it.
I absolutely see how something static like an iot device would want something as simple as this, lock down the folders on the operating system, don’t have anything that can be abused(I’m assuming that’s trivial, I know nothing), and just a tiny really quick server would be ideal, right?
He is a gift that keeps on giving
A fundamental explanation of making a simple webserver in 25 LOC for easy understanding of its components
A lecturer that
1. Uses Rust
2. Uses a framework laptop
3. USES NEOVIM
very nice
And runs on OpenBSD !
And uses Firefox
True
And uses gruvbox
he's too based
The joy of modern programming languages. Listening on a socket in just one line.
yep.. that itself was the main trick... that one line.. tcp listen..
java had that in 1995... ServerSocket for those asking
After looking into c it has Socket.h so even in c its there...
It's not a programming language, it's the set of libraries it comes with. I think you are confusing two things here.
The standard libraries that come with the language, are they considered part of the language?
It's two syscalls to Linux kernel too. Not so heavy to implement that in any language that allows to do syscalls.
I loved Laurie’s smile each time he wrote something he knew was absolutely dodgy!
I write webservices for a living and I have that same energy when realizing I can cheat the system and completely ignore convention.
@@samwalker4438 the smile is nice but it totally wrecks the value of the video. You're a bad teacher if you can't teach something clearly without going "oh disregard this part" every five seconds.
@@Ybby999 Actually in this context it helps to reduce the information down to the relevant bits. How else would you expect him to write and explain a server in less than 15 minutes?
I had this professor for a few lectures in my undergrad during covid. He was very enthusiastic, funny and explained things really well. He was also was explaining concepts with his neovim + rust setup. Happy to see him again on computerphile!
Honestly I didn't expect the fundamentals of HTTP to be so easy. This sort of "from-the-ground-up" approach was really fun to watch!
email is of similar complexity.
Sure, when you have libraries in place that do all the actual on the ground stuff we don't see in the video.
@@Faladrinreally the only library he used was the tcplistener implementing the protocol was all up to him.
There's a degree of knowing I.T. being seen as knowing how to use Word and Excel. Been this way for a couple of decades at least. Very few people seem to know the basics.
What you don't see is just how involved the library calls are, there's tons more lines of code behind the listner, for example.
You can tell this guy loves what he does. Thanks for the video!
highly paid serf is a happy and productive serf... : )
Programming Rust on a Framework laptop running OpenBSD. Absolutely based.
neovim and looks like alacritty as well
I fully expected Python, the Visual Basic of the modern age. It's the only reason I clicked the link, to see if I was right, since for any modern environment you can write a "web server" with three statements: import web library, set default response string, invoke the listener.
incredibly based.
you all sound like reddit and hn nerds absolutely cooming over a dude's setup.
@@hachikuku_That's the point, poindexter.
Great format for explaining web servers. Those 17 minutes flew by
This was awesome. I was a programmer, now a DBA. Having someone explain code like this is what a learning experience should be.
Don't know if it's a coincidence, but the code really reminded of the one in the first chapters of the Rust Book - Building a Multithreaded Web Server. I've just been reading it a couple of weeks ago, and can definitely recommend taking a look if you're interested! Though it's worth mentioning that the code does contain some difficult Rust
Difficult Rust can't be as bad as "modern" C++ with templates and meta-programming? Can it?
@@vincei4252 unfortunately I can't make this comparison since I barely know C++, let alone "modern" C++. Rust does meta-programming using things called macros - from what I've heard, they're quite powerful and reasonably easy to understand? Though they're definitely WIP, so there're a couple of rough edges here and there. There was a talk recently, called something like "Anything you can do, I can do it worse with macro_rules!", where the host showed a somewhat extreme example - a macro they created that can automatically create a fully functional XML representation of a token tree of Rust code
This code will be very similar on any language, really. Even the ones with no sugar added.
@@vincei4252they’re as bad as each other syntactically, Rust is probably a little more coherent, but the precision demanded by the Rust compiler is simultaneously much more reassuring and frustrating. Whereas modern C++ is less coherent, but quicker to get running, but only if you accept all the footguns that come with it.
You can build the web server in one line of code if you put your 25 lines of code in a library. 😂
or write all of the code in one line, even if we dont strip down the server to the bare minimum, a full server is still just 1 line of code if you format it in such a way that its all on the same line.
@@ai-spacedestructor isn't every application just one line of code/one function? main() {... } It's turtles all the way down.
Low level programmer:
@@vincei4252 depends on the programming language, im not too familiar with rust to know how that is exactly.
Nodejs😂
I always recommend everyone trying to one up their programming skill is to create web server using the HTTP spec. It really teaches a lot about what programming is. There is a document that you have to follow and the expected behaviour, how you handle edge cases, how you optimize some algorithm, etc. Why HTTP and not anything else is jusy because the sheer number of implementation available that you can use as a reference.
interesting will try soon😂
Rust user? Framework laptop owner? Based prof.
