
Volatile – A key-value pair API - newbold
https://volatile.wtf
======
phoe-krk
> Create a key-value pair

> GET /?key=key&val=value

GET is supposed to have no side effects, according to RFC2616 9.1.1.

~~~
afraca
My initial response to your comment was "but then the page requires JS", which
of course is not true, since a simple inline form could POST and then a
redirect could get you back.

I'm no webdev, I think JS has been hyped so much around me I forgot plain html
can actually do things...

~~~
iCarrot
The correct response is "but then I need a webpage/separate tool".

When all API are GETs, the browser, which is likely to be open when you read
this, is all you need.

~~~
theon144
Contrary to popular belief, the browser can perform POSTs as well as GETs.

An inline form on the webpage that POSTs the result is not a "webpage/separate
tool". Option 2 would be to use the browser's dev console.

~~~
iCarrot
You need a webpage to have an inline form, which you need to create somehow.
Compare that to just opening a new tab and type in an URL.

The dev console is a separate tool. And I'm still sure it is much quicker and
easier to open a new tab and type in an URL, than to do a POST with dev
console.

------
beders
Just say no to APIs that don't respect RFC2616 9.1.2 It will bite you.

------
miki123211
I think a worthwhile addition to this service would be the ability to get keys
by their hashes. That way, you could separate read-only and read-write key
while still keeping it simple. I can imagine a program offering i.e. update
checking that way.

------
laurent123456
> Wait, didn’t that key belong to someone else? No, because that’s not how
> things work here.

Given the lack of auth, it should be possible to overwrite other people's
keys, or did I miss something?

~~~
phoe-krk
Yes, that is how I understood this as well.
[https://volatile.wtf/foo](https://volatile.wtf/foo) previously read "ok
boomer" but now it reads "bar".

~~~
ThePadawan
What a fascinating artifact for future archaelogists. Or cultural
anthropologists?

~~~
phoe-krk
There needs to be something to dig up for archaeologists to be able to find
it. We don't know if this service isn't going to just disappear overnight.

------
bullen
I made the bigger brother of this, still simple; but with auth (simplest
possible) and JSON: [http://root.rupy.se](http://root.rupy.se)

Oh, it has word indexing (sort), relations (link), tree structured meta-data
(meta) and it's distributed!

Also it's completely async. concurrent (joint parallel) so it has zer0 IO-
wait! :)

~~~
BubRoss
What do you mean by async concurrent and parallel? How is it more asynchronous
than regular http?

~~~
bullen
HTTP is a protocol without specification when it comes to async./sync.

Most HTTP is sync. because non-blocking IO and concurrent memory access are
hard to make without side effects that our society does no not like; like
dropping slow clients or using locks and chasing threading bugs f.ex.

My web/app-server is one of the few that does it all without bloat: parallel +
async. with concurrent data structures and non-blocking IO; it means all cores
can cooperate on the same problem at the same time without waiting for
anything.

IO-wait is where most current sync. server solutions loose ~20% of the CPU
when a system is under high utilization.

Comparable to what you loose on the kernel which is what many people are
trying to remove with user-space networking.

It's also because of IO-wait that services break, a completely Joint Parallel
system is very hard to break, it gets increased latency instead.

All Joint Parallel systems have a queue built in because there is no point to
spawn more threads than there are cores.

I'm trying to find a name for it because things usually needs a name to
spread, and Joint Parallel is the best I got so far.

------
cryptozeus
Neat, would come handy for demos and personal learning projects.

What is the tech behind this ?

~~~
thelastbender12
To a reasonable scale, a redis instance behind a small web server should do
this for you.

~~~
trungdq88
I built a similar one in the past using dynamodb and aws lambda. I don't have
to pay a dime when I am not using it.

[https://thesimpleapi.com/keyvalue](https://thesimpleapi.com/keyvalue)

~~~
joshstrange
This is really cool (and so are your other projects)!

~~~
trungdq88
Thanks!

------
ammmir
Nice to have more options for minimal key-value APIs, but support for only GET
requests and plain text data could be limiting for some apps.

Shameless plug: if anyone's looking for a key-value pair API with a more rich
API with support for buckets, access control, and server-side scripts, check
out [https://kvdb.io](https://kvdb.io) (disclaimer: I built it)

------
lalaithion
Since they naively count unicode characters,
[https://github.com/qntm/base65536](https://github.com/qntm/base65536) is the
best data encoding mechanism. You can fit 15 bits per character, or a total of
510 bytes per key and value.

------
NetOpWibby
This sounds crazy and awesome, I love it.

------
tzury
Not working. Getting 404s upon creating...

    
    
        :~$ curl -v https://volatile.wtf/?key=65cd62ba-274c-4844-9ce4-c5d8bedcb959&val=baz
        [1] 6628
        :~$ *   Trying 138.197.77.98...
        * TCP_NODELAY set
        * Connected to volatile.wtf (138.197.77.98) port 443 (#0)
        * ALPN, offering h2
        * ALPN, offering http/1.1
        * successfully set certificate verify locations:
        *   CAfile: /etc/ssl/certs/ca-certificates.crt
          CApath: /etc/ssl/certs
        * TLSv1.3 (OUT), TLS handshake, Client hello (1):
        * TLSv1.3 (IN), TLS handshake, Server hello (2):
        * TLSv1.2 (IN), TLS handshake, Certificate (11):
        * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
        * TLSv1.2 (IN), TLS handshake, Server finished (14):
        * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
        * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
        * TLSv1.2 (OUT), TLS handshake, Finished (20):
        * TLSv1.2 (IN), TLS handshake, Finished (20):
        * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
        * ALPN, server accepted to use http/1.1
        * Server certificate:
        *  subject: CN=volatile.wtf
        *  start date: Nov 11 19:13:05 2019 GMT
        *  expire date: Feb  9 19:13:05 2020 GMT
        *  subjectAltName: host "volatile.wtf" matched cert's "volatile.wtf"
        *  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
        *  SSL certificate verify ok.
        > GET /?key=65cd62ba-274c-4844-9ce4-c5d8bedcb959 HTTP/1.1
        > Host: volatile.wtf
        > User-Agent: curl/7.58.0
        > Accept: */*
        > 
        < HTTP/1.1 404 Not Found
        < Date: Tue, 12 Nov 2019 07:40:51 GMT
        < Server: Apache
        < Content-Length: 0
        < Content-Type: text/html; charset=UTF-8
        < 
        * Connection #0 to host volatile.wtf left intact

