Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "http"
Based loosely on the popular "git" command, I am happy to announce my new product, "hit"!
Essentially, hit hooks into "git blame" and automatically slaps the shit out of whoever wrote this garbage.
It uses SOHTTP (Slap Over HTTP) to deliver a nice firm wallop to any subpar script kiddie that had the audacity to come up with this bullshit.
Careful, the user is not immune to the effects10
Senior colleagues insisting on ALWAYS returning HTTP status 200 and sticking any error codes in the contained JSON response instead of using 4×× or 5×× statuses.
Bad input? Failed connections? Missing authorization? Doesn't matter, you get an OK. Wanna know if the request actually succeeded? Fuck you, parse potential kilobytes of JSON to get to the error code!
Am I the asshole or is that defeating the purpose of a status code?!15
It's always the same shit with some developers. Someone notices that an app is calling an API way too much, causing it to throttle. This is caused by a UI that does ~100-400 HTTP requests when you open a page. Someone comes and offers multiple solutions to cut down those requests by changing the UI behavior, dropping the request amount to less than 10% or maybe even zero.
Then comes one developer "WhY cAn'T We bAtCh thE ReQueSts?" Well, you fucking blockhead, what's the point in rendering 300 items on a page anyway when at any given time a user can maybe see five of them on his screen? These numbskulls have zero idea of how to solve technical issues with simple UX tweaks. Learn some UI/UX design if you're a front-end developer ffs.9
Well one thing that became obvious today is that companies that make wifi routers really dont want you flashing other firmware on it.
For example i got a new router cause it was time.
Ofc fully compatible with OpenWRT. The thing tho ? The GUI flashing process accepts only encrypted binaries. And surprise we as customers cant encrypt it like they do.
So the next thing that comes to mind instantly is UART. They cant break that right ? Well turns out they can. They just disallow key inputs from console. So you cant make the damn device load into TFTP mode.
And D-Link has this lovely recovery utility that accepts unencrypted firmware. EZ way to flash it right ? WRONG. The garbage doesnt load second time after you load it once in 1 boot. And even if you get it to start loading the firmware. It wont really flash it.
Luckily there was an exploit :)
And joining via telnet and enabling http server on PC and wget-ting the binary from there. And flashing.
Honestly now. I pay money for this garbage. I own the hardware. Let me do what i want with it.
At least it runs kernel 5.10 now and is super fast :) Worth the trouble honestly
(Should be noted im not new to flashing firmware on routers. But this is the first one that really didnt want me to flash it. Like nuking my freaking UART access ? Taking it too fucking far)7
Frontend dev: Hey, could you break HTTP conventions and change the API so I don't have to manage the context of the request?8
Remember that time I taught a "senior" full stack developer what the HTTP PATCH verb was, DURING an interview?
Didn't get the job.
Yeah. Those were good times.2
The company I am currently working for is partnering with another startup. Nothing special about that. We should integrate their API into our system. I wasn't involved in the process when it came to checking there API and if it would work with our Systems. The Person who did that already left the company so I was left behind with some internal documentation. In that Documentation is already written that API is basically trash....
After I started integrating the API I found more and more flaws in the design. They are not sending any responses that would help, when a param is missing or the authentication isn't correct, only 500's . I got some documentation from the partner company so i thought it will be fine as long as the Documentation would be accurate. Turns out the documentation isn't even close to be up to date. Wrong content types wrong endpoints, wrong naming. Basically we could not work with that. We shortly contacted the partner Company. After a few WEEKS we got a response that they updated the Documentation what was right but still not everything was correct. At this point I lost my mind. I researched a little bit about them, the company is founded from 2 young people who basically came strait out of the University and doest have any experience or idea how to build an API. I investigated a little bit there websites.
They have an Admin panel on the base domain from their API but it is only accessible via HTTP. Like WTF , They use HTTP for an Admin Panel this must be a joke right?
They use Cloudflare without a HTTP to HTTPS redirection ???
I really had not that much time to research in there website but if I find these things in 5 minutes I don't want to know what I can find in like an hour.
At the end we will still use them as partners because surprise surprise our company already sold the product that uses their API.
