Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
First time poster here. Please be nice :)
My biggest workaround is one that's being currently deployed to 40 truck drivers (trucking company here), preventing printers being out of usage while on the road. We also have to use HP ePrint to wirelessly print documents, but that's another story for another time I guess :)
CEO asked us to install wifi printers in our 40-ish trucks which has wifi on board. However he's always picking one of the cheapest options possible, so we got consumer grade printers (Laserjet 1002w). Those printers often disconnects without getting back on the truck wifi network EVER. I have to get physically in the truck, wire the printer via USB onto my laptop and reconfigure Wifi on it with the HP Windows tool. This means lots of printer downtime, which always happens when the drivers are three timezones away from our office
Then I thought: "What if I could sniff what HP sends via USB while I (re)configure the printer, and replay whats being sent later? Our trucks all have an Android tablet with a USB type-A connector with host capability, so I could write a small app that replays the config when plugged in by the user.
Three days of hacking around later, I have a working app. By chance, HP printers (or at least those models we have) uses HTTP POST via USB, so I could easily replay the request.
Edit: the end result is that truck drivers just plug the printer to their tablet, press "reconfigure" in a home made Android app, printer is reconnected to the truck and they're good to go. They don't have access to the network nor know enough to debug themselves anyways14 -
So I was hired about 4 months or so in this companty, we will name it 'Derp & Co.'
The first task they want me to do was to 'clean' an android app that, for what they told me:
- Previous dev fired. said that tasks have been done but totally a lie.
- Took a fully week of 2 fellows coworkers to 'undo' the mess.
- And for the last but not least, zero documentation, like ZERO.
So, I clone the repo, install android studio, blah blah blah, get hands to the pile of code and jesus...
- The whole app was working with a gargantuan json, there was no use of POJOs at all. Objects are for normies.
- A masive copy/paste code, like 'I will need this here, crtl-c... ctrl-v, DONE!'
- Threads are free, isn't it? let's just put a thread whenever I desire to make an HTTP request and not reuse code at all.
So... with this on mind, my first task is to make proper objects:
- Coworker: 'Sorry dev, we don't have documentation for this, you must debug the code to se what the server will send to you'.
- Me: 'Real?'
Shit... ok. So I first try to figure out how the hell is made my gargantuan json. A month was entirely lost to unravel this data and implement Objects, improve their code, reuse code, etc. but at the very end:
- coworker: 'Good job dev, when the POJOs are done, we can focus on the next task, whe have to define a new DATA MODEL because the one we are using now is not good at all'.
*note: the app is on production and working with all the previous 'features' and today it still on use on some enviroments.
- Me: 'Wait... this is a joke, now you want to define new data models? This should have been done in first place!' <WTF face>
- Coworker: 'I don't think so dev, Mr. boss have this list with things to improve on the app an this is the order of do the tasks'.
Mr. boss is on vacations, two days after he came back:
- Mr boss: 'Coworker said that you have been working with POJOs, is that right?'
- Me: 'Yes'
- Mr boss: 'Why? Did not see the need of a new data model?'
- Me: 'I told that to him, but he insist on "the order" of the list.
- Mr. boss <facepalm>
This is one of the few tales i have from 'Derp & Co.'
PS: Sorry if i made a mistake on writing, english is not my first language and maybe I have done some mistakes.7 -
Can't ssh to my vps at work; hello new hobby project!
(server hosted on vps, http request -> shell -> http response)
Next up is supporting an interactive shell
18 -
I wanted you to notice that XHR (XML HTTP Request) is an acronym composed by two other acronyms and a word. Thank you for the attention15
-
Misunderstanding is like running ftp server on port 80!
Ftp responses for http request!
In real life it happens like this
3 -
I know a guy, about 50 years old. He is a self-taught programmer since he was young, and he has always used Visual Basic (never anything newer than VB6).
He once needed to interface with a web application I wrote, so I asked him to send me a POST HTTP request. He didn't know what I was talking about. No notion of REST, sockets, HTTP, nothing.
The he showed me his code. Actually, his codes. He had multiple copies of the project, one for each version, and he even kept multiple variations of the software in different separate folders. He probably doesn't know what "version control" even means.
You think this is messy. You didn't see the actual code (it's a huge application!).
Spaghetti all over the place. Meaningful variable names, what are they? Default names for the controls, like button1, button2, etc, with forms with more than 30 buttons and text fields. This was the most incomprensibile code I have ever seen.
You might think that this guy is just a hobbyist.
No.
He sells his applications. To companies. They are obviously full of errors, but they buy them.
Now, if you're still with me, two questions come into my mind:
- why?? I hate this, because it's impossible to prove to a non-technical person that this is *not* software development.
- how do I know that, to someone else, I am not like him? How can I be sure that I know and will know what needs to be known?4 -
Boss comes in and gives me some js code for syncing data (he hacked it together the other day, really messy with like 5 callback lamdas stacked into each other)
Boss: Make it faster and more reliable and add some progress indicator
So i look at the code and he literally pulls all the data as one json (20+ MiB). Server needs multiple minutes to generate the response (lots of querys), sometimes even causing timeouts....
So i do what everyone would do and clean up the code, split the request into multiple ones, only fetching the necessary data and send the code back to my boss.
He comes in and asks me what all this complexity is about. And why i need 5 functions to do what he did in one. (He didn't -.-). He says he only told me to "make it faster and show progress" not "to split everything up".
So I ask him how he wants to do this over HTTP with just one request...
His response: "I don't care make it work!".
Sometimes i hate my job -.-11 -
Holy fuck, the state of npm
Question: "How do I make a GET request in NodeJS"
Accepted answer: "Use the http library it has built in get functions, its quite simple"
I FUCKING KID YOU NOT, THE NEXT 10 ANSWERS: Use this npm library, it's super great ;)22 -
Had a job interview recently that went well besides one little disagreement... and it has made me question my sanity. Tell me if I'm wrong.
They asked the difference between a GET and POST request.
Wow, that's an easy one, they're giving me a break, I thought to myself.
I said "GET is used to retrieve data from a server, whereas POST is used to add data to a server, via it's body, which a GET lacks" or something like that.
They were like "ya mostly, but GET can be used to enter data into the server too. We were just looking for the body thing."
And I'm like.... yeah, you could do that, but that's not what it's meant for.
They mention stuff about query parameters and I hold steady that GET and POST are different because GET has a specific purpose. Otherwise, we wouldn't need the "method" part of an HTTP request at all. We could just either include a body or not include a body.
I ended it with "Well, POST implies that you are adding data to a server, and GET implies you are querying data from the server. When I'm reading documentation, that's how I quickly determine what an endpoint does."
My confidence was a little shaken at this point. Crazy what two people with (I assume at least) 10+ years of experience telling you you're wrong will do to your confidence.21 -
I consider myself a web developer for over 7 years.
Today, I learnt that http features a HEAD request.
Wut.5 -
So lately I’ve been sending an http request with ajax instead of using classic form submit. Pdf and images need to be converted into byte64 string then send it to the backend, problem is if the size gets too big chrome crashes and showed me ‘Aw snap’, but it works on firefox. Thr file is size could be 3 to 100 mb (for pdf). So my question; is this my problem or just browser limitation?17
-
I'm going for longest rant. TL:DR; version here:
http://pastebin.com/0Bp4jX9y
then:
http://pastebin.com/FfUiTzsh
Twat Client,
As per our conversation, here is an invoice for the work you requested on behalf of U.S. Bloom. I realize that you ended up going with another designer, but you did request samples of what my take on the logo design would be. The following line item is indicative of 1 hour of graphic design consultation as per your request via Skype.
As I recall, you mentioned that this is not how Upwork "works" but considering it was you who requested that I converse with you via Skype instead of via the Upwork messenger, and since there were no clear instructions on how to proceed with Upwork after our initial consultation, It is assumed that you were foregoing Upwork altogether to work with me directly, thus the invoice from me directly for my time involved in the project. I would have reached out to you via Skype, but it seems that you may have severed our connection there.
After spending a little time researching your company, I could not find current information for Basic Media Marketing, but I was able to reach out to your former partner Not A. Twat, who was more than helpful and suggested that he would encourage you to pay for the services rendered.
It is discouraging that you asked for my help and I delivered, but when I ask for compensation in return for my skills, you refused to pay and have now taken your site offline and removed me as a contact from Skype.
{[CLIENT of CLIENT]},
I am sorry that I have bothered you with this email. I copied you on it merely for transparency's sake. I am sure that your logo is great and I am sure whatever decision was made is awesome for your decision. I just wanted to make sure that you weren't getting "samples" of other people's work passed off as original work by Twat Media Marketing.
I can't speak for any of the other candidates, but since Twat asked me to conduct work with him via Skype rather than through Upwork, and since he's pretty much a ghost online now, (Site Offline, LinkedIn Removed or Blocked, and now Skype blocked as well) one has to think this was a hit and run to either crowdsource your logo inexpensively or pass off other artist's work as his own. That may not be the case, but from my perspective all signs are pointing to that scenario.
Here is a transcript. Some of his messages have been redacted.
As you can clearly see, requests and edits to the logo were being made from Jon to me, but he thinks it's a joke when I ask about invoicing and tries to pass it off as an interview. Do you see any interview questions in there? There were no questions about how long I have been designing, what are my rates, who have I done work for in the past, or examples of my previous work. There were none because he didn't need them at this point.
He'd already seen my proposal and my Behance.net portfolio as well as my rates on Upwork.com. This was a cut to the chase request for my ideas for your logo. It was not just ideas, but mock designs with criticism and approval awaiting. Not only that, but I only asked for an hour of compensation. After looking at the timestamps on our conversation, you can clearly see that I spent at least 3 hours corresponding with Twat on this project. That's three hours of work I could have spent on an honest paying customer.
I trust that TWATCLIENT will do the right thing. I just wanted you guys to know that I was in it to do the best design I could for you. I didn't know I was in it to waste three hours of my life in an "interview" I wasn't aware I was participating in.
Reply from ClientClient:
Hello Sir,
This message is very confusing?
