Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "http"
-
Based loosely on the popular "git" command, I am happy to announce my new product, "hit"!
Essentially, hit hooks into "git blame" and automatically slaps the shit out of whoever wrote this garbage.
It uses SOHTTP (Slap Over HTTP) to deliver a nice firm wallop to any subpar script kiddie that had the audacity to come up with this bullshit.
Careful, the user is not immune to the effects9 -
Senior colleagues insisting on ALWAYS returning HTTP status 200 and sticking any error codes in the contained JSON response instead of using 4×× or 5×× statuses.
Bad input? Failed connections? Missing authorization? Doesn't matter, you get an OK. Wanna know if the request actually succeeded? Fuck you, parse potential kilobytes of JSON to get to the error code!
Am I the asshole or is that defeating the purpose of a status code?!15 -
Well one thing that became obvious today is that companies that make wifi routers really dont want you flashing other firmware on it.
For example i got a new router cause it was time.
Ofc fully compatible with OpenWRT. The thing tho ? The GUI flashing process accepts only encrypted binaries. And surprise we as customers cant encrypt it like they do.
So the next thing that comes to mind instantly is UART. They cant break that right ? Well turns out they can. They just disallow key inputs from console. So you cant make the damn device load into TFTP mode.
And D-Link has this lovely recovery utility that accepts unencrypted firmware. EZ way to flash it right ? WRONG. The garbage doesnt load second time after you load it once in 1 boot. And even if you get it to start loading the firmware. It wont really flash it.
Luckily there was an exploit :)
And joining via telnet and enabling http server on PC and wget-ting the binary from there. And flashing.
Honestly now. I pay money for this garbage. I own the hardware. Let me do what i want with it.
At least it runs kernel 5.10 now and is super fast :) Worth the trouble honestly
(Should be noted im not new to flashing firmware on routers. But this is the first one that really didnt want me to flash it. Like nuking my freaking UART access ? Taking it too fucking far)7 -
Intern's CV says they have technical skills with MS Office, MySQL and JavaScript. Last month I let my manager know that this intern doesn't really know anything, so we let her do a Freecodecamp course, after which she still cannot build a basic HTML and CSS page and doesn't understand the relationship between HTML and CSS.
My manager bought her a Laravel course for beginners and today I discovered that she also doesn't understand databases, because she tried to enter an alphabetic character into a column that only accepts integers. She doesn't read/understand the error codes thrown by the application.
She tried to access a route which she created in her Laravel app by accessing it via the phpmyadmin dashboard and called me and wasted my time by asking me why her route isn't working. She literally does not understand how computers work, or how the HTTP protocol works, even less so how a file structure works. She cannot translate abstractions to practical solutions.
She either deliberately lied on her CV to get a job, or she's just really dumb and doesn't understand what the term "technical skills" mean.
I've told my manager multiple times how I think she's in the wrong job, but they keep pushing things beyond her capabilities onto her desk. I was told I'd get an intern to help me with my work load, but I got signed up into an experiment I did not consent to (manager's words, it's an experiment to help uplift people with bad degrees and a poor background). I am not a good teacher, I hate doing it.29 -
Worst code review experience?
Hard to pick just one, but most were in a big meeting room with 4+ other developers not related to the project and with some playing Monday-Morning-Quarterback instead of offering productive feedback.
In one code review, the department mgr reviewed the code from a third party component library.
<brings up the code on the big screen>
Mgr: "I can't read any of this, its a mix of English and something else."
Me: "Its German."
Mgr: "Then why is 'Button' in English? This code is a mess."
Me: "I'm not exactly sure how I should respond, I mean, I didn't write any of this code."
Mgr: "Yes, but you are using it, so it's fair game for a code review."
Me: "Its not really open source, but we can make requests if you found something that needs to be addressed."
Mgr: "Oh yes, all this...whatever this is..<pointing again to the German>"
Me: "I don't think they will change their code to English just so you can read it."
Mgr: "We paid good money, you bet your ass they'll change it!"
Me: "I think the components were like $30 for the unlimited license. They'll tell us to go to hell first. Is there something about my code you want to talk about?"
Mgr: "<Ugggh>...I guess not, I couldn't get past all that German. Why didn't we go with an American company? Hell, why didn't we just write these components ourselves!?"
Me: "Because you gave a directive that if we found components that saved us time, to put in a request, and you approved the request. The company is American, they probably outsourced or hired German developers. I don't know and not sure why we care."
Mgr: "Security! What if they are sending keystrokes back to their servers!"
Me: "Did you see any http or any network access?"
Mgr: "How could I? The code is in German!"
Monday-Morning-Quarterback1: "If it were me, I would have written the components myself and moved on"
Me: "No, I don't think you could for less than $30"
Monday-Morning-Quarterback2: "Meh...we get paid anyway. Just add the time to the estimate."
Mgr: "Exactly! Why do we even have developers who can't read this mess."
Me: "Oh good Lord! Did anyone review or even look at my code for this review!?"
<silence>
Mgr: "Oh...ok...I guess we're done here. Thanks everyone."
<everyone starts to leave>
Me: "Whoa!...wait a sec..am I supposed to do something?"
