Just reached 100+!!

Anyhow. I started coding prettymuch 365 days ago. My mate decided to launch his company and figured it was a good idea to start it with good friends who knew fuck all at coding.

Fyi, the dude can code 15 hours straight everyday for about a year (no shit thats what i saw).

Since he taught me html css javascript(even if i still suck abit at js). He made me remake the whole bootstrap in react by adding this new lib styled-components and test everything(95% coverage :)).

He also taught me webpack and rollup. Json schma forms，http requests redux， redux logic， and all the routing shit...he obliged me to i plement RR4 on release and is now making me overlook the merge requests of my other collegue (yes he made me a git pro，almost).

And now i have to work long distance by studying java， spring， oauth2 and start working on our api.

O yeah，and i went from microsoft to full on linux!!!

To be honest i thought i was gonna die this year. (Also have a kid on the way :)).

Devrant has been like going to the psychologist :) everytime shit hit the fan i realized every one has the same problems :)

Thanks to the community i can also now even give out nerd jokes :)

(L)Devrant

!rant

This was over a year ago now, but my first PR at my current job was +6,249/-1,545,334 loc. Here is how that happened... When I joined the company and saw the code I was supposed to work on I kind of freaked out. The project was set up in the most ass-backward way with some sort of bootstrap boilerplate sample app thing with its own build process inside a subfolder of the main angular project. The angular app used all the CSS, fonts, icons, etc. from the boilerplate app and referenced the assets directly. If you needed to make changes to the CSS, fonts, icons, etc you would need to cd into the boilerplate app directory, make the changes, run a Gulp build that compiled things there, then cd back to the main directory and run Grunt build (thats right, both grunt and gulp) that then built the angular app and referenced the compiled assets inside the boilerplate directory. One simple CSS change would take 2 minutes to test at minimum.

I told them I needed at least a week to overhaul the app before I felt like I could do any real work. Here were the horrors I found along the way.

- All compiled (unminified) assets (both CSS and JS) were committed to git, including vendor code such as jQuery and Bootstrap.
- All bower components were committed to git (ALL their source code, documentation, etc, not just the one dist/minified JS file we referenced).
- The Grunt build was set up by someone who had no idea what they were doing. Every SINGLE file or dependency that needed to be copied to the build folder was listed one by one in a HUGE config.json file instead of using pattern matching like `assets/images/*`.
- All the example code from the boilerplate and multiple jQuery spaghetti sample apps from the boilerplate were committed to git, as well as ALL the documentation too. There was literally a `git clone` of the boilerplate repo inside a folder in the app.
- There were two separate copies of Bootstrap 3 being compiled from source. One inside the boilerplate folder and one at the angular app level. They were both included on the page, so literally every single CSS rule was overridden by the second copy of bootstrap. Oh, and because bootstrap source was included and commited and built from source, the actual bootstrap source files had been edited by developers to change styles (instead of overriding them) so there was no replacing it with an OOTB minified version.
- It is an angular app but there were multiple jQuery libraries included and relied upon and used for actual in-app functionality behavior. And, beyond that, even though angular includes many native ways to do XHR requests (using $resource or $http), there were numerous places in the app where there were `XMLHttpRequest`s intermixed with angular code.
- There was no live reloading for local development, meaning if I wanted to make one CSS change I had to stop my server, run a build, start again (about 2 minutes total). They seemed to think this was fine.
- All this monstrosity was handled by a single massive Gruntfile that was over 2000loc. When all my hacking and slashing was done, I reduced this to ~140loc.
- There were developer's (I use that term loosely) *PERSONAL AWS ACCESS KEYS* hardcoded into the source code (remember, this is a web end app, so this was in every user's browser) in order to do file uploads. Of course when I checked in AWS, those keys had full admin access to absolutely everything in AWS.
- The entire unminified AWS Javascript SDK was included on the page and not used or referenced (~1.5mb)
- There was no error handling or reporting. An API error would just result in nothing happening on the front end, so the user would usually just click and click again, re-triggering the same error. There was also no error reporting software installed (NewRelic, Rollbar, etc) so we had no idea when our users encountered errors on the front end. The previous developers would literally guide users who were experiencing issues through opening their console in dev tools and have them screenshot the error and send it to them.
- I could go on and on...

This is why you hire a real front-end engineer to build your web app instead of the cheapest contractors you can find from Ukraine.

Looking through someone's code and oh no :(

So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.

I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.

I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔

Edit phpmyadmin to connect to the mysql database. Success.

Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %

This is how far i can get with my current abilities.
------------------------------

Scary how insecure this world is.

Business idea: panties with HTTP status codes printed on them.

451 for our underaged customers - unavailable for legal reasons

411 to crush a man's self esteem - Length required

429 for girls with stalkers - too many requests

402 for our professional customers - payment required

And, of course, 202 - Accepted

Coworker: "Hey can you look at this site and tell me why its loading so slow?"

*inspects console and sees 10 links for stylesheets and 33 script tags and over 200 total http requests.

wot n tarnation -___-

So Twitter apparently used http status code "420 - Enhance your calm" to notify the client that it was sending too many requests (basically chill the **** out). Note the status code number as well 😁

Image from wikipedia.

I have spent the entire night trying to debug a login function but it keeps to not work, until I discovered a typo in the username.
Good night

I bet I can make more http requests than you

FKING. LANDLORD. FKING LANDLORD THINKS MY LAN CABLE SLOWS THE FKING INTERNET BACK TO THE 1990s.

- Prologue
I'm renting at a place that looks good af. But the fking wifi is so slow, 80% of the time you can't even send an empty http request.

