1. 30

    Use a library or framework.

    So the best code is actually somebody else’s code.

    Use a third party SaaS tool.

    Somebody else’s code on somebody else’s machines.

    if you can solve a problem without doing anything, it is better to not do anything

    you don’t say…

    1. 20

      If I had to rank problems with modern software development, “devs don’t use enough third-party libraries and frameworks” would be way, way, way down the list. Much higher on the list would be “few devs bother to learn how to write code that can be reused without causing more problems than it solves”.

      Relevant: Designing and Evaluating Reusable Components (2004) by Casey Muratori

      1. 9

        I think this is a fair reply to the literal interpretation of the post, but wholly irrelevant to its spirit.

        Yes, using someone else’s code is still using code, but the important things are:

        • It’s code you don’t have to maintain and support (at least not nearly as much as code you’d write yourself)
        • It’s already done, so you save time by integrating with it rather than having to write and test it
        • If you pick a decent module/framework/tool, it’s likely the author has spent significantly more time refining it than you would if you wrote it yourself, as it’s the purpose of the whole module versus your need of the hour

        It’s also worth mentioning that picking which third-party code or tool to use and (more importantly) which not to use is a skill which gets better with experience. Those less experienced in making those critical distinctions are sometimes bit by bad choices, and revolve to reinvent the wheel.

        you don’t say…

        Regarding this, it may be obvious to you that solving a problem with little or no code is better than the alternative, but this is far from obvious to every developer.

        An outsized portion of developers, even experienced ones, are more oriented toward writing code than solving problems. I’ve seen more than one occasion where a developer starts down the path of designing a complex system to avoid asking a user to make a tiny, effortless tweak to their workflow. Asking them to do so is a win by every measure, and yet many developers fail to consider it.

        1. 8
          • It’s code you don’t have to maintain and support (at least not nearly as much as code you’d write yourself)
          • It’s already done, so you save time by integrating with it rather than having to write and test it

          These are both terrible assumptions. They can be true, but they’re by no means guaranteed. And if you do end up having to make changes to that third party code, it’s going to be a massive pain. Vendoring the code into your repo can alleviate some, but not all, of that pain.

          • If you pick a decent module/framework/tool, it’s likely the author has spent significantly more time refining it than you would if you wrote it yourself, as it’s the purpose of the whole module versus your need of the hour

          Time =/= Quality. Specific solutions to specific problems almost always outperform general solutions in every metric.

          1.  

            Like I said, evaluating whether to use a library or to write it yourself is a skill. I hoped I’d made that clear in my original post, but those points are assuming you’ve done your due diligence in choosing a library. I’m not arguing that picking any old module will automatically save you time and it’ll just work effortlessly, but if you do that due diligence you can have pretty good luck.

            The project I work on at my job had a sizable number of dependencies and we spend relatively little time dealing with those downsides because we do a decent job mitigating those risks.

            Like everything else, it’s a tradeoff. Sometimes the odds favor writing it yourself, and sometimes they favor using someone else’s code.

            1.  

              Totally agree. I just think the far bigger problem is devs piling on layers and external dependencies due to the belief that it will save them time or make their code more “clean”.

              There are very few truly general abstractions. Compilers/Interpreters and Relational databases are probably the two most obvious (in software). And they took decades to reach sufficient maturity to be the obvious choice over rolling your own special-purpose solution. And still, they come with a considerable complexity cost.

              1.  

                Like I said, evaluating whether to use a library or to write it yourself is a skill.

                I think it’s worth highlight this, given the blog domain is called letterstoanewdeveloper.

            2.  

              It’s already done, so you save time by integrating with it rather than having to write and test it

              I’ll add this is only true if integration effort is less than effort of writing and testing a solution. At first glance, it seems like it obviously would be. Many 3rd-party libraries will be more complex than one needs, have poor documentation, maybe miss corner cases, etc.

              I can’t give any guidance outside “learn from experience” on how to evaluate when you’re running into this problem. Lean, focused, and well-documented libraries seem to be a good pattern. Personal example for development server in Python was choosing Flask over Django since I figured I’d get working code out faster. It’s been working fine outside one problem that might not even be Flask.

          2. 5

            Fair points. I did mention manual processes as an alternative.

            I think some developers are enamored of writing code for code’s sake. I was when I was younger.