Mgr: "Get that company to write their code in English so we can read it. You have their number, call em'...no...wait...give me their number. You keep working, I'll take care of this personally"
In they nicest way possible, the company did tell him to go to hell.18 -
Remember that time I taught a "senior" full stack developer what the HTTP PATCH verb was, DURING an interview?
Didn't get the job.
Yeah. Those were good times.2 -
Frontend dev: Hey, could you break HTTP conventions and change the API so I don't have to manage the context of the request?8
-
News like the "social score" travel ban in China really makes me hate social networking and how by developing better technologies we further the capability of orwellian governments to infringe human rights.
But the most depressing thing is we are in a similar watered down version of it, think about it; what you post, what you say, who you follow, what you read, the videos you watch, where you've worked everything follows you. You can't get a job at a company that disapproves your thoughts, study in a college who is more concerned about your ideology rather than teaching...we are slowly but surely becoming a "free" China.
Source: China to ban citizens with bad ‘social credit’ from some forms of travel http://go.newsfusion.com/security/...4 -
The company I am currently working for is partnering with another startup. Nothing special about that. We should integrate their API into our system. I wasn't involved in the process when it came to checking there API and if it would work with our Systems. The Person who did that already left the company so I was left behind with some internal documentation. In that Documentation is already written that API is basically trash....
After I started integrating the API I found more and more flaws in the design. They are not sending any responses that would help, when a param is missing or the authentication isn't correct, only 500's . I got some documentation from the partner company so i thought it will be fine as long as the Documentation would be accurate. Turns out the documentation isn't even close to be up to date. Wrong content types wrong endpoints, wrong naming. Basically we could not work with that. We shortly contacted the partner Company. After a few WEEKS we got a response that they updated the Documentation what was right but still not everything was correct. At this point I lost my mind. I researched a little bit about them, the company is founded from 2 young people who basically came strait out of the University and doest have any experience or idea how to build an API. I investigated a little bit there websites.
They have an Admin panel on the base domain from their API but it is only accessible via HTTP. Like WTF , They use HTTP for an Admin Panel this must be a joke right?
They use Cloudflare without a HTTP to HTTPS redirection ???
I really had not that much time to research in there website but if I find these things in 5 minutes I don't want to know what I can find in like an hour.
At the end we will still use them as partners because surprise surprise our company already sold the product that uses their API.
I know that I will be the person who has to help fixing this shit when it breaks and it will break 1000% JUST FUCK THIS SHIT. FUCK THE PARTNER COMPANY. FUCK THERE API.2 -
Consumers ruined software development and we the developers have little to no chance of changing it.
Recently I read a great blog post by someone called Nikita, the blog post talks mostly about the lack of efficiency and waste of resources modern software has and even tho I agree with the sentiment I don't agree with some things.
First of all the way the author compares software engineering to mechanical, civil and aeroespacial engineering is flawed, why? Because they all directly impact the average consumer more than laggy chrome.
Do you know why car engines have reached such high efficiency numbers? Gas prices keep increasing, why is building a skyscraper better, cheaper and safer than before? Consumers want cheaper and safer buildings, why are airplanes so carefully engineered? Consumers want safer and cheaper flights.
Wanna know what the average software consumer wants? Shiny "beautiful" software that is either dirt ship or free and does what it needs to. The difference between our end product is that average consumers DON'T see the end product, they just experience the light, intuitive experience we are demanded to provide! It's not for nothing that the stereotype of "wizard" still exists, for the average folk magic and electricity makes their devices function and we are to blame, we did our jobs TOO well!
Don't get me wrong, I am about to become a software engineer and efficient, elegant, quality code is the second best eye candy next to a 21yo LA model. BUT dirt cheap software doesn't mean quality software, software developed in a hurry is not quality software and that's what douchebag bosses and consumers demand! They want it cheap, they want it shiny and they wanted it yesterday!
Just look at where the actual effort is going, devs focus on delivering half baked solutions on time just to "harden" the software later and I don't blame them, complete, quality, efficient solutions take time and effort and that costs money, money companies and users don't want to invest most of the time. Who gets to worry about efficiency and ms speed gains? Big ass companies where every second counts because it directly affects their bottom line.
People don't give a shit and it sucks but they forfeit the right to complain the moment they start screaming about the buttons not glaring when hovered upon rather than the 60sec bootup, actual efforts to make quality software are made on people's own time or time critical projects.
You put up a nice example with the python tweet snippet, you have a python script that runs everyday and takes 1.6 seconds, what if I told you I'll pay you 50 cents for you to translate it to Rust and it takes you 6 hours or better what if you do it for free?
The answer to that sort of questions is given every day when "enganeers" across the lake claim to make you an Uber app for 100 bucks in 5 days, people just don't care, we do and that's why developers often end up with the fancy stuff and creating startups from the ground up, they put in the effort and they are compensated for it.
I agree things will get better, things are getting better and we are working to make programs and systems more efficient (specially in the Open Source community or high end Tech companies) but unless consumers and university teachers change their mindset not much can be done about the regular folk.
For now my mother doesn't care if her Android phone takes too much time to turn on as long as it runs Candy Crush just fine. On my part I'll keep programming the best I can, optimizing the best I can for my own projects and others because that's just how I roll, but if I'm hungry I won't hesitate to give you the performance you pay for.
