Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "http response"
-
You see a web, I see:
CLIENT: TCP SYN
SERVER: TCP SYN ACK
CLIENT: HTTP Get
SERVER: HTTP Response
...
CLIENT: TCP FIN
SERVER: TCP FIN ACK
All I’m saying is that this spider has a clear understanding of Transfer Control Protocol.13 -
Me: We should change the http response code to anything but 200 OK in the error response case of our API.
Other dev: No, it's fine.
Me: Why?
Other dev: The client successfully receives an error message.
Me: ┻━┻ ︵ヽ(`Д´)ノ︵ ┻━┻15 -
RE: Why I punched Dave
In my defense to the accusation against me punching back end developer dave in the face, look at the following response:
HTTP 1.1
status: 200
mesaage: OK
body: {
"success": "false",
"message": "error"
}11 -
So our public transportation company started to sell tickets online with their brand new fancy system.
• You can buy tickets and passes for the price you want
• Passwords are in plaintext
• Communication is through HTTP
• Login state are checked before the password match so you can basically view who is online
• Email password reminders security code can be read from servers response
Oh and I almost forgot admin credentials are FUCKING admin/admin
Who in the fucking name of all gods can commit such idiocracy with a system that would be used by almost millions of people. I hope you will burn in programming hell. Or even worse...
I'm glad I'm having a car and don't have to use that security black hole.16 -
Can't ssh to my vps at work; hello new hobby project!
(server hosted on vps, http request -> shell -> http response)
Next up is supporting an interactive shell18 -
Spent most of the day debugging issues with a new release. Logging tool was saying we were getting HTTP 400’s and 500’s from the backend. Couldn’t figure it out.
Eventually found the backend sometimes sends down successful responses but with statusCode 500 for no reason what so ever. Got so annoyed ... but said the 400’s must be us so can’t blame them for everything.
Turns out backend also sometimes does the opposite. Sends down errors with HTTP 200’s. A junior app Dev was apparently so annoyed that backend wouldn’t fix it, that he wrote code to parse the response, if it contained an error, re-wrote the statusCode to 400 and then passed the response up to the next layer. He never documented it before he left.
Saving the best part for last. Backend says their code is fine, it must be one of the other layers (load balancers, proxies etc) managed by one of the other teams in the company ... we didn’t contact any of these teams, no no no, that would require effort. No we’ve just blamed them privately and that’s that.
#successfulRelease4 -
Boss comes in and gives me some js code for syncing data (he hacked it together the other day, really messy with like 5 callback lamdas stacked into each other)
Boss: Make it faster and more reliable and add some progress indicator
So i look at the code and he literally pulls all the data as one json (20+ MiB). Server needs multiple minutes to generate the response (lots of querys), sometimes even causing timeouts....
So i do what everyone would do and clean up the code, split the request into multiple ones, only fetching the necessary data and send the code back to my boss.
He comes in and asks me what all this complexity is about. And why i need 5 functions to do what he did in one. (He didn't -.-). He says he only told me to "make it faster and show progress" not "to split everything up".
So I ask him how he wants to do this over HTTP with just one request...
His response: "I don't care make it work!".
Sometimes i hate my job -.-11 -
Senior colleagues insisting on ALWAYS returning HTTP status 200 and sticking any error codes in the contained JSON response instead of using 4×× or 5×× statuses.
Bad input? Failed connections? Missing authorization? Doesn't matter, you get an OK. Wanna know if the request actually succeeded? Fuck you, parse potential kilobytes of JSON to get to the error code!
Am I the asshole or is that defeating the purpose of a status code?!15 -
The solution for this one isn't nearly as amusing as the journey.
I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.
They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.
Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.
The brilliant Infosys resources had a bright idea to solve this problem:
- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5
A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.
Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.
So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.
While they're all grandstanding and pontificating, I fire up visual studio and:
- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database
All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.
According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.
#TheValueOfEngineers2 -
Me: *opens up a test script*
> only http response code is checked
Me: hey, coleague from qa, why didn't you also write response body checks?
Col: I had then implemented but removed them later.
Me: ?? Why??
Col: because tests were failing
Crickets: *chirp chirp* .... *awkward pause* [in high pitched crickety voice] what the fuck?!?!3 -
Okay, story time.
Back during 2016, I decided to do a little experiment to test the viability of multithreading in a JavaScript server stack, and I'm not talking about the Node.js way of queuing I/O on background threads, or about WebWorkers that box and convert your arguments to JSON and back during a simple call across two JS contexts.
I'm talking about JavaScript code running concurrently on all cores. I'm talking about replacing the god-awful single-threaded event loop of ECMAScript – the biggest bottleneck in software history – with an honest-to-god, lock-free thread-pool scheduler that executes JS code in parallel, on all cores.
I'm talking about concurrent access to shared mutable state – a big, rightfully-hated mess when done badly – in JavaScript.
This rant is about the many mistakes I made at the time, specifically the biggest – but not the first – of which: publishing some preliminary results very early on.
Every time I showed my work to a JavaScript developer, I'd get negative feedback. Like, unjustified hatred and immediate denial, or outright rejection of the entire concept. Some were even adamantly trying to discourage me from this project.
So I posted a sarcastic question to the Software Engineering Stack Exchange, which was originally worded differently to reflect my frustration, but was later edited by mods to be more serious.
You can see the responses for yourself here: https://goo.gl/poHKpK
Most of the serious answers were along the lines of "multithreading is hard". The top voted response started with this statement: "1) Multithreading is extremely hard, and unfortunately the way you've presented this idea so far implies you're severely underestimating how hard it is."
While I'll admit that my presentation was initially lacking, I later made an entire page to explain the synchronisation mechanism in place, and you can read more about it here, if you're interested:
http://nexusjs.com/architecture/
But what really shocked me was that I had never understood the mindset that all the naysayers adopted until I read that response.
