Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 204 No Content
Me: 200 OK
Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 413 Payload Too Large
Me: 102 Processing
Me: 200 OK
Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 444 Connection Closed Without Response
Me: 200 OK
Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 444 Connection Closed Without Response
Me: 429 Too Many Requests
Me: GET /sleep
Baby: 307 Temporary Redirect
Me: 101 Switching Protocols
Me: 408 Request Timeout
GF: 102 Processing
Me: GET /sleep
Sleep: 404 Not Found
Me: 406 Not Acceptable
(Morning)
Me: 501 Not Implemented19 -
Me: We should change the http response code to anything but 200 OK in the error response case of our API.
Other dev: No, it's fine.
Me: Why?
Other dev: The client successfully receives an error message.
Me: ┻━┻ ︵ヽ(`Д´)ノ︵ ┻━┻15 -
Its that time of the morning again where I get nothing done and moan about the past ... thats right its practiseSafeHex's most incompetent co-worker!!!
Today I'd like to tell you the story of "i". Interesting about "I" is that he was actually a colleague of yesterdays nominee "G" (and was present at the "java interface" video call, and agreed with G!): https://devrant.com/rants/1152317/...
"I" was the spearhead of a project to end all projects in that company. It was suppose to be a cross-platform thing but ended up only working for iOS. It was actually quite similar to this: https://jasonette.com/ (so similar i'm convinced G / I were part of this but I can't find their github ID's in it).
To briefly explain the above + what they built ... this is the worst piece of shit you can imagine ... and thats a pretty strong statement looking back at the rest of this series so far!
"I" thought this would solve all of our problems of having to build similar-ish apps for multiple customers by letting us re-use more code / UI across apps. His main solution, was every developers favourite part of writing code. I mean how often do you sit back and say:
"God damn I wish more of this development revolved around passing strings back and forth. Screw autocomplete, enums and typed classes / variables, I want more code / variables inside strings in this library!"
Yes thats right, the main part of this bullshittery was putting your entire app, into JSON, into a string and downloading it over http ... what could possibly go wrong!
Some of my issues were:
- Everything was a string, meaning we had no autocomplete. Every type and property had to be remembered and spelled perfectly.
- Everything was a string so we had no way to cmd + click / ctrl + click something to see somethings definition.
- Everything was a string so any business logic methods had to be remembered, all possible overloaded versions, no hints at param types no nothing.
- There was no specific tooling for any of this, it was literally open up xcode, create a json file and start writing strings.
- We couldn't use any of the native UI builders ... cause strings!
- We couldn't use any of the native UI layout constructs and we had to use these god awful custom layout managers, with a weird CSS feel to them.
What angered me a lot was their insistence that "You can download a new app over http and it will update instantly" ... except you can't because you can't download new business logic only UI. So its a new app, but must do 100% exactly the same thing as before.
His other achievements include:
- Deciding he didn't like apple's viewController and navigationBar classes and built his own, which was great when iOS 7 was released (changed the UI to allow drawing under the status bar) and we had no access to any of apples new code or methods, meaning everything had to be re-built from scratch.
- On my first week, my manager noticed he fucked up the login error handling on the app I was taking over. He noticed this as I was about to leave for the evening. I stayed so we could call him (he was in an earlier timezone). Rather than deal with his fucked up, he convinced the manager it would be a "great learning experience" for me to do it ... and stay in late ... while he goes home early.
- He once argued with me in front of the CEO, that his frankenstein cross-platform stuff was the right choice and that my way of using apples storyboards (and well thought out code) wasn't appropriate. So I challenged him to prove it, we got 2 clients who needed similar apps, we each did it our own way. He went 8 man weeks over, I came in 2 days under and his got slated in the app store for poor performance / issues. #result.
But rather than let it die he practically sucked off the CEO to let him improve the cross platform tooling instead.
... in that office you couldn't swing a cat without hitting a retard.
Having had to spend a lot more time working with him and more closely than most of the other nominees, at a minimum "I" is on the top of my list for needing a good punch in the face. Not for being an idiot (which he is), not for ruining so much (which he did), but for just being such an arrogant bastard about it all, despite constant failure.
