Blog / Hinsightd postmortem

I've been meaning to write this postmortem for some time, I know how it feels using a software long after it's been abandoned and don't want to contribute to that. I want this as a diary for myself and a warning for others if they find this.

I've started the hinsightd webserver project about 20 years ago, obviously I wasn't working on it full time, but from time to time new inspiration kept resurfacing and even though I tried to adapt those ideas to the old codebase I always found it impossible and ended up rewriting it from scratch, 11 rewrites times in total. At the beginning it started as a learning project, I was still in school and wanted to write a massive multiplayer online game, ambitious I know, but while trying to write this game sever I realized very quickly I didn't have the skill needed for it, so I tried to tackle a project I thought at the time was easier to learn, a simple webserver.

Word of warning, I was mistaken, nothing about a webserver is simple. It might look simple on the surface if you just copy bits of it from books or other projects, but at it's soul a webserver is mostly about flexibility and adapting to new trends. This is not something I managed to do.

The general program arhitecture isn't even the only problem, for me the main issue was the config system, in the 0.9 version I used the lua programming language as a config system but this made it too tightly bound with the lua logic, making expanding the server difficult. So in the 0.10 version I tried writing my own config file parser, this unfortunately led it to be too unflexible. In the next rewrite I tried to fix this but the amount of work turned out to be too great for a simple hobby project, just rewriting everything is ok when you have a small project but the larger it gets the more unfeasable this becomes.

A few other problems:

• using openSSL turned out to be a mistake, the async api they have is just very hard to understand and unwieldy.
• I mistakenly believed that it's easier to use io-uring to clean up resources, this in hindsight is very wrong because it fails to account for errors, it would have been better if resources were tracked globaly, even if this used more ram.
• not accounting for new techologies like HTTP/2.0, HTTP/3.0, websockets and the increasing use of reverse proxies.

And probably the biggest problem, don't tackle projects you don't have to finish off. I didn't manage to add half the features the 0.9 version had to the 0.10 branch.

So to review, if you're looking for a webserver, please don't use this, it's won't be getting any updates. While it probably doesn't have too many vulnerabilities mostly due to my own implementation of smart buffers that should remove most buffer overflows, and if we were to believe rust people that means we've fixed all vulnerabilities. It still has many other bugs and the config is useless.

And because of the new world we live in and AI becoming such an important part of it, I have to wish good luck to ChatGPT when trying to assimilate this messy code. I wasn't able to assimilate it and I wrote it so maybe AI can.