We do not owe your company any money and have never worked with you before.
Therefore, I am going to disregard that invoice.
Reply from TWATCLIENT's boss via phone:
I have two problems with this. One I don't think your business practices are ethical, especially calling MY client directly and sending them an invoice.
Two why didn't you call or email Jon before copying my client on the email invoice?
Me: Probably because he's purposely avoiding me and I had no way to find him. I only got his email address today and that was from a WHOIS lookup.
Really, you don't think my business practices are ethical? What about slavery? Is that ethical? Is it ethical to pass of my designs to your client for critique, but not pay me for doing them?
... I'LL HAVE TO CALL YOU BACK!
My email follow up:
http://pastebin.com/hMYPGtxV
I got paid. The power of CCing the right combination of people is greater than most things on Earth.14 -
FKING. LANDLORD. FKING LANDLORD THINKS MY LAN CABLE SLOWS THE FKING INTERNET BACK TO THE 1990s.
- Prologue
I'm renting at a place that looks good af. But the fking wifi is so slow, 80% of the time you can't even send an empty http request.
- Chapter 1
Okay, maybe it's my laptop. *plugs in cable*. Now the requests fail 10% of the time. Better than nothing. 2 hours later, gets a text saying other housemates are having slow internet because of me. FUCK. Unplugs, LAN cable, uses mobile data and cries to sleep.
- Chapter 2
Tries again after a few days. Barely uses the internet (I'm only using it to play games, not even download it and I used more than this with a 2mbps internet). No videos, no music, just small data exchange with a low ping. GETS A FKING TEXT AGAIN
- CHAPTER 3
My sis comes over and complains that the net is slow af. Plugs in LAN cable while no one is around, everything is fine. Sis leaves, I roll up my end of the LAN cable in my room but leave the cable plugged in on the outside of the room. Next morning, it's unplugged. Plugged it back in before I go to work and when I come back, guess what? ITS FKING UNPLUGGED. AGAIN. AND IM NOT EVEN USING IT.
SOMEONE PLEASE STOP ME FROM GOING ON A RAMPAGE SHOVING THE FKING CABLE AND THE ROUTER UP PEOPLE'S ASSES. LAN FUCKING CABLES DONT SLOW THE INTERNET BACK TO THE PREVIOUS CENTURY. ESPECIALLY WHEN THEY'RE NOT EVEN PLUGGED IN ON THE OTHER SIDE. FUCK.23 -
Worst code review experience?
Hard to pick just one, but most were in a big meeting room with 4+ other developers not related to the project and with some playing Monday-Morning-Quarterback instead of offering productive feedback.
In one code review, the department mgr reviewed the code from a third party component library.
<brings up the code on the big screen>
Mgr: "I can't read any of this, its a mix of English and something else."
Me: "Its German."
Mgr: "Then why is 'Button' in English? This code is a mess."
Me: "I'm not exactly sure how I should respond, I mean, I didn't write any of this code."
Mgr: "Yes, but you are using it, so it's fair game for a code review."
Me: "Its not really open source, but we can make requests if you found something that needs to be addressed."
Mgr: "Oh yes, all this...whatever this is..<pointing again to the German>"
Me: "I don't think they will change their code to English just so you can read it."
Mgr: "We paid good money, you bet your ass they'll change it!"
Me: "I think the components were like $30 for the unlimited license. They'll tell us to go to hell first. Is there something about my code you want to talk about?"
Mgr: "<Ugggh>...I guess not, I couldn't get past all that German. Why didn't we go with an American company? Hell, why didn't we just write these components ourselves!?"
Me: "Because you gave a directive that if we found components that saved us time, to put in a request, and you approved the request. The company is American, they probably outsourced or hired German developers. I don't know and not sure why we care."
Mgr: "Security! What if they are sending keystrokes back to their servers!"
Me: "Did you see any http or any network access?"
Mgr: "How could I? The code is in German!"
Monday-Morning-Quarterback1: "If it were me, I would have written the components myself and moved on"
Me: "No, I don't think you could for less than $30"
Monday-Morning-Quarterback2: "Meh...we get paid anyway. Just add the time to the estimate."
Mgr: "Exactly! Why do we even have developers who can't read this mess."
Me: "Oh good Lord! Did anyone review or even look at my code for this review!?"
<silence>
Mgr: "Oh...ok...I guess we're done here. Thanks everyone."
<everyone starts to leave>
Me: "Whoa!...wait a sec..am I supposed to do something?"
Mgr: "Get that company to write their code in English so we can read it. You have their number, call em'...no...wait...give me their number. You keep working, I'll take care of this personally"
In they nicest way possible, the company did tell him to go to hell.18 -
Senior colleagues insisting on ALWAYS returning HTTP status 200 and sticking any error codes in the contained JSON response instead of using 4×× or 5×× statuses.
Bad input? Failed connections? Missing authorization? Doesn't matter, you get an OK. Wanna know if the request actually succeeded? Fuck you, parse potential kilobytes of JSON to get to the error code!
Am I the asshole or is that defeating the purpose of a status code?!15 -
Front end guy: Somethings wrong with your server. My app is crashing.
* proceed to check logs. Everything fine
Me: Ok send me a log, a printscreen something. What calls do you make?
*send a printscreen with a failling 404 request
* You dense motherfucker learn your fucking http status. They are there for a reason😤
3 -
I'm doing a migration where I have to move like 200+ old-old websites. Stuff was never touched for ages and we kinda moved it 'into the cloud' now.
So after a few sites I check graylog (where all the logs are stored) and I saw this gem:
stderr: PHP message: PHP Warning: file_get_contents(http://tinyurl.com/api-create.php/... Online Viagra/): failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request
And I was like, wtf? Is this site hacked?
Ok the sadness starts now. Behold the following:
function getTinyUrl($url) {
$tinyurl = file_get_contents("http://tinyurl.com/api-create.php/...);
return $tinyurl;
}
This function gets executed for the current link AND every dynamic href on the page.. EVERY pageload.
I was not even mad.
3 -
The solution for this one isn't nearly as amusing as the journey.
I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.
They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.
Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.
The brilliant Infosys resources had a bright idea to solve this problem:
- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5
A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.
Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.
So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.
While they're all grandstanding and pontificating, I fire up visual studio and:
- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database
All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.
According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.
#TheValueOfEngineers2 -
So this story is from my University days. I was in the 6th semester back then, studying CS.
My University website was pretty shitty. Basically it was one of those old ass website that said "Best viewed in IE8". Anyway, I was snooping about the website, trying to find some news regarding an event.
I logged into my account, and randomly browsed into the leave request portal. This was a basic HTML form where students could apply for leaves from the classes and see the status of the leaves, if they have been granted or not. I noticed that the link to the request portal from the student login welcome page was actually something like http://univ.com/student/index.php/..., here 1234567 was my student ID. Yep, it was hardcore into the page, and sent as a GET request on being clicked. That was their idea of authentication I guess. I change the student ID to someone else's, and it let me login as that person.
Long story short, I wrote a little python script to login as every person from the starting of student IDs, till the end, then submit a leave request with a random dumb reason like "can't come, at the strip club" or "going for sex change operation". What I did not know was that when a request is submitted, a text message is also sent to the student's guardians phone number. I ran the script.
That day, over 1000 parents received text messages from the University saying that their kids have applied for a leave from random date to random date for some retarded reason. It was a blast. Students were talking about how someone had "Hacked" into the system.4 -
It fucking staggers me how many backend/devops-y people don't understand what a client side "request timeout" is, versus a server side one.
What does it mean:
The client was fed up with the servers bullshit, and decided to piss off and not wait around for the server to take forever to respond, because life's too short.
How not to solve/debug this issue:
- "I've checked the API request in tool xyz, and it works fine for me"
Congratulations, you've figured out how to call an API once, in isolation to the rest of the application, and without any excessive load. And using a different client to me, with a different configuration. Lets get back to actually looking at the issue shall we?
- "I only see HTTP 200's in the logs"
Yep, you probably will in most circumstances, because its the client complaining about it taking too long, not the server. If the server was telepathetic and knew what the client was thinking/doing at all times, we wouldn't have half of the errors we do.
- "Ah ok, I understand ... so how do I solve this?"
Your asking me? I don't fucking know, I didn't build the server! Put better logging in place and figure out why sometimes it takes forever.
Jesus fucking christ14 -
About 18 months ago my non-technical Manager of Applications Development asked me to do the technical interviews for a .NET web developer position that needed to be filled. Because I don't believe in white board interviewing (that's another rant), but I do need to see if the prospective dev can actually code, for the initial interview I prepare a couple of coding problems on paper and ask that they solve them using any language or pseudo code they want. I tell them that after they're done we'll discuss their thought process. While they work the other interviewing dev and I silently do our own stuff.
About half way through the first round of technical interviews the aforementioned manager insisted we interview a dev from his previous company. This guy was top notch. Excellent. Will fit right in.
The manager's applicant comes in to interview and after some initial questions about his resume and experience I give him the first programming problem: a straightforward fizzbuzz (http://wiki.c2.com/?FizzBuzzTest). He looked as if the gamesters of Triskelion had dropped him into the arena. He demurs. Comments on the unexpectedness of the request. Explains that he has a little book he usually refers to to help him with such problems (can't make this stuff up). I again offer that he could use any language or pseudo code. We just want to see how he thinks. He decides he will do the fizzbuzz problem in SQL. My co-interviewer and I are surprised at this choice, but recover quickly and tell him to go ahead. Twenty minutes later he hands me a blank piece of paper. Of the 18 or so candidates we interview, he is the only one who cannot write a single line of code or pseudo code.
I receive an email from this applicant a couple of weeks after his interview. He has given the fizzbuzz problem some more thought. He writes that it occurs to him that the code could be placed into a function. That is the culmination of his cogitation over two weeks. We shake our heads and shortly thereafter attend the scheduled meeting to discuss the applicants.
At the meeting the manager asks about his former co-worker. I inartfully, though accurately, tell him that his candidate does not know how to code. He calls me irrational. After the requisite shocked silence of five people not knowing how to respond to this outburst we all sing Kumbaya and elect to hire someone else.