- Chapter 1
Okay, maybe it's my laptop. *plugs in cable*. Now the requests fail 10% of the time. Better than nothing. 2 hours later, gets a text saying other housemates are having slow internet because of me. FUCK. Unplugs, LAN cable, uses mobile data and cries to sleep.

- Chapter 2
Tries again after a few days. Barely uses the internet (I'm only using it to play games, not even download it and I used more than this with a 2mbps internet). No videos, no music, just small data exchange with a low ping. GETS A FKING TEXT AGAIN

- CHAPTER 3
My sis comes over and complains that the net is slow af. Plugs in LAN cable while no one is around, everything is fine. Sis leaves, I roll up my end of the LAN cable in my room but leave the cable plugged in on the outside of the room. Next morning, it's unplugged. Plugged it back in before I go to work and when I come back, guess what? ITS FKING UNPLUGGED. AGAIN. AND IM NOT EVEN USING IT.

SOMEONE PLEASE STOP ME FROM GOING ON A RAMPAGE SHOVING THE FKING CABLE AND THE ROUTER UP PEOPLE'S ASSES. LAN FUCKING CABLES DONT SLOW THE INTERNET BACK TO THE PREVIOUS CENTURY. ESPECIALLY WHEN THEY'RE NOT EVEN PLUGGED IN ON THE OTHER SIDE. FUCK.

Worst code review experience?

Hard to pick just one, but most were in a big meeting room with 4+ other developers not related to the project and with some playing Monday-Morning-Quarterback instead of offering productive feedback.

In one code review, the department mgr reviewed the code from a third party component library.

<brings up the code on the big screen>
Mgr: "I can't read any of this, its a mix of English and something else."
Me: "Its German."
Mgr: "Then why is 'Button' in English? This code is a mess."
Me: "I'm not exactly sure how I should respond, I mean, I didn't write any of this code."
Mgr: "Yes, but you are using it, so it's fair game for a code review."
Me: "Its not really open source, but we can make requests if you found something that needs to be addressed."
Mgr: "Oh yes, all this...whatever this is..<pointing again to the German>"
Me: "I don't think they will change their code to English just so you can read it."
Mgr: "We paid good money, you bet your ass they'll change it!"
Me: "I think the components were like $30 for the unlimited license. They'll tell us to go to hell first. Is there something about my code you want to talk about?"
Mgr: "<Ugggh>...I guess not, I couldn't get past all that German. Why didn't we go with an American company? Hell, why didn't we just write these components ourselves!?"
Me: "Because you gave a directive that if we found components that saved us time, to put in a request, and you approved the request. The company is American, they probably outsourced or hired German developers. I don't know and not sure why we care."
Mgr: "Security! What if they are sending keystrokes back to their servers!"
Me: "Did you see any http or any network access?"
Mgr: "How could I? The code is in German!"
Monday-Morning-Quarterback1: "If it were me, I would have written the components myself and moved on"
Me: "No, I don't think you could for less than $30"
Monday-Morning-Quarterback2: "Meh...we get paid anyway. Just add the time to the estimate."
Mgr: "Exactly! Why do we even have developers who can't read this mess."
Me: "Oh good Lord! Did anyone review or even look at my code for this review!?"
<silence>
Mgr: "Oh...ok...I guess we're done here. Thanks everyone."
<everyone starts to leave>
Me: "Whoa!...wait a sec..am I supposed to do something?"
Mgr: "Get that company to write their code in English so we can read it. You have their number, call em'...no...wait...give me their number. You keep working, I'll take care of this personally"

In they nicest way possible, the company did tell him to go to hell.

I'm thinking about doing a live coding stream on twitch this saturday, late afternoon or evening (CET).
I've never done a live stream before.

Do you have any suggestions or interests?
I'm thinking about something like a small RESTful API with Angular4/TypeScript (frontend, single page application) and CraftCMS/PHP (backend) with somebasic theory about HTTP requests / response, redirecting, data transfer and interfaces et cetera...

The duration will be around 2-4 hours, maybe longer if I have enough Mate & Beer.

But it's all just an idea at the moment. 😉

I will create an empty project for the stream on my Github and push to it during streaming, so you can pull it live or later.

Fucking IT and their self signed corporate proxy SSL bullshit getting in the way of anything that needs to verify SSL requests,
Fuck you for making my day a slow and miserable day and having to resort to forcing rest apis and SDKs to work over HTTP instead, all in the name of “Security”.

My company just got a new developer to work on a legacy PHP app.

My boss was boasting about how this guy has more years of professional experience than me ( I have 9 months of experience and he has been working for 4 years on PHP).
Today was one week since he started and I had him set up a REST API, I had to explain to him what json_encode does and how http requests work.

Did you fucking idiots think that I was gonna tell you to implement async await on the requests and not notice that you IMPLWMENTED GODDAMN SYSTEM-SLEEP YOU DESNE MOTHERFUCKEDS IT NOT TAKES 10X AS LONG AS MY OATCH TO JUST LIMIT THE NUMBER IF HTTP REQUESTS FOR FUCJS SAKE THIS CODE LOONS LIKE A RACCOON FUCKED AN MACBOOK THAT ALSO GOT FUCKED BY A GOAT FROM CHERNOBYL THAT SOMEHOW MUTATED TO A RACCOON GOAT 🐐 MACBOOK 💻 HYBRID ABOMINATION THAT IS NOW CLAWING MY EYES OUT AND GIVING ME RABIESCANCERAIDS

Tried matrix a little with my own instance. Joined a room with 10k people just to notice how I got a flood of http requests from several thousands of servers.