Source:
http://tonsky.me/blog/...13 -
How do you pronounce SQL?
"See for me, I just go my own way and pronounce it as ‘sqwool, or ‘sqwll’, which sometimes gets my coworkers (not db or programming people) calling it ‘Squirrel’. As such we have a custom written utility program which automates running certain SQL commands on various databases which is aptly named SQuirreL. Then we started to have fun with it: The ‘pre-defined’ sets of SQL are held in a ‘.nut’ file which you give to SQuirreL. When you want to see what scripts have been run, you check the SQuirrel’s .log to see what .nut files it has ‘eaten’. We thought about naming the log files .poop, but I felt that was too far. I know right now there’s people reading this cringing, but I say lighten up. My boss when presented with the tool, did not get ANY of the Squirrel/nut references… I mean the tool’s icon was a cartoon squirrel holding an acorn for crying out lout, but I digress.
So yeah, I call it Sqwll or Sqwool, but only when talking to people who don’t matter."
Source, in the comments: http://patorjk.com/blog/2012/...
I doubt this has ever been posted. =)9 -
[CMS Of Doom™]
Imagine bringing every HTTP Query Param and every god damn fucking POST var into to current code context.
"extract()" is one of the reasons why I have terminal PHPTSD.10 -
Writing a Unit test to test the Unit test that's testing your application, because you can never be sure about anything.6
-
Pull-to-refresh in mobile web browsers is useless and annoying.
In mid-2019, the #disable-pull-to-refresh-effect option was removed from chrome://flags on Chrome for Android (version 76) for no apparent reason. The top answer in the Google product forum was to beg for this option to be reinstated through the browser's feedback form ( http://web.archive.org/web/... ). Needless to say, that has been futile.
Why is that a problem? The pull-to-refresh gesture not only is unnecessary due to the quickly accessible refresh button in the menu right next to the URL bar, but also causes unsolicited refreshes when quickly scrolling to the top of the page. This drains both the battery and the mobile data plan, in addition to adding an annoying delay.
I would like to use my web browser like a web browser, not a social media app. Besides, the Twitter web app has its own pull-to-refresh implementation in the notification feed.
Without pull-to-refresh, the user has the freedom to scroll up quickly without risking inadvertently reloading the page. If media was playing while an unwanted pull-to-refresh occurs, the user needs to seek for the last playing position, which could take upwards of a minute if the last position is unknown.
Imagine a desktop/laptop web browser reloading because you scroll against the top. Imagine you reach the top of the page but you have not stopped turning the scroll wheel yet, and then a white circle with a blue spinning refresh icon appears at the center top of the window and the page, and then you have to wait for the page to finish loading, and you also need to seek the last playing position of a video or audio track. Wouldn't that be ridiculous?
Any web browser vendor that enforces pull-to-refresh on its users basically begs users to seek an alternative.7 -
Hey, we need a service to resize some images. Oh, it’ll also need a globally diverse cache, with cache purging capabilities, only cache certain images in the United States, support auto scaling, handle half a petabyte of data , but we don’t know when it’ll be needed, so just plan on all of it being needed at once. It has to support a robust security profile using only basic HTTP auth, be written in Java, hosted on-prem, and be fully protected from ddos attacks. It must be backwards compatible with the previous API we use, but that’s poorly documented, you’ll figure it out. Also, it must support being rolled out 20% of the way so we can test it, and forget about it, and leave two copies of our app in production.
You can re-use the code we already have for image thumbnails even though it’s written in Python, caches nothing and is hosted in the cloud. It should be easy. This guy can show you how it all works.2 -
NO, YOU ABSOLUTE DISGUSTING GREMLIN OF A JS HTTP CLIENT, I DON'T WANT YOU TO "JsOn.StRiNgiFy" MY PAYLOAD OR DOING ANY WEIRD SHIT
I NEED TO SEND THIS THING EXACTLY AS IT'S WRITTEN, STOP TRYING TO GUESS WHAT I'M TRYING TO DO I'M A DEV WITH SOME 7 YEARS OF EXPERIENCE WRITING CODE, I'M SENDING A STRING CUZ I NEED TO SEND A STRING2 -
If my Kickstarter campaign get approved an its succeed finally I can afford to hire some of you guys :)
I made it possible to check the un-inspected pre-beta holdings here:
http://micro-kingdoms.com/displayho...
There are 28053 of them. I have to say that It's going well considering that no one wants to join me in development... it makes me a bit sad...10 -
Blisk, a browser with multiple device testing for developers, went from free to subscription model.. Time blocking features that they offered before, for free.
That's suicide. That's how you lose your install base...
Just deleted it and went back to http://material.io/resizer.3 -
Http/2 server push is really cool. Like, really fucking cool. Those researchers at google really got this right. I hate how they handle their users but I have to say they really make good use of the money they get by selling us for kettle.2
-
Government applications meant to handle private data made in the laziest way using cordova. Hell yea. Bonus points for using the developers account with his first and last name as publishing company to put the app on playstore and not their own official one (not that they have one). Whats not to love. Cant wait to beautify that js to find out that the calls are http and not https.3
-
Crazy... Hm, that could qualify for a *lot*.