Interviews are fraught for both sides of the table. I use Fizzbuzz because if the applicant knows how to code it's an early win in the process and we all need that. And if the applicant can't solve it, cut bait and go home.
Fizzbuzz. Best. Interview. Question. Ever.6 -
God damn fucking shit.
Now I know again why I don't do apps.
This is a app as simple as can be:
Enter a link, click a button, do a http request, download a file.
BUT FUCKING HELL WHY ARE YOU SO FUCKING RETARDED ANDROID?!
I'm not familiar with java but i don't care why is this so freaking unintiutiv to get shit done? Why are there thousands of ways and none works or atleast at a easy way? Make an object for this, make an object for that...
THIS IS RETARDED.
In PHP a simple "file_get_contents" would do the job. I were even down for some curl shenanigans if it were an easy implementation. BUT GOD DAMN.
URL url = new URL("http://fuckinghardcoded.com")
Oh no can't compile because that MIGHT be an invalid URL. Ok try catch this or just tell the rest of the Programm to watch out for this bad boy cause he might throw a MalformedURLException.
Ditch that and try volley. Everything is document except how to fire that queue! Does it do that by itself? Do I really have to do an override to a function while declaring? CMON ON I'M A WEBDEV IS THIS TRYING TO DO A FUCKING CALLBACK AND IS THIS TRYING TO BE AN ANONYMOUS FUNCTION??? Why is this so frustrating and confusing? I'm also mad at myself this is dropdead simple shit but I can't get it to work. Fuck this, fuck java , fuck android and fuck myself10 -
Just debugged an angularjs app for 2 hours to find out that I spelled "response" "reponse" as an http get request success callback function argument. I hate my life.5
-
Finally got my nginx config to work properly (it shouldn't work but it does so I'm not fucking touching it).
Request with curl: check, right http code and getting data back properly.
Request with any browser (with and without incognito): right http code, AND ONLY SEEING DATA WHEN I ECHO ANYTHING BEFORE SENDING THE RESPONSE WITH PHP. When I don't echo whatever before sending the response, the browser doesn't see the data but DOES see the http status code.
HOW?!20 -
"I'm almost done, I'll just need to add tests!"
Booom! You did it, that was a nuke going off in my head.
No, you shouldn't just need to add tests. The tests should have been written from the get go! You most likely won't cover all the cases. You won't know if adding the tests will break your feature, as you had none, as you refactor your untested mess in order to make your code testable.
When reading your mess of a test case and the painful mocking process you went through, I silently cry out into the void: "Why oh why!? All of this suffering could have been avoided!"
Since most of the time, your mocking pain boils down to not understanding what your "unit" in your "unit test" should be.
So let it be said:
- If you want to build a parser for an XML file, then just write a function / class whose *only* purpose is: parse the XML file, return a value object. That's it. Nothing more, nothing less.
- If you want to build a parser for an XML file, it MUST NOT: download a zip, extract that zip, merge all those files to one big file, parse that big file, talk to some other random APIs as a side-effect, and then return a value object.
Because then you suddenly have to mock away a http service and deal with zip files in your test cases.
The http util of your programming language will most likely work. Your unzip library will most likely work. So just assume it working. There are valid use cases where you want to make sure you acutally send a request and get a response, yet I am talking unit test here only.
In the scope of a class, keep the public methods to a reasonable minimum. As for each public method you shall at least create one test case. If you ever have the feeling "I want to test that private method" replace that statement in your head with: "I should extract that functionality to a new class where that method public. I then can create a unit test case a for that." That new service then becomes a dependency in your current service. Problem solved.
Also, mocking away dependencies should a simple process. If your mocking process fills half the screen, your test setup is overly complicated and your class is doing too much.
That's why I currently dig functional programming so much. When you build pure functions without side effects, unit tests are easy to write. Yet you can apply pure functions to OOP as well (to a degree). Embrace immutability.
Sidenote:
It's really not helpful that a lot of developers don't understand the difference between unit, functional acceptance, integration testing. Then they wonder why they can't test something easily, write overly complex test cases, until someone points out to them: No, in the scope of unit tests, we don't need to test our persistance layer. We just assume that it works. We should only test our businsess logic. You know: "Assuming that I get that response from the database, I expect that to happen." You don't need a test db, make a real query against that, in order to test that. (That still is a valid thing to do. Yet not in the scope of unit tests.)8 -
Node.JS is great sometimes. Here is my HTTP(s) server script, which is 117 generously spaced lines, including a small database of MIMEs, which serves raw files OR allows you to set up request handlers like the one you see here.
Very, super happy with the outcome.
4 -
So I have seen this quite a few times now and posted the text below already, but I'd like to shed some light on this:
If you hit up your dev tools and check the network tab, you might see some repeated API calls. Those calls include a GET parameter named "token". The request looks something like this: "https://domain.tld/api/somecall/..."
You can think of this token as a temporary password, or a key that holds information about your user and other information in the backend. If one would steal a token that belongs to another user, you would have control over his account. Now many complained that this key is visible in the URL and not "encrypted". I'll try to explain why this is, well "wrong" or doesn't impose a bigger security risk than normal:
There is no such thing as an "unencrypted query", well besides really transmitting encrypted data. This fields are being protected by the transport layer (HTTPS) or not (HTTP) and while it might not be common to transmit these fields in a GET query parameter, it's standard to send those tokens as cookies, which are as exposed as query parameters. Hit up some random site. The chance that you'll see a PHP session id being transmitted as a cookie is high. Cookies are as exposed as any HTTP GET or POST Form data and can be viewed as easily. Look for a "details" or "http header" section in your dev tools.
Stolen tokens can be used to "log in" into the website, although it might be made harder by only allowing one IP per token or similar. However the use of such a that token is absolut standard and nothing special devRant does. Every site that offers you a "keep me logged in" or "remember me" option uses something like this, one way or the other. Because a token could have been stolen you sometimes need to additionally enter your current password when doings something security risky, like changing your password. In that case your password is being used as a second factor. The idea is, that an attacker could have stolen your token, but still doesn't know your password. It's not enough to grab a token, you need that second (or maybe thrid) factor. As an example - that's how githubs "sudo" mode works. You have got your token, that grants you more permissions than a non-logged in user has, but to do the critical stuff you need an additional token that's only valid for that session, because asking for your password before every action would be inconvenient when setting up a repo
I hope this helps understanding a bit more of this topic :)
Keep safe and keep asking questions if you fell that your data is in danger
Reeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee5 -
THE FUCK WHY did the company which made the website I'm maintaining now ADD CUSTOM FACEBOOK LIKES AND TWITTER FOLLOWER WIDGETS - IN A SUBDIRECTORY OF THE THEME?
Guess what, you motherfuckers: One year after you made that damn page the Facebook API changed and your stinking widget is broken REQUIRING ME TO REWRITE MOST OF IT!
Also WHO THE FUCK LEFT HIS BRAIN ON HIS BEDSIDE TABLE the day he decided to HARDCODE ASSETS WITH AN http:// (no tls) URL? YES, browsers will block that shift if the website itself is delivered over tls, because it's a GAPING SECURITY HOLE!
People who sells websites that have user management and thus request authentication without AT LEAST OFFERING FUCKING STANDARD TLS SHOUD BE TARRED AND FEATHERED AND THEN PUT IN A PILLORY IN FRONT OF @ALEXDELARGE'S HOUSE!
Maybe I should be a bit more thankful - I mean I get payed to fix their incompetence. But what kind of doctor is thankful for the broken bones of his patient?9 -
Just updated my nodejs http handler.
- You can match request paths via regex now
- Serve paths can be relative or absolute now
- Still 0 dependencies
https://npmjs.com/package/...
3 -
Frontend dev: Hey, could you break HTTP conventions and change the API so I don't have to manage the context of the request?8
-
I miss the good times when the web was lightweight and efficient.
I miss the times when essential website content was immediately delivered as HTML through the first HTTP request.
I miss the times when I could open a twitter URL and have the tweet text appear on screen in two seconds rather than a useless splash screen followed by some loading spinners.
I miss the times when I could open a YouTube watch page and see the title and description on screen in two seconds rather than in ten.
I miss the times when YouTube comments were readily loaded rather than only starting to load when I scroll down.
JavaScript was lightweight and used for its intended purpose, to enhance the experience by loading content at the page bottom and by allowing interaction such as posting comments without having to reload the entire page, for example.
Now pretty much all popular websites are bloated with heavy JavaScript. Your browser needs to walk through millions of bytes of JavaScript code just to show a tweet worth 200 bytes of text.
The watch page of YouTube (known as "polymer", used since 2017) loads more than eight megabytes of JavaScript last time I checked. In 2012, it was one to two hundred kilobytes of HTML and at most a few hundred kilobytes of JavaScript, mostly for the HTML5 player.
And if one little error dares to occur on a JavaScript-based page, you get a blank page of nothingness.
Sure, computers are more powerful than they used to be. But that does not mean we should deliberately make our new software and website slower and more bloated.
"Wirth's law is an adage on computer performance which states that software is getting slower more rapidly than hardware is becoming faster."
Source: https://en.wikipedia.org/wiki/...
A presentation by Jake Archibald from 2015, but more valid than ever: https://youtube.com/watch/...
34 -
This stupid crap is pissing me off.
I write a quick blob of code that performs an http request with custom headers and writes the response to a file. easy squeezy. Everything works.
I abstract it into a class and add request building and stages (enjoayble!), and have one method make the response, read its body, and write to a file. I literally copy/pasted most of my existing code into the method and indented it. The only changes were updating var names to instance vars.
But now? It's complaining something is trying to read the request body twice, and it's throwing a fit. What? How? You were just working!
asfklasjdf;l8 -
Gaming community of mine launched their slick new website with their new "ticket system" where people could put in tickets to get help by volunteers.
2 hours and an approval by one of the admins later I managed to inject forge http request into literally every form on that side. Modify permissions, delete users, edit tickets, put invalid values into every attribute of them... In other words break everything.
