Slashdot Mirror
HTTP: The Definitive Guide
OK, so I answered "C". I am going to make bold the claim that HTTP: The Definitive Guide, the long-awaited O'Reilly book on HTTP is ambitious enough in breadth and depth that if you answered "B," "C," or "D," you will find this book useful and informative. This is primarily due to clear organization of the book, as well as its friendly (even chummy) writing style.
Even if you are a technically-inclined sort from the Marketing department, and answered "A," you could get a good technical overview of the plumbing of the Web by skimming through this book; plus, having any O'Reilly book on the shelf in your cubicle would score you some street cred with the guys sitting over in Development -- this could be the one you've actually read. :-)
Breadth Unless you answered "D," HTTP is more complicated than you think. This is especially true if, as the authors of a good technical book should do (and these authors do), one spends some time touching on matters one level down (to TCP/IP, and other areas, in this case), and one level up (to HTML, generally, in this case). Because the authors are particularly concerned with HTTP performance, details of the interactions between HTTP and adjacent levels can be important.
The book is divided into five main sections: 1) an overview of HTTP, URLs, and connection management; 2) HTTP Architecture, including Web servers, proxies, caches, gateways, tunnels, robots; 3) Identification, Authorization, and Security; 4) Entities, Encodings, and Internationalization; 5) Content Publishing and Distribution, including hosting, publishing, load balancing, logging. So, even if you classify yourself as a "D," or even if you are hacking on an extensible open-source router software platform (in that case, you are an "F"), you will find yourself pulling this book from the shelf from time to time to check on something in one of these areas. The modular organization of the book is good.
The full Table of Contents is available on line.
Depth One (unfortunate?) thing about the Web is that its "architecture" (if you can even call it that) evolved and grew piece by piece. The design goals people had in mind back in 1993, or even in 1999, have been blown away by what has happened on the ground. Inter-company politics have also been a big factor -- never helpful for promoting standardization, or sound design. (Perhaps another problem has been the lack of an O'Reilly book on HTTP to tie everything together!) Hence, not only do you have a confusing mass of obsolete and/or overlapping specifications documents, you also have major differences between how different browsers, servers, and proxies adhere to these specifications in practice. This is one place the book shines: sprinkled throughout the pages are little tidbits about compatibility or performance pitfalls, gleaned from much practical experience. (The authors were some of the architects of Inktomi's Traffic Server "enterprise class" Web cache. Think "proxy caching for all of AOL's Web traffic.") As one example: "Technically, any Connection header fields (including Connection: Keep-Alive) received from an HTTP/1.0 device should be ignored, because they may have been forwarded mistakenly by an older proxy server. In practice, some clients and servers bend this rule, although they run the risk of hanging on older proxies." I can just imagine the series of bug reports leading to the inclusion of that piece of advice in the book. There are many other such warnings and bits of advice, generally aimed at HTTP application developers, often with an eye to performance tuning.
Here again, appropriate depth of discussion for a variety of readers is handled by clear organization of the book. The basic background material is laid out, and as the authors dive deeper into detail they may make a suggestion like, "If you are [not] writing high-performance HTTP software... feel free to skip ahead." Then, at the end of every chapter, there is a section labelled, "For More Information," which is a collection of relevant references and links, for those who want to dig into the source documents themselves.
Cautions This book review is addressed to the Slashdot crowd, a very technically savvy audience, so it's appropriate to mention what this book is not. It's not a detailed technical reference on all the topics mentioned in the table of contents (above); it would be tough to fit all that material into the book's 650-plus pages. However, the book is a good overview of HTTP and many related topics. The book does dip down into the grungy detail in many areas, but this won't be your only reference if you are a Web application developer.
Conclusion Overall, this is one of the more accessible O'Reilly books I own. In addition, while experts will certainly seek out greater depth in their particular area of expertise, few people are expert in the whole range of topics related to HTTP that this book covers. In addition, the book provides many tips drawn from practical experience, and references to more detailed material. HTTP, if not the heart and soul of the Web (perhaps that is Web content itself), could perhaps be called the Web's circulatory system. If you have a professional interest in Web content distribution, or Web application development, I believe this book deserves a spot on your shelf.
