If you wanted to monetize, but still keep it free (of course, you could and should have paid tiers too), you could send back an additional 255 characters of ad-text, with the agreement being, "you use the free service, you are obligated to display the ad-text somewhere, if it's a web app..."
While it's just a key-value API it still incurs costs to the developer, there has to be some way for them to recoup that. Whether it's through advertising, or through donations (how likely are people to donate).
I plan to keep it free indefinitely. I'm already using it in two personal projects and I registered the domain for 5 years (a first for me, heh) so it's not going anywhere. If I have time I might eventually roll out some fun features that people might be willing to pay for, but for now I'm just focused on making it easy for people to store, change, and retrieve small pieces of data.
My initial response to your comment was "but then the page requires JS", which of course is not true, since a simple inline form could POST and then a redirect could get you back.
I'm no webdev, I think JS has been hyped so much around me I forgot plain html can actually do things...
It depends on how you interpret correctness. RFC 2616 9.1.1 also used "SHOULD NOT" and not "MUST NOT", indicating that there are valid use cases. The issue is about whether your users are aware of (and are responsible for) the side-effect or not. In this case they are.
Except when GET has side effects, one can embed the URL in an img tag and visitors would be triggering that side effect unknowingly. One can do this on most public forums. So no, users may not be aware.
What you just described is actually a web beacon [1], in which case the one that embed the URL is the user (and not the one who load the <img>). Web beacon can be used to implement useful thing like visitor counter service [2].
You need a webpage to have an inline form, which you need to create somehow. Compare that to just opening a new tab and type in an URL.
The dev console is a separate tool. And I'm still sure it is much quicker and easier to open a new tab and type in an URL, than to do a POST with dev console.
Idempotent means that a given request always has the same result. This GET request fits that definition, since making the same request several times will always return the same thing. The fact that it modifies data means that it’s not safe, but that is a different concern. Remember that PUT and DELETE are also idempotent
Of course it's not just that it returns the same result, but that the request has the same effect. This is not entirely true since the modification date will change, but other than that it's true that setting a key to the same value multiple times is idempotent.
If the modification date is changed, then its idempotency is open to application-specific definition.[1]
One way you might call modification time changes idempotent is if you don't care about modification times.
Another way is much subtler: Although an updated modification time represents a change, the point of HTTP idempotent requests is that repeating them automatically is harmless. This matters because some requests may be repeated automatically by some clients under some network conditions.[2] Updating the modification time twice to a near-current timestamp might satisfy the idempotency condition for the purposes of the application.
[1] This isn't as handwavy as it sounds. It means that because it's the application that determines whether the effects of a request count as "semantically" idempotent (or semantically safe), the application should choose the appropriate HTTP method (or "verb": GET, PUT, POST etc) for the application's needs. The application's choice of HTTP method matters because client libraries, proxies and servers perform different methods in different ways in the protocol.
[2] For example, if sent as the second or later request on a persistent HTTP/1.1 connection, just as the server closes the connection, then the client might retry any requests that are for an idempotent (or safe) method. So it may automatically retry GET, PUT and DELETE but not POST.
Idempotent means that doing it once is the same as doing it more than once. This is standard terminology.
The parent comment uses "safe" to mean doing it zero times is the same as doing it once or more. This is not a definition I've heard before, but maybe it's common in this context. A more normal term would be "free of side effects".
"Safe" and "idempotent" have defined meanings in the HTTP standards, that's why I used those terms, and provided the RFC section that explains for anyone who cares to read more.
> a service obviously not meant for any sort of serious use
Multiple existing and established services were created as proofs-of-concept, silly jokes, experiments, and other "non-serious use" projects. Many of them have survived and we are forced to bear with their sloppy design all the time.
Because I don't have time to run such a free service. The author of Volatile is already doing it, I'm just suggesting a small variation in the theme that would solve the problem if multiple users potential overwriting each other's values (only a server side check can ensure that)
ah; because another user could overwrite this value breaking the invariant. If the invariant is maintained server-side, then multiple users can gracefully coexist (without auth)
"that's not how things work here" means there is no such thing as a key that belongs to someone else. From the next sentence: "no ownership". All keys belong to you as much as anyone else.
I think a worthwhile addition to this service would be the ability to get keys by their hashes. That way, you could separate read-only and read-write key while still keeping it simple. I can imagine a program offering i.e. update checking that way.
Nice to have more options for minimal key-value APIs, but support for only GET requests and plain text data could be limiting for some apps.
Shameless plug: if anyone's looking for a key-value pair API with a more rich API with support for buckets, access control, and server-side scripts, check out https://kvdb.io (disclaimer: I built it)
HTTP is a protocol without specification when it comes to async./sync.
Most HTTP is sync. because non-blocking IO and concurrent memory access are hard to make without side effects that our society does no not like; like dropping slow clients or using locks and chasing threading bugs f.ex.
My web/app-server is one of the few that does it all without bloat: parallel + async. with concurrent data structures and non-blocking IO; it means all cores can cooperate on the same problem at the same time without waiting for anything.
IO-wait is where most current sync. server solutions loose ~20% of the CPU when a system is under high utilization.
Comparable to what you loose on the kernel which is what many people are trying to remove with user-space networking.
It's also because of IO-wait that services break, a completely Joint Parallel system is very hard to break, it gets increased latency instead.