Will "I" make it to most incompetent? Theres some pretty stiff competition so far
Tune in later for more practiceSafeHex's most incompetent co-worker!!!6 -
RE: Why I punched Dave
In my defense to the accusation against me punching back end developer dave in the face, look at the following response:
HTTP 1.1
status: 200
mesaage: OK
body: {
"success": "false",
"message": "error"
}11 -
Business idea: panties with HTTP status codes printed on them.
451 for our underaged customers - unavailable for legal reasons
411 to crush a man's self esteem - Length required
429 for girls with stalkers - too many requests
402 for our professional customers - payment required
And, of course, 202 - Accepted22 -
Just found this gem on Twitters API...
When your app gets too excited they return status code 420 to tell you to chill! 😂😂😂
Fyi : For the non web-devs out there 420 is an invalid http code.
5 -
So Twitter apparently used http status code "420 - Enhance your calm" to notify the client that it was sending too many requests (basically chill the **** out). Note the status code number as well 😁
Image from wikipedia.
3 -
Alright, this is a new one to me, and wow am I blown away.
Working on upgrading an API that I did not build. Getting things running well enough and then an endpoint (which runs well enough in the tests) returns a `418 I'm a teapot`
Yeah, you read that right "I'm a (motherfucking) teapot"
The description is that...
"refuses to make coffee because it is a teapot"
It was an April fools joke in the beginning.
I couldn't return that error if I tried!
This shit is bizarre.
For your reading pleasure:
https://developer.mozilla.org/en-US...
3 -
What's the point of using a framework if you don't use any of its features!? What the heck, I have to fix this damn web frontend that is so broken in many ways.
Instead of using an authentication middleware, every single view has the same block of code to check if a user is authenticated. Instead of templates, they used static HTML/JavaScript files and they passed data to pages through cookies.
The "REST" API is so messed up, nothing is resource-oriented, HTTP methods are chosen randomly as well as status codes. They are returning "412 Precondition Failed" instead of a plain simple "401 Unauthorized" when you're not authenticated! What the hell, did they even bother to check what 412 is about when they copied and pasted it from a crappy website!? I would never come up with 412, not even in my scariest nightmare.
What kind of drugs were they using when they wrote such code? Oh dear, I need a vacation...2 -
Front end guy: Somethings wrong with your server. My app is crashing.
* proceed to check logs. Everything fine
Me: Ok send me a log, a printscreen something. What calls do you make?
*send a printscreen with a failling 404 request
* You dense motherfucker learn your fucking http status. They are there for a reason😤
3 -
Senior colleagues insisting on ALWAYS returning HTTP status 200 and sticking any error codes in the contained JSON response instead of using 4×× or 5×× statuses.
Bad input? Failed connections? Missing authorization? Doesn't matter, you get an OK. Wanna know if the request actually succeeded? Fuck you, parse potential kilobytes of JSON to get to the error code!
Am I the asshole or is that defeating the purpose of a status code?!14 -
Okay, story time.
Back during 2016, I decided to do a little experiment to test the viability of multithreading in a JavaScript server stack, and I'm not talking about the Node.js way of queuing I/O on background threads, or about WebWorkers that box and convert your arguments to JSON and back during a simple call across two JS contexts.
I'm talking about JavaScript code running concurrently on all cores. I'm talking about replacing the god-awful single-threaded event loop of ECMAScript – the biggest bottleneck in software history – with an honest-to-god, lock-free thread-pool scheduler that executes JS code in parallel, on all cores.
I'm talking about concurrent access to shared mutable state – a big, rightfully-hated mess when done badly – in JavaScript.
This rant is about the many mistakes I made at the time, specifically the biggest – but not the first – of which: publishing some preliminary results very early on.
Every time I showed my work to a JavaScript developer, I'd get negative feedback. Like, unjustified hatred and immediate denial, or outright rejection of the entire concept. Some were even adamantly trying to discourage me from this project.
So I posted a sarcastic question to the Software Engineering Stack Exchange, which was originally worded differently to reflect my frustration, but was later edited by mods to be more serious.