You can purchase HTTP: The Definitive Guidefrom bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
I think I'll download it to my PDA and go deprecate for a while...
Stop by my site where I write about ERP systems & more
True or false questions should not be followed by a list of four choices, none of which are "true" or "false."
I choose:
E) CowboyNeal gives good header
A) What does "deprecated" mean?
deprecated: adj. In a state of having soiled oneself. Johnny was not efficient enough and failed to reach the restroom, and was thus deprecated.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
QUESTION: Did you know that the Keep-Alive header was valid in HTTP 1.0, but has been deprecated in HTTP 1.1?
Uhh, my answer is "No"
--
Mozilla Sends:Which isn't necessarily a bad thing, but they have to be backwards compatible in case they hit a poorly implemented HTTP 1.1 server. Gets annoying to code hybrid httpd systems.
HTTP isn't that complicated of a specification though, the RFC is easy enough to understand.
Dacels Jewelers can't be trusted.
Honestly, save yourself ~ $50 for an O'Reilly book and go directly to the source of the information:
HTTP 1.0
HTTP 1.1
It's remarkably easy to read for a technical document.
It's nice to see a review like this. Many slashdot reviews are short and detail-less, but this one is a good overview, which I like.
As much as I want to know about the underpinnings of HTTP, I find this one of those "books I'd like to HAVE read." If I buy it, which I may, I'm pretty sure it will be one of those books I just don't get around to reading because I personally don't have a huge need for it. I'd love to know the information, but I don't know I have the time to pull off actually reading it. Is it just me, or does everyone have a few of those books - the ones you wish you had actually read, but instead just look nice as part of your technical book collection?
I guess there's at least one positive about the Matrix - I can make a quick phone call and have my operator just load "The Complete HTTP" for me.
I figure XHTML 2 is going to require a big re-design of everything anyway, why not design an HTTP 2.0 to go with it?
The problem with definitives guides is that, they get outdated very quickly :)
so i wouldn't spend any money on them. instead i would just browse the W3C website or other reference web sites.
Consensus is good, but informed dictatorship is better
> One (unfortunate?) thing about the Web is that its "architecture" (if you can even call it that) evolved and grew piece by piece. The design goals people had in mind back in 1993, or even in 1999, have been blown away by what has happened on the ground. Inter-company politics have also been a big factor - never helpful for promoting standardization, or sound design. >
I couldn't agree with this more from a web development area as well, so many designers are still using hack and slash methods from the early 90's it's sad[although not always their fault!]. It correlates to the same principles used to build the architecture itself.
side note: if you're interested in learning more about forward compatible web design you should check out Jeffrey Zeldman's new book 'Designing With Web Standards' you can find him at www.zeldman.com - I just finished this book and it was well worth the $24.50 - all you nested table designers should pick this one up or those looking to bridge the gap from using tabled design. =)
Fear Breeds Knowledge
===================
QUESTION: Did you know that the Keep-Alive header was valid in HTTP 1.0, but has been deprecated in HTTP 1.1?
A) What does "deprecated" mean?<br>
B) What is the "Keep-Alive header?"
C) That's too bad - I kind of thought Keep-Alive was handy!
D) Get with the program... HTTP 1.1 came out in 1999. The Internet boom is over already! Persistent connections are the default in HTTP 1.1 anyway.
============
Well, I'm no HTTP expert but I do know this -- that <br> tag doesn't belong there.
What I'm listening to now on Pandora...
...I have someone I can fire if they don't know the answer to this question.
Where do you think you can find HTTP on the W3C site?
HTTP was standardized in IETF process, not W3C. HTML started in IETF process and then we yanked it out and did it in W3C. IETF process is not the place to work on something where there are religious wars, the SGML folk were big on religious wars.
