403 vs 404

The most recent dilemma I faced at work is to decide between returning a 403 (Unauthorised) error as against a 404 (Not Found) error in an API GET call.

The scenario is a resource does not exist on the server, and a user has made a GET call for that resource. The application as part of it’s normal execution, does an authorisation check and reports a 403 error. Now my users are getting confused – have they tried an invalid resource ID or are they having problems with authorisation?

Photo by Erik Mclean on Unsplash

Thinking puristically, we had initially decided to return the errors as is. That is, a 403 would be returned always, even for resources not found on the server. The reasoning was that this benefitted security. It is better to not even let an unauthorised person know whether or not a resource exists. This was an easy decision and doesn’t need much convincing the product mangers. When you say it’s for security, it almost always gets accepted.

But this time around, the decision differed. The same people who had decided 403, now suggested 404. It turns out, the alleviating the users confusion between whether they didn’t have authorisation or whether they’ve made a mistake in the resource ID or whether the dog ate the resource, and so on, was much more important that security.

We went with returning a 404. First the application checks for the resource existence, returns a 404 error if it does not exist. If the resource does exist, we check for authorisation and return 403 error if the user does not have authorisation.

The lesson learnt is that purist attitudes like “correct design” or “security first”, will almost always take a back seat to user experience. Users will not choose your application because it’s architected well or it is secure. Users will choose the application that’s easy for them to use. If you forget this, you will end up with unsatisfied users, who you will not be able to convince that you made decisions for better security or best practice or whatever else.

As a software maker, it’s your responsibility to make software that is first comfortable for your user to use, and then, still ensure that it is secure. So not just for “403 or 404?”, for any such conundrums you face while creating software, remember, customer satisfaction will always beat other factors that may contribute to your decision.

To answer the question “403 or 404?” – Do what your customer will like.

Don’t Watch When You Can Read

For a few years, until a couple months ago, I was on a video lessons subscribe spree, registering for video lessons on almost every topic on earth. Drawing lessons, piano lessons, programming courses and so on. Not only those, but also several YouTube channels for entertainment – fun facts, interesting science stuff, crime reports, movie star interviews … just about everything was videos, videos, videos. The explosion of videos on YouTube and the tons of video courses that were dead cheap, had me thinking there’s so much I could learn for so little money.

As I was thinking all is well, they gave me an ebook library subscription at work. I went on to pick a couple ebooks on it and went about reading them. That’s when I realised, videos are no match for reading. I’m not sure if this is just for me or whether it applies to everyone. I find that it’s much faster to read from books than learn from videos. I also find reading more effective.

Photo by Jamie Street on Unsplash

Reading is actually faster. It takes only a few minutes to read almost any article such as this blog. This is because we are trained to skip a lot of words and move through the text very fast. Over the years I suppose our brains have developed to a state where they know what is being read without having to read the entire syntax or even all the words. We read by keywords. Also, reading was at my speed. If the material was difficult, I read slow, if it’s easy, I read fast. A video would read at the presenter’s speed. I can maybe do 1.5x or 2x speed on the video but that’s not even the same thing.

It’s possible to copy-paste. If I’m going through a tutorial or a lesson on an ebook or an internet article, when I want to try out some command or a code snippet, I can simply copy-paste it. Even when I want to use it as a sample and write my own code, I still copy-paste it to my text editor as a reference. Needless to say, this was out of the question when my search results sent me to a YouTube video.

Progress only if I’m there. If my mind wanders off mid way for a few minutes, when I come back I’m not even sure where I left the video at, it keeps running anyway. This is not a problem while reading. You can simply return to the spot on the page where you were before you started day dreaming.

Less distractions. Of course it’s being extremely difficult to be without distractions today. But still, there’s a big distance between reading and watching videos in this matter. Almost all video sites constantly badger you with ads, suggestions on what to watch next, related videos, comments and so on. These are all much lesser when you are reading. And practically non-existent if you are reading an ebook.

