Coding a Web Server in 25 Lines - Computerphile
2024 ж. 21 Ақп.
314 877 Рет қаралды
Just how simple can a web server be? Laurence Tratt, Shopify / Royal Academy of Engineering Research Chair in Language Engineering at Kings College London builds it up.
More about Laurie: bit.ly/C_LaurenceTratt
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharanblog.com
Thank you to Jane Street for their support of this channel. Learn more: www.janestreet.com
The joy of modern programming languages. Listening on a socket in just one line.
yep.. that itself was the main trick... that one line.. tcp listen..
java had that in 1995... ServerSocket for those asking After looking into c it has Socket.h so even in c its there...
It's not a programming language, it's the set of libraries it comes with. I think you are confusing two things here.
The standard libraries that come with the language, are they considered part of the language?
It's two syscalls to Linux kernel too. Not so heavy to implement that in any language that allows to do syscalls.
I loved Laurie’s smile each time he wrote something he knew was absolutely dodgy!
I write webservices for a living and I have that same energy when realizing I can cheat the system and completely ignore convention.
He is a gift that keeps on giving A fundamental explanation of making a simple webserver in 25 LOC for easy understanding of its components A lecturer that 1. Uses Rust 2. Uses a framework laptop 3. USES NEOVIM very nice
And runs on OpenBSD !
And uses Firefox
True
And uses gruvbox
he's too based
Programming Rust on a Framework laptop running OpenBSD. Absolutely based.
neovim and looks like alacritty as well
I fully expected Python, the Visual Basic of the modern age. It's the only reason I clicked the link, to see if I was right, since for any modern environment you can write a "web server" with three statements: import web library, set default response string, invoke the listener.
incredibly based.
you all sound like reddit and hn nerds absolutely cooming over a dude's setup.
@@hachikuku5226That's the point, poindexter.
Honestly I didn't expect the fundamentals of HTTP to be so easy. This sort of "from-the-ground-up" approach was really fun to watch!
email is of similar complexity.
Sure, when you have libraries in place that do all the actual on the ground stuff we don't see in the video.
@@Faladrinreally the only library he used was the tcplistener implementing the protocol was all up to him.
There's a degree of knowing I.T. being seen as knowing how to use Word and Excel. Been this way for a couple of decades at least. Very few people seem to know the basics.
I had this professor for a few lectures in my undergrad during covid. He was very enthusiastic, funny and explained things really well. He was also was explaining concepts with his neovim + rust setup. Happy to see him again on computerphile!
The funny thing is, there's an async tutorial in the Rust Book that explains how to use threads with a web server do handle 4 workers. If I remember correctly it's not even 10 lines more. Would've been a cool addition!
which rust book?
@@Gnarksonshould be chapter 20 in "the book" (referring to the official book)
@@NetherFX thanks
Rust user? Framework laptop owner? Based prof.
Bet prof use Arch too btw.
Based on what?
Rust user, framework laptop and vim user. Mega based
Wonder when he's getting his bottom surgery.
And neovim and firefox
You can tell this guy loves what he does. Thanks for the video!
highly paid serf is a happy and productive serf... : )
You can build the web server in one line of code if you put your 25 lines of code in a library. 😂
or write all of the code in one line, even if we dont strip down the server to the bare minimum, a full server is still just 1 line of code if you format it in such a way that its all on the same line.
@@ai-spacedestructor isn't every application just one line of code/one function? main() {... } It's turtles all the way down.
Low level programmer:
@@vincei4252 depends on the programming language, im not too familiar with rust to know how that is exactly.
Nodejs😂
'I am abusing this monstrously.' == always the sign of well-written code.
“What I’m doing is a crime against silicon” = writing some of the most ingenious code possible to write
No, not even close
@@TAP7aif you think it's ingenuous then it's more about what you think than the code itself.
Genius or, more likely, brittle code only workable by the original author. Could be either. Could be both.
