Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "http status code"
-
Me: We should change the http response code to anything but 200 OK in the error response case of our API.
Other dev: No, it's fine.
Me: Why?
Other dev: The client successfully receives an error message.
Me: ┻━┻ ︵ヽ(`Д´)ノ︵ ┻━┻15 -
Its that time of the morning again where I get nothing done and moan about the past ... thats right its practiseSafeHex's most incompetent co-worker!!!
Today I'd like to tell you the story of "i". Interesting about "I" is that he was actually a colleague of yesterdays nominee "G" (and was present at the "java interface" video call, and agreed with G!): https://devrant.com/rants/1152317/...
"I" was the spearhead of a project to end all projects in that company. It was suppose to be a cross-platform thing but ended up only working for iOS. It was actually quite similar to this: https://jasonette.com/ (so similar i'm convinced G / I were part of this but I can't find their github ID's in it).
To briefly explain the above + what they built ... this is the worst piece of shit you can imagine ... and thats a pretty strong statement looking back at the rest of this series so far!
"I" thought this would solve all of our problems of having to build similar-ish apps for multiple customers by letting us re-use more code / UI across apps. His main solution, was every developers favourite part of writing code. I mean how often do you sit back and say:
"God damn I wish more of this development revolved around passing strings back and forth. Screw autocomplete, enums and typed classes / variables, I want more code / variables inside strings in this library!"
Yes thats right, the main part of this bullshittery was putting your entire app, into JSON, into a string and downloading it over http ... what could possibly go wrong!
Some of my issues were:
- Everything was a string, meaning we had no autocomplete. Every type and property had to be remembered and spelled perfectly.
- Everything was a string so we had no way to cmd + click / ctrl + click something to see somethings definition.
- Everything was a string so any business logic methods had to be remembered, all possible overloaded versions, no hints at param types no nothing.
- There was no specific tooling for any of this, it was literally open up xcode, create a json file and start writing strings.
- We couldn't use any of the native UI builders ... cause strings!
- We couldn't use any of the native UI layout constructs and we had to use these god awful custom layout managers, with a weird CSS feel to them.
What angered me a lot was their insistence that "You can download a new app over http and it will update instantly" ... except you can't because you can't download new business logic only UI. So its a new app, but must do 100% exactly the same thing as before.
His other achievements include:
- Deciding he didn't like apple's viewController and navigationBar classes and built his own, which was great when iOS 7 was released (changed the UI to allow drawing under the status bar) and we had no access to any of apples new code or methods, meaning everything had to be re-built from scratch.
- On my first week, my manager noticed he fucked up the login error handling on the app I was taking over. He noticed this as I was about to leave for the evening. I stayed so we could call him (he was in an earlier timezone). Rather than deal with his fucked up, he convinced the manager it would be a "great learning experience" for me to do it ... and stay in late ... while he goes home early.
- He once argued with me in front of the CEO, that his frankenstein cross-platform stuff was the right choice and that my way of using apples storyboards (and well thought out code) wasn't appropriate. So I challenged him to prove it, we got 2 clients who needed similar apps, we each did it our own way. He went 8 man weeks over, I came in 2 days under and his got slated in the app store for poor performance / issues. #result.
But rather than let it die he practically sucked off the CEO to let him improve the cross platform tooling instead.
... in that office you couldn't swing a cat without hitting a retard.
Having had to spend a lot more time working with him and more closely than most of the other nominees, at a minimum "I" is on the top of my list for needing a good punch in the face. Not for being an idiot (which he is), not for ruining so much (which he did), but for just being such an arrogant bastard about it all, despite constant failure.
Will "I" make it to most incompetent? Theres some pretty stiff competition so far
Tune in later for more practiceSafeHex's most incompetent co-worker!!!6 -
Just found this gem on Twitters API...
When your app gets too excited they return status code 420 to tell you to chill! 😂😂😂
Fyi : For the non web-devs out there 420 is an invalid http code.5 -
So Twitter apparently used http status code "420 - Enhance your calm" to notify the client that it was sending too many requests (basically chill the **** out). Note the status code number as well 😁
Image from wikipedia.3 -
What's the point of using a framework if you don't use any of its features!? What the heck, I have to fix this damn web frontend that is so broken in many ways.