Craziest. Probably misusage or rather "brain damaged" knowledge about HTTP.
I've seen a lot of wild things when devs start poking standards, but the tip of the iceberg was someone trying to use UTF-8 in headers...
You might have guessed it - German umlauts. :(
Coz yeah. Fucktard loved writing everything in german, so why not write custom header names in german.
The fun thing is: It *can* work, though the usual sane thing is to keep it in ASCII range for the obvious reason that using UTF-8 (or ISO-8859-1, which is *not* ASCII) is a gamble you gonna loose.
The fun game was that after putting in a much needed load balancer between services for monitoring / scaling etc suddenly *something* seemed off.
It took me 2 days and a lot of Wireshark hoola hooping to find out why, cause the header was used for device detection aka wether it's a bot or not. Or in the german term the dev used: "Geräte-Art".
As the fallback was to assume a bot, but only rate limit based on IP, only few managed to achieve the necessary rate limit to get blocked.
So when I say *something* seemed off, I really mean a spooky kind of "sometimes IP blocked for seemingly no reason at all".
Fun stuff. The dev btw germanized everything. Untangling the code base was a lot of non fun. -.-6 -
I just saw Kickstarter's blog post about moving over to the Blockchain. They're doing it because, uh, protocols, or something. No joke, here's a direct quote from their post:
"You may have heard of HTTP (Hypertext Transfer Protocol) which helps you browse the web, or SMTP (Simple Mail Transfer Protocol) which helps you send email. Protocols like these make up the unseen infrastructure of the internet. Imagine that, but for crowdfunding creative projects."
What the fuck does that even mean? The rest of the blog post is more of the same. They packed it full of every crypto buzzword they could find while also not actually providing any useful information.
Full article here, if anyone wants to read a headache-inducing pile of nonsense: https://kickstarter.com/articles/...10 -
IT CAN'T BE THAT HARD
1) A CONTROLLER RETURNS HTTP RESPONSES, computed using data received from
2) A SERVICE\MANAGER\YOURMOTHER, which fetches data from a DB\external service\whatever
LITERALLY 2 FUCKING STEPS. I'LL TAKE THAT "SENIOR" IN YOUR TITLE AND CHISEL IT ON YOUR FOREHEAD SO YOU'LL REMEMBER WHAT YOU'RE SUPPOSED TO BE WHEN YOU COMMIT THIS FUCKING GARBAGE2 -
Webmin because why not ✓
Lamp stack ✓
Dynamic DNS client ✓
PhpMyAdmin X
Dear DigitalOcean. SINCE WHEN do you consider a PMA installation
without Https SECURE?
And why the fuck do you make me install an aptitude package that skips both file system AND Apache config cleanup on purging?
It's just a raspberry, but if it runs lamp I want PMA, and if it runs anything, I want Https. Is that too much to ask for from a tutorial source otherwise so reliable that I do anything you say without a questioning thought?8 -
[CMS Of Doom™]
Ah, yes, their built-in bullshit newsletter module just sent the n-th user n emails. Wonderful considering n=368.
The culprit? Better don't ask...
OK, anyway: So the mailer is running as a CRONjob, but nah, not as a console script call but by a public HTTP GET URL call, fucking obviously (it's the CMS Of Doom for a reason).
So these fucking imbeciles "implemented" an ob_start() callback where HTML links are - for whatever fucking reason - modified by some regex (obviously everybody knows parsing HTML by Regex is trivial). In this case the link was somehow modified to recall the mailer Cronjob...
This must have upset the pngoing mailing process thus spamming mails. Whyyyy
And I've thought I've seen it all after 6 months in this legacy hell...
This is why you don't run a company consisting of only beginners in PHP (in cluding their "CEO")! -
Good morning to everyone, except that one Twitter dev who one day woke up and was like "YOU KNOW WHAT, MY APPLICATION WILL FEATURE BOTH OAUTH1 AND OAUTH2 ENDPOINTS, BUT SOME FEATURES WILL BE EXCLUSIVE TO EITHER OF THE TWO -NOT NECESSARILY THE MOST RECENT, JUST A RANDOM ONE-, AND ALSO THE OFFICIAL TWITTER LIBRARY WON'T COVER ALL THE ENDPOINTS SO PEOPLE WILL HAVE TO RESORT TO RAW HTTP REQUESTS INSTEAD OF USING MY SDK AND ALSO I'MMA MAKE DEVELOPERS FILL 2 VERY DETAILED FORMS, REQUIRING PERSONAL DATA AND ACTUAL REAL PHONE CALLS, JUST TO START DEVELOPMENT WITH 7 DIFFERENT AUTHENTICATION TOKENS, BECAUSE SOME REQUESTS WILL REQUIRE A DIFFERENT AUTHENTICATION METHOD THAN THE OTHER REQUESTS DESPITE ALL OF THEM PERTAINING TO THE SAME FUCKING ENTITY"3
-
Just got an email from my company that a http server app I wrote years ago exposed the whole server it runs on because of a misconfig parametered...
Can use it to read any file using server.com/path/to/file1 -
oh, I have a few mini-projects I'm proud of. Most of them are just handy utilities easing my BAU Dev/PerfEng/Ops life.
