He is a gift that keeps on giving A fundamental explanation of making a simple webserver in 25 LOC for easy understanding of its components A lecturer that 1. Uses Rust 2. Uses a framework laptop 3. USES NEOVIM very nice
@@samwalker4438 the smile is nice but it totally wrecks the value of the video. You're a bad teacher if you can't teach something clearly without going "oh disregard this part" every five seconds.
@@Ybby999 Actually in this context it helps to reduce the information down to the relevant bits. How else would you expect him to write and explain a server in less than 15 minutes?
I had this professor for a few lectures in my undergrad during covid. He was very enthusiastic, funny and explained things really well. He was also was explaining concepts with his neovim + rust setup. Happy to see him again on computerphile!
There's a degree of knowing I.T. being seen as knowing how to use Word and Excel. Been this way for a couple of decades at least. Very few people seem to know the basics.
I fully expected Python, the Visual Basic of the modern age. It's the only reason I clicked the link, to see if I was right, since for any modern environment you can write a "web server" with three statements: import web library, set default response string, invoke the listener.
Don't know if it's a coincidence, but the code really reminded of the one in the first chapters of the Rust Book - Building a Multithreaded Web Server. I've just been reading it a couple of weeks ago, and can definitely recommend taking a look if you're interested! Though it's worth mentioning that the code does contain some difficult Rust
@@vincei4252 unfortunately I can't make this comparison since I barely know C++, let alone "modern" C++. Rust does meta-programming using things called macros - from what I've heard, they're quite powerful and reasonably easy to understand? Though they're definitely WIP, so there're a couple of rough edges here and there. There was a talk recently, called something like "Anything you can do, I can do it worse with macro_rules!", where the host showed a somewhat extreme example - a macro they created that can automatically create a fully functional XML representation of a token tree of Rust code
@@vincei4252they’re as bad as each other syntactically, Rust is probably a little more coherent, but the precision demanded by the Rust compiler is simultaneously much more reassuring and frustrating. Whereas modern C++ is less coherent, but quicker to get running, but only if you accept all the footguns that come with it.
The funny thing is, there's an async tutorial in the Rust Book that explains how to use threads with a web server do handle 4 workers. If I remember correctly it's not even 10 lines more. Would've been a cool addition!
or write all of the code in one line, even if we dont strip down the server to the bare minimum, a full server is still just 1 line of code if you format it in such a way that its all on the same line.
I always recommend everyone trying to one up their programming skill is to create web server using the HTTP spec. It really teaches a lot about what programming is. There is a document that you have to follow and the expected behaviour, how you handle edge cases, how you optimize some algorithm, etc. Why HTTP and not anything else is jusy because the sheer number of implementation available that you can use as a reference.
Great video! Just a few weeks ago my collegues and I were chatting about a web project I was working on, and the question of "How exactly does a web server even work?" came up. At the time we didn't look too deep into it, since we are all high level programmers who don't remember our college days. This really pointed out how simple you can really do it!
awesome. even though i am a fullstack dev, this seemed always daunting and i never wanted to look into it but its actually super super easy. really well made!
Although my English is not good, I spent an afternoon watching and learning from this video. This video is really simple and easy to understand for beginners like me.
I like this transition. We went from Perl one liners or insane algorithimic one liners to now people applying creativity to web servers and api designs. I was just thinking about how computer science is getting boring nowadays but I’m glad that there’s still a few breaths left until it totally becomes the next accounting-esque profession.
I’m not sure it will ever be an accounting-esque profession. The amount of creativity involved and flexibility of tooling, and solutions are always going to be more open ended than accounting.
@@sofianikiforova7790 I agree but I think the creativity part of it is tied behind the language. once people can code in their native languages I think more or less the syntactical accuracy will become a matter of just putting the right structure in place. So, more or less like accounting. Similarly how people still do creative stuff with accounting (eg new ways of building ledgers like crypto) but the basic premise has converged onto a more or less singular agreed-upon convention. Computer Science was fighting that premise at its very core I think with several languages and several programming paradigms. But with the advent of AI the programming paradigms or "code structure" might become meaningless. A computer for example doesn't care if the JS file is minified or beautified. We do.
This was really nice! I'm so used to getting everything low-level served to you as a library call when you actually need so little of the library you could just do the thing yourself.