Instead of using an authentication middleware, every single view has the same block of code to check if a user is authenticated. Instead of templates, they used static HTML/JavaScript files and they passed data to pages through cookies.
The "REST" API is so messed up, nothing is resource-oriented, HTTP methods are chosen randomly as well as status codes. They are returning "412 Precondition Failed" instead of a plain simple "401 Unauthorized" when you're not authenticated! What the hell, did they even bother to check what 412 is about when they copied and pasted it from a crappy website!? I would never come up with 412, not even in my scariest nightmare.
What kind of drugs were they using when they wrote such code? Oh dear, I need a vacation...2 -
Senior colleagues insisting on ALWAYS returning HTTP status 200 and sticking any error codes in the contained JSON response instead of using 4×× or 5×× statuses.
Bad input? Failed connections? Missing authorization? Doesn't matter, you get an OK. Wanna know if the request actually succeeded? Fuck you, parse potential kilobytes of JSON to get to the error code!
Am I the asshole or is that defeating the purpose of a status code?!14 -
Okay, story time.
Back during 2016, I decided to do a little experiment to test the viability of multithreading in a JavaScript server stack, and I'm not talking about the Node.js way of queuing I/O on background threads, or about WebWorkers that box and convert your arguments to JSON and back during a simple call across two JS contexts.
I'm talking about JavaScript code running concurrently on all cores. I'm talking about replacing the god-awful single-threaded event loop of ECMAScript – the biggest bottleneck in software history – with an honest-to-god, lock-free thread-pool scheduler that executes JS code in parallel, on all cores.
I'm talking about concurrent access to shared mutable state – a big, rightfully-hated mess when done badly – in JavaScript.
This rant is about the many mistakes I made at the time, specifically the biggest – but not the first – of which: publishing some preliminary results very early on.
Every time I showed my work to a JavaScript developer, I'd get negative feedback. Like, unjustified hatred and immediate denial, or outright rejection of the entire concept. Some were even adamantly trying to discourage me from this project.
So I posted a sarcastic question to the Software Engineering Stack Exchange, which was originally worded differently to reflect my frustration, but was later edited by mods to be more serious.
You can see the responses for yourself here: https://goo.gl/poHKpK
Most of the serious answers were along the lines of "multithreading is hard". The top voted response started with this statement: "1) Multithreading is extremely hard, and unfortunately the way you've presented this idea so far implies you're severely underestimating how hard it is."
While I'll admit that my presentation was initially lacking, I later made an entire page to explain the synchronisation mechanism in place, and you can read more about it here, if you're interested:
http://nexusjs.com/architecture/
But what really shocked me was that I had never understood the mindset that all the naysayers adopted until I read that response.
Because the bottom-line of that entire response is an argument: an argument against change.
The average JavaScript developer doesn't want a multithreaded server platform for JavaScript because it means a change of the status quo.
And this is exactly why I started this project. I wanted a highly performant JavaScript platform for servers that's more suitable for real-time applications like transcoding, video streaming, and machine learning.
Nexus does not and will not hold your hand. It will not repeat Node's mistakes and give you nice ways to shoot yourself in the foot later, like `process.on('uncaughtException', ...)` for a catch-all global error handling solution.
No, an uncaught exception will be dealt with like any other self-respecting language: by not ignoring the problem and pretending it doesn't exist. If you write bad code, your program will crash, and you can't rectify a bug in your code by ignoring its presence entirely and using duct tape to scrape something together.
Back on the topic of multithreading, though. Multithreading is known to be hard, that's true. But how do you deal with a difficult solution? You simplify it and break it down, not just disregard it completely; because multithreading has its great advantages, too.
Like, how about we talk performance?
How about distributed algorithms that don't waste 40% of their computing power on agent communication and pointless overhead (like the serialisation/deserialisation of messages across the execution boundary for every single call)?
How about vertical scaling without forking the entire address space (and thus multiplying your application's memory consumption by the number of cores you wish to use)?
How about utilising logical CPUs to the fullest extent, and allowing them to execute JavaScript? Something that isn't even possible with the current model implemented by Node?
Some will say that the performance gains aren't worth the risk. That the possibility of race conditions and deadlocks aren't worth it.
That's the point of cooperative multithreading. It is a way to smartly work around these issues.