You can see the responses for yourself here: https://goo.gl/poHKpK
Most of the serious answers were along the lines of "multithreading is hard". The top voted response started with this statement: "1) Multithreading is extremely hard, and unfortunately the way you've presented this idea so far implies you're severely underestimating how hard it is."
While I'll admit that my presentation was initially lacking, I later made an entire page to explain the synchronisation mechanism in place, and you can read more about it here, if you're interested:
http://nexusjs.com/architecture/
But what really shocked me was that I had never understood the mindset that all the naysayers adopted until I read that response.
Because the bottom-line of that entire response is an argument: an argument against change.
The average JavaScript developer doesn't want a multithreaded server platform for JavaScript because it means a change of the status quo.
And this is exactly why I started this project. I wanted a highly performant JavaScript platform for servers that's more suitable for real-time applications like transcoding, video streaming, and machine learning.
Nexus does not and will not hold your hand. It will not repeat Node's mistakes and give you nice ways to shoot yourself in the foot later, like `process.on('uncaughtException', ...)` for a catch-all global error handling solution.
No, an uncaught exception will be dealt with like any other self-respecting language: by not ignoring the problem and pretending it doesn't exist. If you write bad code, your program will crash, and you can't rectify a bug in your code by ignoring its presence entirely and using duct tape to scrape something together.
Back on the topic of multithreading, though. Multithreading is known to be hard, that's true. But how do you deal with a difficult solution? You simplify it and break it down, not just disregard it completely; because multithreading has its great advantages, too.
Like, how about we talk performance?
How about distributed algorithms that don't waste 40% of their computing power on agent communication and pointless overhead (like the serialisation/deserialisation of messages across the execution boundary for every single call)?
How about vertical scaling without forking the entire address space (and thus multiplying your application's memory consumption by the number of cores you wish to use)?
How about utilising logical CPUs to the fullest extent, and allowing them to execute JavaScript? Something that isn't even possible with the current model implemented by Node?
Some will say that the performance gains aren't worth the risk. That the possibility of race conditions and deadlocks aren't worth it.
That's the point of cooperative multithreading. It is a way to smartly work around these issues.
If you use promises, they will execute in parallel, to the best of the scheduler's abilities, and if you chain them then they will run consecutively as planned according to their dependency graph.
If your code doesn't access global variables or shared closure variables, or your promises only deal with their provided inputs without side-effects, then no contention will *ever* occur.
If you only read and never modify globals, no contention will ever occur.
Are you seeing the same trend I'm seeing?
Good JavaScript programming practices miraculously coincide with the best practices of thread-safety.
When someone says we shouldn't use multithreading because it's hard, do you know what I like to say to that?
"To multithread, you need a pair."18 -
So this story is from my University days. I was in the 6th semester back then, studying CS.
My University website was pretty shitty. Basically it was one of those old ass website that said "Best viewed in IE8". Anyway, I was snooping about the website, trying to find some news regarding an event.
I logged into my account, and randomly browsed into the leave request portal. This was a basic HTML form where students could apply for leaves from the classes and see the status of the leaves, if they have been granted or not. I noticed that the link to the request portal from the student login welcome page was actually something like http://univ.com/student/index.php/..., here 1234567 was my student ID. Yep, it was hardcore into the page, and sent as a GET request on being clicked. That was their idea of authentication I guess. I change the student ID to someone else's, and it let me login as that person.
Long story short, I wrote a little python script to login as every person from the starting of student IDs, till the end, then submit a leave request with a random dumb reason like "can't come, at the strip club" or "going for sex change operation". What I did not know was that when a request is submitted, a text message is also sent to the student's guardians phone number. I ran the script.
That day, over 1000 parents received text messages from the University saying that their kids have applied for a leave from random date to random date for some retarded reason. It was a blast. Students were talking about how someone had "Hacked" into the system.4 -
Argh! What are HTTP status codes for if you're not using them in your API implementation?!
Fucking morons!15 -
Finally got my nginx config to work properly (it shouldn't work but it does so I'm not fucking touching it).
Request with curl: check, right http code and getting data back properly.
