Strange Brew: How the Web’s 418 Error Code Became Steeped in Controversy
This month saw an obscure joke from 1998 morphing into a minor controversy. It was quickly resolved, but the episode offers an interesting glimpse into the shared culture of geeks — and the often overlooked communities that keep it all running.
And it also brought a new round of attention to a terrific April Fool’s joke.
The story begins in 1998 at Xerox’s famous PARC research center in Palo Alto, where Larry Masinter’s duties included working on web and Internet standards. (Two years later he joined Adobe, where he’s been ever since — still continuing his standards work as a principal scientist in their corporate standards group). On April 1, Masinter unveiled — drawing on the contributions of others — what he later described as “a satire on the many bad API designs being proposed,” which included a mock HTTP status code.
Each time a browser calls a server, a three-digit status code is returned. Indicating when the client request has not been fulfilled for some reason, most error codes, which fall in the 4xx zone of HTTP status codes, are dry stuff: “414: URI Too Long” or “415: Unsupported Media Type.” Error code 418 is simply listed as “I’m a teapot.”
Masinter has also said that the protocol proposal “has a serious purpose — it identifies many of the ways in which HTTP has been extended inappropriately.”
Tongue in cheek, Masinter wrote that “there is a strong, dark, rich requirement for a protocol designed expressly for the brewing of coffee.” In official RFC 2324, he proposed that our hypertext transfer protocol, better known as HTTP, should now be joined by HTCPC — the Hyper Text Coffee Pot Control Protocol, “for controlling, monitoring, and diagnosing coffee pots.”
“Future versions of this protocol may include extensions for espresso machines and similar devices.”
The humor gradually emerged through a mist of technical details. While web servers recognize addresses beginning with http:, under Masinter’s proposal appropriate servers would now also begin recognizing “coffee:." The protocol also identifies some important security considerations. (“Anyone who gets in between me and my morning coffee should be insecure.”) And it warns direly about the possibility of “denial of coffee service” attacks.
The Meme from 1998
It was in section 2.3.2 that a throwaway joke specified a soon-to-be-famous return code.
“The IETF regularly each April 1st also publishes humorous specifications (as ‘Informational’ documents), perhaps to make the point that ‘Not all RFCs are standards’, but to also provide humorous fodder for technical debates,” Masinter wrote, explaining the complete backstory of the message. “The target of HTCPC was the wave of proposals we were seeing for extensions to HTTP in the HTTP working group (which I had chaired) to support what seemed to me to be cockeyed, inappropriate applications.
“I set out in RFC2324 to misuse as many of the HTTP extensibility points as a could.”
Yet Masinter also admitted that problems could ensue with this code. “[O]ne of the issues facing registries of codes, values, identifiers is what to do with submissions that are not ‘serious’. Should 418 be in the IANA registry of HTTP status codes? Should the many (not actually valid) URI schemes in it (coffee: in 12 languages) be listed as registered URI schemes?”
As the years rolled along, the exquisite parody quietly attracted an underground following, and fond tributes to the error message started appearing in actual real-world programming languages and platforms.
The documentation admits that this is a joke code, and should not be implemented in server software, though it has been supported across multiple languages and platforms as a sort of hidden “Easter egg.” The 418 “I’m a teapot” code was implemented in the code for the Node.js platform, and also appeared (in various forms) in Python requests, Google’s Go programming language, and in ASP.NET. Wikipedia notes the Emacs text editor has also implemented the protocol — and that over at Mozilla.org, “a number of bug reports exist complaining about Mozilla’s lack of support for the protocol.”
Google even has its own version of the error at Google.com/teapot.
Over time new incarnations of the silly “I’m a teapot” error have occasionally served some useful purposes — at least, if you believe reports on Reddit. “I’ve seen DreamHost throw 418 errors in response to brute-force login attempts, probably to confuse hackers or something…” And a similar response apparently turns up in at least one WordPress plugin.
In 2015 Masinter — now a principal scientist at the IETF — turned up in a thread on Twitter to remind everyone that yes, it was meant as satire.
@ExceptionFound Satire: make fun of many bad HTTP extensions that had been proposed.
