Our story starts here: I built an as-yet-unnamed twilio app, basically like Magic but for Google search results.
Go ahead and text it yourself! Send it your search terms and it will return a link to the Google search results. Easy!
To do this, I learned some stuff about HTTP, which was my favorite thing about the project. Then I read some more stuff about it and listened to a practice talk all about HTTP from an RC alum. That night on my way home:
Learning about HTTP and on the subway thinking about requests and responses and 💥 I just realized what a DOS attack is you guys— heart++ (@anyharder) June 17, 2015
We were going across the Manhattan bridge when I had my epiphany, and if you’ve ever been in the New York City subway you’ll know that your phone does this annoying thing where it takes half a bridge to realize it’s no longer underground and it definitely has service again, please connect to the network again pleasssseeeeeeee quickly before we go back undergrounnnnnnddddddd.
I needed to text Richo before I lost service again. I mean, I’m sure a lot of my friends could have answered this question, but there was never a moment when I wasn’t going to text Richo about this:
I want to write an aside to tell you guys about Richo, but this post isn’t about him, so here’s the short version: 🐤🍻🌏💻🔨. Richo is one of my favou?rite people.
I got off the train and basically ran home to DOS the only server I’ve got in the most basic way I could think:
while true; do curl http://tranquil-thunderstorm-666.herokuapp.com/?Body=butts; done
A naive attempt to be sure, and I knew that, but that didn’t mean I wasn’t going to do it anyway just to see what would happen. My program needs a parameter request in
Body in order to not return an error; “butts” is my go-to filler word always because butts are hilarious.
Anyway, Richo told me it wouldn’t work. I also talked to my friend Bryan about it, and while he was very happy for me figuring out the thing, he also told me it wouldn’t work. Heroku’s servers can definitely handle one of me running a single
curl command on loop.
It didn’t work. After 30 minutes the server was still responding with 200 OK, and I broke the loop.
I wondered how many times it had hit the server in that time. Instead of finding out, I went to bed.
I woke up in the morning to a stern letter from Heroku.
So the thing is, Monday I got the idea in my head that I needed to learn databases. And it’s true, I think that’s a valuable thing to know about. I mean, for this particular app it’s not entirely clear what for, but I wanted to know what a database was and how they’re implemented, so I did just that.
Or really I didn’t, so much as my new RC friend Steven patiently worked through the setup with me, explaining with each error why we were now heading in this direction. This tweet happened:
three hours later and yak hair everywhere but by golly we got postgres working— heart++ (@anyharder) June 15, 2015
The database takes the query parameters from each GET request sent to the server and logs them. I can see the zip codes requests are coming from, or count how many requests have come from a given phone number. And of course, the database logs the body of every incoming request.
You see where this is going?
Heroku has some magical incantations that produce a free, limited-use postgres database. It has limits. Limits you could easily run up against if you hit your server repeatedly on a
while loop for 30 minutes.
Anyway, I didn’t actually make any trouble other than to cause an automatically-generated eye-roll from Heroku. But that is the story of how I figured out for my own self what a DOS attack is and subsequently filled a small part of the cloud with butts.