WebSockets: caution required

It feels to me like the author used WebSockets for the wrong thing. I don&#x27;t think WebSockets belong on a <i>website</i> (even an interactive one as discourse, it is still a website based on my criteria). They&#x27;d be more apt in <i>web applications</i>.<p>So, to me it feels like the 1-connection-per-tab feels like saying &quot;someone launched 50 instances of an executable and it opened 50 TCP connections&quot;.<p>Examples of where I think it&#x27;s acceptable&#x2F;recommended to use Web Sockets include &#x2F;(video|audio)?&#x2F; chats, multiplayer games, collaboration tools, etc. Stuff that requires real-time notifications.<p>Does a discussion platform require that time precision? I doubt it (frankly, I think WebSockets would give a too high &quot;temporal resolution&quot; unless there were proper delays in place which just complicates the implementation, but that is actually irrelevant here).

1. Ditch Ruby. Node or Python with asyncio work fantastic with WebSockets. Use a greenlet-enabled database connection pool.<p>2. Use HTTP for traditional request&#x2F;response tasks. Use WebSockets to push realtime notifications to clients.<p>3. Have your clients auto-retry their WebSocket connections in the background. Show an indicator of degraded service when this happens. When a new WebSocket connects, blast a complete state update to it to take care of any missed messages. Now you can easily load-balance your clients.<p>(my two cents, YMMV, etc.)

I&#x27;m also a heavy websocket user, and agree with most points. I have previously used websockets on top of a traditional web app, and have been disappointed with the results.<p>My opinion now is that websockets are an all-or-nothing proposition. And I have gone all-in. My latest project has:<p>- websockets-only api (except a some image uploads and oauth&#x2F;login)<p>- https-only<p>- single page app, central store with observable data, using a single connection servicing the whole application<p>- using SignalR (supports fallbacks for IE9 and old Android)<p>- Actor-based backend (Orleans)<p>This stack feels like the future to me, but I&#x27;ve had to learn a lot of new things. It&#x27;s quite different from the web development that I&#x27;ve done over the past 15 years. Overcoming the connectivity issues mentioned in the article is only the first step. Websockets need another type of backend to make sense: Actors. I&#x27;ve had many challenges with the async realtime behaviour of the system, deadlocks, etc.<p>But now that everything is working and I have some grip on it, I can&#x27;t imagine going back to a rest&#x2F;database&#x2F;cache web architecture.

I&#x27;ve used websockets in several projects now. They are more problematic than I originally thought they would be.<p>On my current project I&#x27;m using server-sent-events (SSE) for single-duplex pushing to the client. I&#x27;m using AJAX calls for the other direction. So far the experience has been awesome. Very light-weight and performant. Just a dozen lines of code on the client with no framework.<p>Caveat: Doesn&#x27;t work with IE. A polyfill is required. I am very lucky on this project that I don&#x27;t need to support IE.

The complaint that the server side of web sockets requires using epoll is strange. Of course we have known for years that select has scalability problems, but we have moved on. That this implementer says they normally use select in 2015 for networked services is worrying.<p>If using epoll and kqueue directly is not your cup of tea, just use libuv or one of the other wrappers. It&#x27;s not hard then. I know because I&#x27;m a native epoll user but recently helped someone on Stack Overflow and it took me maybe fifteen minutes to write a working libuv server having never used libuv before.

Most of this gotchas (and others not mentioned) can be avoided if you treat WebSocket for what it is: a low-level transport that can be swapped out. This is how we treat it in Socket.IO and Engine.IO.<p>Most people that implement WebSocket directly end up re-inventing a protocol on top of it. This is necessary because the &quot;onmessage&quot; handler of WS is not something you can really build an application on. And then you&#x27;ll have to add reconnection and exponential delays after that.<p>If you just want to use HTTP polling, which as the author suggests is perfect for most applications (perhaps not games), you can simply do: `io(&#x27;<a href="http:&#x2F;&#x2F;myhost&#x27;" rel="nofollow">http:&#x2F;&#x2F;myhost&#x27;</a>, { transports: [&#x27;xhr-polling&#x27;] })`.