Glad to see Rust having reached a point where it's no longer "Building a web server in Rust" but just building a web server, oh and btw we chose this whatever language because it's mainstream enough and understandable enough to not take away from the main point of the lesson.
"Those libraries" he's using one library and it's the relatively tiny Rust standard library. Try writing to stdout in less than 25 lines without calling 50 lines of C or another binary that does just that.
@@CramBLOh stop. It's just a bait title. So much is going on behind the scenes. People slowly forgetting how much work has been done by others in the past, and it boils down to "in 25 lines". It's a bit tiring. And it's all going to be forgotten if anything major happens and people don't know how to fix the problems. Cos all we'll have are the imports and no one knows the magic inside. Just 1 billion lazy devs that know the 25 lines.
Best channel in you tube ... i am surprised by how well and simply everything is explained. I don't use rust but i already figured out how to do it in Python!
One difficulty with supporting multiple sites in a webserver is that you have to support it using both raw HTTP ... and TLS SNI (ServerName Indication) and ideally TLS ESNI (Encrypted SNI)
Tried it and damn! It worked! Utterly brilliant. What a fantastic way to learn! Yesterday it was Rust hello world for me, now I have a basic web server running.
First of all, fantastic video. It's amazing how you managed to simplify such a complex topic. Second of all - as a software engineer - your corner cutting made my skin crawl. 😅
just that line of TcpListener::bind function call is complex enough on its own, there's socket creation, IP version selection, file descriptor creation for interacting with the socket, the fact it's running in blocking mode, meaning the program will essentially not do anything other than wait for requests on that port. handling syscall responses, fixing the TIME_WAIT state after unbinding.
You can make a secure web site with about 60 lines of C that is extensible. Did this 28 years ago and was used as part of one the the first internet proxy firewalls.
Crazy to think we've abstracted all the low level aspects for creating a web server. Just going through all the standards/protocols invented to get this web server going that looks simplistic would take a lot of computer science courses to get a deep understanding of it all.
@@sofianikiforova7790 Yes he does. I only showed one way to access directories you don't want other people to access. It wasn't meant as a "gotcha" moment. 😉
@@Turalcar I'm not sure if it would have worked on that server, tbh. In any case, I would have written the comment in the same way as it makes it easier to read/recognize, and TH-cam comments are not suitable for this as anything resembling a URL is easily caught by the scam filter.
Laurence Tratt and @Computerphile, I hope you'll soon make a video explain how an why this naive server is so damn *vulnerable* to many sorts of attacks, particularly BF, DoS and LL attacks.
it's probably worth noting that even after fixing the path traversal attack, there are a number of other vulnerabilities in this implementation that make it very unlikely for me to recommend it for even small-scale deployments. just off the top of my head: rate limiting of any kind is nonexistent, resource exhaustion is trivially possible by sending an arbitrarily large request, any client can take down the server by requesting a nonexistent file, etc.. there are also a number of more subtle path traversals; even if you check for paths that contain `..` segments, you still have to account for paths that start with two slashes, etc..
I did this a long time ago, but got a bug where it would spin forever on chrome but load instantly on IE. I went to stack overflow but people just downvoted saying "that's not how you do this" about a toy program. In the end I figured it out, I was loading a file and putting it into a buffer and saying that's how many bytes it was, then I used a string stream to put everything into a final buffer to send. Turns out the files had four 0s at the end, which got stripped by the string stream making chrome wait for the last 3 bytes forever while IE just assumed it was done or something. Just in case someone has a similar issue.
What I want to know it, how to connect a TCP socket to a serial COM port and then write a crude web server on an Arduino to simplify remote connections to embedded projects.
While its nice to see this broken down for people, I also want to stress how dangerous this is without proper security and exploit handling. It is almost always better to implement some well known http server library if you need this functionality. It's not just handling files to have basic security here. There are all sorts of RCE via injection you have to be concerned with, etc, depending on which language you implement this in. However, this is a great exercise for learning this!
I remember a time when this webserver would have sufficed, when we could "leave our doors unlocked" metaphorically speaking, when the most malicious of actors were simply trying to bypass front door security for the sake of learning. But that time predates the webserver, the web, and even _The Cuckoo's Egg._
I guess this useful if I wanted to build a server for an embedded system or one of those wireless sensor networks? It should take almost no space and minimum processing, given that we have single user.