Request with any browser (with and without incognito): right http code, AND ONLY SEEING DATA WHEN I ECHO ANYTHING BEFORE SENDING THE RESPONSE WITH PHP. When I don't echo whatever before sending the response, the browser doesn't see the data but DOES see the http status code.
HOW?!20 -
"200 Internal Server Error"
Yep, I did that. Because the lousy crapheads I work with were too lazy to handle any other HTTP status so anything else breaks the whole thing. And it's a pain to roll out another release of their part of the backend so "this isn't a priority". Also, they don't feel the need to check the JSON body of the response for the "status":"ok"/"fail" because what could ever go wrong, right? I effectively have no way of conveying to them that there was an error on this end of the API so they show success toast on the frontend irrespective of what really happened.6 -
Boss: "So I'm taking the next week off. In the mean time, I added some stuff for you to do on Gitlab, we'd need you to pull this Docker image, run it, setup the minimal requirement and play with it until you understand what it does."
Me: "K boss, sounds fun!" (no irony here)
First day: Unable to login to the remote repository. Also, I was given a dude's name to contact if I had troubles, the dude didn't answer his email.
2nd day: The dude aswered! Also, I realized that I couldn't reach the repository because the ISP for whom I work blocks everything within specific ports, and the url I had to reach was ":5443". Yay. However, I still can't login to the repo nor pull the image, the connection gets closed.
3rd day (today): A colleague suggested that I removed myself off the ISP's network and use my 4G or something. And it worked! Finally!! Now all I need to do is to set that token they gave me, set a first user, a first password and... get a 400 HTTP response. Fuck. FUCK. FUUUUUUUUUUUUUUUUUUUCK!!!
These fuckers display a 401 error, while returning a 400 error in the console log!! And the errors says what? "Request failed with status code 401" YES THANK YOU, THIS IS SO HELPFUL! Like fuck yea, I know exactly how t fix this, except that I don't because y'all fuckers don't give any detail on what could be the problem!
4th day (tomorrow): I'm gonna barbecue these sons of a bitch
(bottom note: the dude that answered is actually really cool, I won't barbecue him)5 -
So at the moment I'm developing a RESTful API for an internal project at work and I'm starting to learn and understand about HTTP status codes.
So I started incorporating proper response HTTP status etc, but my co-workers don't understand what any of it means. They think that just sending a JSON response is enough with any messages should be enough. I think this mindset stems from people who just do simple AJAX calls in JavaScript just to get or store data.
It's these kind of developers that I find are lazy or have no motivation to improve themselves, which is disappointing.5 -
Just found this HTTP response.
Status Code:
200 - OK
Body:
{
status: "success",
response:
{
status: "error",
}
}13 -
Order now! iPhone 8 Xplode
Englisch: https://sputniknews.com/science/...
Japanese Twitter: https://twitter.com/Magokoro0511/...
Appledaily.com.tw: http://appledaily.com.tw/column/...
14 -
At work today I met an api that redefines http status codes to mean something else. Naturally this makes integrating between systems a whole thing when system a keeps spitting out 207 and system b will not accept anything other than 200. Thanks for nothing. WHY WOULD ANYONE EVER WANT TO DO THAT THO? there's just no good reason to.
Anyway hens how r yous?, hope you're all doing well and that your coffee is as strong and black as the void <36 -
RFC for 700 HTTP Status Codes
https://github.com/joho/7XX-rfc
o 703 - Explosion
o 728 - It works in my timezone
o 732 - Fucking Unic💩de
o 791 - The Internet shut down due to copyright restrictions
o 797 - This is the last page of the Internet. Go back3 -
I just got pissed off when someone on my team asked me how to start a web server on port 8080 (needed for network port testing)
I check the port get 404. 🤔🤔🤔
Spend half an hour explaining to them about ports and how there's already a week server running... And that 404 is a HTTP Status code.
I'm pretty sure she works on our webapp and maybe even REST APIs...
New grad but still.... Not recognizing a 404?