I disagree. I am currently all in for Websocket in web apps. HTTP is only used for static resources and scripts loading.<p>In all webapps, there are buttons. In some cases, clicking a button requires an action on the server, and therefore a roundtrip. If Websocket connection is established (you don&#x27;t need more than one for everything), there is no overhead. With HTTP, you need to build a request every time.<p>Websocket plays nice with modern reactive streaming architectures. You send stream of events, you receive stream of updates. Everything is transparent and immutable and asynchronous.<p>If there is a connection loss, you are immediately notified and can move your app to offline mode. This is problematic with HTTP.<p>Websocket enable web apps comparable with native apps. HTTP apps will always feel less responsive to user actions.

FYI, there is a bug in Chrome that causes WebSockets to be slow [1]. For small messages, the transfer rate seems to be sufficient in most cases. But for larger messages (say, uploads), don&#x27;t place your bets on WebSockets just yet.<p>[1] <a href="https:&#x2F;&#x2F;productforums.google.com&#x2F;forum&#x2F;#!msg&#x2F;chrome&#x2F;-NVlnMqx6Xg&#x2F;Z0nMvWZ6IyYJ" rel="nofollow">https:&#x2F;&#x2F;productforums.google.com&#x2F;forum&#x2F;#!msg&#x2F;chrome&#x2F;-NVlnMqx...</a>

I agree with most of the points in this essay. I wrote <a href="http:&#x2F;&#x2F;firehose.io&#x2F;" rel="nofollow">http:&#x2F;&#x2F;firehose.io&#x2F;</a> a few years ago for Poll Everywhere and we&#x27;ve successfully scaled WebSockets in a production environment. We don&#x27;t use it for 2-way communications though; it&#x27;s HTTP requests in and WebSocket pushes out with long-polling as a backup for non-WS clients. Check out the sourcecode if you want to see an implementation of all the &quot;hard lesions won&quot; in this essay.<p>I also gave a talk about it at RailsConf (<a href="http:&#x2F;&#x2F;www.bradgessler.com&#x2F;talks&#x2F;streaming-rest&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.bradgessler.com&#x2F;talks&#x2F;streaming-rest&#x2F;</a>) and learned that RabbitMQ as a backend isn&#x27;t a great idea. Feel free to ask questions if you want me to dive into more specific points.

WebSockets are a tool like any other and as usual, picking the wrong tool for the job is a great way to shoot yourself in the foot. Agree with the author that they aren&#x27;t suited to replace HTTP but I don&#x27;t see the need for this apocalyptic tone. WebSockets have been available in many tech stacks for a while now and we don&#x27;t see much abuse. Developers disciplined enough to stick to Rails don&#x27;t seem overly prone to jump on the new shiny toy without thinking.<p>Web Sockets are great to bring some of the more heavy duty apps from Desktop&#x2F;TCP to the web. PubNub, Pusher and the likes show it is possible to achieve reasonable scale.

Aren&#x27;t full duplex connections normal outside of the web?<p>I mean, this isn&#x27;t really a new kind of tech. It reads a bit like someone who rode horse his whole life and found out that there are cars and now fears about all the dangers they could bring.

Similarly to WebGL it will become just another technology that gets abused. Safari has an option to ask before enabling WebGL for a website. I had to turn it off after a while because basically every website was asking for WebGL. I don&#x27;t mean websites with fancy 3D graphics or even 2D graphics like Google Maps. It&#x27;s normal news websites that just show text and maybe some pictures.

Jeez web sockets really aren&#x27;t that hard. We&#x27;ve used them for a long time on our production site for a live attack map: <a href="https:&#x2F;&#x2F;www.wordfence.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.wordfence.com&#x2F;</a> and we regularly have over 1000 concurrent visitors on the site when we promote a blog post or do something similar.<p>I can&#x27;t think of any reason why I wouldn&#x27;t use node.js on the server-side for web sockets. It obviously uses epoll() and you really need an event language to be comfortable writing an application that manages a large number of concurrent connections. Ruby for this makes me shudder - sorry it just feels like a square peg forced into a round hole that&#x27;s late to the party.

This is a good article, albeit a bit long-winded. In my experience, whether or not WS can be beneficial essentially comes down to whether or not you truly <i>need</i> low latency duplex communication. A chat application, which seems to be the canonical WS example, probably <i>doesn&#x27;t</i>; a twitch-style multiplayer game, probably <i>does</i>.<p>Server-sent events are a great tool for streaming server-to-client data where other more specific media types (i.e. audio&#x2F;video) doesn&#x27;t fit the bill.

