Of course there is. Maybe in your line of work and set of “standard” tools there is no distinction, and everything is a world of simple rules. For me, handling an error based on a response is what you are supposed to do. If you do not differ between them, you’ll just spend time to figure it out by hand.

I get it. I’m just trying to illustrate why i like to differ between com and app errors. Now we have identified three different scenarios, all returning 404. Resource not found Data not found (client error). Data not found (server error). when we could treat them different because their nature is fundamentally different. I mean if we request a list of objects and nothing was found, because we asked for a date when there was no data, its not an error. But i suppose many still just throw around exceptions still instead of handle them properly, and it looks terrible in the log. Imo if i know the reason for a behaviour its not necessarily an error, and using an error code for a non-error makes it harder to find real errors. Maybe i’ve just been turned off by how they have been used in our legacy code. Maybe you don’t define 404 as a client side and not an error, and i guess thats fine. But its pretty counterintuitive to be a number in a list of client errors and be anyrhing but.

The customer expects a row to exist. The server does not find it.

The customer sent a valid request, and it should exist according to the customer.

The server could not find it. It can find others, but not that one, so from the server perspective it’s the client that gave the wrong id. If i always send a 404, the customer system think it did something wrong, which it didnt. Should they try to find the error on their side now, as it is a “client error”?

If i send a 500 every time, the customer will think the server is at fault, which it is. The server just could not find that row. What if the customer actually made an error, sending the wrong id, and i send the same code every time. It will be the servers fault every time the customer makes an error, and now they will never double check their inputs.

My point is, there is no nuance with these old codes. Obviously i will send a 500 for a caught exception and a 400 for a client error, but it is not always so easy.

I mean sure, in the strict meaning of the code-guides you are probably correct. Most problems stems for us at least from cross-reference issues which are normally configuration problems in the underlying system or other data-related issues. Those are often not neither the responsibility of the server or the client, and sometimes its both. There are often no code that is suitable to respond, and to just send “Bad request” when it’s a good request - does not make sense. Therefore i think it’s better to let badrequest be for bad requests, instead tell the client that sure, this is a good request but for this reason it didn’t work this time. This has to happen for it to work. Either i can do it with a simple structure in json with maybe 5 status codes and a message, or i have to figure out what 20 http status codes both i and the client has to implement and give them meaning that isn’t their intended meaning.

Obviously you can, and i do returm 4xx codes if the initial parsing, authentication or something else goes wrong im the controller, but once im in the next api, or any number of systems down the chain, im probably gonna return a 200 with a status with a tracking code. It’s proven, at least for us very helpful to find issues fast on both sides. To me getting a 4xx back when it’s step 6 our of 13 that is the problem in the API but the request itself is fine doesn’t seem meaningful and just makes customers assume things. I guess if every endpoint only does one thing, i’d probably do like you.

The parser in most APIs will automatically handle parsing responses for 400 errors, but if the logic fails due to data being wrong, what do you respond with? E.g you send a valid SSN but the database could not find the person, or you send a valid email, but bo such email was found.

Honestly makes perfect sense.

1. Message received and successfully parsed.
2. An error occured while processing request. Ideally they would have a message in the response saying what went wrong if it is relevant for the user.

The problem with only reacting with 500 Internal Server Error is that the user will never improve their input data, if they can do something about it. Responding with 404 is just mean as they wont know if the endpoint is not found or the database couldn’t find any data. Differentiating the communication from the processing is i.m.o the best way to do it.

Ah, a fellow camelot unchained sponsor? It’s coming any day now. Any day i tell ya!

deleted by creator

While passing on american products in general is a good thing, not all products are equal. Signal is far better for privacy than anything in europe currently. Until there is a good option, supporting an open source non-profit company won’t give the US any profits from your usage. And that’s what really counts. To be honest, signal is the only safe system currently. What makes it unsafe is proprietary software on the clients it’s being used on like IOS or whatever android branch it’s used on.

We really should have something, especially as privacy in europe is really in danger with the chatcontrol agenda. We need both an operating system, and safe communication made in europe, and even more importantly, EU legislation that prevents things like chatcontrol even to be considered.

Its formally considered a flawed democracy. I do the same thing with my kids. If i want them to clean their room i’ll just ask them “do you want to clean your room, or you want to do the dishes and take out the trash?” and they’ll always go for cleaning their room because it feels like they are getting something out of the deal, it’s less “nasty” and they have a sense of choice but realistically i win in both scenarios.

I’ve been there twice, first time during 2008 and the security was crazy. Had homeland security already doing background check in the airport at the checkin counter, and while there i had two “VIP” searches due to connecting flights. Next time was just a few months ago, was scared they’d do some nasty searches and checks again but this time it was far more pleasant, signed a form on the internet, although it cost a bit, everything went smootly. I was suprised that the traveling was like going to all other places. The people are great, the food is great and really an overall great experience.

