- Implement API for displaying an information widget in customer company’s own website (big pharma regent suppliers), content get injected as an iframe loaded from our site.
- Customer employees all visit their own website from behind a reverse proxy with the same IP, trigger the (poorly configured) rate limiting
- Panicky customer contact: “Why is your widget displaying cat pictures on our website and could you please stop it right now”
This now forms a key foundation in my “no whimsy in code” rule along with one or two near misses with dummy data/content.
One of my coworkers, a UX designer, used to work at a newspaper. They used Osama Bin Laden’s FBI most wanted photo as a placeholder image to avoid accidentally running prints without photos because it was funny and because, you know, who could miss that? Well, everyone, it turns out. Some poor guy got Osama’s photo in his obituary and that was the end of that.
Hahah. Reminds me of the time I used to work at a place where the software's demo company was called ISIS and that didn't used to be a big deal until ISIS itself became a thing. Part of our solution contained a web-portal we could up-sell to our clients that their end users could manage their accounts through etc. Anyway I remember one fun afternoon hacking graphics of ISIS the terrorist organization into the web-portal of the demo org and showing it around the office for laughs. It never made it to a customer site thankfully and it was pretty funny at the time but my boss told me to cut it out pretty quick just in-case hahaha.
Not saying I’d ever actually use this (though also not saying I wouldn’t lol), but what is the best practice for using external sources like this?
When using something like Unsplash I know they’ve got lots of resources and a good setup so calling out to their API seems safe enough.
But for a random service like this, I have no idea if they have the infrastructure to support a lot of calls. I don’t want to abuse a random service.
In this case I assume it is all behind a cdn and it’s no big deal for them.
But if you’re not sure and it turns out to be an important part of what you’re building, do you just setup your own cached version using varnish or something?
The instructions at the top of the page encourage you to hot-link directly to the images they host. It would be hard to say sending them a ton of traffic is "abuse" when they literally suggest you do that.
In general though hot-linking across domains like that is bad practice because the content on the other domain might change in a way you don't like. This was a pretty common practice for a while: https://tvtropes.org/pmwiki/pmwiki.php/Main/HotlinkedImageSw...
If those images turn out to be important to your project such that http.cats going down would be an issue, absolutely you should serve a copy of that content from your servers (assuming all the copyright licenses are in order).
I’ve been a big fan of this site since it was introduced to me when I first learned to code. But to your point, I can’t really imagine a scenario where it would become an ‘integral’ part of an project.
For use in development & testing, sure. Or just as a goof to one of your coworkers. Honestly, I’ll admit I’ve used it countless times over the years to refresh my memory on a particular code, while knowing I’ll get a nice giggle of from it.
But in the scenario you are asking about, in an important production environment, you would be wise to cache the images and serve them in your method of choice yourself. Or better yet, just clone the repo and add install it on your server. It’s MIT licensed, so no worries as far as getting in trouble. Problem solved! :)
MIT is a software license. Does it even give you rights to the images? Also I'm not positive that the owner of that repository was the one who created all of those images.
It's because 200 is correct if you are getting the correct image. I believe you're meant to hotlink the images in an HTML error page when your site returns the given code.
Thanks! I was trying to work out who this was and their relevance in the picture. I thought perhaps it was something 'Darker' than a Fahrenheit 451 ref.
I feel an obligatory 'Joe Exotic' reference should be considered here (but goes against the housecat vibe)
Readit News
They probably told you on the Internet, nobody knows you're a dog? See, that was a lie. :)
j/k
Deleted Comment
lol
You can save yourself three keystrokes by using "!w http status codes"
For some reason, I always do Duck's bang things backwards. Like "http status codes w!"
https://httpstatus.in/
- Implement rate limiting on a site to deal with scrapers
- Include the https://http.cat/429 in the template for 429 responses.
- Time passes
- Implement API for displaying an information widget in customer company’s own website (big pharma regent suppliers), content get injected as an iframe loaded from our site.
- Customer employees all visit their own website from behind a reverse proxy with the same IP, trigger the (poorly configured) rate limiting
- Panicky customer contact: “Why is your widget displaying cat pictures on our website and could you please stop it right now”
This now forms a key foundation in my “no whimsy in code” rule along with one or two near misses with dummy data/content.
HTTP Cats - https://news.ycombinator.com/item?id=20283794 - June 2019 (74 comments)
When using something like Unsplash I know they’ve got lots of resources and a good setup so calling out to their API seems safe enough.
But for a random service like this, I have no idea if they have the infrastructure to support a lot of calls. I don’t want to abuse a random service.
In this case I assume it is all behind a cdn and it’s no big deal for them.
But if you’re not sure and it turns out to be an important part of what you’re building, do you just setup your own cached version using varnish or something?
In general though hot-linking across domains like that is bad practice because the content on the other domain might change in a way you don't like. This was a pretty common practice for a while: https://tvtropes.org/pmwiki/pmwiki.php/Main/HotlinkedImageSw...
If those images turn out to be important to your project such that http.cats going down would be an issue, absolutely you should serve a copy of that content from your servers (assuming all the copyright licenses are in order).
For use in development & testing, sure. Or just as a goof to one of your coworkers. Honestly, I’ll admit I’ve used it countless times over the years to refresh my memory on a particular code, while knowing I’ll get a nice giggle of from it.
But in the scenario you are asking about, in an important production environment, you would be wise to cache the images and serve them in your method of choice yourself. Or better yet, just clone the repo and add install it on your server. It’s MIT licensed, so no worries as far as getting in trouble. Problem solved! :)
I feel an obligatory 'Joe Exotic' reference should be considered here (but goes against the housecat vibe)