Various Tech stuff

c99.chat: Technical blurb

By Leave a comment

I run c99.chat, a no-registration, no-installation, no-cost ad-hoc chat site. Try it!

This blog post describes some technical details of this site.

Plain php/MySQL

The site is made with plain, hand-coded PHP. No Angular, React etc – mainly because it grew from an experimental page and I missed the moment to switch to a good framework. I do use jQuery and a few other libraries, though. I also use MySQL as the database. I built this by myself, but relied a lot on code samples and libraries made by others, see the “Credits” section on the site.

No sockets

The logical choice for a chat site is the use of web sockets. However, I didn’t want to run a node.js server, not to mention that I lack the experience. So I started with plain polling. Basically I run an Ajax fetch request every few seconds which checks if there are new comments available for a given chat ID, and if so, return these new comments, add them to the chat and store the last delivered comment ID in the database.

With no fresh comments, this generates traffic of 265 Byte per request, with 0 Bytes payload. Also, the polling is active only if the site is in focus, so it will not poll in the background.

This results in a theoretical network traffic of about 460 kilobyte per hour if the website is active, even if there are no comments. This is pure overhead. With tons of images being sent back and forth these days, this doesn’t seem much.

However, I am aware that this is not a clean architecture. I then looked into server side events, the lesser known little sister of web sockets. I even built a sample page to learn the technology, then realized that the network traffic didn’t shrink, compared to the first (polling) version. In fact, I seem to save only 5 Bytes per request, as there is still a regular XHR request every few seconds – this time of type “event-stream” (and not “html”). That doesn’t change anything at all, so I abandoned it. For now we will keep the polling…

Update 26.05.2022: So I looked into server side events once more, this time more closely. Yes, there is a way to use this mechanism in a way that there is less network traffic. Look here for some sample code. I updated c99.chat in a way that SSE can also be used: In the list of chats, scroll to the very bottom of the page and click on the small question mark:

This will open the info window, where you can set the “beta version features”. If these are switched on, your chats will be updated with server-side events, not with polling.

Drawbacks:

  • This works only with fairly recent browsers.
  • There may be a load problem on the server due to unclosed “dangling” connections or similar; I will monitor this and – if needed – switch off this feature again.
  • Occasionally, new comments do not seem to trigger a server-side event. If you encounter such a bug, please inform me.

Security

Besides the TLS encryption, the overall idea to achieve security (and ease of use) is “security by obscurity”, i.e. using a random identifier to access a chat which is too long to be guessed. However, this is not sufficient to protect a site from spying eyes, so I also added an optional AES-128-CTR encryption of individual chats.

Note that this is not an end-to-end encryption, but rather a measure to protect against data leaks. The complete data is stored in encrypted form in the database. I don’t know the passwords that users use to encrypt a chat, so if they loose the password, bad luck.

An end-to-end encryption would require some sophisticated Javascript (okay, in fact there are libraries for that…) and a rework of the message structure which I use. Maybe some day…

Additional features

I added some features (surveys, games, …) to the chats to make them more usable and interesting. The survey feature actually started with the idea in mind that c99.chat is used in a larger group (e.g. a meeting) where users are not too familiar with the other people (so e.g. they don’t use WhatsApp or similar because they don’t have all phone numbers, or don’t want to hand out their own phone number). In such groups a survey feature does come in handy. The rest then was just an exercise in embedding other functions, e.g. the games.

By the way, if you are interested in such feature-sites, check out my site 9blox.com.

This article was written by Frank

Corporate Banking expert at coconet.de and occasional hobby website creator...

Leave a Reply

Your email address will not be published. Required fields are marked *