Thank you for this. I work for a hosting provider and deal with Web Services of all kinds so It's really cool get an idea of how it all works under the hood. But for real though, you need to iron that shirt! 😅🤣😂
Using a slightly different one eh? I checked, and I spot some OpenBSD httpd! High Five Laurence Tratt! (And OpenBSD does run very nice on the Framework laptop. :D )
I too made a http server, which was just a todo api app. Learnt how http request actually works and parsing them. Fun project, got to learn a lot. Wanted to learn on the security part of this, any insights or references to look into?
ok I thought it was impossible to do this with such a simple view. I going to try and create this in c++ using websockets which I have used before but have failed.
I have a question! How come the binary files are still served properly? I mean pics. Is the browser smart enough to figure out the media type without telling it??
The response has to include a “Content-Type:” header which identifies the MIME type of the data. In many cases there may also need to be a “Content-Encoding:” which indicates whether the data is ASCII text vs UTF-8, raw vs. gzip compressed, etc.
A normal web server would send the proper response headers detailing the information. Ours however doesn’t, the browser simply receives the data and looks into the first byte of the file, if it’s a well known magic bit it’s recognized. If not, it checks if the contents is valid ascii/utf8 if yes, it will be rendered as html. If not it’s simply a byte stream and is downloaded.
@@trevinbeattie4888 Yeah exactly, this server doesn't do that. I think the browser must be making educated guesses as to the content type of each file
The browser is the one requesting the file and knows what type of file it's requesting. If it's expecting a text file, it will render it as text. Same for images. It's not up to the server to make that determination. The contents of the file should be defined by the html page requesting it (whether it's an image file, another text based web page, etc). You can write a web page referencing nothing but files on your local computer, and it will render just fine without any webserver between the browser and your file system. Fundamentally, a web server if just a file server giving out the binary data of the files that were asked of it.
Would you say there is a use case for this in Internet of Things projects? I've heard of MQTT and other messaging technologies but for a private home network behind a firewall this is pretty low point of entry. I guess I should look into Rust and add that to my Resume too.
I'd love to take a stab at turning all those unwrap()s into idiomatic error handling with correct response codes, as well as path traversal checks. Is the source (and sample website) available?
It'll also be very informative to show people how to build a http server in C in 100 lines, with socket(), recv() etc. Rust already wraps things in pretty std packages, and it has syntax noise which can confuse people who aren't familiar with it (compared to the simplicity of C)
He is a gift that keeps on giving
A fundamental explanation of making a simple webserver in 25 LOC for easy understanding of its components
A lecturer that
1. Uses Rust
2. Uses a framework laptop
3. USES NEOVIM
very nice
And runs on OpenBSD !
And uses Firefox
True
And uses gruvbox
he's too based
The joy of modern programming languages. Listening on a socket in just one line.
yep.. that itself was the main trick... that one line.. tcp listen..
java had that in 1995... ServerSocket for those asking
After looking into c it has Socket.h so even in c its there...
It's not a programming language, it's the set of libraries it comes with. I think you are confusing two things here.
The standard libraries that come with the language, are they considered part of the language?
It's two syscalls to Linux kernel too. Not so heavy to implement that in any language that allows to do syscalls.
I loved Laurie’s smile each time he wrote something he knew was absolutely dodgy!
I write webservices for a living and I have that same energy when realizing I can cheat the system and completely ignore convention.
@@samwalker4438 the smile is nice but it totally wrecks the value of the video. You're a bad teacher if you can't teach something clearly without going "oh disregard this part" every five seconds.
@@Ybby999 Actually in this context it helps to reduce the information down to the relevant bits. How else would you expect him to write and explain a server in less than 15 minutes?
I had this professor for a few lectures in my undergrad during covid. He was very enthusiastic, funny and explained things really well. He was also was explaining concepts with his neovim + rust setup. Happy to see him again on computerphile!
Honestly I didn't expect the fundamentals of HTTP to be so easy. This sort of "from-the-ground-up" approach was really fun to watch!
email is of similar complexity.
Sure, when you have libraries in place that do all the actual on the ground stuff we don't see in the video.
@@Faladrinreally the only library he used was the tcplistener implementing the protocol was all up to him.
There's a degree of knowing I.T. being seen as knowing how to use Word and Excel. Been this way for a couple of decades at least. Very few people seem to know the basics.
What you don't see is just how involved the library calls are, there's tons more lines of code behind the listner, for example.
