Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "http"
Based loosely on the popular "git" command, I am happy to announce my new product, "hit"!
Essentially, hit hooks into "git blame" and automatically slaps the shit out of whoever wrote this garbage.
It uses SOHTTP (Slap Over HTTP) to deliver a nice firm wallop to any subpar script kiddie that had the audacity to come up with this bullshit.
Careful, the user is not immune to the effects10
It's always the same shit with some developers. Someone notices that an app is calling an API way too much, causing it to throttle. This is caused by a UI that does ~100-400 HTTP requests when you open a page. Someone comes and offers multiple solutions to cut down those requests by changing the UI behavior, dropping the request amount to less than 10% or maybe even zero.
Then comes one developer "WhY cAn'T We bAtCh thE ReQueSts?" Well, you fucking blockhead, what's the point in rendering 300 items on a page anyway when at any given time a user can maybe see five of them on his screen? These numbskulls have zero idea of how to solve technical issues with simple UX tweaks. Learn some UI/UX design if you're a front-end developer ffs.9
Well one thing that became obvious today is that companies that make wifi routers really dont want you flashing other firmware on it.
For example i got a new router cause it was time.
Ofc fully compatible with OpenWRT. The thing tho ? The GUI flashing process accepts only encrypted binaries. And surprise we as customers cant encrypt it like they do.
So the next thing that comes to mind instantly is UART. They cant break that right ? Well turns out they can. They just disallow key inputs from console. So you cant make the damn device load into TFTP mode.
And D-Link has this lovely recovery utility that accepts unencrypted firmware. EZ way to flash it right ? WRONG. The garbage doesnt load second time after you load it once in 1 boot. And even if you get it to start loading the firmware. It wont really flash it.
Luckily there was an exploit :)
And joining via telnet and enabling http server on PC and wget-ting the binary from there. And flashing.
Honestly now. I pay money for this garbage. I own the hardware. Let me do what i want with it.
At least it runs kernel 5.10 now and is super fast :) Worth the trouble honestly
(Should be noted im not new to flashing firmware on routers. But this is the first one that really didnt want me to flash it. Like nuking my freaking UART access ? Taking it too fucking far)7
Frontend dev: Hey, could you break HTTP conventions and change the API so I don't have to manage the context of the request?8
Remember that time I taught a "senior" full stack developer what the HTTP PATCH verb was, DURING an interview?
Didn't get the job.
Yeah. Those were good times.2
How do you pronounce SQL?
"See for me, I just go my own way and pronounce it as ‘sqwool, or ‘sqwll’, which sometimes gets my coworkers (not db or programming people) calling it ‘Squirrel’. As such we have a custom written utility program which automates running certain SQL commands on various databases which is aptly named SQuirreL. Then we started to have fun with it: The ‘pre-defined’ sets of SQL are held in a ‘.nut’ file which you give to SQuirreL. When you want to see what scripts have been run, you check the SQuirrel’s .log to see what .nut files it has ‘eaten’. We thought about naming the log files .poop, but I felt that was too far. I know right now there’s people reading this cringing, but I say lighten up. My boss when presented with the tool, did not get ANY of the Squirrel/nut references… I mean the tool’s icon was a cartoon squirrel holding an acorn for crying out lout, but I digress.
So yeah, I call it Sqwll or Sqwool, but only when talking to people who don’t matter."
Source, in the comments: http://patorjk.com/blog/2012/...
I doubt this has ever been posted. =)9
[CMS Of Doom™]
Imagine bringing every HTTP Query Param and every god damn fucking POST var into to current code context.
"extract()" is one of the reasons why I have terminal PHPTSD.10
NO, YOU ABSOLUTE DISGUSTING GREMLIN OF A JS HTTP CLIENT, I DON'T WANT YOU TO "JsOn.StRiNgiFy" MY PAYLOAD OR DOING ANY WEIRD SHIT
I NEED TO SEND THIS THING EXACTLY AS IT'S WRITTEN, STOP TRYING TO GUESS WHAT I'M TRYING TO DO I'M A DEV WITH SOME 7 YEARS OF EXPERIENCE WRITING CODE, I'M SENDING A STRING CUZ I NEED TO SEND A STRING2
If my Kickstarter campaign get approved an its succeed finally I can afford to hire some of you guys :)
I made it possible to check the un-inspected pre-beta holdings here:
There are 28053 of them. I have to say that It's going well considering that no one wants to join me in development... it makes me a bit sad...7
Blisk, a browser with multiple device testing for developers, went from free to subscription model.. Time blocking features that they offered before, for free.