            Maybe a better title would be “The best code is no custom code”?

            1. 17

              Surprisingly often, there’s more work in gluing together frameworks than there is in just writing the code. And you lose visibility into what’s going on, so when it goes wrong, it’s much harder to debug.

              There’s a balance to be made. I try to restrict dependencies to ones solving hard problems.

              1.  

                Surprisingly often, there’s more work in gluing together frameworks than there is in just writing the code.

                In my experience that is true for the golden path, sometimes. But once you, or your users, stray off the happy path, I find that libraries and frameworks help a lot. Yes, it’s less fun for me to read a doc and learn how to use a third party lib than to write my own, but long term the former is the better solution.

                1.  

                  Glue code is rarely bug free, and commonly misses edge cases between what one library outputs and another accepts.

                  The libraries also get special cases wrong more than you’d expect. If I’m lucky, I can get upstream to ship a fix quickly. But often, I just need to work around it.

                  Popular libraries too: I’ve spent days dealing with issues in grpc, core Android APIs, and similar.

              2.  

                It’s certainly valuable to re-use mature, maintained solutions whenever possible. I think we need a new metric to capture evaluate this. Maybe something like “Maximize annual maintenance dollars per Line of Code”?

                This encourages you to think through who’s actually maintaining the stuff you’re using. You can write it yourself and pay 100% of the maintenance cost. You can use an open source library and benefit from community maintenance investments. You can pay a vendor with a dedicated staff for maintenance investment. Somebody has to do the work or your code rots.

                You have to think carefully about your unit of analysis though. There are some LOC that matter more to your business than anyone elses’. Are those features actually benefiting from investment received by their parent libraries?

                1.  

                  Great idea. I think you meant minimize, though?

              3. 5

                Ahem. Economics, Mr. Llama!

                So the best code is actually somebody else’s code

                They’ve already paid for it. You get to use it for free, maybe pay a little maintenance cost. Is that a good deal? Depends, but probably worth consideration.

                Somebody else’s code on somebody else’s machines.

                Infrastructure costs money too. Do you really want to be in that business?

                If you’re writing code for fun, great, have fun. But if you’re writing code to make money, I think it’s your responsibility to actually make some money. Or at least, not just throw it away merely because it’s more fun to reinvent stuff.

                1.  

                  Use a library or framework.

                  Perhaps a library is a good idea in many circumstances if it is sufficiently well designed but frameworks can be a lot of trouble.

                  1.  

                    I’m upvoting both you and the post on this one. The deep irony here is that you can say things like “the best code is no code” and seem trivial, trite, pointless. You’re just restating the obvious!

                    Everybody can agree, get a nice chuckle. Then they go out and write a bunch of code they didn’t need.

                    Profound statements tend to be facile as well. For me, folks kept saying things like this over and over again until one day the light went off. I’m not sure if I just had to wait until somebody said it the right way, I had to hear it X times, or personal experience demonstrated to me how much I said the words but didn’t actually live the life. Took a long while, though.

                  1. 8

                    You should be careful about using this list for anything involving security or resource limits.

                    • The list is not exhaustive, and never will be. You can’t use absence of a (sub)domain in the list as a permission to share anything across subdomains. The list can’t express situations where domain owners have irregular usage, like customer1.example.com, customer2.example.com and login.example.com.

                    • Resource limits that are per “website” using the list incentivise abusers to add *.f-u.example.com to the list to be able to use one domain to create unlimited number of fake “independent” websites to work around limits.

                    • It’s not safe to remove entries from this list, and it’s not sustainable to grow it forever. Don’t build anything important on a dead-end model.

                    1. 2

                      Thank you for posting this link. Eye opening. Appreciated!

                    1. 1

                      How outdated/lacking is the Wikipedia List of TLDs compared to this?

                      1. 3

                        This is more than just tlds. For example, github.io is on this list but not the tld list.

                        1. 2

                          Oh, understood. That seems really unscalable to manage; per above this list is pretty useless for domain validation. I guess it’s just a curiosity piece, or maybe has some data science use?