You can tell this guy loves what he does. Thanks for the video!
highly paid serf is a happy and productive serf... : )
Great format for explaining web servers. Those 17 minutes flew by
Programming Rust on a Framework laptop running OpenBSD. Absolutely based.
neovim and looks like alacritty as well
I fully expected Python, the Visual Basic of the modern age. It's the only reason I clicked the link, to see if I was right, since for any modern environment you can write a "web server" with three statements: import web library, set default response string, invoke the listener.
incredibly based.
you all sound like reddit and hn nerds absolutely cooming over a dude's setup.
@@hachikuku_That's the point, poindexter.
Don't know if it's a coincidence, but the code really reminded of the one in the first chapters of the Rust Book - Building a Multithreaded Web Server. I've just been reading it a couple of weeks ago, and can definitely recommend taking a look if you're interested! Though it's worth mentioning that the code does contain some difficult Rust
Difficult Rust can't be as bad as "modern" C++ with templates and meta-programming? Can it?
@@vincei4252 unfortunately I can't make this comparison since I barely know C++, let alone "modern" C++. Rust does meta-programming using things called macros - from what I've heard, they're quite powerful and reasonably easy to understand? Though they're definitely WIP, so there're a couple of rough edges here and there. There was a talk recently, called something like "Anything you can do, I can do it worse with macro_rules!", where the host showed a somewhat extreme example - a macro they created that can automatically create a fully functional XML representation of a token tree of Rust code
This code will be very similar on any language, really. Even the ones with no sugar added.
@@vincei4252they’re as bad as each other syntactically, Rust is probably a little more coherent, but the precision demanded by the Rust compiler is simultaneously much more reassuring and frustrating. Whereas modern C++ is less coherent, but quicker to get running, but only if you accept all the footguns that come with it.
This was awesome. I was a programmer, now a DBA. Having someone explain code like this is what a learning experience should be.
Even before the rest was completed, just the bit that sent back "Hello Computerphile" was totally amazing to me.
'I am abusing this monstrously.' == always the sign of well-written code.
“What I’m doing is a crime against silicon” = writing some of the most ingenious code possible to write
No, not even close
@@TAP7aif you think it's ingenuous then it's more about what you think than the code itself.
Genius or, more likely, brittle code only workable by the original author. Could be either. Could be both.
@@kevinmcdonough9097 Oh, very probably both 😜
The funny thing is, there's an async tutorial in the Rust Book that explains how to use threads with a web server do handle 4 workers. If I remember correctly it's not even 10 lines more. Would've been a cool addition!
which rust book?
@@Gnarksonshould be chapter 20 in "the book" (referring to the official book)
@@NetherFX thanks
You can build the web server in one line of code if you put your 25 lines of code in a library. 😂
or write all of the code in one line, even if we dont strip down the server to the bare minimum, a full server is still just 1 line of code if you format it in such a way that its all on the same line.
@@ai-spacedestructor isn't every application just one line of code/one function? main() {... } It's turtles all the way down.
Low level programmer:
@@vincei4252 depends on the programming language, im not too familiar with rust to know how that is exactly.
Nodejs😂
Nice! One of my first projects was writing my own webserver in Java, later added PHP support and used it to host my website.
How did making a Java web server go? Any tips?
I always recommend everyone trying to one up their programming skill is to create web server using the HTTP spec. It really teaches a lot about what programming is. There is a document that you have to follow and the expected behaviour, how you handle edge cases, how you optimize some algorithm, etc. Why HTTP and not anything else is jusy because the sheer number of implementation available that you can use as a reference.
interesting will try soon😂
Rust user? Framework laptop owner? Based prof.
Bet prof use Arch too btw.
Based on what?
Rust user, framework laptop and vim user. Mega based
And neovim and firefox
What's framework laptop?
Fantastic content, that's what I was always missing in the "basic" server setup - the way the server actually functions!
TELESCOPE USED!! LETS GOOOOOOO!!!!!
TELESCOPE!!!
wait arent you teej the creator of telescope but you also stream on twitch?
Telescope, Lets GOOOOOO
timestamp 1:51 woooooooooooo
🔭 NeoVim without Telescope LITERALLY unusable 🔭
this channel is fire tbh
Great video! If you want to remove the duplicate INSERT mode you can add: set noshowmode into your config.