~~~
chid
worked for me - you need to quote the url (& made it run in the background)

    
    
      [5 bytes data]
      > GET /?key=65cd62ba-274c-4844-9ce4-c5d8bedcb959&val=baz HTTP/1.1
      > Host: volatile.wtf
      > User-Agent: curl/7.49.1
      > Accept: */*
      >
      { [5 bytes data]
      < HTTP/1.1 201 Created
      < Date: Tue, 12 Nov 2019 07:46:14 GMT
      < Server: Apache
      < Content-Length: 0
      < Content-Type: text/html; charset=UTF-8
      <

------
lucasverra
Is this the hacky & free & no registration version of cloudflare workers KV
[1] ?

1: [https://www.cloudflare.com/products/workers-
kv/](https://www.cloudflare.com/products/workers-kv/)

------
jonplackett
So this is just a funny thing right. It’s not really useful for anything?

~~~
cyborgx7
I mean, I could see myself using this as a way to store a string somewhere for
later.

~~~
jonplackett
But someone else can just overwrite it anytime without you realising?

~~~
vcavallo
use an unguessable string as your key. make it as safe as a password and it
might as well be one.

~~~
Nax__
It depends.

Unless the author took preventive measures to prevent this, key lookups tend
to be vulnerable to timing attacks, for example.

------
meehow

      curl -i "https://volatile.wtf/?key=foo&val=%F0%9F%92%A9"
    
      HTTP/1.0 500 Internal Server Error

------
ithkuil
Suggestion: offer a version of this service which forces keys to be sha256
hashes of the values (i.e. content addressing)

~~~
groestl
Why not do it yourself?

~~~
ithkuil
Because I don't have time to run such a free service. The author of Volatile
is already doing it, I'm just suggesting a small variation in the theme that
would solve the problem if multiple users potential overwriting each other's
values (only a server side check can ensure that)

~~~
iCarrot
I could be wrong, but I think parent post suggests to compute the hash
yourself and use Volatile as is.

~~~
ithkuil
ah; because another user could overwrite this value breaking the invariant. If
the invariant is maintained server-side, then multiple users can gracefully
coexist (without auth)

------
trungdq88
How is this gonna prevent me from consuming all 1000 requests/hour and prevent
everyone else from using it?

~~~
kabacha
I think you are misunderstanding the limit. It looks like standard perip sort
of rate limiting rather than per key.

------
vcavallo
it could be fun to write meta games on top of this.

example: in the `and_then` key, a user (over)writes the next line in a
developing narrative. next user repeats. etc. set up a little poller to fetch
the key periodically to preserve the history.

~~~
newbold
I love this idea! I'm logging all changes to data, mostly just for
testing/debugging, but I think a "history" endpoint would be handy for this.
Not sure what kind of output it should have. Maybe multiple different types,
ranging from a plain text dump (one line per change, sorted chronologically)
to a JSON object? Not sure.

------
jonplackett
I'm now getting this site blocked by Cisco security Umbrella :(

~~~
newbold
Some services block all newly registered domains. I just registered this one
yesterday. :(

~~~
jonplackett
I hope it starts working for me soon. I just had a very fun idea to make with
it.

------
tardisman
spent a little time adding this [https://volatile.wtf/bee-movie-
part-1](https://volatile.wtf/bee-movie-part-1)

------
peter_d_sherman
Great Idea!

If you wanted to monetize, but still keep it free (of course, you could and
should have paid tiers too), you could send back an additional 255 characters
of ad-text, with the agreement being, "you use the free service, you are
obligated to display the ad-text somewhere, if it's a web app..."

Advertisers pay for the ad-text.

You collect the revenue.

Wishing your service luck!

~~~
forlorn
Caddy doing similar things left bad taste in my mouth, wouldn't recommend this
approach to anyone. It's key-value API for gods sake.

~~~
tendencydriven
While it's just a key-value API it still incurs costs to the developer, there
has to be some way for them to recoup that. Whether it's through advertising,
or through donations (how likely are people to donate).

