Postel's law in development
Postel’s law, also known as the robustness principle, states that we should all be friends and try to get along. It’s also occasionally harmful. Here’s an example.
Lain wants to add chat messages to activitypub in pleroma. I think this could be cool, so I wrote some code for honk. Two implementations of the same concept? We’re gonna need some serious robustness, on principle.
Lain sent me a pretty picture but I couldn’t see it. I looked closer at the message and discovered mediaType was null. Probably a bug on the sender side, but I could relax the parsing requirements slightly and accept it. So I did. (Or I could have waited a bit, but I want it to work now. New! Shiny! Now!) New attempt, pretty picture received!
Then I added support for sending a picture and tested it by sending one to myself. Looks great! Ship it! Next I sent a picture to Lain, but it never arrived.
In the process of adding support for sending pictures, I inadvertently introduced a very similar bug to honk as the one in pleroma previously worked around. The mediaType field was blank (instead of null), but since I’d relaxed the parser, it seemed to work. Except pleroma didn’t handle this particular case.
After more debugging and looking at the message, Lain was able to add another workaround to pleroma to accept these broken messages. But that shouldn’t have been necessary. I should have been sending correct messages to start, and erroneously thought I had been based on the success of the self interoperability test.
After realizing the problem, I fixed honk and made the parser somewhat stricter again to prevent future regressions.
In total, I think the two of us only spent an hour or so working this all out. Helps that text chat messages did work. And the problem was quite simple to fix, especially when you’re already in the code and looking for it to work. But a month from now, it would have been harder to diagnose and possibly gone unnoticed. If a picture doesn’t show up, how long until you know?
The robustness principle doesn’t necessarily result in robust software. I made one change to increase compatibility (good) but that allowed another fault to be introduced reducing compatibility (bad).