If you use promises, they will execute in parallel, to the best of the scheduler's abilities, and if you chain them then they will run consecutively as planned according to their dependency graph.
If your code doesn't access global variables or shared closure variables, or your promises only deal with their provided inputs without side-effects, then no contention will *ever* occur.
If you only read and never modify globals, no contention will ever occur.
Are you seeing the same trend I'm seeing?
Good JavaScript programming practices miraculously coincide with the best practices of thread-safety.
When someone says we shouldn't use multithreading because it's hard, do you know what I like to say to that?
"To multithread, you need a pair."18 -
Finally got my nginx config to work properly (it shouldn't work but it does so I'm not fucking touching it).
Request with curl: check, right http code and getting data back properly.
Request with any browser (with and without incognito): right http code, AND ONLY SEEING DATA WHEN I ECHO ANYTHING BEFORE SENDING THE RESPONSE WITH PHP. When I don't echo whatever before sending the response, the browser doesn't see the data but DOES see the http status code.
HOW?!20 -
"200 Internal Server Error"
Yep, I did that. Because the lousy crapheads I work with were too lazy to handle any other HTTP status so anything else breaks the whole thing. And it's a pain to roll out another release of their part of the backend so "this isn't a priority". Also, they don't feel the need to check the JSON body of the response for the "status":"ok"/"fail" because what could ever go wrong, right? I effectively have no way of conveying to them that there was an error on this end of the API so they show success toast on the frontend irrespective of what really happened.6 -
Boss: "So I'm taking the next week off. In the mean time, I added some stuff for you to do on Gitlab, we'd need you to pull this Docker image, run it, setup the minimal requirement and play with it until you understand what it does."
Me: "K boss, sounds fun!" (no irony here)
First day: Unable to login to the remote repository. Also, I was given a dude's name to contact if I had troubles, the dude didn't answer his email.
2nd day: The dude aswered! Also, I realized that I couldn't reach the repository because the ISP for whom I work blocks everything within specific ports, and the url I had to reach was ":5443". Yay. However, I still can't login to the repo nor pull the image, the connection gets closed.
3rd day (today): A colleague suggested that I removed myself off the ISP's network and use my 4G or something. And it worked! Finally!! Now all I need to do is to set that token they gave me, set a first user, a first password and... get a 400 HTTP response. Fuck. FUCK. FUUUUUUUUUUUUUUUUUUUCK!!!
These fuckers display a 401 error, while returning a 400 error in the console log!! And the errors says what? "Request failed with status code 401" YES THANK YOU, THIS IS SO HELPFUL! Like fuck yea, I know exactly how t fix this, except that I don't because y'all fuckers don't give any detail on what could be the problem!
4th day (tomorrow): I'm gonna barbecue these sons of a bitch
(bottom note: the dude that answered is actually really cool, I won't barbecue him)5 -
Just found this HTTP response.
Status Code:
200 - OK
Body:
{
status: "success",
response:
{
status: "error",
}
}13 -
I just got pissed off when someone on my team asked me how to start a web server on port 8080 (needed for network port testing)
I check the port get 404. 🤔🤔🤔
Spend half an hour explaining to them about ports and how there's already a week server running... And that 404 is a HTTP Status code.
I'm pretty sure she works on our webapp and maybe even REST APIs...
New grad but still.... Not recognizing a 404?
Maybe those pretty 404 pages these days make the realizing that it's a fucking web server error response harder....1 -
If an http request can't perform the requested operation, should server send 500 error code? Or 200 with status and status message in response?
Isn't 500 used only for unhandled exceptions on server side?11 -
I just found out there's a 418 HTTP status code that stands for "I'm a teapot", specified by RFC2324 which "describes HTCPCP, a protocol for controlling, monitoring, and diagnosing coffee pots". I know it's an april fools joke but I still find it hilarious that there is an RFC for that.9
-
In today's episode of kidding on SystemD, we have a surprise guest star appearance - Apache Foundation HTTPD server, or as we in the Debian ecosystem call it, the Apache webserver!
So, imagine a situation like this - Its friday afternoon, you have just migrated a bunch of web domains under a new, up to date, system. Everything works just fine, until... You try to generate SSL certificates from Lets Encrypt.
Such a mundane task, done more than a thousand times already... Yet... No matter what you do, nothing works. Apache just returns a HTTP status code 403 - Forbidden.