I know that I will be the person who has to help fixing this shit when it breaks and it will break 1000% JUST FUCK THIS SHIT. FUCK THE PARTNER COMPANY. FUCK THERE API.2
How do you pronounce SQL?
"See for me, I just go my own way and pronounce it as ‘sqwool, or ‘sqwll’, which sometimes gets my coworkers (not db or programming people) calling it ‘Squirrel’. As such we have a custom written utility program which automates running certain SQL commands on various databases which is aptly named SQuirreL. Then we started to have fun with it: The ‘pre-defined’ sets of SQL are held in a ‘.nut’ file which you give to SQuirreL. When you want to see what scripts have been run, you check the SQuirrel’s .log to see what .nut files it has ‘eaten’. We thought about naming the log files .poop, but I felt that was too far. I know right now there’s people reading this cringing, but I say lighten up. My boss when presented with the tool, did not get ANY of the Squirrel/nut references… I mean the tool’s icon was a cartoon squirrel holding an acorn for crying out lout, but I digress.
So yeah, I call it Sqwll or Sqwool, but only when talking to people who don’t matter."
Source, in the comments: http://patorjk.com/blog/2012/...
I doubt this has ever been posted. =)9
[CMS Of Doom™]
Imagine bringing every HTTP Query Param and every god damn fucking POST var into to current code context.
"extract()" is one of the reasons why I have terminal PHPTSD.10
NO, YOU ABSOLUTE DISGUSTING GREMLIN OF A JS HTTP CLIENT, I DON'T WANT YOU TO "JsOn.StRiNgiFy" MY PAYLOAD OR DOING ANY WEIRD SHIT
I NEED TO SEND THIS THING EXACTLY AS IT'S WRITTEN, STOP TRYING TO GUESS WHAT I'M TRYING TO DO I'M A DEV WITH SOME 7 YEARS OF EXPERIENCE WRITING CODE, I'M SENDING A STRING CUZ I NEED TO SEND A STRING2
Blisk, a browser with multiple device testing for developers, went from free to subscription model.. Time blocking features that they offered before, for free.
That's suicide. That's how you lose your install base...
Just deleted it and went back to http://material.io/resizer.3
If my Kickstarter campaign get approved an its succeed finally I can afford to hire some of you guys :)
I made it possible to check the un-inspected pre-beta holdings here:
There are 28053 of them. I have to say that It's going well considering that no one wants to join me in development... it makes me a bit sad...7
Writing a Unit test to test the Unit test that's testing your application, because you can never be sure about anything.9
Government applications meant to handle private data made in the laziest way using cordova. Hell yea. Bonus points for using the developers account with his first and last name as publishing company to put the app on playstore and not their own official one (not that they have one). Whats not to love. Cant wait to beautify that js to find out that the calls are http and not https.3
Pull-to-refresh in mobile web browsers is useless and annoying.
In mid-2019, the #disable-pull-to-refresh-effect option was removed from chrome://flags on Chrome for Android (version 76) for no apparent reason. The top answer in the Google product forum was to beg for this option to be reinstated through the browser's feedback form ( http://web.archive.org/web/... ). Needless to say, that has been futile.
Why is that a problem? The pull-to-refresh gesture not only is unnecessary due to the quickly accessible refresh button in the menu right next to the URL bar, but also causes unsolicited refreshes when quickly scrolling to the top of the page. This drains both the battery and the mobile data plan, in addition to adding an annoying delay.
I would like to use my web browser like a web browser, not a social media app. Besides, the Twitter web app has its own pull-to-refresh implementation in the notification feed.
Without pull-to-refresh, the user has the freedom to scroll up quickly without risking inadvertently reloading the page. If media was playing while an unwanted pull-to-refresh occurs, the user needs to seek for the last playing position, which could take upwards of a minute if the last position is unknown.
Imagine a desktop/laptop web browser reloading because you scroll against the top. Imagine you reach the top of the page but you have not stopped turning the scroll wheel yet, and then a white circle with a blue spinning refresh icon appears at the center top of the window and the page, and then you have to wait for the page to finish loading, and you also need to seek the last playing position of a video or audio track. Wouldn't that be ridiculous?