Great video! Just a few weeks ago my collegues and I were chatting about a web project I was working on, and the question of "How exactly does a web server even work?" came up. At the time we didn't look too deep into it, since we are all high level programmers who don't remember our college days. This really pointed out how simple you can really do it!
Learnt something nice today! Thanks for uploading, Lastly the authors enthusiasm regarding his craft was quite infectious.
awesome. even though i am a fullstack dev, this seemed always daunting and i never wanted to look into it but its actually super super easy. really well made!
Although my English is not good, I spent an afternoon watching and learning from this video. This video is really simple and easy to understand for beginners like me.
it is important to remember that whichever end you are writing, you need to consider the other end a bad actor or buggy AF.
That's what he's saying.
He's ignoring any safety concerns for this example like error handling or exploit fixing
I love this guy's computherphile videos! He's always very clear and bring practical stuff.
I like this transition. We went from Perl one liners or insane algorithimic one liners to now people applying creativity to web servers and api designs. I was just thinking about how computer science is getting boring nowadays but I’m glad that there’s still a few breaths left until it totally becomes the next accounting-esque profession.
I’m not sure it will ever be an accounting-esque profession. The amount of creativity involved and flexibility of tooling, and solutions are always going to be more open ended than accounting.
@@sofianikiforova7790 I agree but I think the creativity part of it is tied behind the language. once people can code in their native languages I think more or less the syntactical accuracy will become a matter of just putting the right structure in place. So, more or less like accounting. Similarly how people still do creative stuff with accounting (eg new ways of building ledgers like crypto) but the basic premise has converged onto a more or less singular agreed-upon convention. Computer Science was fighting that premise at its very core I think with several languages and several programming paradigms. But with the advent of AI the programming paradigms or "code structure" might become meaningless. A computer for example doesn't care if the JS file is minified or beautified. We do.
Like all computerphile video of Dr Laurence Tratt. Great work!
Realizing that someone needed to program the libraries you were using feels like a lost art.
We stand on the shoulder of giants.
Didn't expect the video to include the Rust programming language. As always valuable materials presented for pure knowledge:)
This was really nice! I'm so used to getting everything low-level served to you as a library call when you actually need so little of the library you could just do the thing yourself.
"you could call it a good listener," you startled a laugh out loud out of me:) Thanks.
Awesome video, great job at explaining the questions asked. Absolute chad energy Laurence
Please do more videos like this!
Glad to see Rust having reached a point where it's no longer "Building a web server in Rust" but just building a web server, oh and btw we chose this whatever language because it's mainstream enough and understandable enough to not take away from the main point of the lesson.
I'm sorry, you forgot to add .unwrap() and a semicolon, so your comment does not compile
"In 25 lines" is doing a lot of heavy lifting with those libraries wrapping so much networking code.
"Those libraries" he's using one library and it's the relatively tiny Rust standard library. Try writing to stdout in less than 25 lines without calling 50 lines of C or another binary that does just that.
@@CramBLNot wrong in spirit, but "call the SYS_WRITE syscall" is like 5 lines of assembly, or a hardware serial port equivalent in low-level systems
@@CramBLOh stop. It's just a bait title. So much is going on behind the scenes. People slowly forgetting how much work has been done by others in the past, and it boils down to "in 25 lines". It's a bit tiring. And it's all going to be forgotten if anything major happens and people don't know how to fix the problems. Cos all we'll have are the imports and no one knows the magic inside. Just 1 billion lazy devs that know the 25 lines.
@@CramBL yea and try doing it without a kernel, that's even more lines!
Libraries like... the kernel??? That's where the whole IP stack and sockets are implemented. Even in assembly this code wouldn't be massively longer.
Best channel in you tube ... i am surprised by how well and simply everything is explained. I don't use rust but i already figured out how to do it in Python!
@ThePrimeTime needs to see this
the "I'm abusing this monstrously - agen"
I think he watched it on today’s stream, we’ll see if it gets posted.
One difficulty with supporting multiple sites in a webserver is that you have to support it using both raw HTTP ... and TLS SNI (ServerName Indication) and ideally TLS ESNI (Encrypted SNI)
Tried it and damn! It worked! Utterly brilliant. What a fantastic way to learn! Yesterday it was Rust hello world for me, now I have a basic web server running.
no way y’all happened to upload the exact type of thing i’ve been looking for lately
I love listening to these smart people it's so motivation and takes you into the presence, sharpening your mind..