Turns out the whole thing was coded as a first time project by a person who has no clue about web development and noone is in charge of anything really. There are no requirements, no beta testing, no version control or backups, but at least they had a hard deadline. 🤣
Still not sure if I wanna fix their shit and do it properly or just enjoy seeing it crash and burn.5 -
“Fullstack dev morphs into a security expert”
We have a simple user registration system. Get the user details, generate an OTP, save in Oracle, email the OTP. The SMTP host is configured to send emails only to people who have an existing @a_very_famous_bank.com email address.
As a part of an enhancement request, the other day, we were trying to register a non-bank email address. As expected, it failed.
Manager: Meeting... meeting... meeting
Me: (Explained the problem)
Fullstack dev: so the thing is.. it’s like.. (doesn’t falter to open with these lines)...what I can do is...I can send you an HTTP security header in the HTTP request. It’ll work!
Me: (I hope an adult giraffe fucks you in your belly button)
More to come!3 -
Right, I've been here before.
Our app requires an internet connection, and one of our clients wants to roll it out on a strictly managed network.
We told them which addresses our app communicates with and their network team opened them up for traffic. Should work, right?
Nope, doesn't work.
So I request them to use Fiddler to do some debugging of the network traffic, and lo and behold, it does work when Fiddler is active.
One important detail is that Fiddler uses it's own SSL certificate to debug HTTPS communications. I've had moments where expired certificates were the cause of things not working and running Fiddler "fixes" this because of their own certificate.
So I point this out in numerous mails to their network team, every time I get a response saying "nah, that can't be it".
I keep insisting "I have had this before, please check if any installed Root CA Certificates is expired"
At this point I'm certain they have updates turned off on these machines, and their certificates must not have been updated for a long time.
At one point they come back to me. "Hey, when Fiddler is off, WireShark shows the app communicating with ICMP calls, but when it's on it shows HTTP calls instead".
...YOU'RE THE SUPPOSED NETWORK EXPERTS?! You think data can be send via ICMP? Do you even know what ICMP is? Of course you'll see ICMP calls when the network is rejecting the packages instead of HTTP calls when everything's fine.
(ICMP is used to communicate errors)
I'm trying to keep my patience with these guys until they find exactly what's wrong because even I am somewhat grasping at straws right now. But things like this makes me doubt their expertise...6 -
> raw http request injected in the model
> 400 lines long method, followed by three 300 lines long methods
> no autocomplete, no comments
> code called by the whole application, I mess up once there's at least 150 other components that might break
> no documentation, no tests
> pyramid of doom, 13 levels of indentation
Those are the same people getting all puffed up because the cat dared to sit on my shoulder during a call. Management focused on the real fucking problems, no doubt.4 -
Story time
I really love helping and teaching others about code. Recently I had a friend that wanted to get into web development. Being me, I told him that i would teach him all he wants but that he needs to do some research first to show me that he feels comfortable with as a minimum requirement. I told him to research the minimum technologies required to build a web page and to tell me about the request response cycle and stuff like that. When he came back I was expecting small explanations such as "html stands for bla bla and is used for bla bla".No. this dude comes back all proud to tell me about flipping Laravel. I sit there quietly listening to him go on about the "Laravel programming language". He likes anime, I like kendo (and have trained in it) so while he is talking I slowly move us into the part of my office where I keep my boken (wodden sword). As soon as he sees me sitting down with the sword he asks what am i doing with it.
"Well, remember when in some anime that you like you see teachers beating their studets over stupid shit?"
"What?"
..."WHAT DOES HTTP STANDS FOR?"
"The...the err the web language that.. er"
BOINK
"what is javascript?"
"Like the updates thing?"
HARDER BOINK
:) guarantee he wont forget what http is after that and what js and Laravel are from now on :) needless to say he will continue learning with much more care.
Coding dojo for real mofockas, ya dig?3 -
Boss: "So I'm taking the next week off. In the mean time, I added some stuff for you to do on Gitlab, we'd need you to pull this Docker image, run it, setup the minimal requirement and play with it until you understand what it does."
Me: "K boss, sounds fun!" (no irony here)
First day: Unable to login to the remote repository. Also, I was given a dude's name to contact if I had troubles, the dude didn't answer his email.
2nd day: The dude aswered! Also, I realized that I couldn't reach the repository because the ISP for whom I work blocks everything within specific ports, and the url I had to reach was ":5443". Yay. However, I still can't login to the repo nor pull the image, the connection gets closed.
3rd day (today): A colleague suggested that I removed myself off the ISP's network and use my 4G or something. And it worked! Finally!! Now all I need to do is to set that token they gave me, set a first user, a first password and... get a 400 HTTP response. Fuck. FUCK. FUUUUUUUUUUUUUUUUUUUCK!!!
These fuckers display a 401 error, while returning a 400 error in the console log!! And the errors says what? "Request failed with status code 401" YES THANK YOU, THIS IS SO HELPFUL! Like fuck yea, I know exactly how t fix this, except that I don't because y'all fuckers don't give any detail on what could be the problem!
4th day (tomorrow): I'm gonna barbecue these sons of a bitch
(bottom note: the dude that answered is actually really cool, I won't barbecue him)5 -
Fucking shit, this university's website is so damn slow! Basically Every Semester, every student need to enroll to certain classes in University Website.
But the Infrastructure is not enough to handle such a big amount of students, we have approx. 7000 students enrolling at the same fucking time.
And here i am can't enroll to any class at all this semester. Fuck such a waste of time. This always been a thing since they digitalize enrolling system.
I don't want this to happen again. The student always be a victim since they cannot handle the request. Now, as a dev, i want to propose something better to optimize the server, i have some connection to pass some bureaucracy. I am going to do some brainstorming and I will need some solution.
Here some data i gather when i am mad from my univ infrastructure division :
1. The Server is a simple Local Server Forwarded to the Internet.
2. The Server use Windows Server 2007.
4. Web Server Using Microsoft IIS
3. The Website built using ASP.NET
4. The connection is not SSL encrypted (yes its fucking use the http)
5. Hardware Spec (not confirmed officialy, i got this information from my professor) :
- Core i5 4460
- 4 GB Ram
- 1 Gbit NIC
I will summon some expert here and i hope want to help me(us all) out.
24 -
TIL how to mess with your neighbors who steal your wifi.
Simple, just turn everything they request upside down.
http://ex-parrot.com/~pete/...5 -
> Hi xx team, we are getting 500 errors from your api. Here's http request and resp.
< hi, we are calling yy team's api http://yy.Com?/api/yyy and it does not respond in 3 minutes, so we treat this as an esockettimeout. Please reach out to yy team
> hi yy team, can you assist us?
< hi, please provide request, url and response you're getting from us
> yy, all this info is in this very mailtrail
< hi, I cannot see request nor response anywhere
> [screenshot w/ highlighted "http://yy.Com?/api/yyy" and "and it does not respond in 3 minutes". Please read through this email thread, it has all the info
< hi, I need request and response to investigate this issue. Esockettimeout is not our error
<wtf are you smoking???>7 -
Who the fuck uses http code 200 for a failure. Seriously have you ever heard something about a need to parse the shit you're returning...
Now I don't know whether it's me who's wrong, but man there are more than 80 different codes defined so there really should be something for you, don't you think?
And don't give me shit like "well the request worked so we return 200 it's only that the request wasn't correct". What for a fucking peace of something are you... Those codes are for that exact reason.
Anyways I'm going to parse the shit with string compare and afterwards kill myself out of shame. Whish me luck...
4 -
Apparently DELETE and... most of the HTTP verbs are disabled by default in IIS (ASP/ MVC/ Microsoft server software)
Am I wrong in saying that's fucking bullshit?!
Why make an HTTP serving environment with a massive array of tools to help you do everything you need in the web environment... And then DISABLE some of the web protocol??? What???
Not even the obscure verbs. DELETE. Is microsoft the type of bitch to delete using a GET request?? I bet the send passwords as get parameters.8 -
Today I spent 25 minutes explaining to this dev that there’s no way that a http request can access directly to an ftp server and retrieve a file.
A dev with 4 years of experience...17 -
Oh boy, this is gonna be good:
TL;DR: Digital bailiffs are vulnerable as fuck
So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:
The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.
So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!
This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.
I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.
Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!
Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...
The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.
But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.
So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)
So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"
So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones6 -
NO, YOU ABSOLUTE DISGUSTING GREMLIN OF A JS HTTP CLIENT, I DON'T WANT YOU TO "JsOn.StRiNgiFy" MY PAYLOAD OR DOING ANY WEIRD SHIT
I NEED TO SEND THIS THING EXACTLY AS IT'S WRITTEN, STOP TRYING TO GUESS WHAT I'M TRYING TO DO I'M A DEV WITH SOME 7 YEARS OF EXPERIENCE WRITING CODE, I'M SENDING A STRING CUZ I NEED TO SEND A STRING2 -
I type the YouTube URL at the address bar already with the q parameter with what I want to search to save one HTTP request.4
-
http requests
literally the bread and butter of any software engineer building applications, you would ASSUME they know what they are doing...
and you're gonna write a seperate http get and post function for every type you have?
apparently stuff like this that is written by "senior" developers? you don't even have a basic understanding of software...
i'm won't do it that way, becuase i'm an adult, not a child
what i'm going to do is write a HTTP request util function that can be used for any type and HTTP verb. DRY, single responsibility, etc.
imagine making the http request itself a responsibility coupled to the type 😂😂😂😂
get a clue and come back later
i can't tell anymore if my thoughts are so outlandish compared to everyone else that no one understands them, or if i've been doing this so long that i just immediately understand what needs to be done and don't know how to explain it to anyone else anymore (or take the mental effort to)
peace out
oh P.S.: imagine thinking the SOLID principles are only applicable to OOP
stay safe out there folks, its getting more painful every day
8 -
Just started using the Dropbox API. Want to do a simple directory listing of my files. Sends HTTP GET request at https://api.dropboxapi.com/2/files/....
