The GET /users endpoint will return a page of the first 13 users by default.

To request other pages, add |-separated querystring with the limit and offset, as roman numerals enclosed in double quotation marks. Response status is always equal to 200, plus the total count of the resource, or zero when there's an error.

You can include an array of friends of the user in the result by setting the request header "friends" to the base64-encoded value of the single white pixel png.

Other metadata is not included by default in responses, but can be requested by appending ?meta.json to any endpoint, which will return an xml response.

If you want to update the user's profile picture, you can request an OAuth token per fax machine, followed by a pigeon POST capsule containing a filename and a rolled up Polaroid picture. The status code attached to the return postal dove will be the decimal ASCII code for a happy smiley on success, and a sad smiley if any field fails form validation.

-- Every single external REST API I've ever worked with.

When a Coursera course is way better than the one offered by your university…
A university student's rant...

I study Electrical and Computer Engineering and during the first semester of the second year I selected an optional course: Web Programming. It was believed among students that the course would be really easy, and it was. All the student had to do was build a very simple website using HTML, CSS and a few line of JS. A website containing three or four pages all of which had to be validated using a markup validation service.

Yeah, sure, I passed the course just like everyone else who bothered enough to spend an hour or two working on the project. Oh, I almost forgot! We had an one-hour workshop on Dreamweaver!
So, by that point, everybody was a front-end developer, right?!

That happened over three years ago, and because of that course web-development didn’t impress me…

Thankfully, the last few months I’ve became interested in Web Development, and I’ve been reading some articles, spending time on smashing magazine, making some progress on FreeCodeCamp and taking relevant courses on Coursera!
In fact, a few days ago I completed the Coursera course “HTML, CSS and Javascript for Web Developers”.
Oh boy, the things I didn’t know that I didn’t know…

<sarcasm>Did you know there was a term called “responsive design” and that there are frameworks like bootstrap?</sarcasm>
Well, I d i d n ’ t k n o w ! ! ! (even though I had taken the university’s course).

I understand that bootstrap was introduced in 2011 and I took the university course in late 2012, but by that time, bootstrap was quite popular and also there were other frameworks available before bootstrap that could have been included in the course! (even today, there is no reference in responsive design in the university’s course).
In just five weeks the coursera course managed to teach me more, in a more organized and meaningful way than my university’s course in a whole semester!

When I started the coursera course I shared it with a friend of mine. His response: “yeah, sure, but web development is pretty easy… I didn’t spend much time to complete that project three years ago!”

That course three years ago gave birth to misconceptions in students' minds that web development is easy! Yeah, sure, it can be easy to built a simple, non responsive, non interactive website! But that's not how the world works nowadays , right?!

A few months ago, in the early days of August, I attended Flock, the Fedora community conference. During a break I spent some time speaking with a Red Hat employee about student internships. He told me, and I paraphrase: “We know that students don’t have a solid background and that they haven’t learned in the university what we need them to!”

Currently I’m planning to apply for a front-end developer internship position here in Greece.
Yesterday I wrote my CV, added university courses relevant to that position and listed coursera courses under independent coursework… While writing those I made these thoughts…

What if that course 3 years ago was as good as the coursera course… all the things I’d know by now…

I felt uncomfortable reading this response from the server ._. ( response is from a validation library called Joi )

dear api author at my company pt. 2:

If you're gonna create an api method that takes some arguments.

And one of those arguments is an array.

THEN MAKE THE FUCKING ARGUMENT'S NAME PLURAL YOU FUCKING PIECE OF SHIT.

REPEAT WITH ME, MOTHERFUCKER.
ARRAY, PLURAL, NON-ARRAY, SINGULAR.

I need to pass a shitload of filters for the data for this table, and for every suckin fuckin filter I need to singularize this shit. Thank god for es6.

I know this sounds like nitpick, but I swear to fucking alpha omega this guy is inconsistent as fuck.

Every time it feels like he makes up a new rule.

Sometimes I need to send arrays of ids, other times arrays of objects with an id property on each.

He uses synonyms too, sometimes it's remove, other times erase.

PICK ONE MOTHERFUCKER.

If you can't do the basic things well, then what is to expect of more advanced stuff?

Naming conventions you fucking idiot, follow them. It's programming 101.

You're already sending them as plural in the fucking response. Why change them for the request?

And that's just style, conventions.

This idiot asshole also RARELY DOES ANY FUCKING CHECK ON THE ARGUMENTS.

