How does Steemit load onto your browser?

Ever wondered how your browser renders the Steemit webpage onto your laptop or computer? Have you ever wondered how on earth is the internet able  find a specific page in this ocean where there are now billions of webpages? If you are feeling curious, why not hop on for a ride 😎

(Credit: here)

I will try to explain this in the simplest possible way so that everyone can enjoy and enhance their knowledge of the internet and understand a little deeper how it works. I will also explain why the Internet Protocol was designed by gentlemen!

The Domain Name System (DNS)

The name might sound scary but it does a very simple job. The first thing we should know is that the internet works on IP addresses. An example would be 192.168.255.254. As you can see, the address is separate by  dots (.), dividing the address into 4 parts. This is an example of IPv4 address and we now have IPv6 addresses, but they all work the same way.

As a normal user, our computer gets its IP address from the Internet Service Provider (ISP) every time we connect to the internet. There is an address which is automatically allocated to us and it is not the same one every time. This is called a dynamic IP address as we get it automatically and that is how the Service Provider knows where to send a webpage when you make the request.

(Credit: here)

On the other hand, https://steemit.com, cannot be on a dynamic IP address as it would be difficult to find it every time we connect to the internet. So we can conclude that https://steemit.com is on a static IP address.

How it gets this static IP address? This is really simple. When you buy a domain from a hosting service, like Hostgator, it connects the name steemit.com to a specific IP address. This is one of the most important task of a hosting provider. It also provides you the storage to put your website there. This connection between the domain name (steemit.com) and the IP address is stored on a DNS server.

The DNS server is like a database which stores all the domain names and their corresponding IP address. Hence when someone is paying for a domain, he/she is also paying for the maintenance of the DNS server as part of the final payment.

Searching for steemit.com

When you type the steemit.com url in the address bar of your computer, the first thing that the computer does is to look if you have ever accessed this page before in its internal DNS server. Yes! Our computer is a small DNS server on its own. This was done to reduce the number of requests to a DNS server and thus reducing the load on the network so that webpages are served much faster.

If your computer did not find it in its own DNS server, it will start looking for it over the internet. The nearest DNS server would be that of your ISP and if the address is not found there, that corresponding DNS server will contact another one. If the other one also does not find it, it will contact another one until finally a DNS server is found which contains the IP address of steemit.com. All the DNS servers that were contacted will now update their DNS database to include the IP address of steemit.com in case someone else will want access to the webpage.

Accessing Steemit from its IP

Finally the IP address is relayed back to your computer which will also store the IP address of steemit.com in its internal server. If you want to know the IP address of Steemit, you just need to do a ping operation on the DOS prompt and you will get the value 52.2.22.108. If you type this type this IP address in your browser, it will take you to the Steemit homepage and if you are already logged in, it will take you to your feed page.

Getting the webpage to our browser

Now that we know the real address (IP) of Steemit, the browser can now contact the Steemit server to request for a webpage. In layman's term, my browser will send 'Hello' to the Steemit server. The server will reply 'Hello' back. Now that both the browser and the server knows that they both communicate, the browser will send to the server the webpage that it wants to access.

This is called the 3-way handshake, the gentleman approach that I mentioned at the beginning of the post, and this is done every time a webpage has to be accessed. If we go a little technical, when the browser send the 'Hello' packet to the server, the server attach a unique number to that 'Hello' and send this number back to the browser. In the mean time, the server will keep your browser's information with this unique number in its buffer. Once the browser receives the unique number, it will send the webpage it wants to access together with this unique number. 

Then the server will look for the unique number in its buffer and if it finds a match, it will serve the webpage that you want back and this is how the webpage renders in your web browser. This may be a little difficult to grasp but the basic steps are as shown below:

1. Browser asks for webpage
2. DNS server finds IP address and send back to browser
3. Browser send 'Hello' to server
4. Server reply 'Hello' with a unique number
5. Browser sends the URL by server together with the unique number
6. If server accepts the unique number, you get the webpage on your browser

We are all hackers

Based on the 6 steps provided, there are 2 attacks that can happen. The first one, which is also the most difficult, is to guess the unique number and another person asks to be served the webpage and hence gain access to the content of the webpage. If it is a secure webpage where you have information like credit card, wallet address or passwords, you are doomed. I won't go into details on how to do that as this is a crazy part of being a programmer.

(Credit: here)

The second attack, where you can also be a hacker, without your knowledge, is called Denial of Service (DoS). Now that I shown you how the internet uses the gentleman approach, hackers take advantage of that approach to prevent other people from accessing a website.

On Steemit, we have often heard of ICO webpages being down or cannot be accessed as you get a "connection timeout error" or page "not found". Page not found is achieved by hacking the DNS server and prevent the DNS server from returning the IP address of a webpage.

The connection timeout error (DoS) is achieved by starting the handshake with the server without completing the request. When the browser sends the first 'Hello' and the server replies back, the server is waiting for the final answer from the browser. But the browser never sends that third step in the handshake. This means that the server keeps storing unique information in its buffer and at some point in time, the buffer becomes full and is unable to even start the handshake with new requests.

You have been hacked

For big websites with large buffers, a single DoS is not sufficient and this is where you may have been hacked. If one computer is not enough to send enough incomplete requests to a server to cause a Denial of Service (DoS), hackers implemented a new way called a Distributed Denial of Service (DDoS). To achieve DDoS, a hacker must take control of many computers and instruct them to make incomplete requests to the server. In this way, the server is flooded with tons of requests till it finally cannot server anyone as its buffer is completely full.

(Credit: here)

For a hacker to gain control over many computers, he/she will install worms or other malicious bots on your computer and when needed, he will instruct those programs to initiate the DDoS attack. This is one of the primary reason to have an original Operating System, original software and up-to-date antivirus.

The hackers who already hacked the software to provide it to us for free already have malicious bots installed and when needed, it will make our computers participate in an attack even if we don't want to.

Free stuffs come with a price and sometimes greater than buying the original software. Think if one day your own computer is responsible to bringing down the site that you visit everyday and without knowing you curse everyone else while your computer was the culprit.

---

Feeling excited, lucky or happy? Why not give yourself a try on the Steemit Lotto Game by playing on this post: Steemit Lotto Weekly # 8 - Minimum Pot Size 18.2 SBD

Good luck to everyone  😎 

---

Don't forget to check if you are a winner every Sunday at around 19 00 (GMT)

(created by @readallaboutit)