"Error in call to API function "files/list_folder": Your request's HTTP request method is "GET". This function only accepts the HTTP request method "POST"."
What. The. Fuck. Dropbox.
HTTP POST is for creating a new instance of a resource. HTTP GET is for reading. GET guarantees server state is not changed while POST does not. I want to fucking list a directory, not put stuff in it.1 -
If an http request can't perform the requested operation, should server send 500 error code? Or 200 with status and status message in response?
Isn't 500 used only for unhandled exceptions on server side?11 -
API Documentation: All API request should be made over https connections.
Me: Ok, (sees url bar), SECURE, good!
(sees curl code)
curl -X GET 'http://shittyapi.com/api/v2/users'
Me: (gasps) huh?
(heads to http://shittyapi.com/api/v2)
Me: Ok, (sees address bar) NOT SECURE
.
.
.
.
.
(long silence)5 -
Can someone help me settle an argument with a coworker?
So let's say there is a REST interface that returns a PDF representation of an resource...but it requires the authorization header in order to authorize that you have access to the document in question.
And let's say there is a link on the page that redirects to this endpoint to serve up the document. He thinks you can add a header to the HTTP request that goes out when you click on the link (a regular old anchor tag) with onclick without making an xhr call.
I told him that you would have to use an xhr call to add headers, and that even then you would receive a byte stream back, which without using a blob and an object url or a data uri you wouldn't be able to display it in a new tab or start a download.
Regardless he went on to tell me I was wrong. The next day he said he had done it. I asked him to show me, and he said "oh it's at home", and then proceeded to ridicule me in front of my architect. He always pulls this one up's man ship bullshit and I hate it. And I am pretty sure he's wrong.10 -
That moment when returning correct HTTP status codes from an API become a feature request 😒
For the meantime I will need to deal with endpoints returning status 200 for everything, and status 500 when the service crash. 🤦🏼♂️4 -
When you do some researchs on the net, you may not find all the answers, but there are definitely a lot of questions..
-
Sorry, need to vent.
In my current project I'm using two main libraries [slack client and k8s client], both official. And they both suck!
Okay, okay, their code doesn't really suck [apart from k8s severely violating Liskov's principle!]. The sucky part is not really their fault. It's the commonly used 3rd-party library that's fucked up.
Okhttp3
yeah yeah, here come all the booos. Let them all out.
1. In websockets it hard-caps frame size to 16mb w/o an ability to change it. So.. Forget about unchunked file transfers there... What's even worse - they close the websocket if the frame size exceeds that limit. Yep, instead of failing to send it kills the conn.
2. In websockets they are writing data completely async. Without any control handles.. No clue when the write starts, completes or fails. No callbacks, no promises, no nothing other feedback
3. In http requests they are splitting my request into multiple buffers. This fucks up the slack cluent, as I cannot post messages over 4050 chars in size . Thanks to the okhttp these long texts get split into multiple messages. Which effectively fucks up formatting [bold, italic, codeblocks, links,...], as the formatted blocks get torn apart. [didn't investigate this deeper: it's friday evening and it's kotlin, not java, so I saved myself from the trouble of parsing yet unknown syntax]
yes, okhttp is probably a good library for the most of it. Yes, people like it, but hell, these corner cases and weird design decisions drive me mad!
And it's not like I could swap it with anynother lib.. I don't depend on it -- other libs I need do! -
Why do people still use both curl or wget? There's httpie and it's awesome!
http PUT your-host.com header-name:value parameter=value
Profit!
And it formats the response for json without jq. It will just show binary for binary content and you download by adding the download flag.
Yet why is curl still the default!?4 -
GWT.
Let me explain:
Tl;dr : someone fucked up, I took shit, it was a gwt project. In a sense I don't hate GWT because of the framework itself but because how I was introduced and forced to "work" with it.
Context:
Was working as a paid intern at a small company there were 3 devs 2 interns and one senior employee that only worked from home handling the shit ton of legacy VB6 code he wrote over several year and a boss with no technical knowledge. (Other unimportant people as well)
I was working with their DBA (cool dude) because I was writing statistic and report generating software.
Story:
The other intern was tasked of doing a gwt app that was supposed to use a input file.
Rather than asking the user to upload it with a file picker (I guess they exist in gwt I didn't got to dig in the framework) he was trying to load the file with a http request directed at the same host the app was running on.
It did not work.
Then his contract was other and the app was left in an unfinished state.
The boss then tried to have the app deployed, the remaining dev dodged the bullet invoking some bullshit because he was clearly incapable of doing it.
So it fell on me, couldn't deploy the app because it was not even close to working.
Tried to fix things and make it work.
Turns out he thought it would take me 3h to deploy when I clearly explained that the other guy didn't finish the app.
Boss got mad, threatened to ruin my studies and my future career.
Couldn't because my uni had my back.
Didn't want to see me anymore.
Couldn't break my contract.
Told me to work from home for the end of my internship.
I got 3 weeks early vacation and got paid, fuck him, fuck GWT, fuck his company.
Still got well marked for the internship as my supervisor was the DBA who was happy with my work.
Morality:
Don't let your intern unsupervised, don't let your main dev work from home when you don't know shit, don't piss me off and send me work from home. -
(Long post)
ARE YOU SERIOUS??
I never really used Facebook but I did use Instagram until around a month ago when GDPR kicked in and they asked every user about their age. For shits and giggles I entered "1 year old" which was followed by the app crashing every time I open it and on the web site a message like this:
"You are too young to use Instagram. You will have 14 days until your account gets deleted. If you think we made a mistake you can send us your personal id."
As if I sent anything personal to FB on purpose! Then so it be, I said. I downloaded my data (images and account details) and after two weeks I couldn't login anymore and I checked on a friend's phone within Instagram: My account was gone.
NOW LOOK WHAT I GOT TODAY:
A NEWSLETTER from Instagram! "Check out new posts by X, Y and 8 others!"
Now, these aren't new... I would get these emails when I havent logged in for a while. But seriously? My accounts should be GONE!
Sooo I logged in again. And when I tried I got this (freely translated):
"Apparently, you requested to delete this account. For more information, visit the help area: http://help.instagram.com/ (403) (/accounts/login/ajax/)"
So that's it. Yeah sure, "deleted". I didn't request the delete, Instagram did so on it's own. So it doesn't even listen to it's own commands...
Guys, where is this world heading5 -
It is not on production anymore, but it was for long enough. Someone thought it would be a great idea to be able to debug a web app while signed in as a user reporting a problem. How to do it? It's easy. Just check on every request if magic HTTP parameter SIGN_IN_AS=id is present and if it is, sign in as this user. Of course, it worked also with admin account with hard-to-guess id=1.1
-
I used to be a sysadmin and to some extent I still am. But I absolutely fucking hated the software I had to work with, despite server software having a focus on stability and rigid testing instead of new features *cough* bugs.
After ranting about the "do I really have to do everything myself?!" for long enough, I went ahead and did it. Problem is, the list of stuff to do is years upon years long. Off the top of my head, there's this Android application called DAVx5. It's a CalDAV / CardDAV client. Both of those are extensions to WebDAV which in turn is an extension of HTTP. Should be simple enough. Should be! I paid for that godforsaken piece of software, but don't you dare to delete a calendar entry. Don't you dare to update it in one place and expect it to push that change to another device. And despite "server errors" (the client is fucked, face it you piece of trash app!), just keep on trying, trying and trying some more. Error handling be damned! Notifications be damned! One week that piece of shit lasted for, on 2 Android phones. The Radicale server, that's still running. Both phones however are now out of sync and both of them are complaining about "400 I fucked up my request".
Now that is just a simple example. CalDAV and CardDAV are not complicated protocols. In fact you'd be surprised how easy most protocols are. SMTP email? That's 4 commands and spammers still fuck it up. HTTP GET? That's just 1 command. You may have to do it a few times over to request all the JavaScript shit, but still. None of this is hard. Why do people still keep fucking it up? Is reading a fucking RFC when you're implementing a goddamn protocol so damn hard? Correctness be damned, just like the memory? If you're one of those people, kill yourself.
So yeah. I started writing my own implementations out of pure spite. Because I hated the industry so fucking much. And surprisingly, my software does tend to be lightweight and usually reasonably stable. I wonder why! Maybe it's because I care. Maybe people should care more often about their trade, rather than those filthy 6 figures. There's a reason why you're being paid that much. Writing a steaming pile of dogshit shouldn't be one of them.6 -
When some other team wants to blame us because they're getting a HTTP Status Code 0....
That's not even a valid status... IT MEANS YOU ABORTED THE REQUEST AND KILLED THE CONNECTION...
OH STILL OUR FAULT... WELL DO U KNOW ABOUT NETWORK ISSUES AND SERVER OVERLOADING WHEN U SPAM IT WITH TOO MANY REQUESTS?
OH YOU RETRIED? HOW DID YOU RETRY? BETTER NOT BE SPAMMING US WITH MORE REQUESTS...
EVER HEARD OF TCP/IP BACK OFF LOGIC....4 -
!rant
Request for DevRant android app:
Currently when I tap a rant on the feed I am greeted by an empty screen while it is loading all details. Usually I am on a slow mobile connection so this can take quite a while.
My suggestion is to load the rant text (and image) which you already have from the feed view into the newly created single rant view. This way I can already read and inspect the rant while loading the details.
One objection to this might be the truncated rants. However, when I checked the api when developing http://jsRant.com it turned out that the feed response isn't truncated at all. This is a ui thing, meaning that my suggestion could be implemented fully in the app without backend changes.
Please consider this suggestion @dfox or @trogus since it would make the app a lot more user friendly for those with a slow connection.4 -
Head of technical team thinks it's a best practice to include stringified JSONs in the HTTP GET request parameters...3
-
I just learned the concept of this thing called REST API and now here's GraphQL showing up on me face. Mother fucking web development hell. BRB. KMS4
-
There's this Senior Developer here at the company I work for, and every single project he works on (usually APIs), the return status codes are always 400 when there is an error.