@@kevinmcdonough9097 Oh, very probably both 😜
Great format for explaining web servers. Those 17 minutes flew by
Don't know if it's a coincidence, but the code really reminded of the one in the first chapters of the Rust Book - Building a Multithreaded Web Server. I've just been reading it a couple of weeks ago, and can definitely recommend taking a look if you're interested! Though it's worth mentioning that the code does contain some difficult Rust
Difficult Rust can't be as bad as "modern" C++ with templates and meta-programming? Can it?
@@vincei4252 unfortunately I can't make this comparison since I barely know C++, let alone "modern" C++. Rust does meta-programming using things called macros - from what I've heard, they're quite powerful and reasonably easy to understand? Though they're definitely WIP, so there're a couple of rough edges here and there. There was a talk recently, called something like "Anything you can do, I can do it worse with macro_rules!", where the host showed a somewhat extreme example - a macro they created that can automatically create a fully functional XML representation of a token tree of Rust code
This code will be very similar on any language, really. Even the ones with no sugar added.
@@vincei4252they’re as bad as each other syntactically, Rust is probably a little more coherent, but the precision demanded by the Rust compiler is simultaneously much more reassuring and frustrating. Whereas modern C++ is less coherent, but quicker to get running, but only if you accept all the footguns that come with it.
Fantastic content, that's what I was always missing in the "basic" server setup - the way the server actually functions!
Even before the rest was completed, just the bit that sent back "Hello Computerphile" was totally amazing to me.
This was awesome. I was a programmer, now a DBA. Having someone explain code like this is what a learning experience should be.
I love this guy's computherphile videos! He's always very clear and bring practical stuff.
Nice! One of my first projects was writing my own webserver in Java, later added PHP support and used it to host my website.
How did making a Java web server go? Any tips?
Like all computerphile video of Dr Laurence Tratt. Great work!
Awesome video, great job at explaining the questions asked. Absolute chad energy Laurence Please do more videos like this!
TELESCOPE USED!! LETS GOOOOOOO!!!!!
TELESCOPE!!!
wait arent you teej the creator of telescope but you also stream on twitch?
Telescope, Lets GOOOOOO
timestamp 1:51 woooooooooooo
🔭 NeoVim without Telescope LITERALLY unusable 🔭
this channel is fire tbh
Great video! If you want to remove the duplicate INSERT mode you can add: set noshowmode into your config.
it is important to remember that whichever end you are writing, you need to consider the other end a bad actor or buggy AF.
That's what he's saying. He's ignoring any safety concerns for this example like error handling or exploit fixing
This was really nice! I'm so used to getting everything low-level served to you as a library call when you actually need so little of the library you could just do the thing yourself.
I always recommend everyone trying to one up their programming skill is to create web server using the HTTP spec. It really teaches a lot about what programming is. There is a document that you have to follow and the expected behaviour, how you handle edge cases, how you optimize some algorithm, etc. Why HTTP and not anything else is jusy because the sheer number of implementation available that you can use as a reference.
interesting will try soon😂
Best channel in you tube ... i am surprised by how well and simply everything is explained. I don't use rust but i already figured out how to do it in Python!
Wow, this is exactly what I needed. You're a lifesaver!
awesome. even though i am a fullstack dev, this seemed always daunting and i never wanted to look into it but its actually super super easy. really well made!
"In 25 lines" is doing a lot of heavy lifting with those libraries wrapping so much networking code.
"Those libraries" he's using one library and it's the relatively tiny Rust standard library. Try writing to stdout in less than 25 lines without calling 50 lines of C or another binary that does just that.
@@CramBLNot wrong in spirit, but "call the SYS_WRITE syscall" is like 5 lines of assembly, or a hardware serial port equivalent in low-level systems
@@CramBLOh stop. It's just a bait title. So much is going on behind the scenes. People slowly forgetting how much work has been done by others in the past, and it boils down to "in 25 lines". It's a bit tiring. And it's all going to be forgotten if anything major happens and people don't know how to fix the problems. Cos all we'll have are the imports and no one knows the magic inside. Just 1 billion lazy devs that know the 25 lines.
