Error messages are part of our daily lives online. Every time a server is down or we don’t have internet, or we forget to add some info in a form, we get an error message. “Something went wrong” is the classic. But what went wrong? What happened? And, most importantly, how can I fix it?
I really enjoyed this article detailing a massive project at Wix to go through and rephrase every single error message to make them easier to parse and overall less… Useless. A lot of developers can learn from this article.
I used to make my living as a programmer until health issues nearly killed me when I was 40 years old and severely trashed how much I could remember at any one time.
I used to be VERY proud of the fact that I worked VERY hard at making all of my error messages make as much sense to the person using the program as possible. Just the opposite of the utter #$*( that I see with a lot of programming, especially with Microsoft. It’s pathetic that either Microsoft (and others) don’t seem to give a crap about their code. How they take the easy way out with most of the messages rarely actually saying what the problem is. It’s like they are trying to be magicians by trying to trick non-techies into thinking the problem is something else, meanwhile everyone can see that the programmer is a hack in the worst meaning of the word. How pathetic is that? I don’t know. I don’t have a scale with a big enough number for that.
Sabon,
Sorry to hear that. I don’t know if you’re comfortable talking about it, but I’m curious about what your condition is. Did it happen suddenly or was it protracted?
I used to be very proud of the fact that I worked very hard making code with no errors! J/k, haha.
Actually I’m proud of making programs and websites that run fast. Slow websites and applications are a major pet peeve of mine. Yet it’s hard to do a great job when so many companies are cheap in development phase. Much like security, performance needs to be factored into designs up front and considered throughout. If you’re tacking these on later, then you end up on a crummy foundation. Taking shortcuts is faster & cheaper, but by that point it’s significantly harder to fix issues and inefficiencies. So many clients make “cheap” their #1 priority…TBH it’s what I like least about the job.
Alfman,
There are so many frameworks that started with the aim of making web development easier, faster, and more secure.
Many of them became increasingly complicated over time, or relegated to obscurity.
I remember all I needed to write dynamic pages was as simple as:
Where firstname and lastname were form fields, directly injected to php’s global scope. Then came the pesky $HTTP_POST $HTTP_GET overhead, and for some reason we had to sanitize the data (who knew “; DROP TABLE USERS; was not a valid used name?)
Anyway, I applaud your effort to push clients against taking shortcuts. It is easy to see many would still be in the early days of Internet mentalities, before they are hit with a real production issue because of those shortcuts.
sukru,
Yeah, custom development has been almost entirely replaced by off the shelf products with custom patches & extensions:, wordpress, magento, oscommerce, etc. They certainly can save time. Still I criticize products like magento in the strongest possible terms. Not only is it ridiculously inefficient, but on top of that it’s quite difficult and time consuming to work with. Magento relies on caching as a crutch to make up for bad performance. Pages are sluggish even for a single user especially if the database doesn’t fit in ram. Caching is a legit & useful tool, but it’s not a good excuse for poor code and database designs that amplify SQL requests and disk IO. After all, customer pages sometimes need to be dynamically generated and cannot rely on full page caching. Magento attempts to solve these issues with multiple layers of caching, but even that is slower than well written dynamic pages. It requires even more memory, and it introduces new complications with stale data. At least wordpress is better and more popular, although there’s still a lot of room for improvement.
For better or worse PHP had a lot of oversights and was designed by amateurs lacking a solid CS background. Because of that it had a ton of growing pains, but over time (and many breaking changes) I’ll say it has gotten better.
Yeah, one should be using bind variables and escaping without exception. Alas a lot of inexperienced developers are guilty of allowing unsanitized input to be executed. Luckily bind variables have become common practice, although I still see a lack of HTML escaping, which enables XSS attacks and can hijack web sessions.
Thanks, although I must confess that my efforts often don’t convince others until after the fact when they’re already in trouble. A significant number of my clients have outsourced the initial work to cheap firms to build a site (which in truth is little more than installing the framework, adding some plugins, and doing a bit of CSS) and then come to me afterwards to fix things like performance problems. It’s frustrating though because not only are the most egregious problems built deep into the framework, but also because the customers already spent their planned budget on the original devs and are resistant to spending more. This is common refrain throughout my career and yet I keep loosing business to offshore firms that consistently underbid me. It’s like I have no choice but to do rush jobs and reduce my code quality (see “the market for lemons”). I hate this aspect of the industry I work in!
https://en.wikipedia.org/wiki/The_Market_for_Lemons
That’s when I would replace a framework with custom code to see more behind the curtain. No, I couldn’t replace “everything” but I would do what I could to try to find which which black box was causing it to the best of my ability.
“Actually I’m proud of making programs and websites that run fast. Slow websites and applications are a major pet peeve of mine.”
Having good testing of fields AND good error messages AND being fast do not have to be a choice of one over the other. I was also very proud of how fast my apps were (are? as some may still being used but just updated?) For me if I could do all three then I didn’t consider myself a good programmer.
“Sorry to hear that. I don’t know if you’re comfortable talking about it, but I’m curious about what your condition is. Did it happen suddenly or was it protracted?”
I **think** it took five to seven years for me to stop being in denial as I struggled more and more to program. But then I will see a need for a custom program, I will write it, and then literally a couple weeks later and I have zero memory of even thinking about that issue let alone writing a program for it and yet, if you know another programmer really well you can almost always recognized their programs or sections of code that they worked on.
The last couple of years it felt like I was falling off a cliff and I spent more and more time looking in my database of notes that I made to help me remember how I did X and how I did Y and what the syntax was.
And it isn’t any of the 200 most likely things that might be popping into your head right now.
It’s been 20 years and they don’t know yet why. They do know that I have multiple diseases which are rare in combination. They don’t know if it is this combination or if I have something else going on in my body as yet undiagnosed.