How do I tell him there are over 60 status codes?2 -
I once wanted to participate in a free activity that requires signing up for a crappy website.
Unfortunately all spots for the activity I wanted were filled, so I gave it a few minutes and it turned out that the registration is done by sending an HTTP request to a domain with all of the details. So I changed the activity details and selected the hours I wanted and boom - "Thanks for signing up with our site, did you like it ?" Yes.😈 -
Ok so I have done some work with crypto currency mining pools and recently a client requested for me to make a splash page that showed data from multiple instances of these pools APIs. I went to find some documentation for this open source api and to my surprise there is none. I thought of querying the public API from the clients side and it worked, however it's so slow that the data shows up roughly 20 seconds after the page loads.
Easy fix right? Make a PHP server get the data every 5 seconds, cache it and serve the data with the page and use a websocket for live updates! Until I found out that there is no practical way in this garbage framework to get the damn API data without making an HTTP request or mutilating the original source code. I'm so done with this garbage framework. It literally loads pages based on a page and action parameter on the index.php. I quit.1 -
Father of a monkey-whoring, succulent dick ass fuck, ever heard of minding your own business? I don't care if you are the FUCKING CFO or whatever the fuck you are, don't fuck with the fucking code. Don't try to come up with your own cum-gargling explanation if an HTTP request results in a FUCKING 503.
You goat-fucking piece of cunt-shit of a fuck. FUCK FUCK FUCK FUCK!4 -
Just got a Google Home. I'm very impressed with it, there's just so many possibilities with it. I just found out I can trigger a HTTP request using my voice (!). So now I need to find out good use cases and build a server.
Ideas?7 -
SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.
-------------------
Hello [X],
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?
2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:
error=1&message=Authentication+failure....processing+stopped
NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.
Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
-----
This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.
2 -
Question: tl;dr: looking for an open source bug tracking tool, or one that's affordable for small freelancers.
I'm working as freelancer with a client on a project and currently all the bugreporting/feature request/information/discussions/and other stuff happen by Telegram (not my first choice but hey, you know clients).
It happend twice, that I forgot about the specs of a feature we discussed briefly, because there was to much going on and I wasn't able to find it. So the next logical step would be to get a bugtracker.
So far my favorite would be http://www.redmine.org/
Does any one of you have good or bad expirience with it? Would you recommend something else, if so what and why? Other stuff I should consider?6 -
That moment you call a php curl script to download files handed to it from a python script because the http request in python somehow get blocked by corporate bullshit, but you also need access to MS products for this script to work, which you can't do in PHP.
# FML
# Corporate "Security" is bullshit
# Fail, Adapt, Overcome9 -
The moment you realize that you have successfully beaten reality with your unit-tests...
There are unit-tests for ...
... the api returning a 408 Http StatusCode when an internal request times out.
... the react app take this status-code and fires an action to display a specific error message for the user.
Every bit of code runs just fine.
Deploy this hell of an app on the server. Dandy Doodle.
Do a smoketest of the new feature.
FAIL!
Chrome starts to crumble during runtime. The api Request freezes.
Firefox takes the 408 api response but fails to interpret it in react app.
So I began to wonder, what the hell is going on.
Actually I recognized that I had the glorious idea to return a clientside error code in a serverside api response.
Glorious stupidity :/
Finally I fixed the whole thingy by returning an 504 (Gateway timeout) instead of 408 (Clientside timeout)
Cheers!2 -
*laughing maniacally*
Okidoky you lil fucker where you've been hiding...
*streaming tcpdump via SSH to other box, feeding tshark with input filters*
Finally finding a request with an ominous dissector warning about headers...
Not finding anything with silversearcher / ag in the project...
*getting even more pissed causr I've been looking for lil fucker since 2 days*
*generating possible splits of the header name, piping to silversearcher*
*I/O looks like clusterfuck*
Common, it are just dozen gigabytes of text, don't choke just because you have to suck on all the sucking projects this company owns... Don't drown now, lil bukkake princess.
*half an hour later*
Oh... Interesting. Bukkake princess survived and even spilled the tea.
Someone was trying to be overly "eager" to avoid magic numbers...
They concatenated a header name out of several const vars which stem from a static class with like... 300? 400? vars of which I can make no fucking sense at all.
Class literally looks like the most braindamaged thing one could imagine.
And yes... Coming back to the network error I'm debugging since 2 days as it is occuring at erratic intervals and noone knew of course why...
One of the devs changed the const value of one of the variables to have UTF 8 characters. For "cleaner meaning".
Sometimes I just want to electrocute people ...
The reason this didn't pop up all the time was because the test system triggered one call with the header - whenever said dev pushed changes...
And yeah. Test failures can be ignored.
Why bother? Just continue meddling in shit.
I'm glad for the dev that I'm in home office... :@
TLDR: Dev changed const value without thinking, ignoring test failures and I had the fun of debunking for 2 days a mysterious HAProxy failure due to HTTP header validation... -
CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.
Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.
What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.
Can anyone give REAL examples when CORS can really protect from anything?33 -
When McDonald's janitors are writing code...
Dev1: *creates a MR*
Code: for each HTTP request do
// stuff
Executors.newFixedThreadPool(validators.size()); // effectively meaning will start 7 new threads for each incoming request
// other stuff
Dev2: ^^ ??? Fix that shit. This will cause performance problems.
Dev1: *updates the code*
Code:
// stuff
int THREAD_NUMBER = 10;
Executors.newFixedThreadPool(THREAD_NUMBER);
// other stuff
Everyone: 🤦♂️🤦♂️🤦♂️🤦♂️
Can I BE facepalming any more?4 -
So... our software is... really old. Part of it was built 20 years ago in Delphi 6 and is still used to this day. It's an automation tool, which supports some scripting... In WSH. Meaning, it only supports JScript (that's right, not javascript, just JScript, the 1998 version), VBScript, and through the use of activex, Python or Perl.
And even our *newer* software, built a couple years ago, just released an update where the HTML rendering engine was updated... to Gecko 38, the version from 3 years ago. And the JavaScript engine is Rhino, the "old" one now replaced by Nashorn a few years back, and barely updated since.
But... there is *some* light on the horizon. The very newest automation tool now has a new plugin, which is based in NodeJS. Having just installed this newer version, I looked in the files to find the nodejs.exe executable... to find that it's on version 8.9.4. Ok it's not precisely the "latest" version, but knowing the history of development for these things I almost expected node 0.10.
It's great news in all this ancient technology I have to deal with. When's the *last* time you made an HTTP request using this code?
var http = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
http.open('GET', 'http://example.com/', false);2 -
@dfox @trogus: feature request: in iOS 10.3, a feature was added where you can customize the app icon on the home screen (see http://theverge.com/2017/3/...). Can DevRant have our avatar as our icon?4
-
Reading about micro services and they sort of sound like mini APIs wrapped by individual HTTP servers.
But if all the APIs need to send requests to each other wouldn't the overhead from just making the connections for each request add up and be huge?2 -
I would like to call out the moron who decided to control docker through HTTP when the maximum time the server can take to finish the task is longer than the HTTP timeout.
If you expect things might time out, you don't use a HTTP request. You use a resource and poll it, or Websockets, or possibly SSE.
Shoehorning your API into a frame that obviously doesn't fit doesn't help anyone. Just admit that you don't know what HTTP is and use a regular TCP socket with regular pings.2 -
Stack Overflow people have profound buffallo bullcrap on their skulls, they are some software engineers who have fucked COBOL and BASIC, probably somewhere like NASA, just pondering out where someone post a question. They're probably some etilist cult banging a prostitute while delivering that awful downvote imitating the slap they give the chick during sex. They desire questions such as
"RANDOM_fuck_module_Abdul.method() not working in python" or "how to dock the dock by undocking" (tagged: AWS). Not things like "why does the audio tag not work in a PC but works in w3school tester?" or a genuine programming question. Fuck.
We don't tail recurse or loop abc for k in godfuck loops, huh? We make simple things as: a form, a http request to dell.
I hope there penises get rotten in the hell. Period.
this is just a part of SO.13 -
Had to extend the platform of a customer. For one part of my task (generating an encrypted string) there already was a class with encryption and decryption methods. This class is used in a gazillion places all over the code, so I thought it might be a good idea to re-use already existing stuff... Until I saw that the encryption method using basic Java methods (all fine with that) wrapped in a try-catch block, 'cause the Java methods may throw, returning err.getMessage() in the catch block...
Yeah...sure...makes sense... Instead of throwing an error or returning null just remove the possibility to handle the error.
So I decided to basically copy the methods and return null so I can work with that.
Created a merge request and was told by another dev of that company to remove my own impelemtation of the encryption method and use the already existing. Arguing that I won't have a possibility to prevent my code, that returns an URI containing the encrypted string, from generating something like "http://..../Encryption failed because of null" without success.
So I had to use the already existing crappy code...5 -
> be me
> recruiter: *sends a LinkedIn request with a message, I saw your profile, you're quite proficient in javascript and jQuery, do you want to work with us with cutting edge meteorjs stack*
> me : *the fuck ?! I don't even know that library exists, replies anyway for a call*
> me:...okay I'll call before I come in
> me: *quick look on their website which is built on meteorjs, fucking beautiful*
> me: *opens console out of curosity*
> me: holy shit, what the fuck? they're loading jQuery 1.1.2 over HTTP and website is on HTTPS, top of that they are loading jQuery libraries before jQuery.
> me : *reports to the recruiter*
> recruiter: thanks, we'll look into it
> ???
> profit
and I don't plan to work a place like that3 -
Sharing a first look at a prototype Web Components library I am working on for "fun"
TL;DR left side is pivot (grouped) table, right side is declarative code for it (Everything except the custom formatting is done declaratively, but has the option to be imperative as well).
====
TL;DR (Too long, did read):
I'm challenging myself to be creative with the cool new things that browsers offer us. Lani so far has a focus on extreme extensibility, abstraction from dependencies, and optional declarative style.
It's also going to be a micro CSS framework, but that's taking the back-seat.
I wanted to highlight my design here with this table, and the code that is written to produce this result.