First of all, fantastic video. It's amazing how you managed to simplify such a complex topic.
Second of all - as a software engineer - your corner cutting made my skin crawl. 😅
Me expecting him to run `npx http-server index.html` and be done with it 😆
Great video, thanks Laurence!
25 lines of code plus 4.6 gigs of node packages for some reason 😂
ive always loved how "gobblygoop" is an official industry term
Absolutely amazing! Thank you very much, Mr. Tratt.
just that line of TcpListener::bind function call is complex enough on its own, there's socket creation, IP version selection, file descriptor creation for interacting with the socket, the fact it's running in blocking mode, meaning the program will essentially not do anything other than wait for requests on that port. handling syscall responses, fixing the TIME_WAIT state after unbinding.
You can make a secure web site with about 60 lines of C that is extensible. Did this 28 years ago and was used as part of one the the first internet proxy firewalls.
Remember the good old days when writing a 1 line web server in perl was the rage.
I don't know why, but I just thought about how to make a web server and this video came up. What a coincidence!
This guy's the kinda professor I wanted all my academic life!
nvim, rust in linux on a framework laptop!
Be my guide sensei 😭❤
Pretty sure he was running FreeBSD, based on the browser's "user-agent", not Linux.
OpenBSD @@wbfaulk
@@wbfaulk OpenBSD, even
@@smikkelbeer6352 dammit
Crazy to think we've abstracted all the low level aspects for creating a web server. Just going through all the standards/protocols invented to get this web server going that looks simplistic would take a lot of computer science courses to get a deep understanding of it all.
They could do a http path traversal, e.g.: [address to server]/../../../../etc/passwd
I think you could just start with // to get to the root
He acknowledged this insecurity.
@@sofianikiforova7790 Yes he does. I only showed one way to access directories you don't want other people to access. It wasn't meant as a "gotcha" moment. 😉
@@Turalcar I'm not sure if it would have worked on that server, tbh. In any case, I would have written the comment in the same way as it makes it easier to read/recognize, and TH-cam comments are not suitable for this as anything resembling a URL is easily caught by the scam filter.
Wow, this is exactly what I needed. You're a lifesaver!
I did the same project for a distributed systems course. What a great small project.
0:34 I am currently waist-deep in the Apache internals at work, so I can attest to this.
You have taught more about general services (it doesn’t have to be for web) than college ever did for me
What's the line merging referred at 7:30? I don't think I've ever heard of that
Laurence Tratt and @Computerphile, I hope you'll soon make a video explain how an why this naive server is so damn *vulnerable* to many sorts of attacks, particularly BF, DoS and LL attacks.
What (Neo)Vim plugins did you use? That’s a great looking setup.
10:50 you could use the split_whitespace() function 😊
I wish I could give this video more than one like. It's that good!
You didn't have to flex your vim skillz that hard lmao what a legend. Also noticed the framework laptop
Loved this episode!. Thanks.
He said at 7:30 that you have to merge lines instead of reading them one line at a time. What was meant by this?
6:34 - isnt there a blank line between all the headers and the body (for non GET requests)?
This trivial example doesn’t support any method but GET.
@@trevinbeattie4888 Gotcha
can someone tell me the name of the neovim theme he is using? thanks.
it's probably worth noting that even after fixing the path traversal attack, there are a number of other vulnerabilities in this implementation that make it very unlikely for me to recommend it for even small-scale deployments. just off the top of my head: rate limiting of any kind is nonexistent, resource exhaustion is trivially possible by sending an arbitrarily large request, any client can take down the server by requesting a nonexistent file, etc.. there are also a number of more subtle path traversals; even if you check for paths that contain `..` segments, you still have to account for paths that start with two slashes, etc..
Love seeing the framework laptop!
I wonder what the executable's size is though.
I knew almost all, and I detest Rust, but I just learned the proper layout of the server response!
I did this a long time ago, but got a bug where it would spin forever on chrome but load instantly on IE. I went to stack overflow but people just downvoted saying "that's not how you do this" about a toy program. In the end I figured it out, I was loading a file and putting it into a buffer and saying that's how many bytes it was, then I used a string stream to put everything into a final buffer to send. Turns out the files had four 0s at the end, which got stripped by the string stream making chrome wait for the last 3 bytes forever while IE just assumed it was done or something. Just in case someone has a similar issue.