That's suicide. That's how you lose your install base...
Just deleted it and went back to http://material.io/resizer.3
Government applications meant to handle private data made in the laziest way using cordova. Hell yea. Bonus points for using the developers account with his first and last name as publishing company to put the app on playstore and not their own official one (not that they have one). Whats not to love. Cant wait to beautify that js to find out that the calls are http and not https.3
I just saw Kickstarter's blog post about moving over to the Blockchain. They're doing it because, uh, protocols, or something. No joke, here's a direct quote from their post:
"You may have heard of HTTP (Hypertext Transfer Protocol) which helps you browse the web, or SMTP (Simple Mail Transfer Protocol) which helps you send email. Protocols like these make up the unseen infrastructure of the internet. Imagine that, but for crowdfunding creative projects."
What the fuck does that even mean? The rest of the blog post is more of the same. They packed it full of every crypto buzzword they could find while also not actually providing any useful information.
Full article here, if anyone wants to read a headache-inducing pile of nonsense: https://kickstarter.com/articles/...12
Just got an email from my company that a http server app I wrote years ago exposed the whole server it runs on because of a misconfig parametered...
Can use it to read any file using server.com/path/to/file1
Good morning to everyone, except that one Twitter dev who one day woke up and was like "YOU KNOW WHAT, MY APPLICATION WILL FEATURE BOTH OAUTH1 AND OAUTH2 ENDPOINTS, BUT SOME FEATURES WILL BE EXCLUSIVE TO EITHER OF THE TWO -NOT NECESSARILY THE MOST RECENT, JUST A RANDOM ONE-, AND ALSO THE OFFICIAL TWITTER LIBRARY WON'T COVER ALL THE ENDPOINTS SO PEOPLE WILL HAVE TO RESORT TO RAW HTTP REQUESTS INSTEAD OF USING MY SDK AND ALSO I'MMA MAKE DEVELOPERS FILL 2 VERY DETAILED FORMS, REQUIRING PERSONAL DATA AND ACTUAL REAL PHONE CALLS, JUST TO START DEVELOPMENT WITH 7 DIFFERENT AUTHENTICATION TOKENS, BECAUSE SOME REQUESTS WILL REQUIRE A DIFFERENT AUTHENTICATION METHOD THAN THE OTHER REQUESTS DESPITE ALL OF THEM PERTAINING TO THE SAME FUCKING ENTITY"3
[CMS Of Doom™]
Ah, yes, their built-in bullshit newsletter module just sent the n-th user n emails. Wonderful considering n=368.
The culprit? Better don't ask...
OK, anyway: So the mailer is running as a CRONjob, but nah, not as a console script call but by a public HTTP GET URL call, fucking obviously (it's the CMS Of Doom for a reason).
So these fucking imbeciles "implemented" an ob_start() callback where HTML links are - for whatever fucking reason - modified by some regex (obviously everybody knows parsing HTML by Regex is trivial). In this case the link was somehow modified to recall the mailer Cronjob...
This must have upset the pngoing mailing process thus spamming mails. Whyyyy
And I've thought I've seen it all after 6 months in this legacy hell...
This is why you don't run a company consisting of only beginners in PHP (in cluding their "CEO")!
What the FUCK im fixing integrations on some dumbass's API. Biz wants this in prod on monday. It's fucking saturday. Anyway
Me: why did you give us a 200 even if its an error
Them: thats normal
Me: If it's an error it shouldnt be 200
Them: its a 200 because the api params are correct but differ in value so its not an http error but an api error
Okidoky you lil fucker where you've been hiding...
*streaming tcpdump via SSH to other box, feeding tshark with input filters*
Finally finding a request with an ominous dissector warning about headers...