Any web browser vendor that enforces pull-to-refresh on its users basically begs users to seek an alternative.8
I just saw Kickstarter's blog post about moving over to the Blockchain. They're doing it because, uh, protocols, or something. No joke, here's a direct quote from their post:
"You may have heard of HTTP (Hypertext Transfer Protocol) which helps you browse the web, or SMTP (Simple Mail Transfer Protocol) which helps you send email. Protocols like these make up the unseen infrastructure of the internet. Imagine that, but for crowdfunding creative projects."
What the fuck does that even mean? The rest of the blog post is more of the same. They packed it full of every crypto buzzword they could find while also not actually providing any useful information.
Full article here, if anyone wants to read a headache-inducing pile of nonsense: https://kickstarter.com/articles/...12
[CMS Of Doom™]
Ah, yes, their built-in bullshit newsletter module just sent the n-th user n emails. Wonderful considering n=368.
The culprit? Better don't ask...
OK, anyway: So the mailer is running as a CRONjob, but nah, not as a console script call but by a public HTTP GET URL call, fucking obviously (it's the CMS Of Doom for a reason).
So these fucking imbeciles "implemented" an ob_start() callback where HTML links are - for whatever fucking reason - modified by some regex (obviously everybody knows parsing HTML by Regex is trivial). In this case the link was somehow modified to recall the mailer Cronjob...
This must have upset the pngoing mailing process thus spamming mails. Whyyyy
And I've thought I've seen it all after 6 months in this legacy hell...
This is why you don't run a company consisting of only beginners in PHP (in cluding their "CEO")!
Good morning to everyone, except that one Twitter dev who one day woke up and was like "YOU KNOW WHAT, MY APPLICATION WILL FEATURE BOTH OAUTH1 AND OAUTH2 ENDPOINTS, BUT SOME FEATURES WILL BE EXCLUSIVE TO EITHER OF THE TWO -NOT NECESSARILY THE MOST RECENT, JUST A RANDOM ONE-, AND ALSO THE OFFICIAL TWITTER LIBRARY WON'T COVER ALL THE ENDPOINTS SO PEOPLE WILL HAVE TO RESORT TO RAW HTTP REQUESTS INSTEAD OF USING MY SDK AND ALSO I'MMA MAKE DEVELOPERS FILL 2 VERY DETAILED FORMS, REQUIRING PERSONAL DATA AND ACTUAL REAL PHONE CALLS, JUST TO START DEVELOPMENT WITH 7 DIFFERENT AUTHENTICATION TOKENS, BECAUSE SOME REQUESTS WILL REQUIRE A DIFFERENT AUTHENTICATION METHOD THAN THE OTHER REQUESTS DESPITE ALL OF THEM PERTAINING TO THE SAME FUCKING ENTITY"3
Just got an email from my company that a http server app I wrote years ago exposed the whole server it runs on because of a misconfig parametered...
Can use it to read any file using server.com/path/to/file1
What the FUCK im fixing integrations on some dumbass's API. Biz wants this in prod on monday. It's fucking saturday. Anyway
Me: why did you give us a 200 even if its an error
Them: thats normal
Me: If it's an error it shouldnt be 200
Them: its a 200 because the api params are correct but differ in value so its not an http error but an api error
What do you think about HTTP/3, QUIC, WebTransport?
https://web.dev/webtransport/ (It is still a *draft*, but google is already implementing it and stuff)
Idk it feels weird for me that HTTP will be served over UDP/QUIC10
this topic always makes me think of "this is good code" http://stilldrinking.org/programmin...
had some really small assembly/shellcode type stuff ppl said was "impossible" that i pulled off, that was up there.
typically anything i can see the improvement, time or line count reduced. why is this taking a minute? boom now it's 15sec, gj
when there are reasonable comments and self commenting code. when there isn't trailing whitespace.
my "good code" - sapphire
Okidoky you lil fucker where you've been hiding...
*streaming tcpdump via SSH to other box, feeding tshark with input filters*
Finally finding a request with an ominous dissector warning about headers...
Not finding anything with silversearcher / ag in the project...