Bet prof use Arch too btw.
Based on what?
Rust user, framework laptop and vim user. Mega based
And neovim and firefox
What's framework laptop?
Nice! One of my first projects was writing my own webserver in Java, later added PHP support and used it to host my website.
How did making a Java web server go? Any tips?
The funny thing is, there's an async tutorial in the Rust Book that explains how to use threads with a web server do handle 4 workers. If I remember correctly it's not even 10 lines more. Would've been a cool addition!
which rust book?
@@Gnarksonshould be chapter 20 in "the book" (referring to the official book)
@@NetherFX thanks
'I am abusing this monstrously.' == always the sign of well-written code.
“What I’m doing is a crime against silicon” = writing some of the most ingenious code possible to write
No, not even close
@@TAP7aif you think it's ingenuous then it's more about what you think than the code itself.
Genius or, more likely, brittle code only workable by the original author. Could be either. Could be both.
@@kevinmcdonough9097 Oh, very probably both 😜
Even before the rest was completed, just the bit that sent back "Hello Computerphile" was totally amazing to me.
Although my English is not good, I spent an afternoon watching and learning from this video. This video is really simple and easy to understand for beginners like me.
Great video! Just a few weeks ago my collegues and I were chatting about a web project I was working on, and the question of "How exactly does a web server even work?" came up. At the time we didn't look too deep into it, since we are all high level programmers who don't remember our college days. This really pointed out how simple you can really do it!
Learnt something nice today! Thanks for uploading, Lastly the authors enthusiasm regarding his craft was quite infectious.
this channel is fire tbh
Fantastic content, that's what I was always missing in the "basic" server setup - the way the server actually functions!
TELESCOPE USED!! LETS GOOOOOOO!!!!!
TELESCOPE!!!
wait arent you teej the creator of telescope but you also stream on twitch?
Telescope, Lets GOOOOOO
timestamp 1:51 woooooooooooo
🔭 NeoVim without Telescope LITERALLY unusable 🔭
Great video! If you want to remove the duplicate INSERT mode you can add: set noshowmode into your config.
it is important to remember that whichever end you are writing, you need to consider the other end a bad actor or buggy AF.
That's what he's saying.
He's ignoring any safety concerns for this example like error handling or exploit fixing
I love this guy's computherphile videos! He's always very clear and bring practical stuff.
Didn't expect the video to include the Rust programming language. As always valuable materials presented for pure knowledge:)
Like all computerphile video of Dr Laurence Tratt. Great work!
Tried it and damn! It worked! Utterly brilliant. What a fantastic way to learn! Yesterday it was Rust hello world for me, now I have a basic web server running.
awesome. even though i am a fullstack dev, this seemed always daunting and i never wanted to look into it but its actually super super easy. really well made!
Best channel in you tube ... i am surprised by how well and simply everything is explained. I don't use rust but i already figured out how to do it in Python!
I like this transition. We went from Perl one liners or insane algorithimic one liners to now people applying creativity to web servers and api designs. I was just thinking about how computer science is getting boring nowadays but I’m glad that there’s still a few breaths left until it totally becomes the next accounting-esque profession.
I’m not sure it will ever be an accounting-esque profession. The amount of creativity involved and flexibility of tooling, and solutions are always going to be more open ended than accounting.
@@sofianikiforova7790 I agree but I think the creativity part of it is tied behind the language. once people can code in their native languages I think more or less the syntactical accuracy will become a matter of just putting the right structure in place. So, more or less like accounting. Similarly how people still do creative stuff with accounting (eg new ways of building ledgers like crypto) but the basic premise has converged onto a more or less singular agreed-upon convention. Computer Science was fighting that premise at its very core I think with several languages and several programming paradigms. But with the advent of AI the programming paradigms or "code structure" might become meaningless. A computer for example doesn't care if the JS file is minified or beautified. We do.
Realizing that someone needed to program the libraries you were using feels like a lost art.
We stand on the shoulder of giants.
@ThePrimeTime needs to see this
the "I'm abusing this monstrously - agen"
I think he watched it on today’s stream, we’ll see if it gets posted.
Awesome video, great job at explaining the questions asked. Absolute chad energy Laurence
Please do more videos like this!
"you could call it a good listener," you startled a laugh out loud out of me:) Thanks.
One difficulty with supporting multiple sites in a webserver is that you have to support it using both raw HTTP ... and TLS SNI (ServerName Indication) and ideally TLS ESNI (Encrypted SNI)
I love listening to these smart people it's so motivation and takes you into the presence, sharpening your mind..
ive always loved how "gobblygoop" is an official industry term
Absolutely amazing! Thank you very much, Mr. Tratt.