Because the bottom-line of that entire response is an argument: an argument against change.
The average JavaScript developer doesn't want a multithreaded server platform for JavaScript because it means a change of the status quo.
And this is exactly why I started this project. I wanted a highly performant JavaScript platform for servers that's more suitable for real-time applications like transcoding, video streaming, and machine learning.
Nexus does not and will not hold your hand. It will not repeat Node's mistakes and give you nice ways to shoot yourself in the foot later, like `process.on('uncaughtException', ...)` for a catch-all global error handling solution.
No, an uncaught exception will be dealt with like any other self-respecting language: by not ignoring the problem and pretending it doesn't exist. If you write bad code, your program will crash, and you can't rectify a bug in your code by ignoring its presence entirely and using duct tape to scrape something together.
Back on the topic of multithreading, though. Multithreading is known to be hard, that's true. But how do you deal with a difficult solution? You simplify it and break it down, not just disregard it completely; because multithreading has its great advantages, too.
Like, how about we talk performance?
How about distributed algorithms that don't waste 40% of their computing power on agent communication and pointless overhead (like the serialisation/deserialisation of messages across the execution boundary for every single call)?
How about vertical scaling without forking the entire address space (and thus multiplying your application's memory consumption by the number of cores you wish to use)?
How about utilising logical CPUs to the fullest extent, and allowing them to execute JavaScript? Something that isn't even possible with the current model implemented by Node?
Some will say that the performance gains aren't worth the risk. That the possibility of race conditions and deadlocks aren't worth it.
That's the point of cooperative multithreading. It is a way to smartly work around these issues.
If you use promises, they will execute in parallel, to the best of the scheduler's abilities, and if you chain them then they will run consecutively as planned according to their dependency graph.
If your code doesn't access global variables or shared closure variables, or your promises only deal with their provided inputs without side-effects, then no contention will *ever* occur.
If you only read and never modify globals, no contention will ever occur.
Are you seeing the same trend I'm seeing?
Good JavaScript programming practices miraculously coincide with the best practices of thread-safety.
When someone says we shouldn't use multithreading because it's hard, do you know what I like to say to that?
"To multithread, you need a pair."18 -
I raise my middle finger:
- to the past developers of this 4 year old piece of garbage project that we are maintaining, who thought that using StringBuffers to construct html documents as a Http response as a good idea
- to the bosses and managers, who keeps on giving unreasonable deadlines yet passes accountability to others.
I gave you all a Linus Torvalds style fuck you!!
That is it, I decided to resign -
Recap: https://www.devrant.io/rants/878300
I was out Thursday at the Hospital. I'm what the doctors would call "Ill as fuck"
So, Friday I’m back in the office to the usual: "How was that appointment?"
I know people mean well when they ask this. So, I do the polite thing and tell them it went as well as it could.
Realistically it does't matter how well it went... They haven't cured Crohn's because I showed up to the appointment. They know I'm fucked already.
But, push it down, add it to the future aneurism.
I had to go through the usual resignation meetings with managers:
"We"re fucked now you're going"
"yep"
"we need to get a handle on how fucked"
"already done that for you, here"s a trello board, very fucked."
"we need to put a plan together to drop all the junior devs in the shit with the work you’ve been doing"
"You need about 4 devs, please refer to the previous trello board for your plan"
Meanwhile, me and Morpheus are in constant communication because all of this is like a Shakespearean comedy.
So, I overhear a conversation between a Junior Dev and the Solution Architect.
[SA] took over the project because he knows better than two tried and tested senior devs -_- (fuckwit).
JD: "It took me one and a half days to build it out"
SA: "Yeah, it must have taken me twice as long... It must be a problem with the project, you should just be able to check it out and run it."
JD: "I know, it has to be wrong"
All of this is about Morpheus' work of art, of an Ionic 3 hybrid app.
I fumed quietly at my desk because I've been ordered by the Stazi to be hands off.
Since Morpheus and me were pulled from the project [JD] and [JD2] were dropped into it to get it over the line.
It"s unfortunate and I was clear and honest with my advice to them: I personally would not take over the project because I"d be way out of my depth... Oh, and the App works, so uh, there's no work to do.
They have been constantly at our desks. Asking fuckdiculous questions about how to perform basic tasks. So they can get Morpheus" frigging masterpiece to the user.
It"s like watching that touch up of jesus that got borked by an amateur. Shit I have google, it's like watching this happen: http://ti.me/NnNSAb
[JD] came to me Friday evening.
"I can’t get this to build to iOS or install on [Test Analyst]'s phone."
Me: "No worries brother, where are you stuck right now?"
[JD] describes the first steps with clear indication he hasn't googled his problem.
Life lesson: http://lmgtfy.com/?q=lmgtfy
Que an hour of me showing [JD] how to build an Ion3 project for iOS. Fuck it, your man's in a bind and he"s asked politely for help. I can show him quicker than he can read 3 sets of docos.
I took him through 'ionic cordova build ios', the archive and release processes in XCode 9, then the apk bundling process for droid. Finally we have an MAM so the upload process for that too.
All the while cleaning up his AppIDs, Profiles, deployment attempts.
Damn they were a mess.
I did this with a smile on my face, not because I could say "I told you so"... But. because when any developer asks you how to do something. If you know how to do it, you should always be happy to learn them some new tricks!
Dude's alright, he's been dropped in the shit. Now I know how badly so I'll help him learn things that are useful to his role, but aren't project specific.
As a plausi-senior dev (I'll tell you about that later); it's my job to make sure my team have what they need to go home smiling!
I’m not a hateful fucker, the guy asked me an honest question so I am happy to give him the honest answer.