- bthread - multithreading for bash scripts: https://gitlab.com/netikras/bthread
- /dev/rant - a devRant client/device for Linux: https://gitlab.com/netikras/...
- JDBCUtil - a command-line utility to connect to any DB and run arbitrary queries using a JDBC driver: https://gitlab.com/netikras/...
- KubiCon - KuberneterInContainer - does what it says: runs kubernetes inside a container. Makes it super simple to define and extend k8s clusters in simple Dockerfiles: https://gitlab.com/netikras/KubICon
- ws2http - a stateful proxy server simplifying testing websockets - allows you to communicate with websockets using simple HTTP (think: curl, postman or even netcat (nc)): https://gitlab.com/netikras/ws2http -
What the FUCK im fixing integrations on some dumbass's API. Biz wants this in prod on monday. It's fucking saturday. Anyway
Me: why did you give us a 200 even if its an error
Them: thats normal
Me: If it's an error it shouldnt be 200
Them: its a 200 because the api params are correct but differ in value so its not an http error but an api error
lmao2 -
Made my own "devRant" ("inspired hehe") Android app/socialmedia^^
(still in BETA) Not targeting a specific area though. http://stardash.de:4000/
And no not a devRant replacement cuzz its not soo much dev Related :)
Layout has no similarities aT aLl :D
App can only be downloaded on my website cuzz im not 18 yet so i cant publish to the playstore (and also i kinda dislike Google and using anything Google connected in a app e.g. Firebase)
There is a build in update center in the app though.
Server:
My Pc (Linux)
Nodejs with Express
Mysql
App:
Android Studio mostly with Retrofit16 -
Fuck environments without direct internet access and only http proxy in place.
That is all, thank you for listening3 -
What do you think about HTTP/3, QUIC, WebTransport?
https://web.dev/webtransport/ (It is still a *draft*, but google is already implementing it and stuff)
Idk it feels weird for me that HTTP will be served over UDP/QUIC10 -
Update From My now HackProof SocialMedia StarSpace :)
I now introduced themes (for now just StarPurple)
Added Votes, Tags, Mentions, Links and many many more features.
Im gonna release the App to the Playstore this or next Month! For now i created my own "manager" where people can view my apps and update/install them.
can be downloaded from the manager http://stardash.de:4000/ or directly http://stardash.de/download/... if ur interested :)20 -
*laughing maniacally*
Okidoky you lil fucker where you've been hiding...
*streaming tcpdump via SSH to other box, feeding tshark with input filters*
Finally finding a request with an ominous dissector warning about headers...
Not finding anything with silversearcher / ag in the project...
*getting even more pissed causr I've been looking for lil fucker since 2 days*
*generating possible splits of the header name, piping to silversearcher*
*I/O looks like clusterfuck*
Common, it are just dozen gigabytes of text, don't choke just because you have to suck on all the sucking projects this company owns... Don't drown now, lil bukkake princess.
*half an hour later*
Oh... Interesting. Bukkake princess survived and even spilled the tea.
Someone was trying to be overly "eager" to avoid magic numbers...
They concatenated a header name out of several const vars which stem from a static class with like... 300? 400? vars of which I can make no fucking sense at all.
Class literally looks like the most braindamaged thing one could imagine.
And yes... Coming back to the network error I'm debugging since 2 days as it is occuring at erratic intervals and noone knew of course why...
One of the devs changed the const value of one of the variables to have UTF 8 characters. For "cleaner meaning".
Sometimes I just want to electrocute people ...
The reason this didn't pop up all the time was because the test system triggered one call with the header - whenever said dev pushed changes...
And yeah. Test failures can be ignored.
Why bother? Just continue meddling in shit.
I'm glad for the dev that I'm in home office... :@
TLDR: Dev changed const value without thinking, ignoring test failures and I had the fun of debunking for 2 days a mysterious HAProxy failure due to HTTP header validation... -
CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.
Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.
What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.
Can anyone give REAL examples when CORS can really protect from anything?32 -
I would like to call out the moron who decided to control docker through HTTP when the maximum time the server can take to finish the task is longer than the HTTP timeout.
If you expect things might time out, you don't use a HTTP request. You use a resource and poll it, or Websockets, or possibly SSE.
Shoehorning your API into a frame that obviously doesn't fit doesn't help anyone. Just admit that you don't know what HTTP is and use a regular TCP socket with regular pings.2 -
!rant
oh my god, look what I found.
http://f.javier.io/rep/books/...
"The computer system described in the book is for real—it can actually be built, and it works! A reader
who takes the time and effort to gradually build this computer will gain a level of intimate understanding
unmatched by mere reading. Hence, the book is geared toward active readers who are willing to roll up
their sleeves and build a computer fromthe ground up."2 -
Sharing a first look at a prototype Web Components library I am working on for "fun"
TL;DR left side is pivot (grouped) table, right side is declarative code for it (Everything except the custom formatting is done declaratively, but has the option to be imperative as well).
====
TL;DR (Too long, did read):
I'm challenging myself to be creative with the cool new things that browsers offer us. Lani so far has a focus on extreme extensibility, abstraction from dependencies, and optional declarative style.
It's also going to be a micro CSS framework, but that's taking the back-seat.