Not finding anything with silversearcher / ag in the project...
*getting even more pissed causr I've been looking for lil fucker since 2 days*
*generating possible splits of the header name, piping to silversearcher*
*I/O looks like clusterfuck*
Common, it are just dozen gigabytes of text, don't choke just because you have to suck on all the sucking projects this company owns... Don't drown now, lil bukkake princess.
*half an hour later*
Oh... Interesting. Bukkake princess survived and even spilled the tea.
Someone was trying to be overly "eager" to avoid magic numbers...
They concatenated a header name out of several const vars which stem from a static class with like... 300? 400? vars of which I can make no fucking sense at all.
Class literally looks like the most braindamaged thing one could imagine.
And yes... Coming back to the network error I'm debugging since 2 days as it is occuring at erratic intervals and noone knew of course why...
One of the devs changed the const value of one of the variables to have UTF 8 characters. For "cleaner meaning".
Sometimes I just want to electrocute people ...
The reason this didn't pop up all the time was because the test system triggered one call with the header - whenever said dev pushed changes...
And yeah. Test failures can be ignored.
Why bother? Just continue meddling in shit.
I'm glad for the dev that I'm in home office... :@
TLDR: Dev changed const value without thinking, ignoring test failures and I had the fun of debunking for 2 days a mysterious HAProxy failure due to HTTP header validation...
oh my god, look what I found.
"The computer system described in the book is for real—it can actually be built, and it works! A reader
who takes the time and effort to gradually build this computer will gain a level of intimate understanding
unmatched by mere reading. Hence, the book is geared toward active readers who are willing to roll up
their sleeves and build a computer fromthe ground up."2
this topic always makes me think of "this is good code" http://stilldrinking.org/programmin...
had some really small assembly/shellcode type stuff ppl said was "impossible" that i pulled off, that was up there.
typically anything i can see the improvement, time or line count reduced. why is this taking a minute? boom now it's 15sec, gj
when there are reasonable comments and self commenting code. when there isn't trailing whitespace.
my "good code" - sapphire
CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.
Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.
What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.
Can anyone give REAL examples when CORS can really protect from anything?32
I've read the docs but my tired brain overrided an important detail.
"By default, HAProxy Enterprise will serve these pages only if it initiated the error itself. For example, it will return the page for a 503 Service Unavailable error if it can't reach any backend servers."
I had _the_ return part for interception of the error page from the backend added, not the default override for the error page of HAPRoxy itself.
Took me 4 hours, crying, madness and screaming to realize it.
This week is really wringing the last bits of the gooey slime what should be my brain out...
Another fun part is that I mistakenly thought the delimiter for multiple strings to an ACL comparison is a comma... It's a whitespace.
acl is_evil hdr(host) -i one,two is wrong.
acl is_evil hdr(host) -i one two is right.
I used to write HAPRoxy configurations blindly, today it was more like writing two lines of codes 100000000 times and still doing it wrong TM.
I need new brain.
Anyone got an offer?3
Anyone here have any experience with PHP? I've never really used it myself and don't really want to, but I do look at things like http://phpsadness.com/ from time to time.
These complaints range from "fairly minor" (some stuff like function names/args and some syntsx complaints) to "how is this language even used" (segfaults in a scripting language, broken things like "create_function", comparisons and ternanry operator).
Of course, i don't program in PHP so i don't know how bad any of this actually is.
Anyone actually use PHP or did use it previously?20
Sharing a first look at a prototype Web Components library I am working on for "fun"
TL;DR left side is pivot (grouped) table, right side is declarative code for it (Everything except the custom formatting is done declaratively, but has the option to be imperative as well).
TL;DR (Too long, did read):
I'm challenging myself to be creative with the cool new things that browsers offer us. Lani so far has a focus on extreme extensibility, abstraction from dependencies, and optional declarative style.
It's also going to be a micro CSS framework, but that's taking the back-seat.
I wanted to highlight my design here with this table, and the code that is written to produce this result.
First, you can see that the <lani-table> element is reading template, data, and layout information from its child elements. Besides the custom highlighting code (Yellow background in the "Tags" column, and green gradient in the "Score" column), everything can be done without opening even a single script tag.