I took him through it a few times and explained a few best practices. Most were how to do his AppID and ProvProfile set up. Good lad, took it all on board.
However! In his frustration, he pointed the finger at Morpheus' "David" (ref: Michelangelo).
He miraculously morphed into a shiny colourful parrot and fed me SA's line:
"you should just be able to build from a clean clone"
My response was calm and clear:
"You can, it took me 20 minutes on Thursday evening. I was bored and curios, so I wanted to validate Morpheus' work. Here it is on my iOS device and my Android device. It would have taken me 5 if my laptop wasn’t so horrifically out of date."
I validated Morpheus' work so I have evidence, I trust that brilliant bastard.
I just need to be able to prove it's good.
[JD] took this on board.
Maybe listening to two tried and trusted senior devs is better than listening to a headstrong Solution Architect.
When JD left for the weekend I was working a late one (https://www.devrant.io/rants/874765).
His sign off was beautiful.
"I think I can happily admit defeat on this one, it can wait until Monday."
To which I replied: "no worries brother, if you need a hand give me a shout."
Rule 1: Don't be a cunt.
Rule 2: If someone needs help and you can give it: Give it!
Rule 3: Don't interrupt James' cigarette time.
Rule 4: goto Rule 3.rant day 3 jct resigns crohns resignation solution architect wk71 invisible illness fuckwit illness junior developer4 -
I'm thinking about doing a live coding stream on twitch this saturday, late afternoon or evening (CET).
I've never done a live stream before.
Do you have any suggestions or interests?
I'm thinking about something like a small RESTful API with Angular4/TypeScript (frontend, single page application) and CraftCMS/PHP (backend) with somebasic theory about HTTP requests / response, redirecting, data transfer and interfaces et cetera...
The duration will be around 2-4 hours, maybe longer if I have enough Mate & Beer.
But it's all just an idea at the moment. 😉
I will create an empty project for the stream on my Github and push to it during streaming, so you can pull it live or later.17 -
That's actually something that happened fairly recently.. just that I didn't have the energy left at the time to write it down. That, or I got my ass too drunk to properly write anything.. not sure actually.
So on paper I'm unemployed, but I do spend some time still on pretty much voluntary work for HackingVision, along with a handful of other people.
At the time, we were just doing the usual chit-chat in the admin channel, me still sick in my bed (actually that means that I wasn't drunk but really tired for once.. amazing!) and catching up to what happened, but unable to do any useful work in this sick state. So, tablet, typing on glass, right. I didn't have any keyboard attached at the time.
One of the staff members (a wanketeer from India) apparently had an assignment in a few hours for which he needed to write a server application in Java. Now, performance issues aside, I figured.. well I've got quite a bit of experience with servers, as well as some with client-server protocols. So I got thinking.. mail servers, way too overengineered. Web servers.. well that could work, I've done some basic netcat webservers that just sent an HTTP 200 OK and the file, those worked fine.. although super basic of course. And then there's IRC, which I've actually talked to an InspIRCd server through telnet before (which by the way is pretty much the only thing that telnet is still useful for, something that was never its purpose, lol) and realized that that protocol is actually quite easy to develop around. That's why I like it so much over modern chat protocols like XMPP, MQTT and whatnot. So I recommended that he'd write a little IRC server in Java. Or even just a chatbot like I attempted to at the time, considering that that's - with a stretch of course - a sort-of server too.
His fucking response however, so goddamn fucking infuriating. "If the protocol is so easy, then please write me down how to implement it in Java."
Essentially do his fucking work for him. I don't know Java, but as a fucking HackingVision admin, YOU SHOULD FUCKING KNOW THAT HACKERS CAN'T STAND LAZY CUNTS THAT CAN'T EVEN BE ASSED TO GOOGLE SHIT!!! If I wanted to deal with cunts like that, I'd have opened the page inbox with all its Fb h4xx0ring questions, not the fucking admin chat!
And type it on a goddamn fucking piece of glass, while fucking sick?! Get your ass fucked by a bobs and vegana horny fuck from the untouchable caste, because that's where you fucking belong for expecting THAT from me, you fucking bhenchod.
But at least I didn't get my ass enraged like that to say that to him in the admin chat. Although that probably wouldn't have been a bad thing, to get his feet right back on the ground again.1 -
Just debugged an angularjs app for 2 hours to find out that I spelled "response" "reponse" as an http get request success callback function argument. I hate my life.5
-
Finally got my nginx config to work properly (it shouldn't work but it does so I'm not fucking touching it).
Request with curl: check, right http code and getting data back properly.
Request with any browser (with and without incognito): right http code, AND ONLY SEEING DATA WHEN I ECHO ANYTHING BEFORE SENDING THE RESPONSE WITH PHP. When I don't echo whatever before sending the response, the browser doesn't see the data but DOES see the http status code.
HOW?!20 -
"I'm almost done, I'll just need to add tests!"
Booom! You did it, that was a nuke going off in my head.
No, you shouldn't just need to add tests. The tests should have been written from the get go! You most likely won't cover all the cases. You won't know if adding the tests will break your feature, as you had none, as you refactor your untested mess in order to make your code testable.
When reading your mess of a test case and the painful mocking process you went through, I silently cry out into the void: "Why oh why!? All of this suffering could have been avoided!"
Since most of the time, your mocking pain boils down to not understanding what your "unit" in your "unit test" should be.
So let it be said:
- If you want to build a parser for an XML file, then just write a function / class whose *only* purpose is: parse the XML file, return a value object. That's it. Nothing more, nothing less.
- If you want to build a parser for an XML file, it MUST NOT: download a zip, extract that zip, merge all those files to one big file, parse that big file, talk to some other random APIs as a side-effect, and then return a value object.
Because then you suddenly have to mock away a http service and deal with zip files in your test cases.