And that, brought my network down lol

Inmates are trying to take over the asylum again.

Got a message from the web team manager deeply concerned because since switching to the new logging framework, the site is significantly slower.

She provided no proof or any data to what 'significantly slower' means.

#1 The 'new logging' has been in place and logging for 5 years. We only recently depreciated the ILogger interface ('new' ILogger interface only has 1 method instead of 5)
#2 The 'old logging' was modified 5 years ago, so even if you were using the 'old' interface, the underlying implementation is still the same.

She tried to push the 'it wasn't this slow before' argument, so I decided to do some fact based analysis.
Knowing they deployed their logging changes couple of weeks ago, I opened up AppDynamics, looked at the average call time to Splunk (along with a few other http calls they are doing)
- caching services - 5ms
- splunk - 30ms
- Order Service - 350ms
- Product Data Service -525ms

Then I look at the data they are logging, for the month of June, over 5 million messages. At 30ms each, that's almost 42 hours spent logging errors...yes errors. Null reference exceptions, Argument exceptions, easily fixable stuff.

So far for the month of July (using the 'new' logging), almost 2.5 million errors. Pretty close so far with June's numbers.

My only suggestion was to fix the bugs in their code so they don't log so many errors.

Her response.."Can we have one of our developers review your logging code? We believe we can find ways to optimize the http requests"

Oh good Lord. I'm not a drinking man..but ...I might start.

Hi lil puppies what's your problem?

*proxy vomits*

Have you eaten something wrong....

*proxy happily eats requests and answers correctly*

Hm... Seems like you are...

*proxy vomits dozen of requests at once*

... Not okay.

Ok.... What did u you get fed you lil hellspawn.

TLS handshake error.

Thousands. Of. TLS. Handshake. Errors.

*checking autonomous system information*

Yeah... Requests come from same IP or AS. Someone is actively bombing TLS requests on the TLS terminator.

Wrong / outdated TLS requests.

Let's block the IP addresses....

*Pats HAProxy on the head*

*Gets more vomit as a thank you no sir*

I've now added a list of roughly 320 IP adresses in 4 h to an actively running HAProxy in INet as some Chinese fuckers seemingly find it funny to DDOS with TLS 1.0... or Invalid HTTP Requests... Or Upgrade Headers...

Seriously. I want a fucking weekend you bastards. Shove your communism up your arse if you wanna have some illegal fun. ;)

“Fullstack dev morphs into a security expert”

We have a simple user registration system. Get the user details, generate an OTP, save in Oracle, email the OTP. The SMTP host is configured to send emails only to people who have an existing @a_very_famous_bank.com email address.

As a part of an enhancement request, the other day, we were trying to register a non-bank email address. As expected, it failed.

Manager: Meeting... meeting... meeting

Me: (Explained the problem)

Fullstack dev: so the thing is.. it’s like.. (doesn’t falter to open with these lines)...what I can do is...I can send you an HTTP security header in the HTTP request. It’ll work!

Me: (I hope an adult giraffe fucks you in your belly button)

More to come!

It's 2017. This person used an AsyncTask to get results from an API. During a hiring task. He has over 2.5 years of experience.

I am currently in a bit of a (well-deserved) lull at work, both of my projects are finishing up/ finished, so tomorrow should be pretty light, as the latter half of today was.

And I have really gotten interested in the HTTP protocol. It's so interesting learning how it all works under the hood.

So I think I'm going to be researching/ messing around with creating a cpp project that essentially implements cURL from the ground up, creating sockets, reading from them, parsing the HTTP requests... all that. I don't expect to actually get it done, but it should be an immense learning experience. I have a clear goal: implement this function:

std::string get(const std::string&);

Once I'm able to just GET as simple as that, I know I have achieved my goal!

At a party.

- USB debugging with my phone
- Writing Java
- Testing webapp on phone using HTTP requests

Apart from having a baby which is the hardest in the world，i think the hardest project is to learn to code.

I studied philosophy and anthropology but gamed a lot. Me and a good mate decided to work together and he told me hed teach me coding.

The guy is a genius but he is a reckless rebel genius who tells everybody to fuck off.

So，after 1 year in a half of intense coding where i had to learn linux， networks， and im not shitting you html and css as well and of course javascript.

He has now put me on， for the last 2 month， in charge of our front end backoffice. I have to design forms that do the right http requests，do the unit testing， play with redux-form， react-redux and he has thrown me into the basic java backend so i can begin working with entites and how i serve the data and link it to the database and even create tables.

Every time i fail hemakes me remake everything.

I actually came on devrant to study the dev community (i always gamed a lot but this is a whole different community). The dev community is pretty awesome and unique.

Anyhow， i remember when i saw him as me to complete an exercise and i didnt event know which words were the reserved language ones and those i could use myself. It was like fucking magic.

requests lib - HTTP for humans (python)

It really is a breeze to work with! Clean and intuitive design, loving it!

Can GET method be renamed to "accio" and DELETE to "Avada Kedavra"?

Harry Potter on my mind today.

http requests

literally the bread and butter of any software engineer building applications, you would ASSUME they know what they are doing...

and you're gonna write a seperate http get and post function for every type you have?

apparently stuff like this that is written by "senior" developers? you don't even have a basic understanding of software...

i'm won't do it that way, becuase i'm an adult, not a child

what i'm going to do is write a HTTP request util function that can be used for any type and HTTP verb. DRY, single responsibility, etc.

imagine making the http request itself a responsibility coupled to the type 😂😂😂😂

get a clue and come back later

i can't tell anymore if my thoughts are so outlandish compared to everyone else that no one understands them, or if i've been doing this so long that i just immediately understand what needs to be done and don't know how to explain it to anyone else anymore (or take the mental effort to)

peace out

oh P.S.: imagine thinking the SOLID principles are only applicable to OOP

stay safe out there folks, its getting more painful every day

How many HTTP requests does it take to turn on a lightbulb?