"Oh, you sent a required argument as null? 500"

We get exceptions on sentry UP THE ASS thanks to this useless bone container.

YOU'RE SEEING THE EXCEPTIONS TOO!!!!! 500'S ARE BUGS YOU NEED TO FIX, YOU CUMCHUGGER

And sometimes he does send 400, you know what the messages usually are?
"Validation failed".

WHYYYYYY YOU GODDAMN APATHETIC TASTELESS FUCK???
WHAT EXACTLY CAUSED THE FUCKING VALIDATION TO FAIL????

EXCEPTIONS HAPPEN AND THANKS TO YOU I HAVE NO IDEA WHY.

The worst of all... the worst of fucking all is that everytime I make a suggestion to change shit, every time, you act like you care.
You act like the api is the way it is because you designed it in a calculated manner.

MOTHERFUCKER. IF A USER HAS ONLY PRODUCT A, THEN HE SHOULDN'T BE ABLE TO ACCESS DATA FOR PRODUCT B. IT IS NOT ENOUGH TO JUST RESTRICT SHIT WITH ADMIN ROLES. IDIOT!!!!!

This is the work of someone who has no passion for programming.

Recently started at a new job. Things were going fine, getting along with everyone, everything seems good and running smoothly, a few odd things here and there but for the most part fine.

Then I decided to take a look at our (public facing) website... What's this? Outdated plugins from 2013? Okay, that's an easy fix I guess? All of these are free and the way we're using them wouldn't require a lot of refactoring...

Apparently not. Apparently, we can't even update them ourselves, we have to request that an external company does it (which we pay, by the way, SHITELOADS of money to). A week goes past, and we finally get a response.

No, we won't update it, you'll have to pay for it. Doesn't matter that there's a CVE list a bloody mile long and straight up no input validation in several areas, doesn't matter that tens of thousands of users are at risk, pay us or it stays broken. Boggles the fuckin' mind.

I dug into it a bit more than I probably should have (didn't break no laws though I'm not a complete dumbass, I just work for em) and it turns out it's not just us getting fucked over, it's literally EVERYONE using their service which is the vast majority of people within the industry in my country. It also turns out that the entirety of our region is running off a single bloody IP which if you do a quick search on shodan for, you guessed it, also has a CVE list pop up a fuckin' mile long. Don't get me started on password security (there is none). I hate this, there's fucking nothing I can do and everyone else is just fine sitting on their hands because "nobody would target us because we're not a bank!!", as if it bloody matters and as if peoples names, addresses, phone numbers and assuming someone got into our actual database, which wouldn't be a fuckin' stretch of the imagination let me tell you, far more personal details, that these aren't enticing to anyone.

What would you do in my situation?
What can I even do?
I don't want to piss anyone senior off but honestly, I'm thinkin' they might deserve it. I mean yeah there's nothing we can do but at least make a fuss 'cause they ain't gunna listen to my green ass.

I made a functional parsing layer for an API that cleans http body json. The functions return insights about the received object and the result of the parse attempt. Then I wrote validation in the controller to determine if we will reject or accept. If we reject, parse and validation information is included on the error response so that the API consumer knows exactly why it was rejected. The code was super simple to read and maintain.

I demoed to the team and there was one hold out that couldn’t understand my decision to separate parse and validate. He decided to rewrite the two layers plus both the controller and service into one spaghetti layer. The team lead avoided conflict at all cost and told me that even though it was far worse code to “give him this”. We still struggle with the spaghetti code he wrote to this day.

When sugar-coating someone’s engineering inadequacies is more important than good engineering I think about quitting. He was literally the only one on the team that didn’t get it.

Woke up this morning to a fucking giant snowstorm and my first reaction was 'fml' , poured some coffee , lit a smoke and started checking my work mail 'Issue xxxx response : Not solvable '...what the...I go through the files on my phone , look at what that issue was : lack of proper validation , filtering and encoding of input thus enabling xss . Not solvable my ass ...simply adding literally 3 more characters to that fucking retarded filter would stop all the bypasses . This issue is a showstopper for their project and that is what they answer ?
Sorry to indians out here but some of your colleagues are as stupid and unimaginative as they can possibly ever come .