I will NOT set my foot there again as long as Trump is in power and really, i was scared to say anything on the internet before going because he’d already won the election which is quite telling but since biden was still running things i felt safe taking my electronics. Now i doubt they’ll ever let me back in 😂

Thanks! I initially considered going the wildcard route until i saw the workload involved for my host! There does seem to exist autorenewal programs for the largest hosts out there but i’m trying to support my local businesses so it’s unfortunately out of of my scope at the moment, but i’ll checkout your suggestion and see what tailscale has to offer!

I’ve set up a reverse proxy to try out hosting a few APIs but i’m curious about best practice and haven’t found any good way to do it. Anyway, i have them running dotnet 9 on debian, and hosting them on http ports and then reverse proxying to apache that serves them externally with certbot on 443 to some real hostnames. I would really want to host them on https internally as well, but is there a neat way to “cert” them without an internal CA-service? My experience with self-signed certs are mostly that they always force me to trust the server cert in my connection strings, which is also unsafe so i just don’t bother. Is it worth working on and which is the best approach here?

I appreciated your well articulated responses. I was merely in my last posts trying to find something measureable and a definition of safe we can both agree on but as you say, lets agree to disagree. Lets hope everyone keeps safe in these times. Best of luck to you.

Being a criminal is also affected by ones social status so you’re pretty much contradicting youself here. I know what gang-related crime looks like as i was raised in a suburb with majority mena-immigrants along with having worked as a correctional officer to pay for my living situation while studying for my university degree. Jews were not part of that culture, because frankly they were quite hated in those parts of society. My statistics from the crime-prehentetive counsil in sweden mentions that it amounts for about a third of violent deaths, while the larger part of the rest is the second and third category. It might be lower in some areas in europe like portugal and maybe portugal don’t have many killed jews at all. I don’t agree with the metric because you can still be unsafe even if your life is not on the line consistently, but you might still be approached on the street, assaulted and fear terrorist attacks, which definitely have happened. Perhaps that is where our points of view differ to much to come to a common conclusion.

I honestly think that might be a pretty bad metric because most murders belong to three categories.

1. Gangrelated
2. Domestic
3. Spontaneous (often psychological problems/alcohol-drugs involved).

For 2 and 3, i don’t believe any ethnicity is exempt.

All that statistic will show is that it’s far more dangerous to be a criminal wifebeating drunk than the average population and i haven’t heard of many jew-gangs.

Example- a gang fight causes 100 people to die. One jew is killed from an antisemitic crime. Now, if the jewish population is 1% of the total population, we would have an equal amount of jewish deaths as the average population, but criminals mostly kill eachother so it’s still obviously more dangerous to be a criminal than a jew but the antisemitic crime weighs more compared to the non-criminal population. So we would have to exclude a whole bunch of murder causes to get a reasonable result and define those, or you know, just use the antisemitic deaths as a factor from the start.

Can i count attempted homicide? The problem with violent death in europe is that it’s quite skewed by terrorist attacks, like in france 2015, 31 were “homecide or attempt” but it doesnt split that statistic into two columns which it should i.m.o, and also most countries don’t seem to register anti semitic killing seprately (maybe some because there were none/few?) Are violent attacks not a valid reason to be afraid for your safety? That looks easier to look up as many countries does register that statistic.

Maybe we need a different approach. As you don’t trust the numbers like i presented before where antisemitic hate crime reporting is 10-20 times as high as islamophobic hate crime reporting, what is a sufficient, or acceptable matrix that you would trust? I’m sure we can find out something we can both agree on. I’m prepared to accept whatever result, maybe i’m full of it but if there is no metric that you accept, there doesn’t seem to be any reason to debate in good faith.

You know i really hope you are right. Maybe my mind has been infiltrated by the zionist agenda and propaganda media of which they supposedly own worldwide. But saying that they are causing their own fear seems a bit like a stretch. It’s touching the “It didnt happend, and if it did, its not that bad” to “its your own fault”. Jews in other countries are not part of the “zionist agenda” and claiming they are self alarming is really twisting words. There is a long and wide spread history in europe of antisemitism and even if you don’t see it maybe you’ll acknowledge that all minorities are subject to hate where jews are in a fragile position as they are few - along with israeli government doing what it does. The Porto synagogue was vandalized right after the october event along with the Jewish Cultural Center among other events. Maybe that is also manifactured by die judischen zeitungen. It’s a bit of a Catch-22, where you don’t think that Jews are in any danger whatsoever but when reading about it, statistics and newspapers are lying so even if they would be persecuted you would never know.