“...lightbulb is not responding.”

I'm finally writing unit tests consistently thanks to a simple file organization decision.

I'm not doing pure TDD, but at least I'm writing the tests immediately after writing a module, and I make sure they run ok.

What I'm doing is Instead of putting the test files in a "tests" dir at the root of the project, I have the tests right next to the source code.

So if I have a dog.x file, I also have a dog.test.x file next to it.

I'm not inventing gunpowder here. I've seen several people do this.
But it's something that is not generally made a default or advised to do.
Like I said; test frameworks in general go with the classic "tests" dir.

But for me this is day and night in whether I write the tests or not.

Which makes sense. Imagine the classic scenario of the "tests" dir, and you just created a file deep into a hierarchy, let's say src/lib/console/windows/dog.x

This means that if you want to write tests for that, you need to make sure the hierarchy tests/lib/console/windows/dog.test.x exists

If the test file already exists, but you want to access both files, you need to traverse deep for each.

Also, it's actually harder to keep track which files have unit tests and which do not.

Meanwhile, if the test files are next to the source, all these problems disappear.

That doesn't mean there are no other challenges with testing, like testing untestable things, like system calls or http requests, but there are ways to deal with that.

@Android Question

Does all android devs use Async Task for their Json calls or you prefer to do them on Main Thread ?

Am just asking to improve my skills and get some senior programmers opinion

Sorry, need to vent.

In my current project I'm using two main libraries [slack client and k8s client], both official. And they both suck!

Okay, okay, their code doesn't really suck [apart from k8s severely violating Liskov's principle!]. The sucky part is not really their fault. It's the commonly used 3rd-party library that's fucked up.

Okhttp3

yeah yeah, here come all the booos. Let them all out.

1. In websockets it hard-caps frame size to 16mb w/o an ability to change it. So.. Forget about unchunked file transfers there... What's even worse - they close the websocket if the frame size exceeds that limit. Yep, instead of failing to send it kills the conn.

2. In websockets they are writing data completely async. Without any control handles.. No clue when the write starts, completes or fails. No callbacks, no promises, no nothing other feedback
3. In http requests they are splitting my request into multiple buffers. This fucks up the slack cluent, as I cannot post messages over 4050 chars in size . Thanks to the okhttp these long texts get split into multiple messages. Which effectively fucks up formatting [bold, italic, codeblocks, links,...], as the formatted blocks get torn apart. [didn't investigate this deeper: it's friday evening and it's kotlin, not java, so I saved myself from the trouble of parsing yet unknown syntax]

yes, okhttp is probably a good library for the most of it. Yes, people like it, but hell, these corner cases and weird design decisions drive me mad!

And it's not like I could swap it with anynother lib.. I don't depend on it -- other libs I need do!

Do you guys use PUT,DELETE,UPDATE http requests? I use like GET and POST. Keep me updated veterans!

Sorry guys but I have to vent!

I made such a stupid mistake I want to kill myself right now. In short you can call it ignorance..........

I spent so many hours trying to find a solution to a problem of invalid signatures being reported by an OAuth provider I'm making, just to find that Chrome was blocking requests to http.

So it was not a problem, to begin with. Aaaaarrh........ I'm so mad at myself.

When some other team wants to blame us because they're getting a HTTP Status Code 0....

That's not even a valid status... IT MEANS YOU ABORTED THE REQUEST AND KILLED THE CONNECTION...

OH STILL OUR FAULT... WELL DO U KNOW ABOUT NETWORK ISSUES AND SERVER OVERLOADING WHEN U SPAM IT WITH TOO MANY REQUESTS?

OH YOU RETRIED? HOW DID YOU RETRY? BETTER NOT BE SPAMMING US WITH MORE REQUESTS...

EVER HEARD OF TCP/IP BACK OFF LOGIC....

So client wants an android app that implements some legacy Epson printer SDK, works on a chinese Windows device with an android Emulator on it, connects to local Webservice that had to be configurated and ran (local Network) , sends and tracks data, if Server down then handle it on the Client and reconnect as soon as Server up, running own TCP Server on Android device that listens for specific http requests, which make the android connect to an Epson printer to start printing. The stuff that is being printed? A png file that has to be converted to a Bitmap, a QR Code that has to be generated by the bugged base64 encrypted stuff coming via http in (webserver-> Android TCP server)
Dont forget the Software Design (MVP), documentation, research etc.. Im about to finish the app , its my 5th day on this Project, the 6th day was planned to be full testing. Client Calls me and ask me how far I am, I reply, he says ok. 30 minutes later he tells me he wont pay me next time that much because this work should take 3 days, or even 2. "A senior Android developer could do this in 2 days"... When i sent him my notices he called me a liar, his webdev has alot of experience and told him it should take 2-3 days...ffs