@@CramBL yea and try doing it without a kernel, that's even more lines!
Libraries like... the kernel??? That's where the whole IP stack and sockets are implemented. Even in assembly this code wouldn't be massively longer.
Glad to see Rust having reached a point where it's no longer "Building a web server in Rust" but just building a web server, oh and btw we chose this whatever language because it's mainstream enough and understandable enough to not take away from the main point of the lesson.
Great video! Just a few weeks ago my collegues and I were chatting about a web project I was working on, and the question of "How exactly does a web server even work?" came up. At the time we didn't look too deep into it, since we are all high level programmers who don't remember our college days. This really pointed out how simple you can really do it!
Didn't expect the video to include the Rust programming language. As always valuable materials presented for pure knowledge:)
Learnt something nice today! Thanks for uploading, Lastly the authors enthusiasm regarding his craft was quite infectious.
Absolutely amazing! Thank you very much, Mr. Tratt.
Great to see someone coding in rust! Thank you. 🙏🏻
Me expecting him to run `npx http-server index.html` and be done with it 😆 Great video, thanks Laurence!
25 lines of code plus 4.6 gigs of node packages for some reason 😂
@ThePrimeTime needs to see this
the "I'm abusing this monstrously - agen"
I think he watched it on today’s stream, we’ll see if it gets posted.
Although my English is not good, I spent an afternoon watching and learning from this video. This video is really simple and easy to understand for beginners like me.
I love listening to these smart people it's so motivation and takes you into the presence, sharpening your mind..
You didn't have to flex your vim skillz that hard lmao what a legend. Also noticed the framework laptop
This guy's the kinda professor I wanted all my academic life! nvim, rust in linux on a framework laptop! Be my guide sensei 😭❤
Pretty sure he was running FreeBSD, based on the browser's "user-agent", not Linux.
OpenBSD @@wbfaulk
@@wbfaulk OpenBSD, even
@@smikkelbeer6352 dammit
no way y’all happened to upload the exact type of thing i’ve been looking for lately
Loved this episode!. Thanks.
I did the same project for a distributed systems course. What a great small project.
One difficulty with supporting multiple sites in a webserver is that you have to support it using both raw HTTP ... and TLS SNI (ServerName Indication) and ideally TLS ESNI (Encrypted SNI)
"you could call it a good listener," you startled a laugh out loud out of me:) Thanks.
Love seeing the framework laptop!
Thank you! You gave me courage!
Rust and Neovim, I like your style.
Can't get used to Rust syntax.
They could do a http path traversal, e.g.: [address to server]/../../../../etc/passwd
I think you could just start with // to get to the root
He acknowledged this insecurity.
@@sofianikiforova7790 Yes he does. I only showed one way to access directories you don't want other people to access. It wasn't meant as a "gotcha" moment. 😉
@@Turalcar I'm not sure if it would have worked on that server, tbh. In any case, I would have written the comment in the same way as it makes it easier to read/recognize, and KZhead comments are not suitable for this as anything resembling a URL is easily caught by the scam filter.
I like this transition. We went from Perl one liners or insane algorithimic one liners to now people applying creativity to web servers and api designs. I was just thinking about how computer science is getting boring nowadays but I’m glad that there’s still a few breaths left until it totally becomes the next accounting-esque profession.
I’m not sure it will ever be an accounting-esque profession. The amount of creativity involved and flexibility of tooling, and solutions are always going to be more open ended than accounting.
@@sofianikiforova7790 I agree but I think the creativity part of it is tied behind the language. once people can code in their native languages I think more or less the syntactical accuracy will become a matter of just putting the right structure in place. So, more or less like accounting. Similarly how people still do creative stuff with accounting (eg new ways of building ledgers like crypto) but the basic premise has converged onto a more or less singular agreed-upon convention. Computer Science was fighting that premise at its very core I think with several languages and several programming paradigms. But with the advent of AI the programming paradigms or "code structure" might become meaningless. A computer for example doesn't care if the JS file is minified or beautified. We do.
I don't know why, but I just thought about how to make a web server and this video came up. What a coincidence!