The RFCs on HTTP are useful if you are writing a server or client, however they are less useful as a guide to how what is out there works. One of the big problems with the IETF is that the RFCs look like shit, they are designed to be printed in a fixed width font because thats the way they did things in Babbage's day. So not surprisingly engineers tend to go for documentation that is easier on the eye, even if it turns out to be wrong.
The other issue with the specs is that they describe what the WG came up with. That does not necessarily represent reality, the group took seven years to complete. If you want to know what will work you need more information than is in the RFC.
I wrote parts of the HTTP spec and even I would want more information than just the spec. I am not sure about the 'advice' about working arround older broken proxies, I tend to think its not a bad thing if folk running obsolete software lose every so often. But it is useful to know that it can be an issue.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
*psst*
HTML != HTTP
Gibble: Descriptive of an emotional state in which one's mind is scrabbling for some purchase on reality
So your answer would be:
e) I thought the HTTP standard would be 4.01 already!
Which means you should definetely first read "internet protocols for dummies".
Ok, I'm a bit mean here, but I just couldn't resist.
*smug smirk*
Bot Assisted Blogging
everyone with any real cred still uses HTTP 1.0.
/some/file.xml
Huh? To get real cred, you do:
: telnet foo.bar.com 80
GET
And you hit Return twice, of course, but you knew that.
HTTP 0.9 is the Real Thing.
Hey, anyone remember HTTP 0.5?
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
402 -- Payment Required
406 -- Not Acceptable
300 -- Multiple Choices
Where do you think you can find HTTP on the W3C site?
And yet, as has been pointed out, you can indeed find it on the w3 site.
The RFCs on HTTP are useful if you are writing a server or client, however they are less useful as a guide to how what is out there works.
But, as anyone who's tried CSS or just about anything else knows, this is absolutely true. Differences between vendor implementations are one reason why many geeks are bald, sickly, and pale.
Tweet, tweet.
Actually, they would be at XHTTP1.1 by now ;)
You know it makes sense, a little reminder from jointm1k.
Me know HTTP real good!
Aww, I miss blink. I used to have a version of my webpage wherein every other word blinked. It was actually quite pretty, in a geeky epileptic sort of way.
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
until divs will auto resize we'll be stuck with pages like this one (light orange on white for them menus ffs!) that only go 20% to the width of my browser window.
& his menus don't resize to fit the text if you turn up the size
still, never mind, im sure he makes $ from his book, but not from me
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Standards should be lean and so easy to understand and so trivial to implement that one undergrad student can implement it to full compliance in one afternoon.
HTTP 1.1 has over 100 pages, most of them absolutely useless for implementors. Unnecessary verbiage, unnecessary optional parts, unnecessary warts, unnecessary "I'm working on a thesis about foo, let's put it in this standard and see what happens" crap.
Examples: chunked encoding -- absolutely superfluous! Amazingly useless. Or what about the range support? HTTP allows to request a byte range from a file. Normally you would use that to fetch the second half of an aborted download, or maybe for PDF reading you would fetch bytes 10 to 100 or so. HTTP 1.1 allows to specify several ranges in the same request, and the server is expected to construct some MIME abomination as answer, if it supports this at all. If it doesn't, it is allowed to coalesce the ranges and just send the whole range. This makes this feature horrendously useless for clients (why bother with it if you a) have to implement some sort of complicated parser to understand the result and b) won't even save bandwidth because the server isn't going to implement it in the first place and c) it is not even cheaper than just using keepalive connections and asking for the parts one by one.
In short: HTTP needs to die quickly and be replaced by something sane.
Did I mention the monstrosity that is content negotiation? It is impossible to write a proxy that can cache content in the face of content negotiation. Luckly, nobody uses it on their servers, because it is a pig to implement and configure on the server. Clients tend to support it, but who cares.
deprecated
Deprecated
A deprecated element or attribute is one that has been outdated by newer
constructs. Deprecated elements are defined in the reference manual in
appropriate locations, but are clearly marked as deprecated. Deprecated
elements may become obsolete in future versions of HTML.
User agents should continue to support deprecated
elements for reasons of backward compatibility.
Definitions of elements and attributes clearly indicate which are
deprecated.
