You are making several great points and I thank you for explaining them. I don’t even want to argue against any of them.
I just feel like I’ve seen the USA murder muslims for a decade in the first degree, and now people are getting worked up over a second degree, and consider electing a con artist to prevent it.
I’d rather have a reasonable person in office, that might respond to the public opinion, than someone who is purely focused on their own gain.
I’m starting to feel like this genocide straw man is truly their strongest argument. Like, is that going to make me forget the other option wants to turn the country into a dictatorship?
You seriously want to bring up genocide to play a “lesser of two evils” game, when one evil is Trump? GTFO
Especially because TypeScript compiles down to JavaScript JS
SmegmaScript is just too close
Following along with the style of your own post: YAML doesn’t suck, because I feel so.
Thanks for asking.
I wasn’t actively aware of this for most of my life until I recently visited a clients office. Buying someone a cup of coffee is an entire thing. There’s no free coffee. You have to purchase every single cup. And you first have to walk several minutes to the place where they sell the coffee. It blew my mind. I’m used to drinking one cup after the other without even giving it any thought. Coffee machine right next to me or around the corner. There, coffee incurs friction and cost.
So when you invite someone for a cup of free coffee, this can open doors for you. I’m not kidding. People get all excited when you offer them a coffee break on your dime. And there’s levels to it too. There’s the regular coffee, and there’s the premium one. For the premium you have to walk longer and wait in line until the barista serves you.
It’s a key component in office politics when coffee access is regulated.
Why anyone would restrict access to legal stimulants in the office is unclear to me though. Put espresso machines on every desk!
Depends on the product. It’s just something to think about when signaling errors. There is information for the API client developer, there is information for the client code, and there’s information for the user of the client. Remembering these distinct concerns, and providing distinct solutions, helps. I don’t think there is a single approach that is always correct.
I don’t necessarily disagree, but I have spent considerable time on this subject and can see merit in decoupling your own error signaling from the HTTP layer.
No matter how you design your API, if you’re passing through additional layers, like load balancers and CDNs, you no longer have full control over all responses your clients receive. At this point it may be viable to always signal a successful backend connection with a 200, even if the process resulted in a failure.
Going further, your API may include partial success scenarios, think batch processing, then the result could be a mix of success and failure that doesn’t translate to HTTP status.
You could even argue that there is really no reason to couple your API so tightly with a concept of the transport layer it uses.
Respect the Accept header from the client. If they need JSON, send JSON, otherwise don’t.
Repeating an HTTP status code in the body is redundant and error prone. Never do it.
Error codes are great. Ensure to prefix yours and keep them unique.
Error messages can be helpful, but often lead developers to just display them in the frontend, breaking i18n. Some people supply error messages in multiple languages, depending on the Accept-Language header.
Now that is ancient js style
As others have already pointed out, you must rotate the key. I don’t even put any restrictions on that. Once you have shared a secret in any way, it is no longer a secret. Don’t try to avoid work, just because it is an inconvenience. Convenience is the enemy of security.
Rotating your key is not enough though. Verify that it wasn’t used. API providers also often provide audit logs to show when credentials were used and from which location. If someone had your key only for a second, they could have used it to generate a new key you don’t even know about. Audit!
It would require me to visit Reddit and log in. Disgusting thought
You just misinterpret their agenda. They were never in line with you
In 2023 the organization reported significant revenues, totaling approximately $262.6 million.
They are spending BILLIONS on AI!!!
They are doing what they intended to do. It’s just not in line with your agenda.
Only freaks have AM/PM in their time system.
Containers are a great way run applications.
Docker is a piece of garbage by a company way too far down the enshittification slide.
There is no peer review with these scam publications. You pay your flat fee and get published. That’s it. This is how climate change deniers and all other nut jobs get their studies too. This has been going on for years. This is a cute joke that cost roughly 3K https://www.frontiersin.org/journals/cell-and-developmental-biology/for-authors/publishing-fees
I get that. If you’re not paying for a service, there’s still a price. There are no companies out there doing you any favors, only those that make you believe they do.
Clouflare is okay. Don’t trust anything apparently free ever
If you’re not paying money for a service, you’re paying another way
Not every muslim or arab thinks alike. Either way though, this is probably not a great subject for a first meeting 😄
I do recognize that the core issue lies deeper. It just doesn’t feel realistic to solve the fundamental problems before the election though. So it’s not unreasonable to reduce the problem to the vote for the time being IMHO.