How the Web’s 418 Error Code Became Steeped in Controversy – InApps Technology 2022

This month saw an obscure joke from 1998 morphing into a minor controversy. It was quickly resolved, but the episode offers an interesting glimpse into the shared culture of geeks — and the often overlooked communities that keep it all running.

And it also brought a new round of attention to a terrific April Fool’s joke.

The story begins in 1998 at Xerox’s famous PARC research center in Palo Alto, where Larry Masinter’s duties included working on web and Internet standards. (Two years later he joined Adobe, where he’s been ever since — still continuing his standards work as a principal scientist in their corporate standards group). On April 1, Masinter unveiled — drawing on the contributions of others — what he later described as “a satire on the many bad API designs being proposed,” which included a mock HTTP status code.

Each time a browser calls a server, a three-digit status code is returned. Indicating when the client request has not been fulfilled for some reason, most error codes, which fall in the 4xx zone of HTTP status codes, are dry stuff: “414: URI Too Long” or “415: Unsupported Media Type.” Error code 418 is simply listed as “I’m a teapot.”

Masinter has also said that the protocol proposal “has a serious purpose — it identifies many of the ways in which HTTP has been extended inappropriately.”

Tongue in cheek, Masinter wrote that “there is a strong, dark, rich requirement for a protocol designed expressly for the brewing of coffee.” In official RFC 2324, he proposed that our hypertext transfer protocol, better known as HTTP, should now be joined by HTCPC — the Hyper Text Coffee Pot Control Protocol, “for controlling, monitoring, and diagnosing coffee pots.”

“Future versions of this protocol may include extensions for espresso machines and similar devices.”

The humor gradually emerged through a mist of technical details. While web servers recognize addresses beginning with http:, under Masinter’s proposal appropriate servers would now also begin recognizing “coffee:." The protocol also identifies some important security considerations. (“Anyone who gets in between me and my morning coffee should be insecure.”) And it warns direly about the possibility of “denial of coffee service” attacks.

The Meme from 1998

It was in section 2.3.2 that a throwaway joke specified a soon-to-be-famous return code.

“The IETF regularly each April 1st also publishes humorous specifications (as ‘Informational’ documents), perhaps to make the point that ‘Not all RFCs are standards’, but to also provide humorous fodder for technical debates,” Masinter wrote, explaining the complete backstory of the message. “The target of HTCPC was the wave of proposals we were seeing for extensions to HTTP in the HTTP working group (which I had chaired) to support what seemed to me to be cockeyed, inappropriate applications.

“I set out in RFC2324 to misuse as many of the HTTP extensibility points as a could.”

Yet Masinter also admitted that problems could ensue with this code. “[O]ne of the issues facing registries of codes, values, identifiers is what to do with submissions that are not ‘serious’. Should 418 be in the IANA registry of HTTP status codes? Should the many (not actually valid) URI schemes in it (coffee: in 12 languages) be listed as registered URI schemes?”

As the years rolled along, the exquisite parody quietly attracted an underground following, and fond tributes to the error message started appearing in actual real-world programming languages and platforms.

The documentation admits that this is a joke code, and should not be implemented in server software, though it has been supported across multiple languages and platforms as a sort of hidden “Easter egg.” The 418 “I’m a teapot” code was implemented in the code for the Node.js platform, and also appeared (in various forms) in Python requests, Google’s Go programming language, and in ASP.NET. Wikipedia notes the Emacs text editor has also implemented the protocol — and that over at Mozilla.org, “a number of bug reports exist complaining about Mozilla’s lack of support for the protocol.”

Google even has its own version of the error at Google.com/teapot.

Click it to make it pour!

Over time new incarnations of the silly “I’m a teapot” error have occasionally served some useful purposes — at least, if you believe reports on Reddit. “I’ve seen DreamHost throw 418 errors in response to brute-force login attempts, probably to confuse hackers or something…” And a similar response apparently turns up in at least one WordPress plugin.

In 2015 Masinter — now a principal scientist at the IETF — turned up in a thread on Twitter to remind everyone that yes, it was meant as satire.