Good morning to everyone, except that one Twitter dev who one day woke up and was like "YOU KNOW WHAT, MY APPLICATION WILL FEATURE BOTH OAUTH1 AND OAUTH2 ENDPOINTS, BUT SOME FEATURES WILL BE EXCLUSIVE TO EITHER OF THE TWO -NOT NECESSARILY THE MOST RECENT, JUST A RANDOM ONE-, AND ALSO THE OFFICIAL TWITTER LIBRARY WON'T COVER ALL THE ENDPOINTS SO PEOPLE WILL HAVE TO RESORT TO RAW HTTP REQUESTS INSTEAD OF USING MY SDK AND ALSO I'MMA MAKE DEVELOPERS FILL 2 VERY DETAILED FORMS, REQUIRING PERSONAL DATA AND ACTUAL REAL PHONE CALLS, JUST TO START DEVELOPMENT WITH 7 DIFFERENT AUTHENTICATION TOKENS, BECAUSE SOME REQUESTS WILL REQUIRE A DIFFERENT AUTHENTICATION METHOD THAN THE OTHER REQUESTS DESPITE ALL OF THEM PERTAINING TO THE SAME FUCKING ENTITY"

So let's talk about CNAs, Captive Network Assistants, these downsized browser that open on Smartphones when you try to login to a free wifi which requires you to buy sometging or accept some terms.

I fucking hate them. I'm a web dev which has to deal with these dumbfucks.

Back in the time, there was this dumbfuck who had the idea to capture http requests on network level and response with a redirect to his own landing page. Fuck this guy. Then some dudes had the idea of the CNA as a privacy security feature. A good idea. But also this guys: "hey, let's make them a huge pain to develop for".Fuck them, too. But then came the companies saying: "hey make us a huge SPA with all features we can think of for this fucktard of a browser."

I hate fucking CNAs

FUCK YOU FUCKING AZURE FUCKING FUNCTIONS:

EITHER LIMIT MY NUMBER OF TCP CONNECTIONS (before violently crashing)

or

FORCE ME TO USE THE GODDAMN PORT-PISSING, BARELY-MULTITHREAD-USABLE, SETTINGS-IGNORING EXCUSE OF A PATHETIC BUILT-IN HTTPCLIENT ON FUCKING CRACK (Seriously .net people fix that shit).

But not both... both are not okay!

If your azure function just moderately uses outgoing Http requests you will inevitably be fucked up by the dreaded connection exhaustion error. ESPECIALLY if using consumption plans.

I Swear, every day i am that much closer to permanently swearing off everything cloud based in favor of VM's (OH BUT THEN YOU HAVE TO MAINTAIN THE VM's BOO HOO, I HAVE TO BABYSIT THE GODDAMN CLOUD INFRASTRUCTURE AS WELL AT LEAST I CAN LOG IN TO A VM TO FIX SHIT, fuck that noise)

I am in my happy place today. At least I'm having great success diving into minecraft modding on the side, that shit is FUN!

HTTP requests in Java... 💀

A week ago I raised an issue claiming I couldn't ping service x and that it was blocked

Today I figure out ping is blocked on firewall level and http requests work fine

Guess that's my big blunder this internship

I'm working on a codebase that is terminally ill. It's split so badly into microservices that no matter what you do, every one of them talks to every one of them over and over. If there's any way they can avoid just invoking a method on a class and send themselves a message or make an HTTP request, they'll do it. One of the services just sends messages to itself for no apparent reason. Except it doesn't even send messages to itself. It sends an HTTP request to a controller in another app, and that controller sends a message which is received by the same class that made the request.

The point is that this application is screwed. The defects pile up and there is literally no one who can understand what it's supposed to do in any scenario. I'm good at this. I can follow confusing code and document it. But not this one. It's overwhelming. It's insanity.

When these defects come in we're told to just run the app from the UI, see what HTTP requests it makes, and start tracing the code manually. Running and debugging it locally would be a nightmare but it's impossible anyway.

They decided that we all need to understand the application better so we can work on it, so we were each given six poorly-define five-hour tasks to "understand" various things. Those things don't make any sense. It's like if someone gave you the source code to Excel and told you to spent five hours understanding columns, five more understanding rows, and five more understanding cells.

Here's the thing: I'm okay with learning and understanding some code. It's part of the job. But I'm not going to abandon my career as a software developer so I can become an expert on debugging their awful code. I didn't make this mess. I'm not going to live with it. I'm moving on as quickly as I possibly can.

I've tried to explain to them that if they want the situation to improve they need to improve the code. They need to learn how to write tests. If your plan is that people will study your code, know it inside and out, and then spend all their time debugging it, that's a plan for failure. Everyone who can will leave and take what they know with them.

These companies just don't get it. They need their software to work, but the types of developers who can help them don't need that software to work. No one capable of doing good work is going to spend several years debugging their awful code unless you pay them a crazy ton of money.

Just don't make a mess in the first place. Hire developers who can do a good job. If you hire the cheapest people you can find you won't be able to get someone else to fix it later. It's not personal but I wish failure on those projects or even those companies. I want them to fail because failure is so expensive. I want them to fail so that others learn from it and don't repeat the same mistakes.

As an industry we're a bunch of genuine idiots. We just keep doing the same things over and over again no matter how much it hurts.

Fuck you apache server...
Why did your dumb ass developers decide it was a good idea to not support "expect 100 continue headers". I seriously suspect that the devs were high smoking dragon dildo ashes like they were getting ready to get a whole chair shoved up their asses.
I wasted alot of time thinking i was getting a 417 http code because i fucked up my API implementation... No, it was the dumb apache server that decided to give me the finger.

Also, whoever built the HttpClient for .net framework 4... Fuck you too for automatically adding that dumb header to PUT requests and not properly documenting this or allowing for it to be disabled in a non hacky way.

I appreciate and enjoy solving coding problems... I, however, can't stand dumb decisions like the two above.

Heya. Now I feel like a fool for asking and it has been bothering me for a while.