Correctness. I believe text material such as books and reference websites are inherently less error prone. Simply because making text is much simpler and hence there could be more focus on accuracy. And another more important reason is that most video makers don’t bother to edit and repost their videos in case there is a mistake. Maybe they’ll drop a comment or a note in the description – which we might not notice. But books and articles are easy to update in case an error is spotted.

It’s more entertaining. When you are consuming for entertainment, reading a story engages you much more than watching it on a video. You imagine the visuals and sounds as you read the story. It builds more connections in your brain and it is a more active task for your mind. The TV used to be called the idiot box for a reason.

There are a few areas in which videos excel – for example in presenting 3D pictures – like how are electrons positioned in an atom, in presenting art-related education – like how to play a musical instrument and so on. But these are only a few. For the most part, especially if I’m trying to learn something, I find reading is definitely more effective than watching.

SDKMAN! for Java

I always install Node.js through nvm and Python through pyenv. Node.js keeps project dependencies inside the project folders itself and doesn’t clutter the system. Similarly, for Python, there is venv which helps me keep dependencies isolated. But I was not using any such thing for Java development. I always had the latest LTS release of JDK installed globally and used it for everything. This used to work always because Java versions didn’t have to be changed as often as Node.js or Python (between Python 2 and 3). In fact, Java version didn’t have to be changed at all.

But now I have a need to switch between Java 8 and Java 11 as part of my work. And also, I’d like to keep up with new features in new releases of Java. Also, I need to test my software with a couple of JVMs ever since Oracle messed with their support terms for Java sometime in the last year. So in summary, I need to now frequently switch versions / distributions of JDK on my computer. Yeah, there is the alternatives thing for Linux, but I found a neater, open-source solution on the internet. SDKMAN!

SDKMAN! is a pyenv alternative or nvm alternative for Java. Read their install and usage documentation for detailed instructions and their full feature set. Some commands –

  • sdk install java to install the latest stable OpenJDK
  • sdk list java to list all available Java installations (with info on what’s already installed)
  • sdk install java 16.0.2.7.1-amzn to install Amazon Corretto JDK version 16
  • sdk use java 11.0.11.hs-adpt to switch to OpenJDK 11 for the current shell
  • sdk default java 16.0.2.7.1-amzn to switch to Amazon Corretto JDK as the default

There is many more features, support for other tools like Ant, Spring Boot and so on. There’s even a .sdkmanrc file that can be added in my project so everyone in my team can stay on the same version. This is a neat little tool that I wish I had found earlier.

Which Language/Framework Should I Use

For quite a long time, whenever I wanted to create a pet project or a POC, the first thing I started with is to decide what programming language or framework I should use. Because for long I’ve believed that JavaScript is suitable for Web UI projects, Java and PHP are good for backends, Python is good for data science things and so on. But now, I’ve come to realise it’s probably the least important thing to consider (only when it comes to pet projects and POCs).

Photo by JC Gellidon on Unsplash

More times than I’d like, I’ve put much effort in researching for this decision, and soon, the moment passes, and I don’t even want to continue with my project anymore. It gets shelved even before I could decide all the details. Yet, I do have to choose a language and most of the times a framework/library to make my work easier. Yes, but the way I decide has become much simpler and straightforward.

Doesn’t matter that much. Unless my project is going to have a life of several years, and is going to be worked on by a team of developers, this decision doesn’t even matter that much. Sometimes even in that case. The biggest example is Facebook which probably demanded super high performance, was initially developed with PHP. When it comes to implementing new ideas, it’s way more important to ship a working prototype than whether you have made the best decisions.

Can be revisited. When I make software, more time is spent on solving the problems that are not language-dependent. In comparison to actually designing and implementing the project, the effort for changing the programming language later is quite low. So, I start the POC, and once I’ve made significant progress, I re-evaluate whether some other language would do this easier/better. Almost always, there is no significant benefit, and even if there is, it’s quite simple to rewrite what I’ve done so far.