*getting even more pissed causr I've been looking for lil fucker since 2 days*
*generating possible splits of the header name, piping to silversearcher*
*I/O looks like clusterfuck*
Common, it are just dozen gigabytes of text, don't choke just because you have to suck on all the sucking projects this company owns... Don't drown now, lil bukkake princess.
*half an hour later*
Oh... Interesting. Bukkake princess survived and even spilled the tea.
Someone was trying to be overly "eager" to avoid magic numbers...
They concatenated a header name out of several const vars which stem from a static class with like... 300? 400? vars of which I can make no fucking sense at all.
Class literally looks like the most braindamaged thing one could imagine.
And yes... Coming back to the network error I'm debugging since 2 days as it is occuring at erratic intervals and noone knew of course why...
One of the devs changed the const value of one of the variables to have UTF 8 characters. For "cleaner meaning".
Sometimes I just want to electrocute people ...
The reason this didn't pop up all the time was because the test system triggered one call with the header - whenever said dev pushed changes...
And yeah. Test failures can be ignored.
Why bother? Just continue meddling in shit.
I'm glad for the dev that I'm in home office... :@
TLDR: Dev changed const value without thinking, ignoring test failures and I had the fun of debunking for 2 days a mysterious HAProxy failure due to HTTP header validation...
oh my god, look what I found.
"The computer system described in the book is for real—it can actually be built, and it works! A reader
who takes the time and effort to gradually build this computer will gain a level of intimate understanding
unmatched by mere reading. Hence, the book is geared toward active readers who are willing to roll up
their sleeves and build a computer fromthe ground up."2
Sharing a first look at a prototype Web Components library I am working on for "fun"
TL;DR left side is pivot (grouped) table, right side is declarative code for it (Everything except the custom formatting is done declaratively, but has the option to be imperative as well).
TL;DR (Too long, did read):
I'm challenging myself to be creative with the cool new things that browsers offer us. Lani so far has a focus on extreme extensibility, abstraction from dependencies, and optional declarative style.
It's also going to be a micro CSS framework, but that's taking the back-seat.
I wanted to highlight my design here with this table, and the code that is written to produce this result.
First, you can see that the <lani-table> element is reading template, data, and layout information from its child elements. Besides the custom highlighting code (Yellow background in the "Tags" column, and green gradient in the "Score" column), everything can be done without opening even a single script tag.
The <lani-data-source> element is rather special. It's an abstraction of any data source, and you, as a developer can add custom data sources and hook up the handlers to your whim (the element itself uses the "type" attribute to choose a handler. In this case, the handler is "download" which simply sends a fetch request to the server once and downloads the result to memory).
Templates are stored in an html file, not string literals (Which I think really fucks the code) and loaded async, then cached into an object (so that the network tab doesn't get crowded, even if we can count on the HTTP cache). This also has the benefit of allowing me to parse the HTML templates once and then caching the parsed result in memory, so templates are never re-parsed from string no matter how many custom elements are created.
Everything is "compiled" into a single, minified .js file that you include on your page.
I know it's nothing extraordinary, but for something that doesn't need to be compiled, transpiled, packaged, shipped, and kissed goodnight, I think it's a really nice design and I hope to continue work on it and improve it over time1
CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.
Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.
What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.
Can anyone give REAL examples when CORS can really protect from anything?32
I've read the docs but my tired brain overrided an important detail.
"By default, HAProxy Enterprise will serve these pages only if it initiated the error itself. For example, it will return the page for a 503 Service Unavailable error if it can't reach any backend servers."
I had _the_ return part for interception of the error page from the backend added, not the default override for the error page of HAPRoxy itself.
Took me 4 hours, crying, madness and screaming to realize it.
This week is really wringing the last bits of the gooey slime what should be my brain out...
Another fun part is that I mistakenly thought the delimiter for multiple strings to an ACL comparison is a comma... It's a whitespace.
acl is_evil hdr(host) -i one,two is wrong.
acl is_evil hdr(host) -i one two is right.
I used to write HAPRoxy configurations blindly, today it was more like writing two lines of codes 100000000 times and still doing it wrong TM.
I need new brain.