First, you can see that the <lani-table> element is reading template, data, and layout information from its child elements. Besides the custom highlighting code (Yellow background in the "Tags" column, and green gradient in the "Score" column), everything can be done without opening even a single script tag.
The <lani-data-source> element is rather special. It's an abstraction of any data source, and you, as a developer can add custom data sources and hook up the handlers to your whim (the element itself uses the "type" attribute to choose a handler. In this case, the handler is "download" which simply sends a fetch request to the server once and downloads the result to memory).
Templates are stored in an html file, not string literals (Which I think really fucks the code) and loaded async, then cached into an object (so that the network tab doesn't get crowded, even if we can count on the HTTP cache). This also has the benefit of allowing me to parse the HTML templates once and then caching the parsed result in memory, so templates are never re-parsed from string no matter how many custom elements are created.
Everything is "compiled" into a single, minified .js file that you include on your page.
I know it's nothing extraordinary, but for something that doesn't need to be compiled, transpiled, packaged, shipped, and kissed goodnight, I think it's a really nice design and I hope to continue work on it and improve it over time
1 -
Today I have created a server application on Python Tornado which can forward TCP Packets directly to HTTP request queue without any intermediate caching.
Our remote IOT devices (microcontrollers with sensors attached) send sensor reading over TCP Socket to our server and all the connected web applications can show the data instantly using long polling and the above mentioned technique.1 -
Today I wasted hours trying to do a HTTP POST request by using a query string in the URL. After some hours I realised what I was doing wrong. I'm so stupid.2
-
I was having fun with GPIO recently. Now I have an RGB LED flashing in my room when my alarm clock starts ringing.
Android App sending HTTP Request when Alarm has been triggered, php starts a bash script (was too lazy to do it in php). Bash script does its job for 10 seconds. -
An asynchronous service in android which sends an Http request to a webpage to store its content every 3 seconds regardless of its response, and runs forever?
What the fuck where you thinking. You just killed my phone!!2 -
So, today a developer from a web app consuming our services requested to fix a 429 http error code (too many requests) they are seeing. The request is on an email with our managers cc'ed4
-
I'm developing an app for a not so mobilefriendly website.
I do not coorporate with the webmaster, yet, so I need to sort of reverse engineer my way around everything (basically just one feature.. xD).
It's a website for people who likes to fish, and they *have* to submit their catches. So, when people submit their catches via the form and click "Submit", the URL they are sent to goes like
http://url.tld/submit_catch.asp/...
I can't figure out if that is a POST request, or what it is.
Somehow, I need to submit a catch from the Android App, and all I currently got is that URL.
What do I need to look into to solve my issue here? Any help appreciated :)22 -
Wrote a whole http request script to do direct calls to google woth the whole oauth, which where successfull, and after all this work the request responds with a fuck you, the account does not exists response. Apparently it does not give authorization for service accounts and i will be forced to use the google api request to make this fucking thing work. Fuck google.
-
Today I spent 9 hours trying to resolve an issue with .net core integration testing a project with soap services created using a third party soap library since .net core doesn't support soap anymore. And WCF is before my time.
The tests run in-process so that we can override services like the database, file storage, basically io settings but not code.
This morning I write the first test by creating a connected service reference to generate a service client. That way I don't need to worry about generating soap messages and keeping them in sync with the code.
I sent my first request and... Can't find endpoint.
3 hours later I learn via fiddler that a real request is being made. It's not using the virtual in-process server and http client, it's sending an actual network request that fiddler picks up, and of course that needs a real server accepting requests... Which I don't have.
So I start on MSDN. Please God help me. Nope. Nothing. Makes sense since soap is dead on .net core.
Now what? Nothing on the internet because above. Nothing in the third party soap library. Nothing. At this point I question of I have hit my wall as a developer.
Another 4 hours later I have reverse engineered the Microsoft code on GitHub and figured out that I am fucked. It's so hard to understand.
2 more hours later I have figured out a solution. It's pure filth..I hide it away in another tooling project and move all the filth to internal classes :D the equivalent of tidying your room as a kid by shoving it all under the bed. But fuck it.
My soap tests now use the correct http client with the virtual server. I am a magician.4 -
Contrary to popular opinion, I still firmly stand by my belief that you should thoroughly study something in-depth before you attempt to do anything serious with it. Failure to do so will have an enormous cost of waste of time attached to it.
Here's an example:
I was using AJAX to post a multi-part request containing a file.
Now here was the problem: no matter what code I forced in the backend, the browser would in all cases refuse to prompt a SaveFileDialog (and I had turned on the option in the browser to ask the user if download). This took me two entire days and at least 100 Google queries and several RFCs to figure out.
From StackOverflow:
The cause was simply that you can't (typically) make a browser prompt a SaveFileDialog via an AJAX request, even if you set the necessary headers. Why? The browser will just dump everything back into the XmlHttpRequest object..
If you make a regular request with Content-Disposition: attachment; and so on, then it works, but yeah, not with an XmlHttpRequest.
Conclusion:
Had I better studied the HTTP spec, networking and AJAX in-depth, I would have instantly known what the cause was.7 -
I am trying to implement an API. It has a very good documentation, everything is written clear and simple, along with
- HTTP 401 on unauthorized request and
- Error codes from 1-35 with definitions
Opened the provided sample file, changed the username, password and client code fields to our own in the source, then tried the request. The Response:
HTTP 200
{"ErrorCode":-1,"ErrorDescription":"Unauthorized."}
Well, thank you very much! 🤬2 -
Technical question that I just cant find the answer to anywhere.
I have a load balancer and want it to pass the IP of the original caller to the server. Usually it is done by modifying the header? of the Request HTTP packet? and adding X-Forwarded-For: ....
The LB team though says it needs to modify X-Originating-IP and somehow causes a noticeable impact of the speed of all requests.
I don't know the details but it should only modify the first Packet that has the HTTP headers and should be appending X-Forwarded-For. If only need to modify the Header packet, how can it slow down the whole interaction so much:
-Adds 100ms to a 200ms request
-Increases a 10 minute download to like 20-30 minutes6 -
I have solved one of the hardest problem in my life.
I cannot figure out why I cannot send a get request to the server. I want to give up after trying to solve the problems for 4 hours. But I didnt. And I found out why. it is because I didn't put http:// in front -
SIM 800L
The fucking nail to my coffin. This thing is so unreliable. I fixed on issue get the next one. Then get an error trying to make a http request, with little information on the web. Eventually switch to FTP which is working for a while. Then suddenly nothing is working properly. Even the serial communication has errors. This process took over 6 months. Constant debugging and headscraching involved. After hundreds of hours I give up. I'm going to switch to a Raspberry Pi Zero with an UMTS Stick attached. This is going to cost way more battery time but my project needs to be finished by july and I'm tired of this shitty little module.2 -
My team was asked to point to a mock service in our QA env. Standard procedure is to copy the line in our QA property file that has the service URL, comment one out, and change the other to the mock service. Then, push the code and deploy to QA.
What did someone do? He didn't touch the property file. He found where we were defining the configuration for our http requester, removed the property reference, and HARD CODED the mock URL.
Wait, it gets better. The mock service does not function the same way the real service does. We need to send an additional query param to the mock service (that has a value already being sent in a header) so they modified ANOTHER file where the actual request is being made.
He made the changes, deployed to QA, and didn't check in any code.
What is going to happen next time when we deploy to QA with the latest code? Oh look, we'll be pointing to the real service again.
I explained this to my architect, and included that this messed up mock service they were calling is our 2nd mock service (no idea why they made a new one) and he simply deleted the stupid 2nd mock service. Screw that!
And...now requests to QA don't work 😂 -
The frontend developers in my company are the reason why I have anxiety. Here are few things that grinds my knees:
1) for a long time in projects, they deleted the auth token from their storage without integrating the logout api. They thought why use an API for that. :)
2) most of them had no clue that form fields could accept javascript as inputs and work as XSS vulnerabilities. This actually happened with a client, he got so fucking pissed.
3) One of them asked me to convert a PATCH request to DELETE cos fuck REST and HTTP methods.
For fuck’s sake. I need to get out of this place.4 -
GET Requests with a BODY as a payload are legit and stop living in denial!
TALKING TO YOU ANGULAR!
I'm fucking sick of seeing ignorant people(on SO or GitHub) coming up with the generic advice, on HTTP GET issues with having a BODY as a payload, to don't do that or you shouldn't, yadayadayada.
It's not a fucking issue at all in general, because as RFC-7231(https://tools.ietf.org/html/...) sais:
"A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request."
So, if your fucking server can't handle them(aka living in the past), [rest] in peace and suck it up!
(ps, I happen to use modern servers)
But why should you limit a fucking front-end framework(ex. Angular) in the first plate to being able to send such requests?!
It's a moronic limitation and the person or team responsible for it are at least clueless and as far the issue has reappeared through time, for how old is Angular, they didn't move an inch.14 -
Coming from NodeJS, writing APIs with Express, I now do my first steps writing APIs in golang with gin.
Now I know, Express is not the fastest solution out there, but I mean - a good 30ms is alright for non-high-performance backends. And I always thought that's on the faster end of HTTP handling..
..but then I used gin. A GET request doing a MongoDB-write and returning some json. 3ms response time. THREE MILISECONDS. holy fuck. By it's debug logs the actual handling took 540 MICROSECONDS. holy fuck I'm in love.8 -
Hello fellow Devs,
I have developed a small Android library for handling HTTP POST and GET requests. Anyone who is looking for an easy way to perform HTTP calls, can use this library. It supports post requests with JSON and Multipart Form data, file uploading and Get request with URL parameters.
Hope it will help you guys.
https://github.com/shubhadeepb14/...8 -
Why the fuck do I need an Accept, A content-type AND and responseType (which, by the way doesn't go with the rest of the request headers, it has to sit outside them just to fuck you up). Just so angular will stop trying to parse absolutely fucking every request as JSON?
I'm well aware my knowledge of http protocols and angulars apis's are not the best but for fuck sake. What dark book of secrets must I uncover to illuminate the strategies behind these choices?