All Joint Parallel systems have a queue built in because there is no point to spawn more threads than there are cores.
I'm trying to find a name for it because things usually needs a name to spread, and Joint Parallel is the best I got so far.
it could be fun to write meta games on top of this.
example: in the `and_then` key, a user (over)writes the next line in a developing narrative. next user repeats. etc. set up a little poller to fetch the key periodically to preserve the history.
I love this idea! I'm logging all changes to data, mostly just for testing/debugging, but I think a "history" endpoint would be handy for this. Not sure what kind of output it should have. Maybe multiple different types, ranging from a plain text dump (one line per change, sorted chronologically) to a JSON object? Not sure.
Since they naively count unicode characters, https://github.com/qntm/base65536 is the best data encoding mechanism. You can fit 15 bits per character, or a total of 510 bytes per key and value.
75 comments
[ 2.5 ms ] story [ 123 ms ] threadIf you wanted to monetize, but still keep it free (of course, you could and should have paid tiers too), you could send back an additional 255 characters of ad-text, with the agreement being, "you use the free service, you are obligated to display the ad-text somewhere, if it's a web app..."
Advertisers pay for the ad-text.
You collect the revenue.
Wishing your service luck!
> GET /?key=key&val=value
GET is supposed to have no side effects, according to RFC2616 9.1.1.
I'm no webdev, I think JS has been hyped so much around me I forgot plain html can actually do things...
When all API are GETs, the browser, which is likely to be open when you read this, is all you need.
And your service is also incorrect due to the issues with side-effects mentioned elsewhere in the thread.
[1]: https://en.wikipedia.org/wiki/Web_beacon
[2]: https://www.hitwebcounter.com/
An inline form on the webpage that POSTs the result is not a "webpage/separate tool". Option 2 would be to use the browser's dev console.
The dev console is a separate tool. And I'm still sure it is much quicker and easier to open a new tab and type in an URL, than to do a POST with dev console.
The "create a key-value pair" operation described here actually is idempotent.
The requirement on GET is that it must be safe, meaning no side-effects, for a variety of reasons, not just browser behaviour.
The difference is described in detail in RFC 7231 section 4.2, or the older RFC 2616 section 9.1.
One way you might call modification time changes idempotent is if you don't care about modification times.
Another way is much subtler: Although an updated modification time represents a change, the point of HTTP idempotent requests is that repeating them automatically is harmless. This matters because some requests may be repeated automatically by some clients under some network conditions.[2] Updating the modification time twice to a near-current timestamp might satisfy the idempotency condition for the purposes of the application.
[1] This isn't as handwavy as it sounds. It means that because it's the application that determines whether the effects of a request count as "semantically" idempotent (or semantically safe), the application should choose the appropriate HTTP method (or "verb": GET, PUT, POST etc) for the application's needs. The application's choice of HTTP method matters because client libraries, proxies and servers perform different methods in different ways in the protocol.
[2] For example, if sent as the second or later request on a persistent HTTP/1.1 connection, just as the server closes the connection, then the client might retry any requests that are for an idempotent (or safe) method. So it may automatically retry GET, PUT and DELETE but not POST.
My point exactly :)
The parent comment uses "safe" to mean doing it zero times is the same as doing it once or more. This is not a definition I've heard before, but maybe it's common in this context. A more normal term would be "free of side effects".
Multiple existing and established services were created as proofs-of-concept, silly jokes, experiments, and other "non-serious use" projects. Many of them have survived and we are forced to bear with their sloppy design all the time.
Have you ever used e.g. JavaScript?
What is the tech behind this ?
https://thesimpleapi.com/keyvalue
Given the lack of auth, it should be possible to overwrite other people's keys, or did I miss something?
Hence, "volatile".
Really, really volatile.
Shameless plug: if anyone's looking for a key-value pair API with a more rich API with support for buckets, access control, and server-side scripts, check out https://kvdb.io (disclaimer: I built it)
Oh, it has word indexing (sort), relations (link), tree structured meta-data (meta) and it's distributed!
Also it's completely async. concurrent (joint parallel) so it has zer0 IO-wait! :)
Most HTTP is sync. because non-blocking IO and concurrent memory access are hard to make without side effects that our society does no not like; like dropping slow clients or using locks and chasing threading bugs f.ex.
My web/app-server is one of the few that does it all without bloat: parallel + async. with concurrent data structures and non-blocking IO; it means all cores can cooperate on the same problem at the same time without waiting for anything.
IO-wait is where most current sync. server solutions loose ~20% of the CPU when a system is under high utilization.
Comparable to what you loose on the kernel which is what many people are trying to remove with user-space networking.
It's also because of IO-wait that services break, a completely Joint Parallel system is very hard to break, it gets increased latency instead.
All Joint Parallel systems have a queue built in because there is no point to spawn more threads than there are cores.
I'm trying to find a name for it because things usually needs a name to spread, and Joint Parallel is the best I got so far.
Unless the author took preventive measures to prevent this, key lookups tend to be vulnerable to timing attacks, for example.
1: https://www.cloudflare.com/products/workers-kv/
example: in the `and_then` key, a user (over)writes the next line in a developing narrative. next user repeats. etc. set up a little poller to fetch the key periodically to preserve the history.