Anyone got an offer?3
I read: "Don't change your implementation to do tests"
Then I read: "If it's too hard to test, your implementation is too complex"
Then we can get into test terminology itself, which is its own mess:
Anyone here have any experience with PHP? I've never really used it myself and don't really want to, but I do look at things like http://phpsadness.com/ from time to time.
These complaints range from "fairly minor" (some stuff like function names/args and some syntsx complaints) to "how is this language even used" (segfaults in a scripting language, broken things like "create_function", comparisons and ternanry operator).
Of course, i don't program in PHP so i don't know how bad any of this actually is.
Anyone actually use PHP or did use it previously?20
One of the most headache-inducing things about being a developer is having to find a solution to every little ailment that software has.
An example would be: working with a particular stack. LEAN, MEAN, LAMP, WAMP,.. The nightmare of having to deal with every single error in PHP, NodeJS, Apache Server, Nginx, the HTTP spec intricacies, the HTML5 spec, API problems..
Sometimes it's just a lot to deal with and I'm trying not to lose my patience.9
Cool New Features for You to Try
String Prefix and Suffix.
Type Hint Lists and Dictionaries Directly.
Greatest Common Divisor (GCD) and Least Common Multiple (LCM)
New HTTP Status Codes.
Removal of Deprecated Compatibility Code.2
I tried to post a comment to someone's post and without UI feedback I get the API response in the HTTP request: "Comment not valid". This isn't enough information for me to troubleshoot what is a valid comment.4
I don't get it
why is it that people still use FTP?
Like, in current, fairly recent (2018) projects, for public downloads.
I get that when you're just hosting public files without any authentication you don't need to worry about the unencrypted passwords, but like
the random ports are a shitty and annoying practice and also http exists just let your custom patcher program download the release from github where it's already available22
The big enterprise in which I work wants to mandate which we have to write a microservice for each individual HTTP endpoint, since we cannot even have an artifactory for code sharing the code duplication is going off the charts and having these microservices sharing a single DB we are creating a big and messy distributed monolith.9
I make a portfolio website using reactjs can anybody take a look and review my website design.
caution: It is not responsive now and still I have to add animations in it using GSAP
website link: http://c9ef-122-180-17-23.ngrok.io/20
ant.design selectors are bogus garbage.
The drop-down selector that replaces the browser's native one does not allow typing to select an entry, meaning to select a language from a long list, one needs to manually scroll to it. If the scroll wheel of the mouse does not work properly, one needs to use the scroll bar, which is far too short to be able to conveniently scroll a long language list.
Not only can I not type-to-select, but the date selector on Dailymotion, which uses this utter garbage, sends "[object Object]" to the server, so the user is forced to edit the HTTP request manually. Complete utter garbage.
Don't use that shit. Use the browser's native feature. Or use something progressively enhancing like the drop-down menus used by MediaWiki on pages such as Special:Contributions, where it actually is properly implemented.2
Node server with webpack poly fill on embedded device. Why 😂 .
Replacing node-fetch with node http instead of waiting for native node fetch API. Why 😂
All npm scripts on package.json are dead. Why 😂
Node server is not even sharing TS interfaces with frontend.
Customers are complaining about MeM0r1 L3k and let's build more features on stupid node.
Fucking kill me.1
//do smth with z
Isn't this (not my code) callback hell all over again? The 2. http call expects results from the 1. http call. I feel like this could be solved cleaner using async await/switchMap/etc. ... but not like this.13
Android users, I have a question.
How many of you do actually use Apple signup on your Android device?
I tried Appgyver over christmas, since it promised easy front-end (no-)coding I was looking forward to getting rudimentary frontends done faster.
Well, the first real project that I wanted to start didn't compile anymore (internal error from the service), the page told me to reload and try again.
It failed again... And again.
Fine with me, I only spent 10 minutes on the project at this point.
I then searched for the bugreporting page and found it. The sad thing is that when I wanted to open a ticket the server crashed. It didn't even return a HTTP error, just a JSON saying there is a error and a GUID.
I have to say, if a Dev decided to have holidays without new issues that's one way of getting that done.3
opengrok doesn't support searching special character forward slash? /
like fuck me that's the slash im more interested in, can't remember ever needing or wanting to search for a \ backslash5