The http util of your programming language will most likely work. Your unzip library will most likely work. So just assume it working. There are valid use cases where you want to make sure you acutally send a request and get a response, yet I am talking unit test here only.
In the scope of a class, keep the public methods to a reasonable minimum. As for each public method you shall at least create one test case. If you ever have the feeling "I want to test that private method" replace that statement in your head with: "I should extract that functionality to a new class where that method public. I then can create a unit test case a for that." That new service then becomes a dependency in your current service. Problem solved.
Also, mocking away dependencies should a simple process. If your mocking process fills half the screen, your test setup is overly complicated and your class is doing too much.
That's why I currently dig functional programming so much. When you build pure functions without side effects, unit tests are easy to write. Yet you can apply pure functions to OOP as well (to a degree). Embrace immutability.
Sidenote:
It's really not helpful that a lot of developers don't understand the difference between unit, functional acceptance, integration testing. Then they wonder why they can't test something easily, write overly complex test cases, until someone points out to them: No, in the scope of unit tests, we don't need to test our persistance layer. We just assume that it works. We should only test our businsess logic. You know: "Assuming that I get that response from the database, I expect that to happen." You don't need a test db, make a real query against that, in order to test that. (That still is a valid thing to do. Yet not in the scope of unit tests.)rant developer unit test test testing fp oop writing tests get your shit together unit testing unit tests8 -
Watch out for these fucking bug bounty idiots.
Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.
Might be useful for some people but not so much for me.
It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.
It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.
I had another one recently though that was a total disgrace.
"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."
It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.
The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.
In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.
It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.
It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.
These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.
The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.4 -
Hahaha guys I got the HTTP response codes tattooed on my arm so I don't forget them! Aren't I fun and quirky? I'm such a code nerd, oh thanks for the likes, Twitter! Wowowowow i am just SO FUN. Look at my nerdy tattoo!!10
-
This stupid crap is pissing me off.
I write a quick blob of code that performs an http request with custom headers and writes the response to a file. easy squeezy. Everything works.
I abstract it into a class and add request building and stages (enjoayble!), and have one method make the response, read its body, and write to a file. I literally copy/pasted most of my existing code into the method and indented it. The only changes were updating var names to instance vars.
But now? It's complaining something is trying to read the request body twice, and it's throwing a fit. What? How? You were just working!
asfklasjdf;l8 -
Me: please return http code 202 in your http service.
My collegue: ok.
After one hour...
Me: you are returning 200, I told you 202. Let me see the code:
OMFG she was writing the string "202" in the response body!!!
I do not know how to escape from all of this shit.1 -
Inmates are trying to take over the asylum again.
Got a message from the web team manager deeply concerned because since switching to the new logging framework, the site is significantly slower.
She provided no proof or any data to what 'significantly slower' means.
#1 The 'new logging' has been in place and logging for 5 years. We only recently depreciated the ILogger interface ('new' ILogger interface only has 1 method instead of 5)
#2 The 'old logging' was modified 5 years ago, so even if you were using the 'old' interface, the underlying implementation is still the same.
She tried to push the 'it wasn't this slow before' argument, so I decided to do some fact based analysis.
Knowing they deployed their logging changes couple of weeks ago, I opened up AppDynamics, looked at the average call time to Splunk (along with a few other http calls they are doing)
- caching services - 5ms
- splunk - 30ms
- Order Service - 350ms
- Product Data Service -525ms
Then I look at the data they are logging, for the month of June, over 5 million messages. At 30ms each, that's almost 42 hours spent logging errors...yes errors. Null reference exceptions, Argument exceptions, easily fixable stuff.
So far for the month of July (using the 'new' logging), almost 2.5 million errors. Pretty close so far with June's numbers.
My only suggestion was to fix the bugs in their code so they don't log so many errors.
Her response.."Can we have one of our developers review your logging code? We believe we can find ways to optimize the http requests"
Oh good Lord. I'm not a drinking man..but ...I might start.1 -
Right, I've been here before.
Our app requires an internet connection, and one of our clients wants to roll it out on a strictly managed network.
We told them which addresses our app communicates with and their network team opened them up for traffic. Should work, right?
Nope, doesn't work.
So I request them to use Fiddler to do some debugging of the network traffic, and lo and behold, it does work when Fiddler is active.
One important detail is that Fiddler uses it's own SSL certificate to debug HTTPS communications. I've had moments where expired certificates were the cause of things not working and running Fiddler "fixes" this because of their own certificate.
So I point this out in numerous mails to their network team, every time I get a response saying "nah, that can't be it".
I keep insisting "I have had this before, please check if any installed Root CA Certificates is expired"
At this point I'm certain they have updates turned off on these machines, and their certificates must not have been updated for a long time.
At one point they come back to me. "Hey, when Fiddler is off, WireShark shows the app communicating with ICMP calls, but when it's on it shows HTTP calls instead".
...YOU'RE THE SUPPOSED NETWORK EXPERTS?! You think data can be send via ICMP? Do you even know what ICMP is? Of course you'll see ICMP calls when the network is rejecting the packages instead of HTTP calls when everything's fine.
(ICMP is used to communicate errors)
I'm trying to keep my patience with these guys until they find exactly what's wrong because even I am somewhat grasping at straws right now. But things like this makes me doubt their expertise...6 -
The company I am currently working for is partnering with another startup. Nothing special about that. We should integrate their API into our system. I wasn't involved in the process when it came to checking there API and if it would work with our Systems. The Person who did that already left the company so I was left behind with some internal documentation. In that Documentation is already written that API is basically trash....