Maybe those pretty 404 pages these days make the realizing that it's a fucking web server error response harder....1 -
That moment when returning correct HTTP status codes from an API become a feature request 😒
For the meantime I will need to deal with endpoints returning status 200 for everything, and status 500 when the service crash. 🤦🏼♂️4 -
If an http request can't perform the requested operation, should server send 500 error code? Or 200 with status and status message in response?
Isn't 500 used only for unhandled exceptions on server side?11 -
I just found out there's a 418 HTTP status code that stands for "I'm a teapot", specified by RFC2324 which "describes HTCPCP, a protocol for controlling, monitoring, and diagnosing coffee pots". I know it's an april fools joke but I still find it hilarious that there is an RFC for that.9
-
In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!
So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.
Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.
Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!
So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!
So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!
So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!
So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!
Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.
See the issue already?
Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.
What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.
That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.
Overriding that unit file option finally fixed the issue completely.
I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.
And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...
Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!
And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...8 -
When some other team wants to blame us because they're getting a HTTP Status Code 0....
That's not even a valid status... IT MEANS YOU ABORTED THE REQUEST AND KILLED THE CONNECTION...
OH STILL OUR FAULT... WELL DO U KNOW ABOUT NETWORK ISSUES AND SERVER OVERLOADING WHEN U SPAM IT WITH TOO MANY REQUESTS?
OH YOU RETRIED? HOW DID YOU RETRY? BETTER NOT BE SPAMMING US WITH MORE REQUESTS...
EVER HEARD OF TCP/IP BACK OFF LOGIC....4 -
to;dr: school, raspi, spoofing, public status screen, funny pictured.
So. At school we had these huge ass 2/3 TVs displaying some information such as which teacher is ill, which lessons won't take place and some school related news. Standard stuff.
They worked using a raspberry pi attached to the TV fetching a website over http every now and then.
Using nmap I discovered that these pi's were in the same network as the pupils devices: Sweeeet.
After trying some standard passwords at the ssh port and not succeeding I came up with something different: A spoofing attack.
I would relay all traffic from those pi's through my device, would replace all images with a trollface picture (I know I know) and flip all text upside down.
Chaos, annoyed faces and laughter.
It was beautiful. -
So i found this the other day and thought i would share it with you.
It's a collection of short little songs inspired by HTTP status codes.
Neat idea but is a little rough around the edges.
https://thingsinjars.bandcamp.com/a...1 -
There's this Senior Developer here at the company I work for, and every single project he works on (usually APIs), the return status codes are always 400 when there is an error.
How do I tell him there are over 60 status codes?2 -
SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.
-------------------
Hello [X],
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?
2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:
error=1&message=Authentication+failure....processing+stopped
NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.
Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
-----
This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.
2 -
Hi guys!
I never thought that this day will come, be here is my first rant with a big dose of frustration.
So, I'm working on the API team of one of ower products and a coworker that works on the webapp has a lot of problems (don't want to be mean, but he has problems like 'i can't catch a 404 http status, please send a 200 with a message' ) and he always go and wines about the API and that he can't do his job because the API is faulty...
But it is not the case, every functionality of the API is well tested and it works as it should.
So, tonight I was the only one left from my team and the project manager comes and
starts asking me about why I am returning http status codes with all my responses, how the login works and other stuff like that...
Just wasted more than an hour to prove that all the code that I wrote works as expected...1 -
Load a medium post. Wait for the entire junk to download. Or stop the loading if you just want to read the text content
But Medium has other ideas. Hook to the cancel event, show a useless page which only has the reload link. And why would it trigger the HTTP 500 status code to be sent? 🤔
9 -
The moment you realize that you have successfully beaten reality with your unit-tests...
There are unit-tests for ...
... the api returning a 408 Http StatusCode when an internal request times out.
... the react app take this status-code and fires an action to display a specific error message for the user.
Every bit of code runs just fine.
Deploy this hell of an app on the server. Dandy Doodle.
Do a smoketest of the new feature.
FAIL!
Chrome starts to crumble during runtime. The api Request freezes.
Firefox takes the 408 api response but fails to interpret it in react app.
So I began to wonder, what the hell is going on.
Actually I recognized that I had the glorious idea to return a clientside error code in a serverside api response.
