Please, let me REST



  • More than a specific WTF post, I've found my self in a situation where I have to remotely cooperate with a multicultural team from a third party in England. If you live there, you probably know what I mean with "multicultural".

    To make matters worst, this third party is a MS shop with not much knowledge/experience of current trends like REST, web development or even HTTP. From what I can conceive, their only knowledge of web development is putting the correct .Net tags (or whatever this are called) in a .htm file.

    My first friction with them was that the first version they released was taking ages to load. I fire up Firebug and lo and behold there in the console is a message from less.js telling me that the CSS was built correctly. I build the CSS file and send it to them and an email to our designer to make sure she doesn't send the less files again and to remove the less.js script from the HTMLs she sends to them.

    And now I'm here, asking for advice because I haven't touched any MS thing in more than 15 years and this people doesn't seem to know shit about HTTP. Let's see, they are using ASP.NET and have built the REST API to which I can login to a provided endpoint. Cool! But now I have to keep a session provided by this login with the cookies .Net returns (ASP.NET_SessionId) and on every login protected endpoint I receive a 500 with some "Object reference not set to an instance of an object". I write the third party to point this out and receive this:

    Please use response.addCookie(getCookies())

    Ah! Life is so simple in .Net land, but I have to spend the next three days and several screenshots later showing them that I'm certain I'm handling the session since GOOGLE FREAKING CHROME is doing it. I even tried with curl and no go. And fuck you, I shouldn't be getting a 500 error because that means your shit is breaking down, I should be receiving a 401 or a 403.

    So, the ball is on their side. After a whole day of release (attributed to some database problem yadda yadda yadda) it seems their Google search for ".Net return 401" worked, and when I test again I get a 401 with this in the headers:

    WWW-Authenticate: Negotiate, NTLM

    WWW-Authenticate? WTF? NTLM?!? OMFG!!!

    They state that it works locally and I'm afraid that they're mixing some Windows domain stuff with HTTP in here.

    Since I can't keep wasting time and I have two mobile teams waiting for this shit to be development ready, I tell them to forget the whole authentication thing for the moment and try to add it at a later stage.

    Is there any hope?



  • @ubersoldat said:

    If you live there, you probably know what I mean with "multicultural".

    A multicultural team in England? Two fat, balding English managers; an Irish guy wearing tattered rags and passed out drunk on a sack of potatoes; a guy from Africa with the darkest skin--and best English grammar--of anyone you will ever meet; some Welsh guys to mine the coal; and a guy from India or Pakistan to do all the work.



  • @ubersoldat said:

    To make matters worst, this third party is a MS shop with not much knowledge/experience of current trends like REST, web development or even HTTP. From what I can conceive, their only knowledge of web development is putting the correct .Net tags (or whatever this are called) in a .htm file.

    I know your pain. I had to basically walk a MS-only company through building an REST API so that I could build them a mobile app. I suggested we use Python since it has some excellent REST libraries already, but they got "new language cold feet" even though the code would be simpler than any of their SQL statements. They also didn't even realize that other languages have MSSQL database drivers and that Python, can, in fact, query their database. Instead, they decided to cobble it together using ASP.NET. We probably spent more time eliminating all the cruft that ASP.NET tries to add to the response than building the actual API.

    It seems that with most MS shops, if Microsoft doesn't offer some built in solution for Visual Studio, they essentially consider it a myth. One guy downloaded a huge UI library just so he could do a simple javascript alert box, for example.



  • @Soviut said:

    It seems that with most MS shops, if Microsoft doesn't offer some built in solution for Visual Studio, they essentially consider it a myth.

    At at most FOSS shops, if a technology isn't trending on Hacker News!, or if it's actually tested and matured, they don't want anything to do with it. Ask them to build you an enterprise-class web app and they'll cobble something together with NodeJs, Coffeescript and CouchDB, then be shocked when you tell them it's going to be an unmaintainable disaster. But, hey, what do they care? They've already completed their 9 month stint at your company and have moved on to their next set of victims, along with a trendy new set of torture implements.



  • @morbiuswilters said:

    @ubersoldat said:
    If you live there, you probably know what I mean with "multicultural".

    A multicultural team in England? Two fat, balding English managers; an Irish guy wearing tattered rags and passed out drunk on a sack of potatoes; a guy from Africa with the darkest skin--and best English grammar--of anyone you will ever meet; some Welsh guys to mine the coal; and a guy from India or Pakistan to do all the work.

     

    Close, but not quite. One large, balding and bespectacled Estury man who is in charge, though knows nothing other than money and its acqisition. Two lads straight out of college who were hired because they're not 21 yet so their minimum wage is less. Three or four men of Middle Eastern and/or West Asian patronage, who know what they're doing but only in one particular coding language, and collectively none of them know what they're doing, and a highly educated young woman, who will know what needs to be done, and how to do it, but will be relegated to phone and coffee duty because that's how the industry works. 

