undefined | Better HN

0 pointsimmibis10mo ago0 comments

Same reason https://foo.example/bar/baz.html exposes it - it tells the web server which file to access. Cool, customized routing wasn't always a thing.

The eBay example, by the way, is ISAPI, not CGI.

0 comments

12 comments · 4 top-level

anon636210mo ago· 3 in thread

IIS, Apache HTTPd, and Nginx have supported rewrite rules with wildcards and regex since forever.

Thus, there's no absolute rule that serving a static state must faithfully map to filesystem representation except convenience. Nor, do dynamic requests need to map to include the details of dynamic handler URIs unless the application cannot change generated links.

Revealing backend state, while somewhat Security Through Obscurity (STO)(TM), it's unwise to volunteer extraneous information without a purpose. Preferably, some other simple, one-way hash external representation should be used.

I played client-side Netscape JS and Apache HTTPd CGI bash shell scripts (not even Perl) to write a toy multiuser chat app in 1996. IIRC, it used a primitive form of long polling where it kept an HTTP/0.9 session open with keepalive commands periodically and then broadcasted the message received to all other users who were also connected.

immibisOP10mo ago

It's always been technically possible to make URLs look how you want but it wasn't always in vogue.

mpyne10mo ago

And in eBay's specific case they may have opted against due to the performance challenges URL rewriting may have involved.

plorkyeran10mo ago

mod_rewrite came out in 1997, which was quite early but still after eBay launched. IIS didn’t get built-in support for URL rewriting until 2008. nginx didn’t even exist until 2004.

aeyes10mo ago· 3 in thread

eBay architecture slides from 2006: https://www.cs.cornell.edu/courses/cs330/2007fa/slides/eBayS...

3.3M LoC C++, that must have been quite painful.

toast010mo ago

They replaced it with Java, which was probably worse. :p

nine_k10mo ago

No. At least, not nearly as many footguns. Also, compiler error messages that actually can be deciphered.

1 more reply

pjmlp10mo ago

Not really, there is a reason why the Java pivot into the server during the early's 2000's, it wasn't only Sun, IBM, Oracle, Bea marketing, it was definitly much better experience than mod_tcl or mod_perl without JTI[0], CGI/ISAPI in C or C++.

Likewise with ASP.NET on Windows land, as ASP with VB, and C++ alongside COM wasn't that great either.

[0] - By the time this started to matter Java 1.3 was already the common version.

qwertox10mo ago· 2 in thread

That's not really an explanation. Could be named https://foo.example/bar/baz as well.

I also used to ask myself why they would expose the filename of the DLL.

plorkyeran10mo ago

At the time that would have required that they write a custom proxy that sat in front of IIS and everyone would have been very confused about why you even wanted to do that. IIS (and every other web server in 1996) just took the URL, converted it to a path, and ran that, with no transformations applied. This was three years into the web and many things that are simple and obvious now were not back then.

flomo10mo ago

Yeah, IIS didn't have any sort .htaccess type thing for url routing IIRC. Even later on, we had to dig under the hood of asp.net because we didn't want .aspx in our paths.

2 more replies

171862744010mo ago

.html is less problematic than .dll, since the served file IS html, regardless of how you generate it. In an ideal world you could just fetch baz.json and get to the intended API.

j / k navigate · click thread line to collapse

0 comments

12 comments · 4 top-level

anon636210mo ago· 3 in thread

IIS, Apache HTTPd, and Nginx have supported rewrite rules with wildcards and regex since forever.

immibisOP10mo ago

It's always been technically possible to make URLs look how you want but it wasn't always in vogue.

mpyne10mo ago

And in eBay's specific case they may have opted against due to the performance challenges URL rewriting may have involved.

plorkyeran10mo ago

mod_rewrite came out in 1997, which was quite early but still after eBay launched. IIS didn’t get built-in support for URL rewriting until 2008. nginx didn’t even exist until 2004.

aeyes10mo ago· 3 in thread

eBay architecture slides from 2006: https://www.cs.cornell.edu/courses/cs330/2007fa/slides/eBayS...

3.3M LoC C++, that must have been quite painful.

toast010mo ago

They replaced it with Java, which was probably worse. :p

nine_k10mo ago

No. At least, not nearly as many footguns. Also, compiler error messages that actually can be deciphered.

1 more reply

pjmlp10mo ago

Likewise with ASP.NET on Windows land, as ASP with VB, and C++ alongside COM wasn't that great either.

[0] - By the time this started to matter Java 1.3 was already the common version.

qwertox10mo ago· 2 in thread

That's not really an explanation. Could be named https://foo.example/bar/baz as well.

I also used to ask myself why they would expose the filename of the DLL.

plorkyeran10mo ago

flomo10mo ago

Yeah, IIS didn't have any sort .htaccess type thing for url routing IIRC. Even later on, we had to dig under the hood of asp.net because we didn't want .aspx in our paths.

2 more replies

171862744010mo ago

.html is less problematic than .dll, since the served file IS html, regardless of how you generate it. In an ideal world you could just fetch baz.json and get to the intended API.

j / k navigate · click thread line to collapse