Glorious stupidity :/
Finally I fixed the whole thingy by returning an 504 (Gateway timeout) instead of 408 (Clientside timeout)
Cheers!2 -
In last episode of "How SystemD screwed me over", we talked about Systemd's PrivateTMP and how it stopped me from generating SSL certificates.
In today's episode - SystemD vs CGroups!
Mister Pottering and his team apparently felt that CGroups are underused (As they can be quite difficult to set up), and so decided to integrate them into SystemD by default. As well as to provide a friendlier interface to control their values.
One can read about these interactions in the manual page "systemd.resource-control"
All is cool so far. So what happened to me today?
Imagine you did a major system release upgrade of a production server, previously tested on a standalone server. This upgrade doesn't only upgrade the distribution however, it also includes the switch from SysVInit to SystemD. Still, everything went smooth before, nothing to worry now then, right? Wrong.
The test server was never properly stress-tested. This would prove to be an issue.
When the upgrade finishes, it is 4 AM. I am happy to go to bed at last. At 6 AM, however, I am woken up again as the server's webservices are unavailable, and the machine is under 100% CPU load. Weird, I check htop and see that Apache now eats up all 32 virtual cores. So I restart it, casting it off to some weird bug or something as the load returns to normal.
2 hours later, however, the same situation occurs. This time, I scour all the logs I can, and find something weird - Many mentions that Apache couldn't create a worker thread? That's weird.
Several hours of research and tinkering later, I found out the following:
1 - By default, all processes of a system that runs SystemD are part of several CGroups. One of these CGroups is the PID CGroup, meant to stop a runaway process from exhausting all PIDs/TIDs of a system.
This limit is, by default, set to a certain amount of the total available PIDs. If a process exhausts this limit, it can no longer perform operations like fork().
So now, I know the how and why, but how should I solve this? The sanest option would be to get a rough estimate of just how many threads the Apache webserver might need. This option, though, is harder, than apparent. I cannot just take the MaxRequestsWorkers number... The instance has roughly double the amount of threads already. The cause being, as I found out, the HTTP/2 module, which spawns additional threads that do not count towards this limit. So I have no idea what limit to set.
Or I could... Disable the limit for just the webserver via the TasksAccounting switch. I thought this would work. And it did seem to... Until I ran out of TIDs again - Although systemctl status apache2.service no longer reported the number of tasks or a task limit of the process, the PID CGroup stayed set to the previous limit. Later I found out that I can only really disable the Task Accounting for all the units of a given slice and its parents.
This, though, systemctl somewhat didn't make apparent (And I skimmed the manual, that part was my fault)
So... The only remaining option I had was to... Just set the limit to infinite. And that worked, at last.
It took me several hours to debug this issue. And I once again feel like uninstalling systemd again, in favor of sysvinit.
What did I learn? RTFM, carefully, everything is important, it is not enough to read *half* the paragraph of a given configuration option...
Oh, and apache + http/2 = huge TID sink. -
Change code here, 500
Revert and change code there, 403
Revert and change code at both the places, 404
Revert and have a Potato -
Do you guys return 200 when a search function in your API returns a not found and you attach a response in the object saying "success: false", or do you return 404? I'm confused. Thanks.
https://softwareengineering.stackexchange.com/...3 -
I once had to write a feature, which should allow the user to login and edit an appointment, which was automatically set. All the data we got, came from an incredibly unreliable API. And with incredible unreliable I mean like heisenbug-level unreliable.
The API spoke perfectly unreadable xml and was a horror to work with.
After a few weeks of me being messed with by this shit piece of an API, I finally got something which did kind of work sometimes.
Proper error handling has been added later and just before I was done, fixing all the flaws of their data management and nonsense status codes (not http status codes) which rarely correlated in at least some way with their data, our client said "scrap this, we don't want it anymore"
Many hours and effort gone, this thing worked almost perfectly. -
{
"$schema": "http://json-schema.org/draft-04/...#",
"type": "object",
"id": "https://[URL_NAME]/forms/{id}/...#",
"properties": {
"title" : { "type": "string" },
"date" : { "type": "string" },
"content" : { "type": "string" },
"date_start": { "type": "string" },
"date_end" : { "type": "string" },
"status" : {
"type" : "string",
"enum" : ["1", "2", "3", "4", "5"]
}
},
required [
"title",
"date",
"content",
"date_start",
"date_end",
"status"
]
}
See if you can notice the error is this schema. Don't copy and paste it. I change some format to obsfucate the real data naming, but this schema error is still up there
Just wasted my 30 minutes staring at this10 -
Someone wrote some error handling middleware for the whole application.