I wanted to highlight my design here with this table, and the code that is written to produce this result.
First, you can see that the <lani-table> element is reading template, data, and layout information from its child elements. Besides the custom highlighting code (Yellow background in the "Tags" column, and green gradient in the "Score" column), everything can be done without opening even a single script tag.
The <lani-data-source> element is rather special. It's an abstraction of any data source, and you, as a developer can add custom data sources and hook up the handlers to your whim (the element itself uses the "type" attribute to choose a handler. In this case, the handler is "download" which simply sends a fetch request to the server once and downloads the result to memory).
Templates are stored in an html file, not string literals (Which I think really fucks the code) and loaded async, then cached into an object (so that the network tab doesn't get crowded, even if we can count on the HTTP cache). This also has the benefit of allowing me to parse the HTML templates once and then caching the parsed result in memory, so templates are never re-parsed from string no matter how many custom elements are created.
Everything is "compiled" into a single, minified .js file that you include on your page.
I know it's nothing extraordinary, but for something that doesn't need to be compiled, transpiled, packaged, shipped, and kissed goodnight, I think it's a really nice design and I hope to continue work on it and improve it over time1 -
It probably will be an unanswered question, but let's try.
Does anyone know of a large project using onion / hexagonal/ ddd or similar architecture with free access to the source code...
Or an example of said architectures that goes beyond "trivial dumb example".
The new recruits need... A lot of brushing up (I'd be for electro shock treatment and other stuff, but somehow HR thinks I'm joking).
As said, most examples I found are too basic. On the other hand, if I write now a good example, I'd need to do it in either my free time (nope, just nope) or jiggle it in somewhere in company time (aka it will be never finished nor be in a useful state).
Programming language preferred would be Java, but as I'm fluent in most languages except the forbidden ones (JavaScript and it's friends) ...
Anything would be helpful.
Most welcome would be an example with a focus on Adapter / Ports, e.g. abstraction of HTTP client usage / ORM etc.
Thanks.12 -
I read: "Don't change your implementation to do tests"
Then I read: "If it's too hard to test, your implementation is too complex"
Then we can get into test terminology itself, which is its own mess:
http://xunitpatterns.com/Mocks,%20F...
sheesh, if you thought the whole javascript / framework / web ecosystem always feels immature and behind other areas of software, i'm about to argue that testing patterns are even further behind8 -
Anyone here have any experience with PHP? I've never really used it myself and don't really want to, but I do look at things like http://phpsadness.com/ from time to time.
These complaints range from "fairly minor" (some stuff like function names/args and some syntsx complaints) to "how is this language even used" (segfaults in a scripting language, broken things like "create_function", comparisons and ternanry operator).
Of course, i don't program in PHP so i don't know how bad any of this actually is.
Anyone actually use PHP or did use it previously?20 -
When I commented that that there may be non-euclidean equivalents to certain stat functions (average, mean, mode, etc), apparently there were others out there with the same general idea.
Some guys over at stanford are exploring hyperbolic spaces for machine learning, which is exactly the sort of applications I had in mind.
Very fascinating work, go check it out if it's something that interests you..
https://dawn.cs.stanford.edu/2019/...
And the related paper that it is based on:
http://proceedings.mlr.press/v80/...2 -
I've read the docs but my tired brain overrided an important detail.
https://haproxy.com/documentation/...
"By default, HAProxy Enterprise will serve these pages only if it initiated the error itself. For example, it will return the page for a 503 Service Unavailable error if it can't reach any backend servers."
I had _the_ return part for interception of the error page from the backend added, not the default override for the error page of HAPRoxy itself.
Took me 4 hours, crying, madness and screaming to realize it.
This week is really wringing the last bits of the gooey slime what should be my brain out...
-.-
Another fun part is that I mistakenly thought the delimiter for multiple strings to an ACL comparison is a comma... It's a whitespace.
acl is_evil hdr(host) -i one,two is wrong.
acl is_evil hdr(host) -i one two is right.
I used to write HAPRoxy configurations blindly, today it was more like writing two lines of codes 100000000 times and still doing it wrong TM.
I need new brain.
Anyone got an offer?3 -
How the fuck is Firebase still a thing? I just spent hours debugging a random "not authorised" error, only to find out you need to enable a deprecated API even if you're only using the new (recommended) one. Do they tell you about it? Fuck no, they keep it disabled by default, they tell you to only use the new API, and they make it pretty much impossible to find the deprecated API you need to enable without a direct link.
And why the fuck does the official SDK send image URL as { "imageUrl": "http://..." }, when the endpoint expects it to be { "image": "http://..." }? Why the fuck does the documentation mention both options interchangeably, while only the latter one actually works?7 -
CGI is fun, websockets are fun, why on earth is it so fucking hard to have both of them with proper switching using at most one extra program apart from my handlers?
By proper switching I mean that you actually track connections and upgrade headers to decide what to do, rather than forcing websocket connections onto a separate HTTP resource just to tell the difference.4 -
Someone wrote some error handling middleware for the whole application.
Then someone wrote some default classes for HTTP errors; BadRequest, Unauthorized and so on.
If I didn't know any better, I'd think throwing one of these default errors would give the proper status code, instead of default everything to 500.