After I started integrating the API I found more and more flaws in the design. They are not sending any responses that would help, when a param is missing or the authentication isn't correct, only 500's . I got some documentation from the partner company so i thought it will be fine as long as the Documentation would be accurate. Turns out the documentation isn't even close to be up to date. Wrong content types wrong endpoints, wrong naming. Basically we could not work with that. We shortly contacted the partner Company. After a few WEEKS we got a response that they updated the Documentation what was right but still not everything was correct. At this point I lost my mind. I researched a little bit about them, the company is founded from 2 young people who basically came strait out of the University and doest have any experience or idea how to build an API. I investigated a little bit there websites.
They have an Admin panel on the base domain from their API but it is only accessible via HTTP. Like WTF , They use HTTP for an Admin Panel this must be a joke right?
They use Cloudflare without a HTTP to HTTPS redirection ???
I really had not that much time to research in there website but if I find these things in 5 minutes I don't want to know what I can find in like an hour.
At the end we will still use them as partners because surprise surprise our company already sold the product that uses their API.
I know that I will be the person who has to help fixing this shit when it breaks and it will break 1000% JUST FUCK THIS SHIT. FUCK THE PARTNER COMPANY. FUCK THERE API.2 -
"200 Internal Server Error"
Yep, I did that. Because the lousy crapheads I work with were too lazy to handle any other HTTP status so anything else breaks the whole thing. And it's a pain to roll out another release of their part of the backend so "this isn't a priority". Also, they don't feel the need to check the JSON body of the response for the "status":"ok"/"fail" because what could ever go wrong, right? I effectively have no way of conveying to them that there was an error on this end of the API so they show success toast on the frontend irrespective of what really happened.6 -
Story time
I really love helping and teaching others about code. Recently I had a friend that wanted to get into web development. Being me, I told him that i would teach him all he wants but that he needs to do some research first to show me that he feels comfortable with as a minimum requirement. I told him to research the minimum technologies required to build a web page and to tell me about the request response cycle and stuff like that. When he came back I was expecting small explanations such as "html stands for bla bla and is used for bla bla".No. this dude comes back all proud to tell me about flipping Laravel. I sit there quietly listening to him go on about the "Laravel programming language". He likes anime, I like kendo (and have trained in it) so while he is talking I slowly move us into the part of my office where I keep my boken (wodden sword). As soon as he sees me sitting down with the sword he asks what am i doing with it.
"Well, remember when in some anime that you like you see teachers beating their studets over stupid shit?"
"What?"
..."WHAT DOES HTTP STANDS FOR?"
"The...the err the web language that.. er"
BOINK
"what is javascript?"
"Like the updates thing?"
HARDER BOINK
:) guarantee he wont forget what http is after that and what js and Laravel are from now on :) needless to say he will continue learning with much more care.
Coding dojo for real mofockas, ya dig?3 -
So at the moment I'm developing a RESTful API for an internal project at work and I'm starting to learn and understand about HTTP status codes.
So I started incorporating proper response HTTP status etc, but my co-workers don't understand what any of it means. They think that just sending a JSON response is enough with any messages should be enough. I think this mindset stems from people who just do simple AJAX calls in JavaScript just to get or store data.
It's these kind of developers that I find are lazy or have no motivation to improve themselves, which is disappointing.5 -
I made a functional parsing layer for an API that cleans http body json. The functions return insights about the received object and the result of the parse attempt. Then I wrote validation in the controller to determine if we will reject or accept. If we reject, parse and validation information is included on the error response so that the API consumer knows exactly why it was rejected. The code was super simple to read and maintain.
I demoed to the team and there was one hold out that couldn’t understand my decision to separate parse and validate. He decided to rewrite the two layers plus both the controller and service into one spaghetti layer. The team lead avoided conflict at all cost and told me that even though it was far worse code to “give him this”. We still struggle with the spaghetti code he wrote to this day.
When sugar-coating someone’s engineering inadequacies is more important than good engineering I think about quitting. He was literally the only one on the team that didn’t get it.2 -
Boss: "So I'm taking the next week off. In the mean time, I added some stuff for you to do on Gitlab, we'd need you to pull this Docker image, run it, setup the minimal requirement and play with it until you understand what it does."
Me: "K boss, sounds fun!" (no irony here)
First day: Unable to login to the remote repository. Also, I was given a dude's name to contact if I had troubles, the dude didn't answer his email.
2nd day: The dude aswered! Also, I realized that I couldn't reach the repository because the ISP for whom I work blocks everything within specific ports, and the url I had to reach was ":5443". Yay. However, I still can't login to the repo nor pull the image, the connection gets closed.
3rd day (today): A colleague suggested that I removed myself off the ISP's network and use my 4G or something. And it worked! Finally!! Now all I need to do is to set that token they gave me, set a first user, a first password and... get a 400 HTTP response. Fuck. FUCK. FUUUUUUUUUUUUUUUUUUUCK!!!
These fuckers display a 401 error, while returning a 400 error in the console log!! And the errors says what? "Request failed with status code 401" YES THANK YOU, THIS IS SO HELPFUL! Like fuck yea, I know exactly how t fix this, except that I don't because y'all fuckers don't give any detail on what could be the problem!
4th day (tomorrow): I'm gonna barbecue these sons of a bitch
(bottom note: the dude that answered is actually really cool, I won't barbecue him)5 -
Just found this HTTP response.
Status Code:
200 - OK
Body:
{
status: "success",
response:
{
status: "error",
}
}15 -
> Hi xx team, we are getting 500 errors from your api. Here's http request and resp.
< hi, we are calling yy team's api http://yy.Com?/api/yyy and it does not respond in 3 minutes, so we treat this as an esockettimeout. Please reach out to yy team
> hi yy team, can you assist us?
< hi, please provide request, url and response you're getting from us
> yy, all this info is in this very mailtrail
< hi, I cannot see request nor response anywhere
> [screenshot w/ highlighted "http://yy.Com?/api/yyy" and "and it does not respond in 3 minutes". Please read through this email thread, it has all the info
< hi, I need request and response to investigate this issue. Esockettimeout is not our error
<wtf are you smoking???>7 -
Sorry for the excess of blury.
