HTTP/3 is the next protocol for network communication across the Web, which is meant to partially replace HTTP/1 and HTTP/2. One month before the next QUIC Working Group meeting, to be held in Zurich next February, it may be useful to recap what HTTP/3 promises and what its current client/server support looks like. It’s been awhile since we discussed QUIC and HTTP/3 with curl’s Daniel Stenberg. A lot has happened since then, and this InfoQ article will do a good job of catching you up. Browser support is still limited, but things are coming along nicely.

read more

localdots combines Caddy and smallstep/certificates with automated configuration and hot reload. Generates SSL/TLS certificates automatically Reloads Caddy automatically with every change

read more

An activity diagram to describe the resolution of HTTP response status codes, given various headers, implemented via semantical callbacks. This would look cool hanging on your wall (or the wall of a special web developer in your life 😉).

read more

A fun, quick dive into Facebook’s tracking pixel and how it does its thing: I think it’s fun to see how cookies / tracking pixels are used to track you in practice, even if it’s kinda creepy! I sort of knew how this worked before but I’d never actually looked at the cookies on a tracking pixel myself or what kind of information it was sending in its query parameters exactly. Creepy, indeed. Our browsers are the last line of defense against such creepiness. Choose yours wisely.

read more

This is, effectively, an HTTP API on top of MaxMind’s free geoip-lite database. If you’re doing anything serious with ip-to-geolocation, I’d advise self-hosting the database, but for small side projects and the like, this is an easy way to get up and rolling.

read more

Eve Martin: Sometimes we need information from our servers instantaneously. For this sort of use case our usual AJAX request/response doesn’t cut it. Instead, we need a push-based method like WebSockets, Long Polling, Server-Sent Events (SSE) and - more recently - HTTP2 push. In this article, we compare two methods for implementing realtime - WebSockets and Server-Sent Events, with information on which to use and when. This is a nice, reasoned comparison of the two technologies: advantages, stumbling blocks, open source resources, etc.

read more

Around the advent of GraphQL, I found myself asking its proponents if HTTP/2 solves any of the same performance problems. Most of the answers were along the lines of, “it might, but that hasn’t been realized yet.” Well, Vulcain is here to realize it. Over the years, several formats have been created to fix performance bottlenecks impacting web APIs: over fetching, under fetching, the n+1 problem… Current solutions for these problems (GraphQL, JSON:API’s embedded resources and sparse fieldsets, …) are smart network hacks for HTTP/1. But these hacks come with (too) many drawbacks when it comes to HTTP cache, logs and even security. Fortunately, thanks to the new features introduced in HTTP/2, it’s now possible to create true REST APIs fixing these problems with ease and class! Here comes Vulcain! See also their comparison between Vulcain, GraphQL, and API formats.

read more

Monolith saves HTML pages as a single file (embedding all assets such as CSS, JS, and images) so… You can finally replace that gazillion of open tabs with a gazillion of .html files stored somewhere on your precious little drive.

read more

There are other spider management systems out there, but most of them limit you to Python because Scrapyd. Crawlab has no such dependency, so you can use whichever language/framework you’d like. (This looks like a pain to operate, but docker-compose helps quite a bit in that arena.)

read more

It’s completely modular, and built directly for async/await. Whether it’s a quick script, or a cross-platform SDK, Surf will make it work.

read more

I bet you can learn a lot about Bash scripting from this project. Comes with a caps locked disclaimer: DO NOT USE THIS IN ANY PUBLIC FACING SERVER. THIS IS NOT SECURE. FOR EDUCATIONAL USE ONLY.

read more

The core idea of this project is to do more with less. PipeHub being a programmable proxy allow users to extend and customize it as needed. Features found in other servers can be added with Go packages. Not ready for production, but interesting nonetheless. Not sure if PipeHub is something that might serve you well? Here’s some pretty good advice to help you decide: If your requirement is covered by built-in features present on other servers like Nginx and Caddy, you’re better of with then. PipeHub shines when you need to add logic that traverses the responsibility of multiple servers…

read more

As of March 14, 2019, Google Image Charts API is no longer in service. That’s a shame, because it was a convenient way to easily generate a chart image from a URL. The good news is an open source replacement is ready for service!