I want to get into native application development, but I simply cannot wrap my head around how to connect a backend to the frontend.

I have been doing web development, I understand the concept of endpoints and I am able to do http requests for web apis etc. But when it comes to creating it in some native application, I have no clue what to do.

Does anyone have a good post or video that describes these connections, as for some reason I cannot seem to find any.

Hope it's understandable,
Cheers

~rant
I think we need to change way how websites deliver themselves to its users. This HTML CSS JS clusterfuck is just a huge PITA in the ass.

What is a website?
It's an application where users find, communicate or share information, can buy or sell their penis pumps and loads of shady stuff.
Why must a website (the delivered application) be split into multiple languages/scripts and lots of HTTP requests?
In my opinion, PWA is a start to make us look at websites more like apps as we are used to on the machine, but they don't solve the mess.
Per my experience, many people working on websites regularly confuse what's executed on the server and what is on the client. They send data to the client via XHR, for example full DB tables of private data, just to then filter it in their beloved Array.filter function.
You can tell those people again and again and this is why I start thinking that the Web, as we know it, needs a big change.

well, there was this time I was facing a bug in production, http requests kept receiving partial data randomly (so downloaded files were always incomplete), but it was working well on other platforms, turned out after 9 hours of research, that I forgot to disable caching

Reading about micro services and they sort of sound like mini APIs wrapped by individual HTTP servers.

But if all the APIs need to send requests to each other wouldn't the overhead from just making the connections for each request add up and be huge?

tldr: my classmates suck and I hate them
We study cs in school, and my classmates are super dumb.
Here is an example from today:
The task: build an http server in python, using sockets.

My classmates: writes everything in the main function, uses try-expect for everything and every error possible, nothing works, nothing worked after a week.
Me: properly separated to different functions, used goddam regrx to get data from requests, used asyncio to make sure it can handle multiple requests at the same time, everything worked after 2 hours.

But, and here is the problem, after I finish they ask me a bunch of dumb, 'Just Google it dude' questions and they call me condescending because I get mad after the second hour of teaching them the same thing.
Once they told me:"you think you are a better programmer then us" and I just want to say this out loud: I AM A BETTER PROGRAMMER THEN THEM, THEY ARE THE PERFECT EXAMPLE OF HOW YOU SHOULDN'T DO ANYTHING AND I HATE THEM.
That's it, I'm done. I feel much better now.
PS: it's okay to suck at programming, but please stop thinking that everyone who's better than you is condescending.

CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.

Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.

What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.

Can anyone give REAL examples when CORS can really protect from anything?

so on android you're supposed to do network stuff like sockets and http requests on a separate thread right. lazy me released an app with a line of code (i forget what it is) that allows me to make http requests in the main thread. rip

Today I wasted hours trying to do a HTTP POST request by using a query string in the URL. After some hours I realised what I was doing wrong. I'm so stupid.

So there I am sitting in front of my laptop, and trying to npm i and I am getting all sorts of sha mismatch errors.

After lot of debug I conclude it is coming from the proxy as it refuses to download and supplies the error page.

It says it's because I'm using the old proxy so they give me the new URL which I set up and it works.

All good until my password expires. I use our bash script to change it. NPM is buggered again throwing the same errors.

Go to IT, tell them the saga begins.

After a countless hours of looking at the log files we notice that the npm registry is set to http instead of the standard https (thanks bash script). so our firewall blocks the download.

Sorted, finally.

Almost. NPM now works fine, but when I go and I play around with node and axios, I get my requests time out. My instinct says its the bloody proxy again.

So I hit up my trusted WIN Support guy and he confirms that the url is not blocked. So he starts monitoring whats going on and turns out, every time I run the node app, node casually ignores the system-wide proxy settings and tries to send the request as the PC rather then my username.

Since the pc's don't have rights on the proxy it is being refused...

Thank fuck for the corporate proxies, without them, I could just develop things not ever learning these quirks of node...

So, today a developer from a web app consuming our services requested to fix a 429 http error code (too many requests) they are seeing. The request is on an email with our managers cc'ed

What is REST?

The Legendary : Its stands for Representational State Transfer

Me : That's what i need right now.

Today I spent 9 hours trying to resolve an issue with .net core integration testing a project with soap services created using a third party soap library since .net core doesn't support soap anymore. And WCF is before my time.

The tests run in-process so that we can override services like the database, file storage, basically io settings but not code.

This morning I write the first test by creating a connected service reference to generate a service client. That way I don't need to worry about generating soap messages and keeping them in sync with the code.

I sent my first request and... Can't find endpoint.

3 hours later I learn via fiddler that a real request is being made. It's not using the virtual in-process server and http client, it's sending an actual network request that fiddler picks up, and of course that needs a real server accepting requests... Which I don't have.

So I start on MSDN. Please God help me. Nope. Nothing. Makes sense since soap is dead on .net core.

Now what? Nothing on the internet because above. Nothing in the third party soap library. Nothing. At this point I question of I have hit my wall as a developer.

Another 4 hours later I have reverse engineered the Microsoft code on GitHub and figured out that I am fucked. It's so hard to understand.

2 more hours later I have figured out a solution. It's pure filth..I hide it away in another tooling project and move all the filth to internal classes :D the equivalent of tidying your room as a kid by shoving it all under the bed. But fuck it.

My soap tests now use the correct http client with the virtual server. I am a magician.

I once wrote an http interceptor for which was supposed to check the internal cache for user data and only do some work with it if they were (we manually controlled what and who was in cache). There were two methods on the service cGetUser and dGetUser I of course called d which it turned out loaded the user profile from the database which would be fine if it weren't done in an interceptor .. on a web service... With a little over 25000 requests per minute.. on each node..