Not mentioned is a common pitfall with serving web sockets: it is very easy to end up in a situation where you may not recover from disruptions.<p>The problem is that establishing a web socket, especially when using SPDY or HTTPS (which is typical), is much more expensive than maintaining a connected one. So a service will typically see a steady creep up in the number of connections, with a relatively low number of new connections per second, and it&#x27;s probably been tuned for massive levels of concurrency, and that&#x27;s all manageable. But then the service has a blip of some kind all of a sudden all of those web socket clients try to connect at the same time; disaster.<p>At that point the service is incredibly overloaded, so many connections fail, which results in retries, which makes matters even worse still and fuels a vicious cycle. That situation might self-stabilize if browsers implemented exponential back off, but that&#x27;s not typical either. So the service remains hosed until some kind of blood letting can be done to let clients back in at a manageable rate.<p>Extremely pernicious, and something I&#x27;ve seen several times. When scaling web-sockets, it&#x27;s important to ask: can I handle all of these clients reconnecting at the same time?

If you deploy websockets in your application, either make your application can use some fallback like long polling or make sure you don&#x27;t have any enterprise customers. They tend to have pesky proxies that mess with traffic. Sometimes websockets simply doesn&#x27;t work, but sometimes they initialize correctly but no data passes through(!). It&#x27;s a mess.

Summary of comments here seem to suggest that those with more extensive experience with them agree and see issues with websockets.<p>Those still in favor &#x2F; find themselves disagreeing, while not necessarily always saying explicitly, seem to be those just starting out on their websocket journey.<p>At least, that&#x27;s how it seems to me.

Arguing that &quot;WebSockets are bad, because the principals we use for HTTP scalability are not applicable to them&quot; is not wrong, but feels short sighted. Yes: Scaling numerous persistent connections is hard, seeing that most of the available infrastructure is geared towards short-lived HTTP request&#x2F;response requirements. But there are realtime specific alternatives. You wouldn&#x27;t want to build your realtime backend from scratch, but rather use something like <a href="http:&#x2F;&#x2F;deepstream.io" rel="nofollow">http:&#x2F;&#x2F;deepstream.io</a> which takes care of the heavy lifting.

If you&#x27;re interested in implementing reliable long-polling as described in the article, you might check out Pushpin (<a href="http:&#x2F;&#x2F;pushpin.org" rel="nofollow">http:&#x2F;&#x2F;pushpin.org</a>). It&#x27;s a proxy server that you put in front of your API backend and it makes this sort of thing really easy.<p>Pushpin also supports WebSockets, but the long-polling capability is first class and not an afterthought.

As a quite heavy user of websockets, and having done a few implementations of them, I agree only partly with it:<p>Yes, Websockets are hard to implement, and most implementations that are floating around (e.g. on github are horribly broken). But the same probably applies to good HTTP and especially HTTP&#x2F;2 implementations too!<p>I also totally agree that web sockets make load balancing and proxying more complicated than stateless HTTP requests.<p>But I still think that Websockets have their place. They are some kind of more basic building block (like TCP), on which you can build your own protocol with totally different semantics. If you only build some request&#x2F;response protocol on top of it you probably have not gained much - but still it would be different from HTTP in the way that message ordering is guaranteed. If you only need events from the server to the client you could use SSE, but if you need to add some dynamic subscribe&#x2F;unsubscribe functionality you would need some additional HTTP [POST] calls. You could get the idea that you use one SSE endpoint per topic and treat the stream disconnect as an unsubscribe, but as long as you can&#x27;t rule out that you have any non HTTP&#x2F;2 clients it won&#x27;t work because of the connection limit in browsers. I also benchmarked that approach with node and golang http&#x2F;2 against my websocket based protocol and achieved only a throughput of about 10% of the websocket based solution.<p>All in all I currently think that currently one should favor pure HTTP if scaling is a big issue and if most state is anyway persisted in some distributed databases.<p>If only a single server is the remote peer, the state is not necessarily persisted per client, a combination of RPC and event distribution semantics is needed, message ordering guarantees are necessary or high realtime characteristics are needed then websockets are a very powerful option seriously needs to be considered.<p>My personal use-case is forwarding data from automotive realtime bus systems into web-based user interfaces and I had great success with using websockets to achieve this. Although I&#x27;m still also looking into HTTP&#x2F;2, because it really has some interesting properties.<p>One other thing I would like to add: One comment in the article mentions to always prefer websocket frameworks like socket.io or signalR. What you should take into account is that by using one of those frameworks you are also binding yourself to a specific technology stack (node, C#, ...), if you are not willing to reimplement the protocols. If you use your own well-specified protocol or another well-specified higher level protocol (like WAMP), then you are not bound to specific technologies for your client and server applications. Therefore I always opt to go that way if long maintenance, open APIs or good interoperability are desired.