This specification includes examples that illustrate how to avoid using
deprecated elements. In most cases these depend on user agent support for style
sheets. In general, authors should use style sheets to achieve stylistic and
formatting effects rather than HTML presentational attributes. HTML
presentational attributes have been deprecated when style sheet alternatives
exist.
One of the big problems with the IETF is that the RFCs look like shit, they are designed to be printed in a fixed width font because thats the way they did things in Babbage's day. So not surprisingly engineers tend to go for documentation that is easier on the eye, even if it turns out to be wrong.
:)
I don't know about that. I'm an engineer, and I'd rather have something printed in fixed-width font, on green-and-white fanfold paper. Less BS, more facts.
"Soon to be a Microsoft standard."
--- Ban humanity.
Error 300 isn't as unusual as you might think.
s 1
Apache's mod_speling module will correct small typeos in URLs that are requested, and if it finds more than one possible match it returns an error 300 with the possible choices.
For example:
http://www.madriver.k12.oh.us/network/netware/wef
- Bunny
(reload a couple of times)
Yes, I did have something to do with it. Sorry.
Avantslash - View Slashdot cleanly on your mobile phone.
Geez, I've been running Internet 6.0 for a long time. I don't know anyone still running 1.1. Some of the Netscape people are still running version 4, but I heard they can move up to seven.
I hope that Microsoft comes out with version 8 of the Internet- but by then AOL will have Internet version 9. This is so hard to keep track!
Who cares about Internet 1.1 though. Maybe you should get a new computer.
No reason to lie.
The blink tag works great for papers on quantum physics.
(Credit to UserFriendly goes here)
What's this Submit thingy do?
For the full-featured HTTP server that I designed and implemented at my last job...I found just one book to be all the help a person needs:
... good grief!!
"HTTP Pocket Reference", O'Reilly, maybe 4 bucks at Bookpool.
75 pages, of which about 65 aren't necessary.
656 pages on HTTP??? It's not a detailed technical reference on all the topics mentioned in the table of contents (above); it would be tough to fit all that material into the book's 650-plus pages.
I'm an IIS coder, you insensitive clod!
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Standards should be lean and so easy to understand and so trivial to implement that one undergrad student can implement it to full compliance in one afternoon.
I suppose that appeals to undergrads, and those who like extremely granular standards that only address small parts of a solution. Beyond that, it's an absurd overstatement. Standards should be lean in the sense that they should be focused, but to be trivial enough for full implementation by an undergrad in one afternoon ducks below the bar of general usefulness. It's somewhat analogous to what I've heard more than one teacher respond when asked by a student "how long" a paper should be: It should be like a skirt -- long enough to cover the important parts, short enough to keep it interesting. You're right that it should be lean (short enough to keep it interesting) but your criterion for that might not cover the important parts.
No Laughing Allowed!
A) What does "deprecated" mean?
"No matter how much we pretend otherwise, this will stay around forever."
Strictly speaking, RFCs are not standards -- only government-sanctioned bodies can issue standards. Of course, that's a distinction only of interest to compulsive nit-pickers (aka Tech Writers).
In practical terms, I think a good RFC plays the role both of a standards document (MUST) and a best practices document (SHOULD). Given the ad hoc nature of the Internet, it makes a lot of sense to combine the two. It's the sort of informal process and documentation that has allowed the net to grow so quickly.
And (the bring us back to the real topic) that's a good reason to not waste money on a book if there's a good RFC at hand.
Your entire post could not be more untrue.
HTTP was created long before it was handed off to be maintained by the IETF. It existed prior to the RFC that you claim to have co-wrote. The only reason that exchange was made is because HTTP is viewed as a piece of the Internet's infrastructure; in fact it is essentially where the Internet and the Web intersect.
Also, HTTP is very useful as "a guide to how what is out there works." Check out a mailing list for mod_perl, PHP, etc. You will find countless questions being asked that would be answered by a simple understanding of HTTP - how the Web works. This is what real Web developers need; then maybe I can check my bank account balance or sell some stocks without having to interact with a poorly-constructed Web site.
