I use the catastrophe theory of error handling: if something fails sanity checks or throws an exception, then kill it with fire: crash the whole program and make the users cry.
True, it’s a pain but… no more hidden errors that get reported two years later
actually a really bad idea if you’re doing anything with critical data between your systems and other systems, like a credit card getting charged on a remote server but then your code crashes
Dev mode is when developing by the programmers. Production means used by others.
When I am working with a service, I want to know immediately when there is a problem.
When I push my code to be used, the dev flag is off and the code does stuff as normal.
For example: if I am making a payment service using a third party, I use sandbox and fake cc numbers. I want things to fail loudly on my computer so I can make things fail silently. And safely, when it’s used with real money. But I can only do that if I know there are issues. And only logging lets some bugs be unnoticed , particularly if a cluttered log. So being loud in development saves tears in production
I agree in general, that a crash is much better than silently failing, but well, to give you some of the nuance I’ve already mostly figured out:
In a script or CLI, you may never need to move beyond just crashing.
In a GUI application or app, a crash may be good (so long as unsaved data can be recovered), but you likely need to collect additional information for what the program was doing when the crash happened.
In a backend service, a crash can be problematic when it isn’t actually necessary, since it can be abused for Denial-of-Service attacks. Still infinitely better than failing silently, but yeah, you gotta invest into logging, monitoring and alerting, so you don’t need to crash to make it visible.
In a library, you generally don’t want to trigger a crash, unless an irrecoverable error happens, because you don’t know where it’ll be used.
Also, I’ve learned from others that how you crash depends on the environment, if running in dev, be different than if the thing is used by the public or in production.
In a script, dump too much data if dev, in production keep it terse but have relevant info and a link to the docs.
In a gui, webpage or app make the crash screen in dev be a thing of beauty that has the full stack trace, database info , and more. But in production only generate a polite message that is vague, with an error code. Push that error to a logging service with the code. And if this is not used by the public but by a company that paid for it, have a feedback button or live chat button, in the error message, to talk with tech support.
Backend services and libraries: if in dev mode crashes should be loud and definitely break things, while in production log silently and keep working.
And for any type of program: always back up data, and always use transactions to not have the database or files be in an incomplete state if an exception happens.
I use the catastrophe theory of error handling: if something fails sanity checks or throws an exception, then kill it with fire: crash the whole program and make the users cry.
True, it’s a pain but… no more hidden errors that get reported two years later
actually a really bad idea if you’re doing anything with critical data between your systems and other systems, like a credit card getting charged on a remote server but then your code crashes
Dev mode is when developing by the programmers. Production means used by others.
When I am working with a service, I want to know immediately when there is a problem.
When I push my code to be used, the dev flag is off and the code does stuff as normal.
For example: if I am making a payment service using a third party, I use sandbox and fake cc numbers. I want things to fail loudly on my computer so I can make things fail silently. And safely, when it’s used with real money. But I can only do that if I know there are issues. And only logging lets some bugs be unnoticed , particularly if a cluttered log. So being loud in development saves tears in production
I agree in general, that a crash is much better than silently failing, but well, to give you some of the nuance I’ve already mostly figured out:
All good points!
Also, I’ve learned from others that how you crash depends on the environment, if running in dev, be different than if the thing is used by the public or in production.
formatting edit