This was really nice! I'm so used to getting everything low-level served to you as a library call when you actually need so little of the library you could just do the thing yourself.
They could do a http path traversal, e.g.: [address to server]/../../../../etc/passwd
I think you could just start with // to get to the root
He acknowledged this insecurity.
@@sofianikiforova7790 Yes he does. I only showed one way to access directories you don't want other people to access. It wasn't meant as a "gotcha" moment. 😉
@@Turalcar I'm not sure if it would have worked on that server, tbh. In any case, I would have written the comment in the same way as it makes it easier to read/recognize, and RUclips comments are not suitable for this as anything resembling a URL is easily caught by the scam filter.
First of all, fantastic video. It's amazing how you managed to simplify such a complex topic.
Second of all - as a software engineer - your corner cutting made my skin crawl. 😅
You can make a secure web site with about 60 lines of C that is extensible. Did this 28 years ago and was used as part of one the the first internet proxy firewalls.
"In 25 lines" is doing a lot of heavy lifting with those libraries wrapping so much networking code.
"Those libraries" he's using one library and it's the relatively tiny Rust standard library. Try writing to stdout in less than 25 lines without calling 50 lines of C or another binary that does just that.
@@CramBLNot wrong in spirit, but "call the SYS_WRITE syscall" is like 5 lines of assembly, or a hardware serial port equivalent in low-level systems
@@CramBLOh stop. It's just a bait title. So much is going on behind the scenes. People slowly forgetting how much work has been done by others in the past, and it boils down to "in 25 lines". It's a bit tiring. And it's all going to be forgotten if anything major happens and people don't know how to fix the problems. Cos all we'll have are the imports and no one knows the magic inside. Just 1 billion lazy devs that know the 25 lines.
@@CramBL yea and try doing it without a kernel, that's even more lines!
Libraries like... the kernel??? That's where the whole IP stack and sockets are implemented. Even in assembly this code wouldn't be massively longer.
no way y’all happened to upload the exact type of thing i’ve been looking for lately
Remember the good old days when writing a 1 line web server in perl was the rage.
0:34 I am currently waist-deep in the Apache internals at work, so I can attest to this.
I don't know why, but I just thought about how to make a web server and this video came up. What a coincidence!
Wow, this is exactly what I needed. You're a lifesaver!
What's the line merging referred at 7:30? I don't think I've ever heard of that
Me expecting him to run `npx http-server index.html` and be done with it 😆
Great video, thanks Laurence!
25 lines of code plus 4.6 gigs of node packages for some reason 😂
10:50 you could use the split_whitespace() function 😊
Crazy to think we've abstracted all the low level aspects for creating a web server. Just going through all the standards/protocols invented to get this web server going that looks simplistic would take a lot of computer science courses to get a deep understanding of it all.
I wish I could give this video more than one like. It's that good!
This guy's the kinda professor I wanted all my academic life!
nvim, rust in linux on a framework laptop!
Be my guide sensei 😭❤
Pretty sure he was running FreeBSD, based on the browser's "user-agent", not Linux.
OpenBSD @@wbfaulk
@@wbfaulk OpenBSD, even
@@smikkelbeer6352 dammit
What I want to know it, how to connect a TCP socket to a serial COM port and then write a crude web server on an Arduino to simplify remote connections to embedded projects.
Glad to see Rust having reached a point where it's no longer "Building a web server in Rust" but just building a web server, oh and btw we chose this whatever language because it's mainstream enough and understandable enough to not take away from the main point of the lesson.
I'm sorry, you forgot to add .unwrap() and a semicolon, so your comment does not compile
11:58 this path traversal makes me cry
You have taught more about general services (it doesn’t have to be for web) than college ever did for me
Loved this episode!. Thanks.
I did the same project for a distributed systems course. What a great small project.
He said at 7:30 that you have to merge lines instead of reading them one line at a time. What was meant by this?
Oauth clients are an incredibly useful implementation of these
Love seeing the framework laptop!
it's probably worth noting that even after fixing the path traversal attack, there are a number of other vulnerabilities in this implementation that make it very unlikely for me to recommend it for even small-scale deployments. just off the top of my head: rate limiting of any kind is nonexistent, resource exhaustion is trivially possible by sending an arbitrarily large request, any client can take down the server by requesting a nonexistent file, etc.. there are also a number of more subtle path traversals; even if you check for paths that contain `..` segments, you still have to account for paths that start with two slashes, etc..
While its nice to see this broken down for people, I also want to stress how dangerous this is without proper security and exploit handling. It is almost always better to implement some well known http server library if you need this functionality.
It's not just handling files to have basic security here. There are all sorts of RCE via injection you have to be concerned with, etc, depending on which language you implement this in.