Then someone wrote some default classes for HTTP errors; BadRequest, Unauthorized and so on.
If I didn't know any better, I'd think throwing one of these default errors would give the proper status code, instead of default everything to 500.
But alas, I do know better.
1 -
I'm just testing out some code for Spring Boot with Spring web. Whilst inspecting Spring's HttpStatus enum I suddenly realized there are a lot more HTTP status codes than I had estimated. I knew there were many, but woah that's a lot.
Check it:
https://en.wikipedia.org/wiki/...
On a side note, it really helps to debug work stuff at home. More concentration, more time and such.
Fun fun.4 -
I'm currently migrating one of the companies services from technology A to an B based solution...
Today I had to remotly troubleshoot an error occuring somewhere on our client's backend application, that wans't enabling us to register any given webhook to our endpoints...
We finally gave in and looked up the data packets using a sniffer only to find that the only difference was that in the A technology project our staff ended up returning a Status Code plus the respective Reason Phrase, in our newest version we only send the HTTP Status Code... Guess who wasn't aware of HTTP 1.1 RFC consideres the Reason Phrase optional and an unecessary overhead??? God dammit... In simple terms...
1 -
"We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"
https://twitter.com/seecurity/...
Let's see how this unfolds. While there is chaos I trink some tea and laugh, because I never send critical information over e-mail. 🧐🍵4 -
man if i could figure out how to do stuff and had the money to do stuff i'd be dangerous as fuck, but as of now i can only posit questions... it sucks.
Examples:
- What do modern browsers/crawlers do when hit with, say, an "HTTP 450 Blocked by Windows Parental Controls" or an "HTTP 374" status code?
- What happens if I do <xyz minor edge case thing> on <system?> (just use your imagination, this happens for every edge case i can think of for every system and the list wouldn't fit in a few megs' worth of half-byte ASCII, much less *here*)
- What if I made like a board to fuck with busses while systems were on? Press a button and for like five bus clock cycles pins like 6 and 7 are shorted? That sort of thing. As for system/bus types, *literally any* (old consoles with expansion ports, PCI/-e/-X/whatever, southbridge, etc.)
- What if I did <filetype> shenanigans by doing <something indescribably horrible> to this file? How do things react?3 -
In addition to being able to lookup DNS queries over Twitter, telegram (even literal ones), devRant, HTTP(s), TLS and even the DNS protocol itself - Cloudflare will now offer DNS-over-HAM in London.
Sources:
- Heise Online (German): https://heise.de/newsticker/...
- Original Tweet: https://mobile.twitter.com/jgrahamc...1 -
So I’m going through a CKAD course. There is a section about checking the status of our Pods or the application running in it through Readiness/Liveness Probes— they mostly use an HTTP test, but there is a TCP option as well. My question is, how will the TCP test work on HTTP/2 given that it does not have TCP (it rather uses QUIC)? Sorry if this is a dumb question.1
-
I hate my internet provider.
I configure everything to work remotely and when I try to login to it I got "Http Status 502".
I thought I misconfigure something and recheck everything and still got "Http Status 502".
When I use the internet connection provided by different provider, it works!
Everything is hard to debug without you messing it up internet provider. It like trying to debug the code and find out the problem is in compiler.8 -
Laravel route not found.
Look - so simple :
Route::post('/api/companies', function () {
return 'Hello World';
});
how the fuck it is not found?
Request URL: http://localhost:8000/api/companies
Request Method: POST
Status Code: 404 Not Found
???? I have cleared cache.
How do I check fucking available routes then? In symfony there was router:debug or smth. Cant see like this in laravel44
Top Tags
Weekly Rant
View