Coworker thinks running a query on a console is a way to proof all use-cases.
Good lord I'm still surprised at how many bugs I can spot just by overlooking his code.
I mean, what is a MVC?!!SHIFT+1!!!?
Routing is just a file importing a 5000 liner controller that is actually not a controller for it handles http attributes and sends the response themselves.
Models are just good guesses of queries or a shit load of them: see picture attached
HALP5 -
I really hate it when I try to be careful with disclosing information of my employer in a rant on Reddit but the CTO who fires me go there and replies in full detail in an attempt to shame you. http://archive.is/sfP00
Because I have bigger balls (or a small brain, depending how you see it) I'll leave the post on but with my response to his comment on my thread as anybody may dig my Reddit account before hiring me for a job.
And yes, he is the same guy I refer in this past rant https://devrant.com/rants/1089376/...
It fucking sucks that the CTO will sleep safe and sound and I can't do much than looking for another job and contribute to FLOSS projects while I build new stuff to improve my skills all this while money is running out. I'm glad I'm living with my parents after this shit hit the fan, less stuff to worry about, but this is not life.13 -
I just got pissed off when someone on my team asked me how to start a web server on port 8080 (needed for network port testing)
I check the port get 404. 🤔🤔🤔
Spend half an hour explaining to them about ports and how there's already a week server running... And that 404 is a HTTP Status code.
I'm pretty sure she works on our webapp and maybe even REST APIs...
New grad but still.... Not recognizing a 404?
Maybe those pretty 404 pages these days make the realizing that it's a fucking web server error response harder....1 -
I don't know what you did yesterday, but i did make my company throw away 2 months of progress.
It all started in the beginning, since that i've made numerous complaints about the workflow or code and how to improve it. I've been told off every time, and every time i either told the boss who agreed in the end or wrote code to prove myself. Everything was a hassle and my tasks weren't better.
Team lead: you'll do X now, please do that by making Y.
Me: but Y is insecure, we should do Z.
Team lead: please do Y
Later it turns out Y is impossible and we do Z in the end...
Team lead: please do W now
Me, a few days later: i've tried and their server doesn't give http cors headers, doing W in the browser is impossible
Team lead, a few days later: have you made progress on W?
Me: * tells again it's impossible and uploads code to prove it *
Team lead: * no response *
After that i had enough. Technically i still was assigned to do W, but i used my time to look over the application and list all the things wrong with it. We had everything, giant commits, commented out code, unnecessary packages, a new commit introduced packages that crashed npm install on non-macs, angularjs-packages even though we use angular, weird logic, a security bug, all css in one file even though you can use component-specific css files...
I sent that to my boss, telling him to let the backend-guys have a look at it too and we had a meeting about this. I couldn't attend but they agreed with me completely. They decided to throw away what we have already and to let one of the backend-guys supervise our team. I guess there will be another talk with the team lead, but time will tell.
It feels so good having hope to finally escape this hellish development cycle of badly defined task, bad communication and headache-inducing merges. -
I actually never felt the need to scream at a co-worker so let's talk about that time a co-worker screamed at me instead.
tl;dr : some asshole boss screamed and threatened me because someone else's project was shit and didn't work.
Context: I was in my third year of school internship (graded) and my experience is C, C++, C#, Python all in systems programming, no web.
I was working as an intern for a shit company that was selling a shit software to hospitals (though not medically critical, thank God) the only tech guy on site was the DBA (cool guy) the product was maintained by a single dev in VB from his house, the dude never showed up to work (you'll understand why) and an other intern who couldn't dev shit.
I was working with the DBA on an software making statistical analysis from DB exports, worked nice, no problems here if we forget the lack of specs or boundaries (except must work in ieShit).
The other intern was working on something else (don't ask me what it is) I just remember it was in GWT before the community revived it. His webapp was requesting the company http server for a file instead of having one of it's java servlet to fetch it (both apps ran on sane server) which caused a lot of shit especially CORS error. That guy left (end of contract) and leaves his shit as is, boss asked me to deploy the app, I fiddle with it to see if it works and when I find out it doesn't then that asshole starts screaming at me in front of every other employee present, starts threatening to burn me in the tech world and have me thrown out of my school for no goddamn reason than the other dude's project doesn't work.
After the screaming I leave and warn my school immediately.
I guess that's why the other dev never came to work.
I had three weeks of internship left, that I did from home and worked probably less than 2 hours a day so suck it asshole.
Still had a good grade because I was reviewed by the DBA and he was happy with the work I did.
It was only later that I realized that what he did was categorizing as harassment (at least in France) and decided that never again this would happen without a response from my lawyer.1 -
If an http request can't perform the requested operation, should server send 500 error code? Or 200 with status and status message in response?
Isn't 500 used only for unhandled exceptions on server side?11 -
Why do people still use both curl or wget? There's httpie and it's awesome!
http PUT your-host.com header-name:value parameter=value
Profit!
And it formats the response for json without jq. It will just show binary for binary content and you download by adding the download flag.
Yet why is curl still the default!?4 -
!rant
Request for DevRant android app:
Currently when I tap a rant on the feed I am greeted by an empty screen while it is loading all details. Usually I am on a slow mobile connection so this can take quite a while.
My suggestion is to load the rant text (and image) which you already have from the feed view into the newly created single rant view. This way I can already read and inspect the rant while loading the details.
One objection to this might be the truncated rants. However, when I checked the api when developing http://jsRant.com it turned out that the feed response isn't truncated at all. This is a ui thing, meaning that my suggestion could be implemented fully in the app without backend changes.