As the author of the HTTP Developer's Handbook, you might think that I would point out weaknesses in O'Reilly's effort. On the contrary, I think this work is very good, and I would highly recommend it to anyone involved in Web development. I think my book is more suited for the everyday reference that you carry with you that explains things specifically from a Web developer's perspective rather than focusing on clarifying the standards, and I think the two go well together.
At any rate, I think this is a quality book on a very important topic.
The spec and books are both good sources of information on HTTP, but I find it difficult to actually apply the knowledge.
I recently interviewed for a position requiring intimate HTTP knowledge. Rather than try and understand every bit of the spec, I just captured all of my clear text HTTP traffic for a night of surfing, I then looked at the actual HTTP exchanges between my web browser and various servers and looked things up in the spec and other sources that I didn't understand.
I also learned some things that weren't in the spec, which were helpful in the interview like how session keys are structured on various servers, etc.
(Score:-1, Wrong)
Mine are definately content negotation, specifically language negotation, since I develop multilingual websites (yeah, English is not my first language).
I find that extremely useful, yet, nobody cares about it... It is really annoying when you get to a website and you have to choose the language, "Hey, I told you that in my accept-language header, just listen!"
Things are moving sooooo slowly...
Employee of Inrupt, Project Release Manager and Community Manager for Solid
I used this book in addition to the RFC when writing my webserver software.
It's a good addition to the RFC's but not a substitute. The introductory stuff is a bit too basic but the rest of the chapters clarify several things about the RFC's. 2616 can be a bit ambiguous at times.
All in all, it was worth the money if you are planning to do any serious work with HTTP.
What about text-decoration: blink?
" I hate it when people post spoilers before I've read the book!"
Suck on this!
The animal on the cover of HTTP: The Definitive Guide is a thirteen-lined ground squirrel (Spermophilus tridecemlineatus), common to central North America. True to its name, the thirteen-lined ground squirrel has thirteen stripes with rows of light spots that run the length of its back. Its color pattern blends into its surroundings, protecting it from predators. Thirteen-lined ground squirrels are members of the squirrel family, which includes chipmunks, ground squirrels, tree squirrels, prairie dogs, and woodchucks. They are similar in size to the eastern chipmunk but smaller than the common gray squirrel, averaging about 11 inches in length (including a 5-6 inch tail).
Thirteen-lined ground squirrels go into hibernation in October and emerge in late March or early April. Each female usually produces one litter of 7-10 young each May. The young leave the burrows at four to five weeks of age and are fully grown at six weeks. Ground squirrels prefer open areas with short grass and well-drained sandy or loamy soils for burrows, and they avoid wooded areas-mowed lawns, golf courses, and parks are common habitats.
Ground squirrels can cause problems when they create burrows, dig up newly planted seeds, and damage vegetable gardens. However, they are important prey to several predators, including badgers, coyotes, hawks, weasels, and various snakes, and they benefit humans directly by feeding on many harmful weeds, weed seeds, and insects.
graspee
Well yes, before there was HTTP 1.1 there was HTTP 1.0. There was also an HTTP 0.9 that was arround before that...
HTTP was NOT handed off to the IETF by the W3C as your post appears to imply, there was no W3C at that time. HTTP was taken to the IETF to get recognition as a protocol standard. There was no 'handing off', the same people continued to work on the protocol as before. The only significant change was that the mailing list changed, www-talk had become very noisy by this time. The IETF has change control in a nominal sense, they can write new versions of the spec and call them HTTP, but so can anyone else, they just might have more difficulty getting others to recognise them...
That is the reason there are two sets of acknowledgements in the spec. The first set is the original authors, the second the set of people who worked on the draft after the IETF process started.
I don't seem to remember your name from any of the Web working groups I have been associated with. It is unlikely that if you know as much as you claim to about the Web that you don't know mine. I don't think that publishing a book about my work gives you the right to accuse me or for that matter anyone else of being a liar.
Perhaps if you actually read what I wrote rather than what you think I wrote you might not have made such a fool of yourself.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/