The HTML5 Connectivity Revolution @peterlubbers
License plate: @peterlubbers
Image: @rdclark
Image: @jeffreypalermo
Agenda • A is for Applications • B is for Bi-Directional • C is for Connectivity
#devcon5 @peterlubbers #html5
‘A’ is for (Web) Applications • June 2004 W3C Meeting in San Jose, California: – Discussion about the rise of web applications – Vote on updating HTML for web applications: 8 For 14 Against
• Result: – Web Hypertext Application Technology Working Group (WHATWG) formed 2 days later – Web Applications 1.0 HTML5
HTML5 Feature Areas
HTML5 Feature Areas
Browser Support Native Support: • http://caniuse.com • http://mobilehtml5.org/ Polyfills (emulation): • Modernizr’s All in One page: http://goo.gl/szvyv
HTML5 “Paves the Cow Paths” • A pragmatic approach • Fix real-world problems • Especially true for Connectivity features
HTML5 Connectivity
Hang on, I can already do that!
Yes, but… • Same-origin restrictions • JSON with Padding (JSONP) vulnerabilities • Half-duplex HTTP architecture • Reverse Ajax (COMplExiTy!) – Excessive Overhead – High Latency
Traditional Architecture
100% Half Duplex
Modern Web Application Architecture
100% Hipster
Cross Document Messaging • Enables secure cross-origin communication across iframes, tabs, and windows • PostMessage API (also used in Web Workers) • Demo: DZSLides (Paul Rouget, Mozilla): http://paulrouget.com/dzslides/
Cross Document Messaging PostMessage
Architecture
CORS •
HTML5 introduces Cross-Origin Resource Sharing (CORS) – http://www.w3.org/TR/cors/ – http://enable-cors.org
•
Allows (safe) exemptions from the Same-Origin Policy – “With CORS you receive data instead of [JSONP] code, which you can parse safely” —Frank Salim
XMLHttpRequest Level 2 • Improvements over Level 1: – Cross-origin XMLHttpRequest – Progress events – Binary support
• Specification: http://www.w3.org/TR/XMLHttpRequest/
• Demo: http://www.html5rocks.com/en/tutorials/file/xhr2/
Level 1
XMLHttpRequest
Level 2
Server-Sent Events • Standardizes sending a continuous stream of data from server to browser • EventSource API • Great for newsfeeds, one-way streams of data • SSE-specific features: Automatic reconnection Event IDs
SSE Architecture
WebSocket • New API (W3C) and Protocol (IETF RFC 6455) • Allows browser to communicate with a remote host
• Full-duplex (bi-directional), single socket • Port 80/443 (ws:// and wss://) • Huge reduction in unnecessary overhead and latency • A socket in your browser!
If You Want to Build Web Apps for… • • • • • •
Financial trading Social networking Gaming Gambling System monitoring RFID tracking … WebSocket to the rescue!