But alas, I do know better.1 -
Aka... How NOT to design a build system.
I must say that the winning award in that category goes without any question to SBT.
SBT is like trying to use a claymore mine to put some nails in a wall. It most likely will work somehow, but the collateral damage is extensive.
If you ask what build tool would possibly do this... It was probably SBT. Rant applies in general, but my arch nemesis is definitely SBT.
Let's start with the simplest thing: The data format you use to store.
Well. Data format. So use sth that can represent data or settings. Do *not* use a programming language, as this can neither be parsed / modified without an foreign interface or using the programming language itself...
Which is painful as fuck for automatisation, scripting and thus CI/CD.
Most important regarding the data format - keep it simple and stupid, yet precise and clean. Do not try to e.g. implement complex types - pain without gain. Plain old objects / structs, arrays, primitive types, simple as that.
No (severely) nested types, no lazy evaluation, just keep it as simple as possible. Build tools are complex enough, no need to feed the nightmare.
Data formats *must* have btw a proper encoding, looking at you Mr. XML. It should be standardized, so no crazy mfucking shit eating dev gets the idea to use whatever encoding they like.
Workflows. You know, things like
- update dependency
- compile stuff
- test run
- ...
Keep. Them. Simple.
Especially regarding settings and multiprojects.
http://lihaoyi.com/post/...
If you want to know how to absolutely never ever do it.
Again - keep. it. simple.
Make stuff configurable, allow the CLI tool used for building to pass this configuration in / allow setting of env variables. As simple as that.
Allow project settings - e.g. like repositories - to be set globally vs project wide.
Not simple are those tools who have...
- more knobs than documentation
- more layers than a wedding cake
- inheritance / merging of settings :(
- CLI and ENV have different names.
- CLI and ENV use different quoting
...
Which brings me to the CLI.
If your build tool has no CLI, it sucks. It just sucks. No discussion. It sucks, hmkay?
If your build tool has a CLI, but...
- it uses undocumented exit codes
- requires absurd or non-quoting (e.g. cannot parse quoted string)
- has unconfigurable logging
- output doesn't allow parsing
- CLI cannot be used for automatisation
It sucks, too... Again, no discussion.
Last point: Plugins and versioning.
I love plugins. And versioning.
Plugins can be a good choice to extend stuff, to scratch some specific itches.
Plugins are NOT an excuse to say: hey, we don't integrate any features or offer plugins by ourselves, go implement your own plugins for that.
That's just absurd.
(precondition: feature makes sense, like e.g. listing dependencies, checking for updates, etc - stuff that most likely anyone wants)
Versioning. Well. Here goes number one award to Node with it's broken concept of just installing multiple versions for the fuck of it.
Another award goes to tools without a locking file.
Another award goes to tools who do not support version ranges.
Yet another award goes to tools who do not support private repositories / mirrors via global configuration - makes fun bombing public mirrors to check for new versions available and getting rate limited to death.
In case someone has read so far and wonders why this rant came to be...
I've implemented a sort of on premise bot for updating dependencies for multiple build tools.
Won't be open sourced, as it is company property - but let me tell ya... Pain and pain are two different things. That was beyond pain.
That was getting your skin peeled off while being set on fire pain.
-.-5 -
Python 3.9:
Cool New Features for You to Try
String Prefix and Suffix.
Type Hint Lists and Dictionaries Directly.
Topological Sort.
Greatest Common Divisor (GCD) and Least Common Multiple (LCM)
New HTTP Status Codes.
Removal of Deprecated Compatibility Code.2 -
I don't get it
why is it that people still use FTP?
Like, in current, fairly recent (2018) projects, for public downloads.
I get that when you're just hosting public files without any authentication you don't need to worry about the unencrypted passwords, but like
the random ports are a shitty and annoying practice and also http exists just let your custom patcher program download the release from github where it's already available22 -
I tried to post a comment to someone's post and without UI feedback I get the API response in the HTTP request: "Comment not valid". This isn't enough information for me to troubleshoot what is a valid comment.4
-
Useless JS library #1 ready:
A paned-tabbed js grid, where cells can be iframes because every grid operation only changes the css and the cell itself is never moved in the DOM. The purpose is to support complete sandboxing of untrusted snippets, so we could even let users pick their own modules if they want extra functionality.
Soon I'll clean up both this and the messaging and put them on github, but to me writing these is a creative process and the working prototype is everything but readable.
In the meantime I put it on
http://test.tardigrade.dynu.com6 -
It's 2022 and web browsers are still unable to unfollow redirects.
If I open some URL in a new tab and it redirects me to /503.html or similar due to some server errors (which is bad design to begin with), there is no way to see which URL was redirected from. The "back" (←) navigation button is greyed out, so there is nowhere to go back to.
One might open a new tab to look at it later without realizing it redirected to an error page. Then one opens it, sees /503.html, and has forgotten which article one was going to read.
Only on the mobile edition of Chrome/Chromium, switching between desktop and mobile view unfollows the redirect. But on Firefox mobile, Chrome/Chromium-based desktop, and Firefox desktop, there is no way to know which URL redirected me there. -
One of the most headache-inducing things about being a developer is having to find a solution to every little ailment that software has.