Why, when the Accept type is text, the Content-Type is text. When the request itself is handwritten beautifully on parchment and sent via fucking carrier pigeon to the backend and returned by horse and carriage, does ANGULAR STILL TRY TO PARSE IT AS FUCKING JSON. JUST STOP.16 -
Wonderful experience today
I'm scraping data from an old system, saving that data as json and my next step is transforming the data and pushing it to an api (thank god the new system has an api)
Now I stumbled upon an issue, I found it a bit hard to retrieve a file with the scraper library I'm using, it was also quite difficult to set specific headers to download the file I was looking for instead of navigating to the index of the website. Then I tried a built-in language function to retrieve the files that I needed during the scrape, no luck 'cause I had to login to the website first.
I didn't want to use a different library since I worked so hard and got so far.
My quick solution: Perform a get request to the website, borrow the session ID cookie and then use the built-in function's http headers functionality to retrieve the file.
Luckily this is a throwaway script so being dirty for this once is OK, it works now :) -
A download portal (paid, for GPL sourced software *ugh*) - checking by mail address, query:
email=mail@addr.com
... seems like php code was checking string equality by:
if query == valid_string
WORKED AROUND WITH:
email[]= in the http request
So, remember:
ALWAYS check with ===1 -
When you're to stupid to request an API-key, so you start analizing their whole page, to get the content you desire.
Atleast I learned a lot about HTTP -
Why the response to a SOAP request is a HTTP error?
It took me half an hour to find the reason of an empty response.
1 -
Hi there, i'm new to AWS. i've running my python code in Lambda. Basically it's calling an http-request and processing the responding JSON to a CSV file. Now, what is the easiest way to transfer that CSV file to a 3rd party FTP Server?7
-
I have this system that receives an image on Base64 or the URL (in that case the system makes an HTTP request and saves re response to disk). It works beautiful when I run the tests, it doesn't work at all in production (all the resulting files are corrupted). I don't know how to start to debug it so I'm going to bed and let my future self to resolve the issue.4
-
I once had to write an http interceptor for a distributed api. The interceptor needed to use the request context and the user profile to work out if a particular type of content had previously been accessed. Anyway there were two methods to get the user profile getUserC and getUserD, turns out C stood for cache D stood for database. Of course I called getUserD I effectively wrote a database distributed denial of service tool into our app 😬 we got a call from our customer complaining that their exadata servers where grinding to a complete halt2
-
BLOODY FIREFOX DEVELOPER TOOLS
I was troubleshooting an app (inside container) hitting an endpoint. For debugging purposes I tried hitting the endpoint from my machine, but always got a 404.
So in the firefox developer tools under the network section you see all of the requests happening. Every request, application/json or url-encoded, lists its parameters inside the tab 'parameters' tab. I thought that means those parameters were i side the request body.
Turns out I should have sent the parameters as url encoded instead of POSTing JSON as the request body. This took me way too long.
Why not display the request url like http://url?key=value ... Firefox? Eh?7 -
I challenge you to start a process from php.
The following criteria must be fulfilled:
- php-fpm
- the process is started on http request by user
- the response does not wait for the process to be finished
- the process must finish, possibly after the response reached the user
- the running process does not block a fpm thread/worker from handling further requests
Simple, right?8 -
Swift.
First, they added features that no developer understand : what the fuck is an optional value ?
And the documentation for iOS development is horrible. It took me 5 days to understand how the fuck we can make a POST HTTP Request with this fucking bad framework.3 -
My most recent workaround occurred last week.
We have a demo very soon and I had to change our iOS app to use a new Web API endpoint for uploading content.
Long story short: The existing code is so awful and rigid and dependant on Core Data that I ended up having to completely bypass the service layer of the app and implement the new endpoint as a raw HTTP request. Its gonna take a long time to refactor the existing service layer. All because the new endpoint has a different content type. -
What the fuck is CORS, I can type the URL into my browser and download the file, but running a HTTP request from within a page is denied? Wtf kind of dumb no logic behaviour is this10
-
I'm almost at the point where I give up on this project, I'm banging my head too hard against the wall here.
I'm making an android app that should make it easier for local fishermen (hobby stuff, not enterprise things) to submit their catches to the local unions. For that to happen, I need to be able to fill a form in the app, more specifically, this form: http://karupaa.com/dk/...
After some research, I managed to figure out its probably a POST request, but I may be very wrong here.
Also figured out the URL to post to is probably either the first url given, or this one: http://karupaa.com/dk/...
I'm extremely confused at on this area, and any help would be greatly appreciated.
I dont really know anything about POST or GET requests, except for the quick comparison I read on W3Schools. Its an area Im lost in.
help :i11 -
I tried to post a comment to someone's post and without UI feedback I get the API response in the HTTP request: "Comment not valid". This isn't enough information for me to troubleshoot what is a valid comment.4
-
Implemented a feature against a "restful" json api. The feature works, test-driven development ftw.
Yet on the run with the live api: certain important fields all only contain the value `0`.
Confused I asked around what's going on, expected a bug in the api. Now I've been told that those fields never worked and the relevant information has to be gathered by either querying against a (deprecated!) mysql database. Or use a different endpoint increasing the http request overhead by factor over 1000.
We call it team work. -
There's no way to subscribe to a user on the desktop app, and I don't have a phone. Anyone know how to do this by manually sending an http request?2
-
Once on a project the authentication request for a service was done... through http... with the username and password as parameter in the URL... in plain text
-
If anyone is good with dart (or) other single threaded programming languages, i have this small doubt about the inner workings of the event loop and such and i would like an explanation if possible.
If you're too lazy to goto the link:
1. I have a future returned from a http request.
2. a future.then is declared that prints the http result.
3. A separate while(true) loop is declared that runs forever that just prints natural numbers.
4. the while loop also has an await future.delay that waits for 1ms before continuing with the next iteration
My question :
1. There's only one thread so how does the http download code run WHILE my main loop is still executing.
2. my future.then event is not processed unless i await a future.delay separately for 1ms. returning control to the event loop ? i don't get it how does adding an event help it process a prior event? It's FIFO ?
gist :https://gist.github.com/TheAnimatri...
discussion:
https://groups.google.com/a/...5 -
Well, My firm has a CRM which is built on JSP and Java. They want to upgrade the frontend by using a modern technology. Which one is a great choice React or Angular?
For the backend, APIs need to be integrated and I need to select from PHP and NodeJS. The traffic right now is 100 hits/second and is expected to increase upto 1k/sec in 6months.
What is the best choice for the frontend, backend and I need to select a HTTP request client too.22 -
(!rant && user_input)
I have been pondering for the last couple of days on how to validate whether a referring http request is actually coming from the referrer it claims to come from. Any ideas on this?3 -
¡¡Good news!! Finally solved the image upload problem with lumen and angular. It happens that, even the $request in Lumen was "empty" it turned out that the actual image file was a binary object inside the Lumen $request variable that didn't render because the browser, postman and everything I tried couldn't understand it (maybe something to do with the Content-Type). I figured out and solved it, now I can easily save, delete and even modify images when are in the server side.
One more thing... My code was fine the whole time, l mean like, 3 days of finding a big that doesn't exists haha
Everyday we learn some new si*t
For those who don't know what I'm talking about, the story is right here:
http://stackoverflow.com/questions/...
PS: thanks guys, I really appreciate your comments: @champion01 @itsdaniel0 @dfox @joetj3 -
Wow, angular is still a pile of shit in 2024, nothing changed.
I renew my https://devrant.com/rants/7582990 previous rant
I've recently switched to angular 17, not because I'm a masochist, but because, unfortunately, we have a huge portal for a super huge multinational enterprise and it's made in angular.
It's 2 years worth of work, and they've suddenly decided it's cool to switch to angular 17, because standards, because it's new etc.
Now that this crap angular 17 came out I prepared my hair pulling room, where there are whips and self torture instruments, and I've typed into browser url they "super new super modern super efficient" angular.dev, which apparently is their new official super 1337 documentation site (spoiler, it's shit as the other if not worse).
Since they realized angular was pigshit, they decided to eviscerate it like a sacrifical lamb in ancient maya age and add lot of stuff that makes it modern and more friendly.
They think they made the big bang of news, but they implemented stuff that exist since 10 years after people were cutting their wrists in their github "request a feature" section for years.
Well, to make it brief, they made a whole clunky obscure way to bootstrap it and didn't even had the decency and modesty to properly document it (they never learn, sigh....)
In any case I put up a .NET minimal API that works well, and a small angular app with a Hello world page that fetches a "hello word" string from a test api route.
The api works everywhere, browser, postman etc etc.
But ta-dahhhh, in angular throws error.
They put various way of using http client. Main 2 are withFetch() and without.
withFetch() says "as error "Invalid self signed certificate" and withoutFetch "Unknown error".
Apparently we have to do shenanigans also to do some dev development3 -
What do you use to make a http request ? ,
This is the comparison about axios vs ky vs superagent.
4 -
It baffles me, that most HTTP apps still can't run on multiple domains at a time.
Is it actually that difficult to have a request header, which is set by the reverse proxy, containing the prefix url?!4 -
I have previously posted something which is similar to this post; however, the amount of relevant information which is provided within this post will hopefully exceed the amount of relevant information which was provided in the mentioned post.
If my skill set, which is visible at http://gyazo.com/d27a11ec203579178c..., interests you, then I request that you contact me at varikvalefor@aol.com, for I am searching for a new correspondent.
Because some individuals have misinterpreted the previous text, I state that I shall continue to hold the position which I have held for the past sixteen-something years; I am merely searching for a personal contact. -
Laravel route not found.
Look - so simple :
Route::post('/api/companies', function () {
return 'Hello World';
});
how the fuck it is not found?
Request URL: http://localhost:8000/api/companies
Request Method: POST
Status Code: 404 Not Found
???? I have cleared cache.
How do I check fucking available routes then? In symfony there was router:debug or smth. Cant see like this in laravel46
Top Tags
Weekly Rant
View