Tldr. I accidentally wrote a database ddos tool into our app...

Technical question that I just cant find the answer to anywhere.

I have a load balancer and want it to pass the IP of the original caller to the server. Usually it is done by modifying the header? of the Request HTTP packet? and adding X-Forwarded-For: ....

The LB team though says it needs to modify X-Originating-IP and somehow causes a noticeable impact of the speed of all requests.

I don't know the details but it should only modify the first Packet that has the HTTP headers and should be appending X-Forwarded-For. If only need to modify the Header packet, how can it slow down the whole interaction so much:

-Adds 100ms to a 200ms request
-Increases a 10 minute download to like 20-30 minutes

So you're working on a product that basically the main thing it does is fire off http requests and parse their responses into a nice model. We've made some nice helper class that allows you to do this easily, but a simple piece of functionality is not in there yet.

You agree to add this one simple function and decide to:

- Not conform to coding standards set by the team
- Document its behavior which does NOT match the implementation
- Not write a single fucking unit test to prove it's functionality

ARE
...
YOU
...
FUCKING
...
MAD?!

I HATE WINDOWS' WINDOW MANAGEMENT. I have two monitors and nothing can be maximized. Windows' spaces are terrible as well.
I am building in the back end in VS Code.
I have three terminals open because I need them to run multiple parts of the app locally.
I have postman open to try requests.
I have firefox for the orm system's documentation.
I have my database tool running as well.
I have an ERD diagram floating in a window.
I have another VS Code window showing a diff of my JSON compared to the version I'm replacing.
Also all of my team communication tools.

I have never hated shuffling windows around so much. Would it kill us to use some command line tools for http instead of Postman? Could we please get a decent shell in windows? Could we get some simple ways to switch between virtual desktops? Click click click. I can't automate clicking. Why do we use the most clicky tools we can find?

So, I browse to a video livestream and an annoying ad starts before the livestream is shown. Furthermore, the page jumps around because of a cookie notification that also blocks some UI elements at the top.

Note: this is the website of a public (government-paid) national news website with very high standards and a good reputation.

Action 1: refresh page; I hope the ad is skipped. Nope, annoying ad restarts. Page jumps around again because of the cookie notification.

Action 2: accept cookies to remove notification blocking the top UI (it's OK, I know it can't actually save any cookies on my machine). Instead of some nice JS doing it for me in the background, the page refreshes because you know, HTTP requests and whatnot.

Annoying ad restarts again... FML 🤬

Lessons to be learned from this for any web dev: these annoyances can and *will* exponentially get worse if used simultaneously against your users, instead of being used to help or inform your users.

As a user of you website, I want to watch a livestream. I don't care what stupid legislation forced you to shove a fucking cookie notification in my face. Make sure it is not annoying me to the point that I close you website and take minutes to rant about it!

Also, give me the freedom of choice to watch an ad or not. You and I both know that some ads simply are not for me. Better save yourself and myself the bandwidth.

And go get good at web development. You're a news site. That's more than just text and images. If you want great apps, social media coverage, videos, live streams, blogs, etc. go get some better web devs. Your current web frontend devs only qualify to get fired.

My team was asked to point to a mock service in our QA env. Standard procedure is to copy the line in our QA property file that has the service URL, comment one out, and change the other to the mock service. Then, push the code and deploy to QA.

What did someone do? He didn't touch the property file. He found where we were defining the configuration for our http requester, removed the property reference, and HARD CODED the mock URL.

Wait, it gets better. The mock service does not function the same way the real service does. We need to send an additional query param to the mock service (that has a value already being sent in a header) so they modified ANOTHER file where the actual request is being made.

He made the changes, deployed to QA, and didn't check in any code.

What is going to happen next time when we deploy to QA with the latest code? Oh look, we'll be pointing to the real service again.

I explained this to my architect, and included that this messed up mock service they were calling is our 2nd mock service (no idea why they made a new one) and he simply deleted the stupid 2nd mock service. Screw that!

And...now requests to QA don't work 😂

I challenge you to start a process from php.

The following criteria must be fulfilled:

- php-fpm
- the process is started on http request by user
- the response does not wait for the process to be finished
- the process must finish, possibly after the response reached the user
- the running process does not block a fpm thread/worker from handling further requests

Simple, right?

If 99% of fetch use case is fetch(url).then(r=>r.json()), API should have been fetch.json(url)

What are webhooks anyway? From what I read, they are just a fancy way of talking about APIs and HTTP requests.

Fucking retard Liferay.....

At least 2 users (one inour team and another at client's) are claiming they've successfully opened a portlet view multiple times at day X. And a month later it stopped working.

I open up Liferay's (tomcat's) localhost_access.log and can see all the portlet requests at day X have returned http:400

Normally I would consider the human factor and rule this as a human error, assuming they were connected to another environment, another server, etc. But since this is The Fucking Liferay - I'm not that fast in trusting even logs :(

Who the fuck made this piece of shit....

When I show a school mate how to send http requests using the requests library, instead of urllib in python

A very long rant.. but I'm looking to share some experiences, maybe a different perspective.. huge changes at the company.

So my company is starting our microservices journey (we have a 359 retail websites at this moment)

First question was: What to build first?

The first thing we had to do was to decide what we wanted to build as our first microservice. We went looking for a microservice that can be used read only, consumers could easily implement without overhauling production software and is isolated from other processes.

We’ve ended up with building a catalog service as our first microservice. That catalog service provides consumers of the microservice information of our catalog and its most essential information about items in the catalog.