Serious Overhead Reduction
Huge Latency Reduction Using Comet
Using WebSocket
http://webtide.intalio.com/2011/09/cometd-2-4-0-websocket-benchmarks/
(Fairly) Complete List of WebSocket Servers • • •
• • •
• • •
•
• •
Alchemy-Websockets (.NET) http://alchemywebsockets.net/ Apache ActiveMQ (Java) http://activemq.apache.org/ apache-websocket (C) https://github.com/disconnect/apachewebsocket#readme APE Project (C) http://www.ape-project.org/ Autobahn (virtual appliance) http://www.caucho.com/ Cowboy https://github.com/extend/cowboy Cramp (Ruby) http://cramp.in/ Diffusion (Commercial product) http://www.pushtechnology.com/home EM-WebSocket (Ruby) https://github.com/igrigorik/em-websocket Extendible Web Socket Server (PHP) https://github.com/wkjagt/Extendible-WebSocket-Server gevent-websocket (Python) http://www.gelens.org/code/geventwebsocket/ GlassFish (Java) http://glassfish.java.net/ Goliath (Ruby) https://github.com/postrank-labs/goliath
• • • • • • • • • • • • • •
•
Jetty (Java) http://jetty.codehaus.org/jetty/ jWebsocket (Java) http://jwebsocket.org/ Kaazing WebSocket Gateway (Java) http://www.kaazing.com libwebsockets (C) http://git.warmcat.com/cgi-bin/cgit/libwebsockets/ Misultin (Erlang) https://github.com/ostinelli/misultin net.websocket (Go) http://code.google.com/p/go.net/websocket Netty (Java) http://netty.io/ Nugget (.NET) http://nugget.codeplex.com/ Orbited (Python) http://labs.gameclosure.com/orbited2 phpdaemon (PHP) http://phpdaemon.net/ Pusher (cloud service) http://pusher.com/ pywebsockets (Python) http://code.google.com/p/pywebsocket/ RabbitMQ (Erlang) https://github.com/videlalvaro/rabbitmqwebsockets Socket.io (Node.js) http://socket.io/
• • • • • • • • • • • • • • •
SockJS-node (Node)https://github.com/sockjs/sockjs-node SuperWebSocket (.NET) http://superwebsocket.codeplex.com/ Tomcat (Java) http://tomcat.apache.org/ Tornado (python) http://www.tornadoweb.org/ txWebSocket (Python) https://github.com/rlotun/txWebSocket vert.x (Java) http://vertx.io/ Watersprout (PHP) http://spoutserver.com/ web-socket-ruby (Ruby) https://github.com/gimite/web-socket-ruby Webbit (Java) https://github.com/webbit/webbit WebSocket-Node (Node.js) https://github.com/Worlize/WebSocket-Node websockify (Python) https://github.com/kanaka/websockify XSockets (.NET) http://xsockets.net/ Yaws (Erlang) http://yaws.hyber.org/websockets.yaws
Extending WebSocket • Most importantly, once you have WebSocket, you can extend client-server protocols to the web: Chat: XMPP (Jabber), IRC Pub/Sub (Stomp/AMQP) VNC (RFB) Any TCP-based protocol
• The browser becomes a first-class network citizen • Demo: This presentation in real time! http://demo.kaazing.com/presso
Insert ritual dance to the demo gods here… http://demo.kaazing.com/presso
http://demo.kaazing.com/presso
You WebSocket
Diagram and Presso system: @pmoskovi (based on impress.js)
WebSocket Demo
http://demo.kaazing.com/forex/
WebSocket Demo
http://demo.kaazing.com/racer/
Securing HTML5 Communication
Image: @ultrarunwild
Securing HTML5 Communication • CORS • General move to TLS/port 443 – Encrypted tunnel allows traversal of intermediaries – Less overhead than originally thought – Example: SPDY
• Using standard, open ports has a big advantage "We want some chance of getting this (SPDY) protocol out in our live time” —Roberto Peon (Google)
• And more: – Single Sign-On, Authentication and Authorization For example, Kaazing Kerberos protocol over WS
• E-mail:
[email protected] • Twitter: @peterlubbers • LinkedIn: Peter Lubbers
Buy the Book! • Pro HTML5 Programming 2nd Edition (Apress, 2011) • 40% off e-book coupon code: HTL528 http://goo.gl/Dzq4A
Additional Resources • SFHTML5 Talk about Connectivity and Real Time Presentation: http://www.slideshare.net/peterlubbers/html5-realtime-andconnectivity • HTML5 Weekly Newsletter: http://html5weekly.com/ • The Web Ahead Podcast: http://5by5.tv/webahead/ • San Francisco HTML5 User Group (monthly presentations and videos): http://sfhtml5.org • Kaazing WebSocket Gateway: http://kaazing.com/
HTML5 Training • Kaazing University provides proven, practical HTML5 training worldwide (experts, not just trainers) • Customers include Google, Cisco, Intel, and more • Web site: http://kaazing.com/training/ • E-mail us:
[email protected]
-