read more

It’s also a wrapper script around several security tools such as Mozilla Observatory and Nmap NSE.

read more

Mint is a new low-level HTTP client that aims to provide a small and functional core that others can build on top. Mint is connection based: each connection is a single struct with an associated socket belonging to the process that started the connection. This looks like an excellent base layer for the Elixir community to build HTTP clients upon. Take note: The core Elixir team is so good at laying foundations like this. Plug, for example, is a near-perfect base layer for HTTP servers.

read more

HTTP View is a desktop tool for supercharged HTTP(S) debugging. It gives you one-click setup for HTTP and HTTPS interception, and all the tools you need to quickly explore, examine and understand the HTTP your code (or anybody else’s) is sending. Open source, cross-platform, and easy on the eyes. This is definitely worth a look.

read more

Brad Fitzpatrick is going back to the drawing board on Go’s net/http Client and Transport. The linked repo is in its “problem collection” phase, but it’s worth following (or getting involved) now before the actual solution begins to take shape. What’s wrong with the status quo? The list of problems is extensive (and growing).

read more

We recently talked with Daniel Stenberg about HTTP/2 and QUIC, so this news comes with little surprise looking back on that conversation with hindsight. The protocol that’s been called HTTP-over-QUIC for quite some time has now changed name and will officially become HTTP/3. This was triggered by this original suggestion by Mark Nottingham. On November 7, 2018 Dmitri of Litespeed announced that they and Facebook had successfully done the first interop ever between two HTTP/3 implementations. Mike Bihop’s follow-up presentation in the HTTPbis session on the topic can be seen here. The consensus in the end of that meeting said the new name is HTTP/3!

read more

Handling dynamic virtual hosts, load balancing, proxying web sockets and SSL encryption should be easy and robust. I agree! With built-in support for clustering, HTTP/2, LetsEncrypt, and Docker, this is worth a look. 👀

read more

This was announced in late March, but I missed it back then so maybe you did too. Our goal was to more easily enable anyone to explore the health of the web as a whole. Not just data-mining SQL gurus or statisticians, but everyone with a vested interest in the state of the web. An excellent goal, indeed. How did they do? Well, they added a bunch of awesome reports and consolidated traffic data between mobile and desktop devices. If you hadn’t bookmarked this site previously, now is the time.

read more

NuSTER can be used as a RESTful NoSQL cache server, using HTTP POST/GET/DELETE to set/get/delete Key/Value object. It can be used as an internal NoSQL cache sits between your application and database like Memcached or Redis as well as a user facing NoSQL cache that sits between end user and your application. It supports headers, cookies, so you can store per-user data to same endpoint.

read more

A common discrepancy between our dev and prod environments is that prod uses HTTPS while dev is stuck on HTTP because reasons: Using certificates from real CAs for development can be dangerous or impossible (for hosts like localhost or 127.0.0.1), but self-signed certificates cause trust errors. Managing your own CA is the best solution, but usually involves arcane commands, specialized knowledge and manual steps. I’ve considered getting my dev environment on HTTPS but have always stopped at “Managing your own CA”. 🙅‍♂️ Not gonna do it. But! mkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates. mkcert currently supports macOS and Linux. Windows support coming next.

read more

A new minimal, extensible, fast and productive framework for building HTTP APIs with Python. Featuring request validation, dependency injection, functional middleware, and more.

read more

Upload a file using curl: curl --upload-file ./hello.txt https://transfer.sh/hello.txt And the response will be a shareable URL, e.g. https://transfer.sh/eibhM/hello.txt Works with files up to 10GB, deletes them after 14 days, costs nothing, and encrypts everything. Super cool! 😎

read more

Chris James: Write a simple web server in Go with test driven development. Learn how to use mocking to let you break the problem down into small iterative chunks. All using standard library, source code is available to read. The linked page is a sub-section of the Learn Go with tests GitBook. Do you enjoy TDD and want to learn Go? Or do you enjoy Go and want to learn TDD? Either way, this looks like a great (WIP) resource.

read more