A very good article comparing SSE, Websockets, polling, long polling was posted a few months ago, still relevant : <a href="https:&#x2F;&#x2F;www.nateberkopec.com&#x2F;2015&#x2F;09&#x2F;30&#x2F;action-cable.html" rel="nofollow">https:&#x2F;&#x2F;www.nateberkopec.com&#x2F;2015&#x2F;09&#x2F;30&#x2F;action-cable.html</a>

Can&#x27;t stand the cargo cult thinking&#x2F;writing here. The author seems to think websockets are dangerous like handling a piece of glass.<p>It&#x27;s a technology like anything else. See if it meets your requirements, if it does, great, go for it and learn along the way. If not, stick to regular connections.<p>Case closed.

Probably difficult to do in a non-event-driven non-asynchronous environment where every i&#x2F;o blocks like Ruby............

I agree with the approach indicated by the title (&quot;caution required&quot;), but the tone of the article veers toward being alarmist.<p>Takedown articles tend to share similar characteristics. Many are on a mission that emphasizes the negatives of their subject, even minor ones, while overlooking the positives and handwaving away problems with the alternatives. They set the bar higher for the subject by finding issues that it shares equally with its alternatives, and presenting them as damning evidence against it (since users may expect it to be better and be disappointed). The specific alternative that&#x27;s held up as superior to the subject varies from point to point--no one alternative is actually superior in all points. They may even acknowledge that many of their arguments are weak, but make up for it in volume.<p>In its favor compared to such articles, this one does make some attempts to be evenhanded, but they&#x27;re overpowered by the dramatic language used to make the opposing points. (For example, the brief acknowledgement that point 1 is the &quot;weakest argument against WebSockets&quot; is surrounded by phrases like &quot;wreak havoc&quot;, &quot;weird stuff will <i>definitely</i> happen&quot;, &quot;rogue proxies will break you&quot;).<p>This article puts itself squarely in the category of &quot;the case against&quot;.<p>A more balanced article might discuss:<p>1. The situations where you might want to avoid WebSockets (no HTTPS, IE 8 &amp; 9 compatibility, a server platform without good support, or where they don&#x27;t provide actual usability benefits).<p>2. Pitfalls that both long-polling and WebSockets share (you have to handle reconnections and synchronize state, be mindful of the open connections when reconfiguring a load balancer, account for server load, and use a server platform with good support for long connections).<p>3. Differences that can be viewed just as reasonably in WebSockets&#x27; favor, which the article counts as negatives. Example 1: Resynchronizing state after a network interruption is necessary with both long-polling and WebSockets, though the article notes it as a WebSockets disadvantage. The reconnection process is explicit with WebSockets, but some long-polling libraries make it very easy to ignore these events, leaving the client out of sync. Example 2: WebSockets aren&#x27;t limited to 6 connections, unlike long-polling, so you won&#x27;t get a silent connectivity roadblock on some tabs when the user has several of them open.<p>4. Advantages unique to WebSockets: responsiveness is improved due to not needing to send HTTP headers with every request and response, and the underlying TCP connection is already warmed up; load balancing and redundancy may be simplified by no longer requiring a session affinity mechanism (because the connection itself preserves short-term state, which can be re-established by the client transparently to the user in the rarer event of reconnection); less overhead than long-polling; a whole class of problems resulting from cookies as the sole mechanism of state transfer is avoided; the same protocol can be implemented simply and efficiently by native mobile apps.