The funny thing is, if I don’t need to remember 20 things but only five, then I can do those five things very well and it is like I have zero problems at all. Depending on the day depends on if I have problems with 6 things or if I can remember 20 things. I can only go by my notes as I can’t count on my memory as to how I am doing each day or each hour.
All of the reasons that you probably are thinking of have been ruled out. It’s just that nothing has been ruled “in”.
Sabon,
Reminds me of this “The Man With The Seven Second Memory (Amnesia Documentary)”
https://www.youtube.com/watch?v=k_P7Y0-wgos
This implies different levels of memory in the brain. Short term “cache” and long term “reads” are working for him, but “writes” are broken. I find it quite fascinating.
Yeah, I won’t pretend to know what’s behind those conditions. I’ve read that we all start to decline in our 20s. When changes are slow it might be difficult to perceive.
As a developer, trying to debug one issue or another every day, I can easily attest to this. Having good, actionable error messages is very important.
Yes, the binary crashed, or the request could not be served. But, why? And, how do I fix this?
And without good error propagation system, figuring out the root cause becomes almost impossible. Yes, there was an exception in instance #203 when executing FloopTheGoops() function. But at what context? That function has worked 1,000,000 times since the machine started. What changed?
Actually, you don’t even get that much. Initially all you see is “load balancer failed to received an error from one of the backends”. Which backend? It is still running? If that was in a container, and the container crashed; is there any “morgue” of sorts? How do I access the logs? And what do I tell the user?
Yep, even as a developer I want to hide that stack trace, I need to tell the user something, and again actionable, even if that is “call the customer service”.
sukru,
Indeed, this is very relevant to a highly intermittent problem we’re seeing with users right now. Problems that we’ve been unable to reproduce internally…the worst kind of bug.
“Call the customer service” sounds disingenuous as hell when you work for google 🙂
I’ll admit that I don’t often need customer service from google, but every time I have they’ve been abysmal. I deal with lots of customer support in the course of doing jobs, some good and some not so good. But I honestly think google’s may be the worst in the industry. They’re completely MIA when you need to talk to a human. Even as a paying customer, your best bet is to complain on twitter and social media and cause enough of a ruckus for them to reach out to you. I’m sure google saves tons of money this way, but it’s a failing grade for sure.
Alfman,
Yes, Google customer service could be better. (To put it mildly).
My personal observation is that the systems are designed not to need manual intervention, or as little of it as possible. More than 99.9% of the time it works. The remaining is unfortunately a lot of users. Literally hundreds of thousands of users.
And to be completely honest, many of the those tasks are the actual hard ones:
– “I want to reset my password”.
— Sure no problem.
– “But I have not used my account in 5 years”
– “No, I do not have access to any of the devices that is logged in to that account”
– “No, I do not remember any of my previous passwords”
– “No, I do not recall what I entered to the random recovery questions”
– “No, the name does not match my official id. My real name is not ‘PetLover44′”
– “Yes, I have moved to a different country, and never logged in from this location before”
and so on…
But given hardware devices are now a part of Google ecosystem, I think there is a push for a change. (Google One seems to be an effort in that direction).
sukru,
You are right. But they should still be able to do it by scaling support proportionally to their massive resources. Take microsoft, I’ve have had exceptionally fast & personal support from multiple divisions at microsoft. They’ve responded with knowledgeable & actionable information. Why isn’t google able to perform at the same level? I don’t think they would get away with such bad support if they were a smaller company. However as a monopoly, they know they can steamroll the competition regardless. And for better or worse the market is rewarding worse support with higher profits. Like you said, most users at any given time don’t need personal support and as for the rest, well ignoring them to save money is financially justified. I’m not saying we have to like it, but the reason things are this way makes business sense.
Better than the alternative. Web applications in particular often have developer friendly presets that spit out all sorts of detailed information to help the developer solve the problem. But thats not what you want to show in production due to various security concerns, so I think its common to default now to a more generic phrase. While it sucks for users, its much better for them than the detailed java exception that has an oracle error message and exposes their db credentials ( which I’ve run into before).
So start with generic error messages by default, and then intentionally add useful error messages. A missed “oops something went wrong” isn’ t the worst outcome.
I would define an unhandled exception as a bug.
Yes, at that point “oops something went wrong” is probably better than a full stack trace. However it is also one of the cases of “this should never happen”. (Yes I know it does all the time).
Compared to the times of the old, there are much better tools. Linters are getting more intelligent, and numerous, and are standard parts of most developer lifecycles:
https://stackoverflow.com/questions/30442236/how-to-prevent-too-broad-exception-in-this-case
There are even ones specialized in exceptions only:
https://github.com/guilatrova/tryceratops
At worst, there should be a mechanism to log, and then report these unhandled exceptions. Especially for a web application, where log system almost comes for free. (And a possible paging of a developer at 3am if a certain threshold is passed, etc).
sukru,
I agree with everything you said here. A full trace isn’t useful to end users, but frequently the message is. The majority of the time it would be preferable to a completely generic “oops” error, which is useless.
I’d say exceptions are nearly perfect for reporting back error messages, it’s just such a shame that they have the issue Bill Shooter of Bul brought up. If not for that I think displaying them could be a simple standard strait-forward practice.
Bill Shooter of Bul,
Here here!
It’s not just oracle, the php mysql exceptions have the same security issue!
Sometimes it’s very helpful to dump an exception trace, but who in the world thought it was a good idea to output database credentials in them? A generic “DB credentials are invalid” is just as clear and useful for a developer as “Your DB credentials are invalid, by the way here’s the database user name and password”. What were they thinking???? I have no words to describe how bad it is to output security creds in exception messages. AFAIK if you enable PHP exceptions this vulnerability is still there to this day.