Bird in the hand. Instead of thinking what might be best suited for the project, and spending effort learning from scratch, it’s better to get started with what I already know and could make quick progress on the idea. By the time I get a handle on that new tech, my motivation could shift and I risk dropping the project altogether. Whereas, if I have a working material product, no matter how small it is, it would motivate me to invest even more time and effort.

Having said all that, if my project/POC demands I use a certain language or technology, obviously I have no decision to make. For example if my POC is to add a search index function to my project using ElasticSearch, of course I have to learn and use ElasticSearch.

Also, if you are working on a long-life project, which will involve a team of developers working on it, then you have to go through the usual process of making the best choice. But even in those cases, you might have to start with a POC.

So stop worrying about which language or framework or tool you should use. Get started with what you already know and make something.

Mac Terminal Shortcuts

It does always come as a surprise to me how uncomfortable the terminal is to a lot of developers – especially people who move from Windows to Mac/Linux. I’m just putting out a (small) list of keyboard shortcuts that could make your life on a Mac terminal so much better. This won’t make you a command line ninja, but if you’re too busy to learn the command line thoroughly but still would like to be decently comfortable using it, this list is for you.

Note: If you’re coming from Windows, be careful to note whether it’s ‘command’ or ‘ctrl’, and the ‘option’ key is the same as the ‘alt’ key.

Moving the Cursor

You can’t ‘edit’ text in a terminal because it’s not a text document, it’s just a log of whatever you executed. Only the current line is relevant for editing. So it doesn’t make sense for the up arrows and down arrows to move the cursor up and down. Inside the current line, the following four things are what you should know –

  • Move the cursor left / right : Left / Right
  • Goto beginning / end of line : Ctrl + A / Ctrl + E
  • Goto previous / next word : Option + Left / Option + Right
  • Move the cursor to a specific location : Option + Left Click

Scrolling the Screen

Scrolling is quite simple using the mouse or the trackpad. But in case you’d like to scroll using the keyboard, remember these –

  • Scroll by lines : Option + Cmd + Page Up / Option + Cmd + Page Down
  • Scroll by pages : Cmd + Page Up / Cmd + Page Down
  • Scroll by commands : Cmd + Up / Cmd + Down
  • Scroll to top / bottom : Page Up / Page Down

Selecting Text

You surely know the normal Click + Drag text selection. Some more ways to select text are –

  • Select a word or a line : Double Click / Triple Click
  • Select a URL or a file path : Shift + Cmd + Double Click
  • Select last command and it’s output : Shift + Cmd + Up
  • Select everything : Cmd + A
  • Deselect : Esc

Deleting Text

Deleting text is straightforward, which you’d do with backspace and/or delete keys. But still I think a few shortcuts are worth remembering –

  • Delete word before cursor : Ctrl + W
  • Delete the entire line : Ctrl + U
  • Delete from cursor to end of line : Ctrl + K
  • Clear Screen : Cmd + K
  • Clear upto previous command : Cmd + L

Switching Tabs

  • Open a new tab : Cmd + T
  • Open a new window : Cmd + N
  • Close current tab : Cmd + W
  • Cycle through tabs : Ctrl + Tab (Hold Shift to cycle in reverse)
  • Cycle through windows : Cmd + ` (Hold Shift to cycle in reverse)
  • Exit terminal completely : Cmd + Q

Other Neat Stuff

  • Input Emojis : Ctrl + Cmd + Space
  • Command History : Up / Down
  • Search History : Ctrl + R
  • Save some text to a file : Select the text and press Shift + Cmd + S

That’s enough shortcuts to make you super fast while working with a terminal. But there are more shortcuts you can learn You can always learn more shortcuts at the official reference – https://support.apple.com/en-in/guide/terminal/trmlshtcts/mac