14.2 Core Functionality II
Believe it or not, the fundamental structure of the internet has been in place since the 1980s. In the previous checkpoint, you learned about the core protocols of that structure and how they work. In this checkpoint, you'll explore the more advanced features of the internet—additional elements that make the internet more secure, more personalized, and more stable for the billions of users and devices that access it daily. You'll also learn a bit about the features that make the internet a more nice-looking, aesthetically pleasing tool.
Understanding these advanced features will help improve communications with your technical partners and prepare you for real-world interview questions about internet security and architecture.
By the end of this checkpoint, you should be able to do the following:
- Describe the advanced features of the internet that support its core functions
- Answer basic interview questions about how the internet works
Beyond the basics
Over the years, internet use has expanded dramatically. And with that, user expectations have changed, and new needs have emerged. These shifts led to the development of robust internet features, such as security measures, visually stimulating web pages, and more dynamic content. Internet technology had to keep up with users' ever-evolving demands and priorities. As a result, new standards have been—and continue to be—established.
HTTPS
Nearly all internet traffic today is secure HTTP, also known as HTTPS. HTTPS is different from plain old HTTP in one major way: HTTPS is encrypted. Thanks to HTTPS, the traffic between a user's browser and the web server is encoded so only the receiver can decrypt (or unlock) the content. This process is called public key encryption. Encryption keys are essentially codes to be used by each party in a specific online interaction or communication.
How does this process work? At the beginning of every HTTP session, the user's browser and the web server exchange encryption keys in a secure manner. After the key exchange—sometimes known as a secure handshake—any message sent between two parties can be opened only if the recipient has the key that the sender included in the message. When the secure handshake is complete, a user can safely transmit sensitive information (like a credit card number) over the internet. This process and the ports used in the process are standardized. HTTPS servers use port 443, while HTTP servers, which are unencrypted, use port 80.
But how can the browser trust the HTTPS server? What if it's actually a malicious web server impersonating the legitimate one? Well, the web is built on a system of trust. If a user runs a web server, they can get an HTTPS encryption key for that server from a trusted provider of encryption keys. In fact, the user's operating system and browser would have a list of those trusted providers. Working together, they check that list every time a user connects to a website. If the computer encounters encrypted content from a provider who isn't on that list, the OS and browser won't trust it. They will post a message alerting the user that something is wrong with the web server's encryption, and any user that sees a message like this should not connect to that web server. It could be compromised.
HTTPS encryption involves complex algorithms and intricate protective mechanisms. Although a deep dive into HTTPS is outside the scope of this course, here's the key takeaway: the little lockbox in your browser's address bar indicates that your browser and OS trust the website that you're looking at. Your computer is telling you that the website is the actual website it claims to be—and you're securely connected to it.
Your browser, HTML, and web page
Recall the example from the last checkpoint. You made a website request when you typed pmcademy.com into your web browser. Imagine that your browser has received the first, complete HTTP response from the PMcademy web server. Now, the web browser must figure out what to do next.
On the web, hypertext markup language—more commonly known as HTML—is the standard programming language used to communicate web page content. HTML may look intimidating at first, but inspected closely, it's actually not that different from regular alphanumeric text, with some specific programming syntax:
The HTML standard ensures consistency. If a web page was coded correctly with HTML, it will look and feel the same (or nearly the same) on any device. HTML has many tags, like <p> and <div>, that tell your browser how the web page should look or how the data enclosed in the tags should be processed. That processing has a few parts:
Here's a quick 5min video by Aaron Jack explining what HTML is
- The HTML is parsed by your browser—broken up into constituent parts so that your browser understands what's to be displayed on the web page.
- Your browser starts to process any JavaScript (a programming language for web pages) or CSS (cascading style sheets—a language that specifies style aspects like colors, fonts, and sizes) that's in the HTML.
- The HTML may refer to other web content like images, files containing JavaScript or CSS, videos, or other assets. Your browser makes additional HTTP requests to retrieve those assets.
- The browser then tries to render the web page on your screen as accurately as possible.
To shorten the load time, a browser starts displaying content even before it has retrieved all the necessary assets from the web server. For instance—you've likely watched a web page load before it has received all of its images or graphics. When you see this happening, you're witnessing this process—which is usually invisible to the end user—in action. This process takes place every time you load a web page on the internet.
For information about inspecting web page elements, check out the video below by Kinsta.
Cookies and subsequent requests
Time for some cookies. The website kind. Cookies are bits of information provided by the web server that are stored by a web browser. Cookies help the browser identify the user or retain small amounts of essential information.
A web browser may store cookies semipermanently or only for a session, deleting them when the user closes the browser or signs out. Semipermanent cookies are saved until the user deletes them or they expire. All cookies have an expiration date, whether that's one hour, 60 days, or 10 years. Once a cookie expires, the web browser invalidates and deletes it.
When a user logs in to a website, the web server sends a cookie back to the web browser to uniquely identify the user and personalize the content specifically for the user. The browser will then send cookies back to the web server on any subsequent HTTP requests. This is how a web page recalls certain user-specific information, like login credentials or language preferences.
Cookies are sent back only to the server that issued them—a rule that's enforced by the web browser. And because the user is using HTTPS (they know better than to access a website on an unencrypted connection), no one can spy on their cookies or copy them in order to impersonate the user later.
Take a moment to recap: in order for you to see a web page, the web browser first resolves the IP address via DNS and loads the initial web page. Then, it parses the data in the HTML and starts rendering the page. It makes HTTP requests for any additional assets, and the page loads in the browser—perhaps with personalized information.
Mobile apps and other internet-enabled technologies
The processes described here explain how pretty much all internet-enabled products work. HTTP and HTTPS power nearly every internet device. These systems and structures coordinate how mobile apps request data, how smart speakers play music, and so on.
Think about the capabilities of a virtual assistant like Siri, Alexa, or Cortana, for instance. When you ask Alexa on an Echo device to tell you what the temperature is outside, Alexa records your voice and sends it to a server to process the request: identify the temperature. The server passes a request to the appropriate system that can generate a response: it's 72 degrees. The response is sent back to your Echo device, and the Alexa software translates the response into a voice that tells you it's 72 degrees outside.
Alexa and other virtual assistants are powered by the same technology that makes your web browser work. When it comes to the internet, devices—and products of all kinds—use the same underlying technology.
The internet at scale
One last item to consider is scale. Google receives millions of search requests every minute. A single web server can't handle that volume of data processing. Fortunately, Google has millions of servers. But Google must be smart about which server receives each request to ensure that every user receives the fastest response possible.
Companies like Google use several tactics to handle huge processing demands.
- They run many server centers around the world. Their web servers run on multiple computers so an HTTP request can be handled by any free server. These are called clusters. A cluster is a group of computers that act like one computer—but with a combined, larger-processing capacity.
- DNS servers are configured geographically. If a user is in North Carolina and makes a DNS request for the Google website, the DNS server provides an IP address of a Google server that's nearby. This reduces the transmit time for responses. This is called geographic routing. If you revisit the GeoTraceroute site introduced in the previous checkpoint, you'll be able to see this in action.
- Complicated data processing is handled by multiple computers at once. For instance, a Google search is distributed across many servers simultaneously, with each one searching a subset of possible results and then reassembling the resulting data into a response. This is called sharding, and it involves spreading big datasets across multiple computers for faster processing.
These methods help computer systems handle an extraordinary number of requests, process enormous amounts of data, and cut down on response times. And the technology used to give users the best possible internet experience—and on a global scale—is constantly evolving, becoming even more nuanced and sophisticated to meet the needs of modern society.