By starting with building the catalog service the team could focus on building the microservice without any time pressure. The initial functionalities of the catalog service were being created to replace existing functionality which were working fine.

Because we choose such an isolated functionality we were able to introduce the new catalog service into production step by step. Instead of replacing the search functionality of the webshops using a big-bang approach, we choose A/B split testing to measure our changes and gradually increase the load of the microservice.

Next step: Choosing a datastore

The search engine that was in production when we started this project was making user of Solr. Due to the use of Lucene it was performing very well as a search engine, but from engineering perspective it lacked some functionalities. It came short if you wanted to run it in a cluster environment, configuring it was hard and not user friendly and last but not least, development of Solr seemed to be grinded to a halt.

Elasticsearch started entering the scene as a competitor for Solr and brought interesting features. Still using Lucene, which we were happy with, it was build with clustering in mind and being provided out of the box. Managing Elasticsearch was easy since there are REST APIs for configuration and as a fallback there are YAML configurations available.

We decided to use Elasticsearch since it provides us the strengths and capabilities of Lucene with the added joy of easy configuration, clustering and a lively community driving the project.

Even bigger challenge? Which programming language will we use

The team responsible for developing this first microservice consists out of a group web developers. So when looking for a programming language for the microservice, we went searching for a language close to their hearts and expertise. At that time a typical web developer at least had knowledge of PHP and Javascript.

What we’ve noticed during researching various languages is that almost all actions done by the catalog service will boil down to the following paradigm:

- Execute a HTTP call to fetch some JSON

- Transform JSON to a desired output

- Respond with the transformed JSON

Actions that easily can be done in a parallel and asynchronous manner and mainly consists out of transforming JSON from the source to a desired output. The programming language used for the catalog service should hold strong qualifications for those kind of actions.

Another thing to notice is that some functionalities that will be built using the catalog service will result into a high level of concurrent requests. For example the type-ahead functionality will trigger several requests to the catalog service per usage of a user.

To us, PHP and .NET at that time weren’t sufficient enough to us for building the catalog service based on the requirements we’ve set. Eventually we’ve decided to use Node.js which is better suited for the things we are looking for as described earlier. Node.js provides a non-blocking I/O model and being event driven helps us developing a high performance microservice.

The leap to start programming Node.js is relatively small since it basically is Javascript. A language that is familiar for the developers around that time. While Node.js is displaying some new concepts it is relatively easy for a developer to start using it.

The beauty of microservices and the isolation it provides, is that you can choose the best tool for that particular microservice. Not all microservices will be developed using Node.js and Elasticsearch. All kinds of combinations might arise and this is what makes the microservices architecture so flexible.

Even when Node.js or Elasticsearch turns out to be a bad choice for the catalog service it is relatively easy to switch that choice for magic ‘X’ or component ‘Z’. By focussing on creating a solid API the components that are driving that API don’t matter that much. It should do what you ask of it and when it is lacking you just replace it.

Many more headaches to come later this year ;)

This is not a rant. Rather just a question or an ask for advice, as I have seen a lot of people talk about web development around here. I am planning to create a website for my search engine. I created a Rest API for my VPS so I can do http requests and retrieve some links for certain key words. But I need some good ideas to do this from a website. As I am not sure what would be the best way to do http requests. As far as I know it's possible with Js and PHP, but I am not sure what's better, more secure or convenient? So here I am to ask you guys, especially those who have experience with this, what I should consider to do.
Oh and please forgive me my limited knowledge about Js and PHP 😅😊

So I just had my first coding interview for an internship next summer. It was online, because I'm currently on a different continent. The company uses coderpad.io to do the interview. The website restricts what packages you're allowed to use, and FORCES you to use poorly documented, deprecated ones. On top of that, it fails to send http get requests HALF of the time because of DNS problems! Gaaah!

(!rant && user_input)

I have been pondering for the last couple of days on how to validate whether a referring http request is actually coming from the referrer it claims to come from. Any ideas on this?

I'm teaching a couple of classes where students (~18 years old) work on their own projects. I just deleted two of those from my machine: one Angular and one Spring Boot, but just boilerplate. Together, they were about 500 MB. I spent 2-3 hours working on a little Go tool to make concurrent HTTP requests and to report statistics on the response time. The entire repository is roughly 500 kB in size, but solves a genuine problem. My students have a bloat ratio of 1000 compared to me as a baseline, but my stuff actually does things. Today, I programmed prime factorization in PHP for some load tests (mod_php vs. PHP-FPM). The PHP script is 1148 bytes long (but the file system reports 4 kB). My students could learn more from such a script than from their overblown "projects", but "PHP sucks" I hearsay, so let's bloat on.

I was once trying to create a video player since the format was not supported by the browsers today, so i started to download the video files from the server. Only to discover a bug in my code was trying to download a video file from the server. This was way to much for the server to handle and caused it to crash. People where running in the building to get the stream back up, i sat there silently and killing my browsers process. Since then i always test my request from local if they are okay before downloading a file from a server

Writing a script which runs every 5 - 10 mins that runs 10 sub tasks, where each sub task sends 3 HTTP requests to my company's API and also performs at least 3 database queries.

The best part? I'm told to use PHP / Laravel to do it.

Is there a cloud service that does nothing but redirect incoming HTTP requests to your home server without the need to have a static IP or an open TCP port ? Sort of like proxy

Logic behind HTTP status codes -

Does one of you guys know a php package which provides a thin wrapper around the curl functions?

Especially the functions for multiple parallel requests in different threads.

The only implementation I know about is kriswallsmith/buzzbrowser