The <lani-data-source> element is rather special. It's an abstraction of any data source, and you, as a developer can add custom data sources and hook up the handlers to your whim (the element itself uses the "type" attribute to choose a handler. In this case, the handler is "download" which simply sends a fetch request to the server once and downloads the result to memory).
Templates are stored in an html file, not string literals (Which I think really fucks the code) and loaded async, then cached into an object (so that the network tab doesn't get crowded, even if we can count on the HTTP cache). This also has the benefit of allowing me to parse the HTML templates once and then caching the parsed result in memory, so templates are never re-parsed from string no matter how many custom elements are created.
Everything is "compiled" into a single, minified .js file that you include on your page.
I know it's nothing extraordinary, but for something that doesn't need to be compiled, transpiled, packaged, shipped, and kissed goodnight, I think it's a really nice design and I hope to continue work on it and improve it over time1
I read: "Don't change your implementation to do tests"
Then I read: "If it's too hard to test, your implementation is too complex"
Then we can get into test terminology itself, which is its own mess:
One of the most headache-inducing things about being a developer is having to find a solution to every little ailment that software has.
An example would be: working with a particular stack. LEAN, MEAN, LAMP, WAMP,.. The nightmare of having to deal with every single error in PHP, NodeJS, Apache Server, Nginx, the HTTP spec intricacies, the HTML5 spec, API problems..
Sometimes it's just a lot to deal with and I'm trying not to lose my patience.9
Cool New Features for You to Try
String Prefix and Suffix.
Type Hint Lists and Dictionaries Directly.
Greatest Common Divisor (GCD) and Least Common Multiple (LCM)
New HTTP Status Codes.
Removal of Deprecated Compatibility Code.2
The big enterprise in which I work wants to mandate which we have to write a microservice for each individual HTTP endpoint, since we cannot even have an artifactory for code sharing the code duplication is going off the charts and having these microservices sharing a single DB we are creating a big and messy distributed monolith.9
I make a portfolio website using reactjs can anybody take a look and review my website design.
caution: It is not responsive now and still I have to add animations in it using GSAP
website link: http://c9ef-122-180-17-23.ngrok.io/20
Node server with webpack poly fill on embedded device. Why 😂 .
Replacing node-fetch with node http instead of waiting for native node fetch API. Why 😂
All npm scripts on package.json are dead. Why 😂
Node server is not even sharing TS interfaces with frontend.
Customers are complaining about MeM0r1 L3k and let's build more features on stupid node.
Fucking kill me.1
//do smth with z
Isn't this (not my code) callback hell all over again? The 2. http call expects results from the 1. http call. I feel like this could be solved cleaner using async await/switchMap/etc. ... but not like this.13
I tried Appgyver over christmas, since it promised easy front-end (no-)coding I was looking forward to getting rudimentary frontends done faster.
Well, the first real project that I wanted to start didn't compile anymore (internal error from the service), the page told me to reload and try again.
It failed again... And again.
Fine with me, I only spent 10 minutes on the project at this point.
I then searched for the bugreporting page and found it. The sad thing is that when I wanted to open a ticket the server crashed. It didn't even return a HTTP error, just a JSON saying there is a error and a GUID.
I have to say, if a Dev decided to have holidays without new issues that's one way of getting that done.3
Android users, I have a question.
How many of you do actually use Apple signup on your Android device?
TL;DR: Socket.io is fucking trash.
So ive been maintaining a (ExpressJS, MySQL) project that some other guy built where its divided into two GitHub repos - one repo where static HTML pages are served on port 80 and dynamic pages served on port 5352. I have no idea what this web app pattern is called.
Anyway I start implementing Socket.IO for providing real-time notifications to the authenticated user (on port 8004). So I ended up building a Docker container whose sole purpose is to have the socket io listening to port 8004 and emit events.
Now my frontend cannot make XMLHttpRequests to this endpoint (http://localhost/socket.io/...) on port 8004 because of CORS policy - Response to preflight request didnt pass security check - The response doesnt have an OK status.
Never have I been ever this hopeless.