Of course, what many folk would think of first when it came to a 403 error is - Ooooh, a permission issue somewhere in the directory structure!
So you check it... And re-check it to make sure... And even switch over to the user the webserver runs under, yet... You can access the challenge just fine, what the hell!
So you go deeper... And enable the most verbose level of logging apache is capable of - Trace8. That tells you... Not a whole lot more... Apparently, the webserver was unable to find file specified? But... Its right there, you can see it!
So you go another step deeper and start tracing the process' system calls to see exactly where it calls stat/lstat on the file, and you see that it... Calls lstat and... It... Returns -1? What the hell#2!
So, you compile a custom binary that calls lstat on the first argument given and prints out everything it returns... And... It works fine!
Until now, I chose to omit one important detail that might have given away the issue to the more knowledgeable right away. Our webservers have the URL /.well-known/acme-challenge/, used for ACME challenges, aliased somewhere else on the filesystem - To /tmp/challenges.
See the issue already?
Some *bleep* over at the Debian Package Maintainer group decided that Apache could save very sensitive data into /tmp, so, it would be for the best if they changed something that worked for decades, and enabled a SystemD service unit option "PrivateTmp" for the webserver, by default.
What it does is that, anytime a process started with this option enabled writes to /tmp/*, the call gets hijacked or something, and actually makes the write to a private /tmp/something/tmp/ directory, where something... Appeared as a completely random name, with the "apache2.service" glued at the end.
That was also the only reason why I managed fix this issue - On the umpteenth time of checking the directory structure, I noticed a "systemd-private-foobarbas-apache2.service-cookie42" directory there... That contained nothing but a "tmp" directory with 777 as its permission, owned by the process' user and group.
Overriding that unit file option finally fixed the issue completely.
I have just one question - Why? Why change something that worked for decades? I understand that, in case you save something into /tmp, it may be read by 3rd parties or programs, but I am of the opinion that, if you did that, its only and only your fault if you wrote sensitive data into the temporary directory.
And as far as I am aware, by default, Apache does not actually write anything even remotely sensitive into /tmp, so...
Why. WHY!
I wasted 4 hours of my life debugging this! Only to find out its just another SystemD-enabled "feature" now!
And as much as I love kidding on SystemD, this time, I see it more as a fault of the package maintainers, because... I found no default apache2/httpd service file in the apache repo mirror... So...8 -
When some other team wants to blame us because they're getting a HTTP Status Code 0....
That's not even a valid status... IT MEANS YOU ABORTED THE REQUEST AND KILLED THE CONNECTION...
OH STILL OUR FAULT... WELL DO U KNOW ABOUT NETWORK ISSUES AND SERVER OVERLOADING WHEN U SPAM IT WITH TOO MANY REQUESTS?
OH YOU RETRIED? HOW DID YOU RETRY? BETTER NOT BE SPAMMING US WITH MORE REQUESTS...
EVER HEARD OF TCP/IP BACK OFF LOGIC....4 -
SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.
-------------------
Hello [X],
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?
2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:
error=1&message=Authentication+failure....processing+stopped
NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.
Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
-----
This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.2 -
Hi guys!
I never thought that this day will come, be here is my first rant with a big dose of frustration.
So, I'm working on the API team of one of ower products and a coworker that works on the webapp has a lot of problems (don't want to be mean, but he has problems like 'i can't catch a 404 http status, please send a 200 with a message' ) and he always go and wines about the API and that he can't do his job because the API is faulty...
But it is not the case, every functionality of the API is well tested and it works as it should.
So, tonight I was the only one left from my team and the project manager comes and
starts asking me about why I am returning http status codes with all my responses, how the login works and other stuff like that...
Just wasted more than an hour to prove that all the code that I wrote works as expected...1 -
Load a medium post. Wait for the entire junk to download. Or stop the loading if you just want to read the text content
But Medium has other ideas. Hook to the cancel event, show a useless page which only has the reload link. And why would it trigger the HTTP 500 status code to be sent? 🤔9 -
The moment you realize that you have successfully beaten reality with your unit-tests...
There are unit-tests for ...
... the api returning a 408 Http StatusCode when an internal request times out.
... the react app take this status-code and fires an action to display a specific error message for the user.