An example would be: working with a particular stack. LEAN, MEAN, LAMP, WAMP,.. The nightmare of having to deal with every single error in PHP, NodeJS, Apache Server, Nginx, the HTTP spec intricacies, the HTML5 spec, API problems..
Sometimes it's just a lot to deal with and I'm trying not to lose my patience.9 -
I want to learn about the most important network protocols (HTTP 1/1.1/2, SSH, IMAP, SMTP, IMAP...) but reading the RFCs is extremely time consuming and probably not necessary for someone which doesn't need to implement these protocol.
Do you know more concise resources where I can learn more about the topic?9 -
I make a portfolio website using reactjs can anybody take a look and review my website design.
caution: It is not responsive now and still I have to add animations in it using GSAP
website link: http://c9ef-122-180-17-23.ngrok.io/20 -
Hey ya'll i really love this forum and i was inspired to build another one for just any group of people lemme know what you think. http://chewata.fun/24
-
The big enterprise in which I work wants to mandate which we have to write a microservice for each individual HTTP endpoint, since we cannot even have an artifactory for code sharing the code duplication is going off the charts and having these microservices sharing a single DB we are creating a big and messy distributed monolith.9
-
ant.design selectors are bogus garbage.
The drop-down selector that replaces the browser's native one does not allow typing to select an entry, meaning to select a language from a long list, one needs to manually scroll to it. If the scroll wheel of the mouse does not work properly, one needs to use the scroll bar, which is far too short to be able to conveniently scroll a long language list.
Sure, ant.design might look pretty (as advertised), and has oh-so-fancy features like fade in/out animations, but from an interaction point of view, that's as useless as the skeleton screens popularly used by JavaScript-based websites (which are anyway inferior in performance and compatibility compared to static HTML pages with JavaScript on top).
Not only can I not type-to-select, but the date selector on Dailymotion, which uses this utter garbage, sends "[object Object]" to the server, so the user is forced to edit the HTTP request manually. Complete utter garbage.
Don't use that shit. Use the browser's native feature. Or use something progressively enhancing like the drop-down menus used by MediaWiki on pages such as Special:Contributions, where it actually is properly implemented.2 -
Rant/question:
httpDoSmth1().subscribe(x =>
...then(y =>
httpDoSmth2(x).subscribe(z =>
//do smth with z
return z
)
)
)
Isn't this (not my code) callback hell all over again? The 2. http call expects results from the 1. http call. I feel like this could be solved cleaner using async await/switchMap/etc. ... but not like this.13 -
Consider an API that uses the HTTP path to represent position in a tree that literally represents a file tree with minimal constraints, and GET/PUT/DELETE methods to read, write and destroy the nodes. How would you encode read/write operations to per-node metadata? The kinds of metadata are static and around 4, so inventing HTTP verbs for each of them is infeasible but filtering is not necessary.
Options considered so far:
- toplevel resources alongside a namespaced /data such as /acl, /lock
- magic keywords to the Range header (this is apparently compliant)
- mimetypes such as text/plain+acl
- SETPROP / PROP methods in the spirit of WebDAV
- headers (I worry this may become an immitigable bottleneck really fast)
I'm looking for any kind of suggestion or insight, not perfect answers.
I read the WebDAV specification and I won't even suggest that I'm trying to align with it, the only protocol I'd seen in the past with comparable scope bloat is WebRTC.23 -
Android users, I have a question.
How many of you do actually use Apple signup on your Android device?
http://www.strawpoll.me/4606572916 -
I tried Appgyver over christmas, since it promised easy front-end (no-)coding I was looking forward to getting rudimentary frontends done faster.
Well, the first real project that I wanted to start didn't compile anymore (internal error from the service), the page told me to reload and try again.
It failed again... And again.
Fine with me, I only spent 10 minutes on the project at this point.
I then searched for the bugreporting page and found it. The sad thing is that when I wanted to open a ticket the server crashed. It didn't even return a HTTP error, just a JSON saying there is a error and a GUID.
I have to say, if a Dev decided to have holidays without new issues that's one way of getting that done.3 -
Node server with webpack poly fill on embedded device. Why 😂 .
Replacing node-fetch with node http instead of waiting for native node fetch API. Why 😂
All npm scripts on package.json are dead. Why 😂
Node server is not even sharing TS interfaces with frontend.
Customers are complaining about MeM0r1 L3k and let's build more features on stupid node.
Fucking kill me.1 -
opengrok doesn't support searching special character forward slash? /
http://bxr.su/help.jsp
like fuck me that's the slash im more interested in, can't remember ever needing or wanting to search for a \ backslash5 -
Just built out my first app using Cloudflare Workers, Typescript, and DurableObjects. Holy shit, this is nice stuff.
It's taken little to no time to build out:
* JSON API written in Typescript
* JWT verification against my OAuth backend (SAML support too)
* CI Automated Deployments including unit tests
* DurableObject support
* 3rd party HTTP calls + caching (built in to the framework!) to reduce network latency and hiccups.
* Cron-like tasks on each stored object so they can awaken the app on a schedule and update themselves as necessary
* Rapid deployment to new environments
The local testing with coordinated "miniflare" is dreamy too.