Not so Funny in the Future

Earlier this month, when the error message got some high-powered attention from Mark Nottingham, the chairman of the IETF working group that oversees hypertext transfer protocol. His service to the geek community includes co-creating the Atom XML language for web feeds, and he’s also worked as a principal technologist at Yahoo, a systems architect at Rackspace, and a research scientist as Akamai, before accepting a position in August at the content-delivery platform Fastly.

On Aug. 5 he made the case for removing support for the error message from Node.js.

“HTCPCP was an April 1 joke by Larry to illustrate how people were abusing HTTP in various ways. Ironically, it’s [now] being used to abuse HTTP itself — people are implementing parts of HTCPCP in their HTTP stacks…

While we have a number of spare 4xx HTTP status codes that are unregistered now, the semantics of HTTP are something that (hopefully) are going to last for a long time, so one day we may need this code point…

I know it’s amusing, I know that a few people have knocked up implementations for fun, but it shouldn’t pollute the core protocol; folks can extend Node easily enough if they want to play with non-standard semantics.”

He made similar requests to the communities handling Go, Python, and ASP.Net.

On the other side of the issue was a 15-year-old programmer named Shane Brunswick. He’d finished his freshman year in high school and was launching a web site to rally for the code’s preservation. “Some people want to expunge every trace of 418 from the world,” Brunswick wrote on GitHub. “I hope to stop that.”

He told Business Insider the error “puts a smile on your face.”

Brunswick proceeded with an indefatigable faith that the beloved error code could be saved by some online activism, and launched a web site at save418.com. (Its tagline? “We are the teapots.”) But on a serious note, he makes the case for retaining the error message. “It’s a reminder that the underlying processes of computers are still made by humans. It’d be a real shame to see 418 go.”

Shane’s post drew thousands of upvotes in Reddit’s programming forum, and over a hundred more when it turned up on Hacker News.

Nottingham gamely acknowledged the controversy in a tweet.

https://twitter.com/mnot/status/895757119160320002

Nottingham even left a conciliatory comment on an issue filed on the code for Brunswick’s own Save418 site. “My goal in all of this was to clarify the status of the code (it had previously been asserted that no one would care about 418, and that’s clearly not true). We’ve done that admirably…”

The community had spoken, and within days Nottingham shared an update on the official w3 mailing list.

So, I poked a couple of implementations to see if they’d remove 418’s “teapot” semantics, and there was a reaction (to put it mildly).

A draft of a new document soon appeared on the IETF site — authored by Nottingham himself.

“In the intervening years, this status code has been widely implemented as an ‘Easter egg’ and therefore is effectively consumed by this use. This document changes 418 to the status of ‘Reserved’ in the IANA HTTP Status Code registry to reflect that.”

And soon he and Masinter were discussing the best way to collaborate on a response.

https://twitter.com/mnot/status/896030835257729024

https://twitter.com/mnot/status/896447440500412416

https://twitter.com/mnot/status/896032238755659776

Meanwhile, Shane Brunswick’s site was updated to proclaim “We saved 418,” thanking those who expressed concerns “regarding the ramifications of removing such a wonderful error code from the internet.”

In the days to come Nottingham retained his good humor — especially on REDbot, one of his own projects, which checks HTTP resources for common problems. When a developer in Armenia submitted a pull request so REDbot’s code would now also support “HTTP Error Code 418 I’m a Teapot,” Nottingham quickly approved the change, and had it deployed by the next day.

And he also left word of the change in a comment on the GitHub repository for Brunswick’s web page, adding, “BTW, thanks for caring about HTTP 🙂

“sorry about causing all hell to break loose in those Github threads,” Brunswick responded, adding “hope I didn’t make your job any tougher than it already must be.”

“Also, I want to thank for all the time you put into the HTTP protocol. I’ve probably spent the majority of my life connected to the internet in some way, shape, or form, benefitting from the work you’ve contributed over your career. Thank you for caring about HTTP too :)”

Feature image by Tomomi Imura via Flickr, CC BY 2.0.