Please consider this suggestion @dfox or @trogus since it would make the app a lot more user friendly for those with a slow connection.4 -
So let's talk about CNAs, Captive Network Assistants, these downsized browser that open on Smartphones when you try to login to a free wifi which requires you to buy sometging or accept some terms.
I fucking hate them. I'm a web dev which has to deal with these dumbfucks.
Back in the time, there was this dumbfuck who had the idea to capture http requests on network level and response with a redirect to his own landing page. Fuck this guy. Then some dudes had the idea of the CNA as a privacy security feature. A good idea. But also this guys: "hey, let's make them a huge pain to develop for".Fuck them, too. But then came the companies saying: "hey make us a huge SPA with all features we can think of for this fucktard of a browser."
I hate fucking CNAs2 -
SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.
-------------------
Hello [X],
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?
2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:
error=1&message=Authentication+failure....processing+stopped
NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.
Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
-----
This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.2 -
all documentation points to an Invalid auth token being code 400 (ignore the fact that this is a code in the JSON response and not HTTP)
Me: here iz credential. Plz send datas
API: haha fock off and die mate, then credentials you got there aren’t workin’
API: code 998 invalid auth token
Me: *speechless* so that’s why it took me longer than it did to find that error, because YOUR CODE WAS MISSING ALL MY CHECKS FOR CODE 400.
Why can’t people design apis properly.2 -
After hours of development, updated code on server, closed ide, out of habbit oppened browser, went to http://localhost/, just to check how api is responding... No response. Restarted server. No response. 30 minutes of random tests/checks, no result at all. 30 nervous minutes later, realized that server was working fine... it's just me who freaking tried to access it via localhost. ffs 0_0
-
If I had a nickel every time the unit tests failed not because something was wrong in the code, but because someone had messed up the unit test I'd be able to retire early.
I just spent the better part of 10 hours hunting down a bug in some production code only for the test to be wrong because the person who wrote it had mocked the http response incorrectly.
Nothing I did to "fix" the code worked, because nothing was wrong with it...5 -
Me: I need some stickers
Devrant: Give some programming jokes
Me:
#Take as many as you want
import requests
# api-endpoint
URL = "http://devrant.com/jokes/"
# sending get request and saving the response as response object
r = requests.get(url = URL, params = "funnyprogrammingjoke")
# extracting data in json format
Joke = r.json()
# printing the output
print(Joke)5 -
The moment you realize that you have successfully beaten reality with your unit-tests...
There are unit-tests for ...
... the api returning a 408 Http StatusCode when an internal request times out.
... the react app take this status-code and fires an action to display a specific error message for the user.
Every bit of code runs just fine.
Deploy this hell of an app on the server. Dandy Doodle.
Do a smoketest of the new feature.
FAIL!
Chrome starts to crumble during runtime. The api Request freezes.
Firefox takes the 408 api response but fails to interpret it in react app.
So I began to wonder, what the hell is going on.
Actually I recognized that I had the glorious idea to return a clientside error code in a serverside api response.
Glorious stupidity :/
Finally I fixed the whole thingy by returning an 504 (Gateway timeout) instead of 408 (Clientside timeout)
Cheers!2 -
A company I work with are reluctant to change their hosting provider until the end of their hosting term. (Which may be a perfect reason as it's paid for)
The website goes down everyday!!!! Not to forget it's a popular magazine website!
Here are the new relic emails at 1 minute intervals:
- HTTP 500 Response Code
- HTTP 508 Response Code
- NetworkError: Read timed out
- Connect to domain:80 failed: connection timed out -
An asynchronous service in android which sends an Http request to a webpage to store its content every 3 seconds regardless of its response, and runs forever?
What the fuck where you thinking. You just killed my phone!!2 -
Wrote a whole http request script to do direct calls to google woth the whole oauth, which where successfull, and after all this work the request responds with a fuck you, the account does not exists response. Apparently it does not give authorization for service accounts and i will be forced to use the google api request to make this fucking thing work. Fuck google.
-
google pixel 2 vs iphone x fails
recap pixel 2:
- http://pocketnow.com/2017/11/...
- https://neowin.net/news/...
- https://engadget.com/2017/10/...
- https://neowin.net/news/...
recap iphone x:
- https://engadget.com/2017/11/...
- https://engadget.com/2017/11/...
- https://neowin.net/news/...
- https://neowin.net/news/...
- https://neowin.net/news/...
- https://reddit.com/r/iphone/...
- https://macrumors.com/2017/10/...
- http://pocketnow.com/2017/11/...
- http://pocketnow.com/2017/11/... -
I am trying to implement an API. It has a very good documentation, everything is written clear and simple, along with
- HTTP 401 on unauthorized request and
- Error codes from 1-35 with definitions
Opened the provided sample file, changed the username, password and client code fields to our own in the source, then tried the request. The Response:
HTTP 200
{"ErrorCode":-1,"ErrorDescription":"Unauthorized."}
Well, thank you very much! 🤬2 -
Do you guys return 200 when a search function in your API returns a not found and you attach a response in the object saying "success: false", or do you return 404? I'm confused. Thanks.
https://softwareengineering.stackexchange.com/...3 -
Coming from NodeJS, writing APIs with Express, I now do my first steps writing APIs in golang with gin.
Now I know, Express is not the fastest solution out there, but I mean - a good 30ms is alright for non-high-performance backends. And I always thought that's on the faster end of HTTP handling..
..but then I used gin. A GET request doing a MongoDB-write and returning some json. 3ms response time. THREE MILISECONDS. holy fuck. By it's debug logs the actual handling took 540 MICROSECONDS. holy fuck I'm in love.8 -
The documentation of scala akka http may be just gibberish as far as I am concerned. You would think that hooking into the marshalling process (aka de/serialization) would be straight forward, I've dealt with similar problems before and solved it.