Every bit of code runs just fine.
Deploy this hell of an app on the server. Dandy Doodle.
Do a smoketest of the new feature.
FAIL!
Chrome starts to crumble during runtime. The api Request freezes.
Firefox takes the 408 api response but fails to interpret it in react app.
So I began to wonder, what the hell is going on.
Actually I recognized that I had the glorious idea to return a clientside error code in a serverside api response.
Glorious stupidity :/
Finally I fixed the whole thingy by returning an 504 (Gateway timeout) instead of 408 (Clientside timeout)
Cheers!2 -
Someone wrote some error handling middleware for the whole application.
Then someone wrote some default classes for HTTP errors; BadRequest, Unauthorized and so on.
If I didn't know any better, I'd think throwing one of these default errors would give the proper status code, instead of default everything to 500.
But alas, I do know better.1 -
Frontend:" im going to chage some bits because I have been thinking....and when we get errors Im confused because we got code and message"
Me:"yes but that's fine. The http status code should tell you what happened"
Frontend:"oh, you want me to check status code??"
WHYYYYY THIS GUYYYYYY
He even tells u like he is right tone of voice -
Junior front end guy made a backend code, he made even a test.
GET /model/ very nice simple case tested.
NO. MORE. TESTS.
Well, it's the same guy who complained reaaaaally surprised that he had to check http status code after a request.
Im kinda the bad guy because I get upset with that stuff instead of clapping his stupidness2 -
I'm just testing out some code for Spring Boot with Spring web. Whilst inspecting Spring's HttpStatus enum I suddenly realized there are a lot more HTTP status codes than I had estimated. I knew there were many, but woah that's a lot.
Check it:
https://en.wikipedia.org/wiki/...
On a side note, it really helps to debug work stuff at home. More concentration, more time and such.
Fun fun.4 -
I'm currently migrating one of the companies services from technology A to an B based solution...
Today I had to remotly troubleshoot an error occuring somewhere on our client's backend application, that wans't enabling us to register any given webhook to our endpoints...
We finally gave in and looked up the data packets using a sniffer only to find that the only difference was that in the A technology project our staff ended up returning a Status Code plus the respective Reason Phrase, in our newest version we only send the HTTP Status Code... Guess who wasn't aware of HTTP 1.1 RFC consideres the Reason Phrase optional and an unecessary overhead??? God dammit... In simple terms...1 -
Python 3.9:
Cool New Features for You to Try
String Prefix and Suffix.
Type Hint Lists and Dictionaries Directly.
Topological Sort.
Greatest Common Divisor (GCD) and Least Common Multiple (LCM)
New HTTP Status Codes.
Removal of Deprecated Compatibility Code.2 -
man if i could figure out how to do stuff and had the money to do stuff i'd be dangerous as fuck, but as of now i can only posit questions... it sucks.
Examples:
- What do modern browsers/crawlers do when hit with, say, an "HTTP 450 Blocked by Windows Parental Controls" or an "HTTP 374" status code?
- What happens if I do <xyz minor edge case thing> on <system?> (just use your imagination, this happens for every edge case i can think of for every system and the list wouldn't fit in a few megs' worth of half-byte ASCII, much less *here*)
- What if I made like a board to fuck with busses while systems were on? Press a button and for like five bus clock cycles pins like 6 and 7 are shorted? That sort of thing. As for system/bus types, *literally any* (old consoles with expansion ports, PCI/-e/-X/whatever, southbridge, etc.)
- What if I did <filetype> shenanigans by doing <something indescribably horrible> to this file? How do things react?3 -
I hate my internet provider.
I configure everything to work remotely and when I try to login to it I got "Http Status 502".
I thought I misconfigure something and recheck everything and still got "Http Status 502".
When I use the internet connection provided by different provider, it works!
Everything is hard to debug without you messing it up internet provider. It like trying to debug the code and find out the problem is in compiler.8 -
Laravel route not found.
Look - so simple :
Route::post('/api/companies', function () {
return 'Hello World';
});
how the fuck it is not found?
Request URL: http://localhost:8000/api/companies
Request Method: POST
Status Code: 404 Not Found
???? I have cleared cache.
How do I check fucking available routes then? In symfony there was router:debug or smth. Cant see like this in laravel44