    Or worse, a "University Class" team; five balding and bespectacled men, all from different corners of the UK, all with different ideas of what has to be done and how to do it, and a handful of international postgrads who know what to do and how to do it, but daren't speak out against their elders for fear of repercussions (read: enforced visa expiration).



  • @Soviut said:

    I suggested we use Python since it has some excellent REST libraries already,

    So does .net.

    @Soviut said:

    Instead, they decided to cobble it together using ASP.NET.

    "cobble it together". Even if you do it yourself and just use raw .ashx files, all the components needed for REST APIs are trivial to create. (And trust me, this is what I do-- I just have a wrapper for the HttpHandler class that handles all the shit, and I write my own .ashx calls that inherit from it. I get that, say, MVC API is very bloated for the simpler use-cases.)

    @Soviut said:

    We probably spent more time eliminating all the cruft that ASP.NET tries to add to the response than building the actual API.

    ASP.net on its own adds zero cruft. Your idiot devs are using some shitty library on top of ASP.net adding the cruft. Your devs suck, not the tools.

    @Soviut said:

    One guy downloaded a huge UI library just so he could do a simple javascript alert box, for example.

    Somehow you didn't blame Microsoft for this one. Huh.



  • @blakeyrat said:

    @Soviut said:
    One guy downloaded a huge UI library just so he could do a simple javascript alert box, for example.

    Somehow you didn't blame Microsoft for this one. Huh.

    Yes he did. The sentence prior to that he said that if M$ didn't offer some built-in solution in VS then people would go out and do stupid stuff. The "for example" at the end means he considers downloading a huge UI library to do a simple alert box to be a natural result of M$'s paternalism within the ecosystem.



  • @Soviut said:

    I had to basically walk a MS-only company through building an REST API so that I could build them a mobile app. I suggested we use Python since it has some excellent REST libraries already, but they got "new language cold feet" even though the code would be simpler than any of their SQL statements.

    So you went to a MS-only company and proposed to use Python, yet in your opinion they are the problem? What if you worked in a Python-only company and someone came in and proposed to do something in .Net?



    Here is the thing about programming languages in a company: the less the better, otherwise you risk running in a staffing problem. Unless you hire only people who actually know everything (not only pretend like you) but it is usually more cost-effective to pick a technology that mostly works for the company needs and that has a large pool of potential employees.



    As for building a mobile app in .Net: everything that is possibly needed is available in NuGet so unless you discovered a new business requirement that has never been done before (and you did not) then you were just a bad cast for this company. And every minute you spent "eliminating the cruft" was money wasted by the client and also a lost opportunity for you to open your horizons.




    Microsoft may not always be the best technology but in this case it was.



  • @Soviut said:

    @ubersoldat said:
    To make matters worst, this third party is a MS shop with not much knowledge/experience of current trends like REST, web development or even HTTP. From what I can conceive, their only knowledge of web development is putting the correct .Net tags (or whatever this are called) in a .htm file.

    I know your pain. I had to basically walk a MS-only company through
    building an REST API so that I could build them a mobile app. I
    suggested we use Python since it has some excellent REST libraries
    already, but they got "new language cold feet" even though the code
    would be simpler than any of their SQL statements. They also didn't even
    realize that other languages have MSSQL database drivers and that
    Python, can, in fact, query their database. Instead, they decided to
    cobble it together using ASP.NET. We probably spent more time
    eliminating all the cruft that ASP.NET tries to add to the response than
    building the actual API.

    It seems that with most MS shops, if Microsoft doesn't offer some built
    in solution for Visual Studio, they essentially consider it a myth. One
    guy downloaded a huge UI library just so he could do a simple javascript
    alert box, for example.

     

     I hate this bullshit against ASP.NET. As you are blatently talking about a Django, ASP.NET MVC 4 has every single feature you are talking about.

    The problem is that there are a lot of clueless people in the industry, this isn't limited to Microsoft shops. Usually the problem is that people don't know something is actually built into Visual Studio or .NET and roll their own bullshit untested version of it.



  • @morbiuswilters said:

    @blakeyrat said:
    @Soviut said:
    One guy downloaded a huge UI library just so he could do a simple javascript alert box, for example.

    Somehow you didn't blame Microsoft for this one. Huh.

    Yes he did. The sentence prior to that he said that if M$ didn't offer some built-in solution in VS then people would go out and do stupid stuff. The "for example" at the end means he considers downloading a huge UI library to do a simple alert box to be a natural result of M$'s paternalism within the ecosystem.

     

     Also if someone is rolling their own modal dialogs (which I believe he is talking about) in this day and age for anything other than a very simple project, I would like to use the cluebat on them.


  • Discourse touched me in a no-no place

    @blakeyrat said:

    @Soviut said:
    I suggested we use Python since it has some excellent REST libraries already,

    So does .net.
    Doesn't mean those morons are using it. The problem isn't the language, or the tools it makes available, but the weird culture of development that seems to have evolved at that particular company. You know, without much real competence (and none of that in charge).