What I want to know it, how to connect a TCP socket to a serial COM port and then write a crude web server on an Arduino to simplify remote connections to embedded projects.
While its nice to see this broken down for people, I also want to stress how dangerous this is without proper security and exploit handling. It is almost always better to implement some well known http server library if you need this functionality.
It's not just handling files to have basic security here. There are all sorts of RCE via injection you have to be concerned with, etc, depending on which language you implement this in.
However, this is a great exercise for learning this!
Rust and Neovim, I like your style.
Can't get used to Rust syntax.
25 lines = Decades of research and building optimized libraries.
I'd like to see someone build a web server with assembly from scratch.
Recreated it in python and learned a lot. Thank You!
I remember a time when this webserver would have sufficed, when we could "leave our doors unlocked" metaphorically speaking, when the most malicious of actors were simply trying to bypass front door security for the sake of learning. But that time predates the webserver, the web, and even _The Cuckoo's Egg._
Lovely sample. I used to do all this with a shell script. Same approach, and potentially quite safe.
Oauth clients are an incredibly useful implementation of these
But how do you program the tcplistener? With the right libraries I can code everything in 25 or less lines.
It is from the rust standard library, it's just a tcp socket
Great video, loved it!
I guess this useful if I wanted to build a server for an embedded system or one of those wireless sensor networks? It should take almost no space and minimum processing, given that we have single user.
love your shirt pattern.
no one likes you
Thank you for this. I work for a hosting provider and deal with Web Services of all kinds so It's really cool get an idea of how it all works under the hood. But for real though, you need to iron that shirt! 😅🤣😂
Using a slightly different one eh? I checked, and I spot some OpenBSD httpd! High Five Laurence Tratt!
(And OpenBSD does run very nice on the Framework laptop. :D )
I too made a http server, which was just a todo api app. Learnt how http request actually works and parsing them. Fun project, got to learn a lot. Wanted to learn on the security part of this, any insights or references to look into?
Alright, ship it! We'll send out a patch later if we can be bothered.
Now write a web broswer in 51 lines. Release is on friday afternoon, chop chop.
ok I thought it was impossible to do this with such a simple view. I going to try and create this in c++ using websockets which I have used before but have failed.
I’d like to see this approach in Erlang or Elixir. On the other hand, OTP already has a HTTP/1.1 server included.
I have a question! How come the binary files are still served properly? I mean pics. Is the browser smart enough to figure out the media type without telling it??
The response has to include a “Content-Type:” header which identifies the MIME type of the data. In many cases there may also need to be a “Content-Encoding:” which indicates whether the data is ASCII text vs UTF-8, raw vs. gzip compressed, etc.
A normal web server would send the proper response headers detailing the information. Ours however doesn’t, the browser simply receives the data and looks into the first byte of the file, if it’s a well known magic bit it’s recognized. If not, it checks if the contents is valid ascii/utf8 if yes, it will be rendered as html. If not it’s simply a byte stream and is downloaded.
@@trevinbeattie4888 Yeah exactly, this server doesn't do that. I think the browser must be making educated guesses as to the content type of each file
The browser is the one requesting the file and knows what type of file it's requesting. If it's expecting a text file, it will render it as text. Same for images. It's not up to the server to make that determination. The contents of the file should be defined by the html page requesting it (whether it's an image file, another text based web page, etc). You can write a web page referencing nothing but files on your local computer, and it will render just fine without any webserver between the browser and your file system. Fundamentally, a web server if just a file server giving out the binary data of the files that were asked of it.
Good to see another openBSD enjoyer :)
Would you say there is a use case for this in Internet of Things projects? I've heard of MQTT and other messaging technologies but for a private home network behind a firewall this is pretty low point of entry. I guess I should look into Rust and add that to my Resume too.
I have seen many 'a' production websites that will happyly give you index if the url ends with a / so Laurence is onto something here lol
simple and to the point. nice!
I'd love to take a stab at turning all those unwrap()s into idiomatic error handling with correct response codes, as well as path traversal checks. Is the source (and sample website) available?
It'll also be very informative to show people how to build a http server in C in 100 lines, with socket(), recv() etc. Rust already wraps things in pretty std packages, and it has syntax noise which can confuse people who aren't familiar with it (compared to the simplicity of C)
Great to see someone coding in rust! Thank you. 🙏🏻
11:58 this path traversal makes me cry
you didn't send application type header for the image?