I have an object, it should be transformed into a Json and vice versa. Should be easy as pie.
Not with scala and akka-http. The docs tell you how to achieve something in dozen different ways yet lack a complete example. My first custom marshaller I created in a "marshall" package in my! namespace, but it was breaking scala compilation due to some black magic.
It's not clear how when and why marshallers are added, they just somehow are. Why do I have to deal with entity marshallers vs response marshallers. I just want each instance of a certain type to be transformed into a specific Json presentation.
Asking on stackoverflow also only yields in incomplete hints of "just do boargh" presupposing certain knowledge while sounding borderline condescending.
Currently, I just want to burn the project and rebuild it with fucking PHP. Flame all you want, at least I would get things done and the JMS serializer library has decent documentation and it works in an expected way.
Akka-http, combined with Scala, looks from my current rage-driven perspective like a solution worse than the problem. -
I have this system that receives an image on Base64 or the URL (in that case the system makes an HTTP request and saves re response to disk). It works beautiful when I run the tests, it doesn't work at all in production (all the resulting files are corrupted). I don't know how to start to debug it so I'm going to bed and let my future self to resolve the issue.4
-
Why the response to a SOAP request is a HTTP error?
It took me half an hour to find the reason of an empty response.1 -
Now why would you set Content-type application/json as a response header if your response is plaintext? 🤔
Have people no respect for http headers anymore?2 -
I challenge you to start a process from php.
The following criteria must be fulfilled:
- php-fpm
- the process is started on http request by user
- the response does not wait for the process to be finished
- the process must finish, possibly after the response reached the user
- the running process does not block a fpm thread/worker from handling further requests
Simple, right?8 -
Okay so.
I have a docker instance with 2 running apps. Normally one of them is just a proxy to the other one, so a http req to app0 is redirected to app1 and the same with response.
This works perfectly on bare machine, i can just rewrite the ip in the config file and it works. Now my boss decided that yeah docker is absolutely needed for this software so i have to containerize it.
Thing is docker seems to break local ips? I cant use localhost/, nor assigned ip. Is there a way i can debug this, or what should i look up??? Im lost, this is devops afaik and im far from devops.2 -
I know some of y'all will judge the fuck outa me
But I had a "I've no idea how this works, but it works" moment today on a pet-project...
It's so inefficiently made coz I was frustrated by it failing so thought il let it work first then worry about shrink-wrapping the logic
Yet with NO-CACHE, from DB -> Service/API -> HTTP response, is just 350ms...
WITH In-memory Cache it goes down to 40-50ms...1 -
I tried to post a comment to someone's post and without UI feedback I get the API response in the HTTP request: "Comment not valid". This isn't enough information for me to troubleshoot what is a valid comment.4
-
I'm teaching a couple of classes where students (~18 years old) work on their own projects. I just deleted two of those from my machine: one Angular and one Spring Boot, but just boilerplate. Together, they were about 500 MB. I spent 2-3 hours working on a little Go tool to make concurrent HTTP requests and to report statistics on the response time. The entire repository is roughly 500 kB in size, but solves a genuine problem. My students have a bloat ratio of 1000 compared to me as a baseline, but my stuff actually does things. Today, I programmed prime factorization in PHP for some load tests (mod_php vs. PHP-FPM). The PHP script is 1148 bytes long (but the file system reports 4 kB). My students could learn more from such a script than from their overblown "projects", but "PHP sucks" I hearsay, so let's bloat on.12
-
What is a RESTful API? I didn't come from the web world, and to me every HTTP response with some json as content is RESTful, is that the idea?3
-
Hi
maybe a stupid question :) I have two Django apps, I need one of them to use the functions of the other one without importing them. as if I am requesting them using API, is there a way I can get an instance of a function and use it, I don't want to do the following:
response = requests.get('HTTP://URL/example/', data)
data = response.json()
I want instead to do something like this
function = requests.get('HTTP://URL/example/')
and execute the function as follows
data = function()
thanks4 -
I was given a perl script to help change ubnt airos devices passwords from the command line. I was give no instructions on how to use it and I am not use to working with perl If anyone can give me some help I would really appreciate it. Here is the code.
#!/usr/bin/perluse
FindBin qw($Bin $Script);
use WWW::Mechanize;
die "Syntax: $Script ...Changes the password on 1 or more AirOS units." unless @ARGV >= 6;
my $user = shift @ARGV;
my $op = shift @ARGV;
my $np = shift @ARGV;
my $rouser = shift @ARGV;
my $ropass = shift @ARGV;
my @addresses = @ARGV;
open L, ">>$Bin/$Script.log" or die "Unable to write to $Bin.log: $!";
sub l {
print STDERR @_;
print L @_;
}
for my $a (@addresses) {
l "Changing password on $a\n";
my $mech = WWW::Mechanize->new();
my $entry;
my $start = "http://$a/login.cgi?uri=/system.cgi";
$mech->get($start);
$mech->field('username',$user);
$mech->field('password',$op);
$response = $mech->submit();
# to get login cookie
if (!$response->is_success) {
l $response->status_line, "\n";
}
$mech->get(qq|http://$a/system.cgi|);
$mech->field('NewPassword',$np);
$mech->field('NewPassword2',$np);
$mech->field('OldPassword',$op);
$mech->field('ro_status', "enabled");
$mech->field('rousername', $rouser);
$mech->field('roPassword', $ropass);
$mech->field('hasRoPassword', "true");
$mech->click_button(name => "change");
$response = $mech->submit();
if (!$response->is_success) {
l $response->status_line, "\n";
}
$response = $mech->get(qq|http://$a/apply.cgi|);
if (!$response->is_success) {
l $response->status_line, "\n";
}
}close L;
exit 0;8