However, this is a great exercise for learning this!
I remember a time when this webserver would have sufficed, when we could "leave our doors unlocked" metaphorically speaking, when the most malicious of actors were simply trying to bypass front door security for the sake of learning. But that time predates the webserver, the web, and even _The Cuckoo's Egg._
You didn't have to flex your vim skillz that hard lmao what a legend. Also noticed the framework laptop
I knew almost all, and I detest Rust, but I just learned the proper layout of the server response!
看了这个视频,我感觉每一分每一秒都不浪费,太精彩了
Great video, loved it!
Recreated it in python and learned a lot. Thank You!
Could use cap-std instead of std for the file access to eliminate all the path traversal vulnerabilities, although that's obviously not the point of the video.
Rust and Neovim, I like your style.
Can't get used to Rust syntax.
6:34 - isnt there a blank line between all the headers and the body (for non GET requests)?
This trivial example doesn’t support any method but GET.
@@trevinbeattie4888 Gotcha
25 lines = Decades of research and building optimized libraries.
I'd like to see someone build a web server with assembly from scratch.
Alright, ship it! We'll send out a patch later if we can be bothered.
Now write a web broswer in 51 lines. Release is on friday afternoon, chop chop.
Great to see someone coding in rust! Thank you. 🙏🏻
What (Neo)Vim plugins did you use? That’s a great looking setup.
I still love C over this Rust thingy!
Laurence Tratt and @Computerphile, I hope you'll soon make a video explain how an why this naive server is so damn *vulnerable* to many sorts of attacks, particularly BF, DoS and LL attacks.
It'll also be very informative to show people how to build a http server in C in 100 lines, with socket(), recv() etc. Rust already wraps things in pretty std packages, and it has syntax noise which can confuse people who aren't familiar with it (compared to the simplicity of C)
Good to see another openBSD enjoyer :)
Using a slightly different one eh? I checked, and I spot some OpenBSD httpd! High Five Laurence Tratt!
(And OpenBSD does run very nice on the Framework laptop. :D )
Lovely sample. I used to do all this with a shell script. Same approach, and potentially quite safe.
I have seen many 'a' production websites that will happyly give you index if the url ends with a / so Laurence is onto something here lol
ok I thought it was impossible to do this with such a simple view. I going to try and create this in c++ using websockets which I have used before but have failed.
I guess this useful if I wanted to build a server for an embedded system or one of those wireless sensor networks? It should take almost no space and minimum processing, given that we have single user.
If this webserver is a shovel. Things like nginx and apache are excavators. Sure, they both can dig holes. But really aren't comparable beyond that.
- How many holes and edge cases do you want?
- YES
Thank you for this. I work for a hosting provider and deal with Web Services of all kinds so It's really cool get an idea of how it all works under the hood. But for real though, you need to iron that shirt! 😅🤣😂
can someone tell me the name of the neovim theme he is using? thanks.
Bob Ross of building a web server in 25 lines
Rust mentioned, uses Framework. Instant like.
I’d like to see this approach in Erlang or Elixir. On the other hand, OTP already has a HTTP/1.1 server included.
Would you say there is a use case for this in Internet of Things projects? I've heard of MQTT and other messaging technologies but for a private home network behind a firewall this is pretty low point of entry. I guess I should look into Rust and add that to my Resume too.
Thank you! You gave me courage!
I have a question! How come the binary files are still served properly? I mean pics. Is the browser smart enough to figure out the media type without telling it??
The response has to include a “Content-Type:” header which identifies the MIME type of the data. In many cases there may also need to be a “Content-Encoding:” which indicates whether the data is ASCII text vs UTF-8, raw vs. gzip compressed, etc.
A normal web server would send the proper response headers detailing the information. Ours however doesn’t, the browser simply receives the data and looks into the first byte of the file, if it’s a well known magic bit it’s recognized. If not, it checks if the contents is valid ascii/utf8 if yes, it will be rendered as html. If not it’s simply a byte stream and is downloaded.
@@trevinbeattie4888 Yeah exactly, this server doesn't do that. I think the browser must be making educated guesses as to the content type of each file
The browser is the one requesting the file and knows what type of file it's requesting. If it's expecting a text file, it will render it as text. Same for images. It's not up to the server to make that determination. The contents of the file should be defined by the html page requesting it (whether it's an image file, another text based web page, etc). You can write a web page referencing nothing but files on your local computer, and it will render just fine without any webserver between the browser and your file system. Fundamentally, a web server if just a file server giving out the binary data of the files that were asked of it.
I absolutely see how something static like an iot device would want something as simple as this, lock down the folders on the operating system, don’t have anything that can be abused(I’m assuming that’s trivial, I know nothing), and just a tiny really quick server would be ideal, right?