  • @morbiuswilters said:

    @blakeyrat said:
    @Soviut said:
    One guy downloaded a huge UI library just so he could do a simple javascript alert box, for example.

    Somehow you didn't blame Microsoft for this one. Huh.

    Yes he did. The sentence prior to that he said that if M$ didn't offer some built-in solution in VS then people would go out and do stupid stuff. The "for example" at the end means he considers downloading a huge UI library to do a simple alert box to be a natural result of M$'s paternalism within the ecosystem.

    I also meant that rather than implement that simple alert box with a single line of javascript they'll waste time and resources looking for a more "official" way. I spent nearly two years trying to tell my ".NET only" developer friends that JQuery would help solve a lot of javascript headaches they were currently facing; They said they were holding out for the C#-to-Javascript converter. Two years later, Microsoft announced that they were supporting JQuery and these same friends couldn't stop talking about how great JQuery was.

    I don't consider myself a Microsoft guy, or a FOSS guy, or anything. I'm a developer. I have tonnes of tools at my disposal. I'm going to remain as pragmatic as possible because picking sides and polarizing yourself just means you miss out when something good comes along. I'd rather cherry pick the best of breed from all camps than worry about some philosophy.



  • @dkf said:

    @blakeyrat said:
    @Soviut said:
    I suggested we use Python since it has some excellent REST libraries already,

    So does .net.
    Doesn't mean those morons are using it. The problem isn't the language, or the tools it makes available, but the weird culture of development that seems to have evolved at that particular company. You know, without much real competence (and none of that in charge).

    Exactly. They could have used .NET HTTP libs and made it work just fine. Instead, they used ASP.NET webform pages but hacked them to return the correct response headers. The overhead of the whole ASPX page lifecycle still existed, though it was totally ignored. Further they had dozens of issues with proper string escaping, unicode character issues that were being urlencoded, null returned instead of an empty object when there was no result, incorrect HTTP header for errors, etc. Their first attempt to leave the walled garden was just short of a dismal failure because they'd never even thought to venture out before.



  • @lucas said:

    @morbiuswilters said:

    @blakeyrat said:
    @Soviut said:
    One guy downloaded a huge UI library just so he could do a simple javascript alert box, for example.

    Somehow you didn't blame Microsoft for this one. Huh.

    Yes he did. The sentence prior to that he said that if M$ didn't offer some built-in solution in VS then people would go out and do stupid stuff. The "for example" at the end means he considers downloading a huge UI library to do a simple alert box to be a natural result of M$'s paternalism within the ecosystem.

     

     Also if someone is rolling their own modal dialogs (which I believe he is talking about) in this day and age for anything other than a very simple project, I would like to use the cluebat on them.

    Not even. They wanted to pop up a bog standard browser alert box. Something that's literally a single line of code in Javascript "alert('my message here')". But their attitude was that wasn't the .NET way of doing things, so they decided to show me how wrong I was by purchasing a UI library, installing it, bloating the beloved viewstate to several megabytes, all to pop up the same alert. He triumphantly showed me when he's got it working (by the following evening) and I viewed the source and showed him that the "alert control" he used had used that very same line of javascript. Except the control put the script inline on the tag.



  •  Turn the viewstate off in WebForms and use the newer WebForm in 2012 and you have something equally as lightweight.

     WebForms is really a tech that was meant for intranet applications.



  • @Soviut said:

    Instead, they used ASP.NET webform pages but hacked them to return the correct response headers.

    And you blame Microsoft for this.

    WebForms doesn't make REST APIs. It wasn't designed for that. It's never claimed to be able to.



  • @lucas said:

     WebForms is really a tech that was meant for intranet applications.

    I thought WebForms was meant for WinForms developers who are scared of HTML and JavaScript.



  •  Yes, but most of the .NET 1.1 stuff that was big when I started my career (at least in UK industry) was mostly intranet applications.



  • In case anyone cares, now I'm teaching this guys how to correctly use the "Set-Cookie" and "Cookie" headers because they either read the "Set-Cookie" header on the server or try to send "Cookie" as a response.



  • @ubersoldat said:

    WWW-Authenticate: Negotiate, NTLM

    WWW-Authenticate? WTF? NTLM?!? OMFG!!!

    They state that it works locally and I'm afraid that they're mixing some Windows domain stuff with HTTP in here.

    Indeed. Tell them to use Forms authentication rather than Windows authentication (when the time comes to authenticate). It will require some changes to Web.config.


  • @pjt33 said:

    @ubersoldat said:
    WWW-Authenticate: Negotiate, NTLM

    WWW-Authenticate? WTF? NTLM?!? OMFG!!!

    They state that it works locally and I'm afraid that they're mixing some Windows domain stuff with HTTP in here.

    Indeed. Tell them to use Forms authentication rather than Windows authentication (when the time comes to authenticate). It will require some changes to Web.config.

    There is also the option of adding a layer on top of the old scheme: FIM.


Log in to reply