Thanks for the beginner friendly Rust tutorial!
You have taught more about general services (it doesn’t have to be for web) than college ever did for me
Neovim for the win! That's some serious productivity!
Kudos on using a part oh The VIM family! I also really need to look more at rust 🤣👍
Great video, loved it!
Crazy to think we've abstracted all the low level aspects for creating a web server. Just going through all the standards/protocols invented to get this web server going that looks simplistic would take a lot of computer science courses to get a deep understanding of it all.
0:34 I am currently waist-deep in the Apache internals at work, so I can attest to this.
Oauth clients are an incredibly useful implementation of these
I wish I could give this video more than one like. It's that good!
First of all, fantastic video. It's amazing how you managed to simplify such a complex topic. Second of all - as a software engineer - your corner cutting made my skin crawl. 😅
simple and to the point. nice!
Recreated it in python and learned a lot. Thank You!
ive always loved how "gobblygoop" is an official industry term
You can make a secure web site with about 60 lines of C that is extensible. Did this 28 years ago and was used as part of one the the first internet proxy firewalls.
Remember the good old days when writing a 1 line web server in perl was the rage.
Lovely sample. I used to do all this with a shell script. Same approach, and potentially quite safe.
Love that framework laptop you got there ;) got one too.
Realizing that someone needed to program the libraries you were using feels like a lost art. We stand on the shoulder of giants.
Love seeing Rust on the channel! Not a big fan of his variable names though.
Using a slightly different one eh? I checked, and I spot some OpenBSD httpd! High Five Laurence Tratt! (And OpenBSD does run very nice on the Framework laptop. :D )
Great presentation! I came for the httpd teaser, I left with my first appreciation of Rust.
Love the Framework laptop!
Uses Rust and Nvim w/ gruvbox colours? Absolutely based professor.
love your shirt pattern.
While its nice to see this broken down for people, I also want to stress how dangerous this is without proper security and exploit handling. It is almost always better to implement some well known http server library if you need this functionality. It's not just handling files to have basic security here. There are all sorts of RCE via injection you have to be concerned with, etc, depending on which language you implement this in. However, this is a great exercise for learning this!
Very nice. Loved the video,
10:50 you could use the split_whitespace() function 😊
Rust mentioned, uses Framework. Instant like.
Good to see another openBSD enjoyer :)
I love production ready code 🙂
Very nice explanation.
Brilliant!
I too made a http server, which was just a todo api app. Learnt how http request actually works and parsing them. Fun project, got to learn a lot. Wanted to learn on the security part of this, any insights or references to look into?
Very nice! thank you
- How many holes and edge cases do you want? - YES
That was very clear
What I want to know it, how to connect a TCP socket to a serial COM port and then write a crude web server on an Arduino to simplify remote connections to embedded projects.
11:58 this path traversal makes me cry
Thank you for this. I work for a hosting provider and deal with Web Services of all kinds so It's really cool get an idea of how it all works under the hood. But for real though, you need to iron that shirt! 😅🤣😂
Laurence Tratt and @Computerphile, I hope you'll soon make a video explain how an why this naive server is so damn *vulnerable* to many sorts of attacks, particularly BF, DoS and LL attacks.
I knew almost all, and I detest Rust, but I just learned the proper layout of the server response!
The Go standard library says hello :)
Thank you a lot!
it's probably worth noting that even after fixing the path traversal attack, there are a number of other vulnerabilities in this implementation that make it very unlikely for me to recommend it for even small-scale deployments. just off the top of my head: rate limiting of any kind is nonexistent, resource exhaustion is trivially possible by sending an arbitrarily large request, any client can take down the server by requesting a nonexistent file, etc.. there are also a number of more subtle path traversals; even if you check for paths that contain `..` segments, you still have to account for paths that start with two slashes, etc..
Legend!!
Alright, ship it! We'll send out a patch later if we can be bothered. Now write a web broswer in 51 lines. Release is on friday afternoon, chop chop.
It is an interesting video thanks for sharing.