— Larry Masinter (@masinter) November 2, 2015
Not so Funny in the Future
Earlier this month, when the error message got some high-powered attention from Mark Nottingham, the chairman of the IETF working group that oversees hypertext transfer protocol. His service to the geek community includes co-creating the Atom XML language for web feeds, and he’s also worked as a principal technologist at Yahoo, a systems architect at Rackspace, and a research scientist as Akamai, before accepting a position in August at the content-delivery platform Fastly.
“HTCPCP was an April 1 joke by Larry to illustrate how people were abusing HTTP in various ways. Ironically, it’s [now] being used to abuse HTTP itself — people are implementing parts of HTCPCP in their HTTP stacks…
While we have a number of spare 4xx HTTP status codes that are unregistered now, the semantics of HTTP are something that (hopefully) are going to last for a long time, so one day we may need this code point…
I know it’s amusing, I know that a few people have knocked up implementations for fun, but it shouldn’t pollute the core protocol; folks can extend Node easily enough if they want to play with non-standard semantics.”
On the other side of the issue was a 15-year-old programmer named Shane Brunswick. He’d finished his freshman year in high school and was launching a web site to rally for the code’s preservation. “Some people want to expunge every trace of 418 from the world,” Brunswick wrote on GitHub. “I hope to stop that.”
He told Business Insider the error “puts a smile on your face.”
Brunswick proceeded with an indefatigable faith that the beloved error code could be saved by some online activism, and launched a web site at save418.com. (Its tagline? “We are the teapots.”) But on a serious note, he makes the case for retaining the error message. “It’s a reminder that the underlying processes of computers are still made by humans. It’d be a real shame to see 418 go.”
Nottingham gamely acknowledged the controversy in a tweet.
Nottingham even left a conciliatory comment on an issue filed on the code for Brunswick’s own Save418 site. “My goal in all of this was to clarify the status of the code (it had previously been asserted that no one would care about 418, and that’s clearly not true). We’ve done that admirably…”
The community had spoken, and within days Nottingham shared an update on the official w3 mailing list.
So, I poked a couple of implementations to see if they’d remove 418’s “teapot” semantics, and there was a reaction (to put it mildly).
A draft of a new document soon appeared on the IETF site — authored by Nottingham himself.
“In the intervening years, this status code has been widely implemented as an ‘Easter egg’ and therefore is effectively consumed by this use. This document changes 418 to the status of ‘Reserved’ in the IANA HTTP Status Code registry to reflect that.”
And soon he and Masinter were discussing the best way to collaborate on a response.
Meanwhile, Shane Brunswick’s site was updated to proclaim “We saved 418,” thanking those who expressed concerns “regarding the ramifications of removing such a wonderful error code from the internet.”
In the days to come Nottingham retained his good humor — especially on REDbot, one of his own projects, which checks HTTP resources for common problems. When a developer in Armenia submitted a pull request so REDbot’s code would now also support “HTTP Error Code 418 I’m a Teapot,” Nottingham quickly approved the change, and had it deployed by the next day.
And he also left word of the change in a comment on the GitHub repository for Brunswick’s web page, adding, “BTW, thanks for caring about HTTP :)
“sorry about causing all hell to break loose in those Github threads,” Brunswick responded, adding “hope I didn’t make your job any tougher than it already must be.”
“Also, I want to thank for all the time you put into the HTTP protocol. I’ve probably spent the majority of my life connected to the internet in some way, shape, or form, benefitting from the work you’ve contributed over your career. Thank you for caring about HTTP too :)”
- A hotel in Singapore offers a room-service robot.
- Walmart wants to patent floating blimp warehouses to stock drone deliveries from the sky.
- Cosmonauts launch a 3-D printed satellite from the International Space Station.
- New nonprofit wants to free “minds hijacked by our phones.”
- Helpful suggestions and infographics available from the “Social Media time alternative calculator”.
- Facebook asks: what should we do with the web pages of the dead?
- BoingBoing celebrates the 22nd anniversary of its oldest web page.
- Music composer for the 1990s game “Wing Commander” raises money to record it with an orchestra.
- The FBI just got new evidence in the 46-year-old D.B. Cooper case.
- Paul Allen’s crew finds the 1945 wreck of the USS Indianapolis.