List of shit my superior said and wrote in the project:

1. Prefer to write "pure" SQL statement rather than ORM to handle basic CRUD ops.

2. Mixing frontend and backend data transformation.

3. Dump validation, data transformation, DB update in one fucking single function.

4. Calculate the datetime manually instead of using library like momentjs or Carbon.

5. No version control until I requested it. Even with vcs, I still have to fucking FTP into the staging and upload file one by one because they don't use SSH (wtf you tell me you don't know basic unix command?)

6. Don't care about efficiency, just loop through thousands of record for every columns in the table. An O(n) ops becomes O(n * m)

7. 6MB for loading a fucking webpage are you kidding me?

Now you telling me you want to make it into AJAX so it'll response faster? #kthxbye

Let me rant! I don’t usually do this but this is just frustrating and draining. Please tell me if im wrong. We have authentication that needs to be refactored. I was assigned on this issue. Im a junior btw. I also attached an image of my proposals. The issue of the old way of our signup process is that when validation fails they will keep on accepting the TaC (terms and conditions) and on our create method we have the validation and creating the user. Basically if User.create(user_params) create else throw invalid end. (Imma take a photo later and show it you)which needs to be refactored. So I created a proposal 1. On my first proposal I could create a middleware to check if the body is correct or valid if its valid show the TaCs and if they accept thats the moment the user is created. There is also additional delete user because DoE told me that we dont need middlewares we have before and after hooks! (I wanted to puke here clearly he doesn’t understand the request and response cycle and separation of concerns) anyway, so if middleware is not accepted then i have to delete the user if they dont accept the TaCs. Proposal 2. If they dont want me to touch the create method i could just show the TaCs and if they dont accept then redirect if they do then show form and do the sign process.

This whats weird (weird because he has a lot of experience and has master or phd) he proposes to create a method called validate (this method is in the same controller as the create, i think hes thinking about hooks) call it first and if it fails then response with error and dont save user, heres the a weird part again he wants me to manually check on each entity. Like User.find_by_email(bs@g.com) something like that and on my mind wtf. Isnt it the same as User.create(user_params) because this will return false if paras are invalid?? (I might be wrong here)

This is not the first time though He proposes solutions that are complex, inefficient, unmaintainable. And i think he doesnt understand ruby on rails or webdev in particular. This the first time i complained or I never complained because im thinking im just a junior and he hs more experience and has a higher degree. This is mot the case here though. I guess not all person who has a higher degree are right. To all self thought and bachelors im telling you not all people who went to prestige university and has a higher degree are correct and right all the time. Anyway ill continue later and do what he says. Let me know if im wrong please. Thanks

So our app uses some service to validate users & the validation response is received either by a callback url or by polling. Since their documentation states callbacks are rather unstable and "should not be completely relied upon", we only use polling. Client, however, wants to use the callback url and use polling only "after we are sure that callback has not been received". WTF. When we asked how will we know callback has not been received because it has not been received, we were told to start polling after like 1 hour.
?!?!?!?!?!?!

When you work on a project for months, the newly appointed tech lead says "we all (him, the boss and other colleagues not involved in this project) looked at your code and decided that it should be dropped and we are starting from scratch again....now I'm not against code review (which we never did) so I welcome the input but allow me to vent my frustrations about how this is being done. Also to have a review & verdict without me being present?

So I ask what was so wrong:
* You changed the database structure. Valid, I tried to make your db an actual db with relationships, so I added some foreign keys, delete fields that were never used, all because they told me to use an ORM.
* You used to much logic in setters, validation etc, valid again but this would be something we could look at and fix imho.
* You are passing classes in your constructor, valid I wanted to use DI to make unit testing possible. Ohh but I don't like unit testing so I don't see the point and it makes it to complicated was the response.

So not only was the project cancelled, the new iteration is being developed without me, I'm shunned from all meetings. Ohh and from what I see they are now using 5 tables instead of 25 and completely started the db model from scratch...

Is it okay to use "Please" in validation messages?

Multer is shit.

Do you know how to validate file size + mime type of the file before saving it to the disk?

Here is an instruction:

1. In one place you provide a it a fileFilter function that will validate the mime type, but this function can not validate file size or send user response.
2. In second place provide it a config limits file, that will validate file size, but can not validate mime type
3. In third place you provide middleware to capture any errors caused by previous 2 places and send response back to the user.
4. Go google for what is cb in multer because their shit documentation says nothing about it

Such simple thing as request->validation->response is split into 3 different parts, each of different type: callback, config file and middleware.

Why do so much people use this shit written by a braindead retarded morons?