                          1. 3

                            It’s a historic wart in browser/web specifications. We’d usually like everything depend on origin (as in scheme,host port) to be the scope and security’s boundary of a web page (i.e., Same Origin Policy). But we can’t. Cookies have been specified earlier and are bound to a domain and can be expanded to a subdomain or a parent domain. For this, we need to know where the domain ends and where the public suffix starts (e.g., different length for .com and .co.uk)

                            A long while ago, people found out they could set cookies for all of .co.uk, which isn’t a registered domain but sort-of looked like it. That was not great.

                            The public suffix list is the fix for that. Meanwhile, it has grown to expand and contain all sorts of services with user registerable sub domains, like github.io, so users won’t set cookies on other user’s domains.

                            1. 1

                              Wonder if cookies will ever be possible to lock down to host only, not parent domain?

                              With stuff like OAuth, single sign-on can be solved without sharing auth state in cookies.

                              1. 2

                                We’ll try. Mike West (Google) has a draft in the IETF

                      1. 2

                        This material on JWTs is the best instance I can think of “learn enough X to be dangerous”. Not because of flaws in the material itself (it’s quite good), but because of JWT.

                        For a long time, it had been the only content I’d read on JWT, yet it’s deep enough that I was widely perceived in the office as “the guy who knows JWT”. So I’ve been asked to design all sorts of things way out of my depth, yet ego kept me from noticing that for a while. Lots of cringe looking back.

                        1. 2

                          So I’ve been asked to design all sorts of things way out of my depth,

                          What’s an example of that?

                        1. 2

                          I remember this getting passed around at my first job. It was like a bolt of lightning in the early 2000s.

                          Now I hope it’s less striking (who doesn’t use version control?). Hope being the operative word.

                          1. 15

                            I’ve been using NewsBlur since 2013, and it works well enough that I’ve been willing to pay the $3/month for it. The main thing I enjoy is having a mobile app that is able to automatically download stories for reading on the subway, and sync its read/unread state with the browser version.

                            1. 3

                              2nd vote for NewsBlur. I’ve been using it since before google reader shut down (I kinda saw the writing on the wall on that one), and it’s been worth it ever since

                              1. 1

                                I’ll chime in for newsblur as well. Simple, gets out of my way, just plain works.

                              2. 3

                                Another vote for NewsBlur. I’ve been using it for a number of years as well (I think since 2013, too!) and absolutely love the “Intelligence Trainer” feature. I’m able to highlight keywords to emphasize or hide from the feeds. It’s like Lobste.rs’s tag filtering but for every feed out there.

                                It even supports converting email newsletters into RSS feeds (which seems like the opposite approach everyone else takes, hah) which helps clean up my email inbox some.

                                1. 3

                                  Also been using it since 2013. Being grandfathered into the $12 a year rate almost feels bad considering how much value I get from it.

                                  Especially since I consume Lobster.rs and HN by RSS. Kind of funny that I read this post through NewsBlur!

                                  1. 2

                                    Yeah, I lied, I’m paying $12/year myself. It was a no-brainer at that price.

                                  2. 1

                                    Possibly totally stupid question: is there a Linux client or 3rdparty app for NewsBlur?

                                    1. 2

                                      Maybe, but not that I’m aware of. I’m happy enough using the browser when I’m not on a phone, so I haven’t looked.

                                      1. 1

                                        It’s totally open source, you could run your own instance: https://github.com/samuelclay/NewsBlur

                                      2. -1

                                        +1

                                      1. 21

                                        I often find, even when I’m interested in a subject I end up procrastinating all day instead of doing it.

                                        I have some form of background anxiety that prevents me from starting; maybe the scope is too big, or I worry about interruptions.

                                        Eitherway; the key piece of advice I shamelessly stole from Tom Limmoncelli’s book “Time Management for Systems Administrators” was to write down the first thing you will do the next day. Before anything else except the essential morning rituals (brush teeth, make coffee, do not check emails) and when I follow this advice I am generally more productive the whole day.

                                        If you find a subject thoroughly boring though, I don’t think any advice is really going to help.

                                        1. 7

                                          I also often find myself procrastinating. I started the Bullet Journal Method, and it kind of helps. In the morning I plan what need to be done, and at the end of the day I can review the progress/achievements I had.

                                          Pair programming always helps to get the nastiest work get done. Just need some mental support to get started on the really crap parts, or talk it over, to create a mental path through the unwanted parts. Also when doing research having someone who I can talk the progress of 2-8 hours of research over helps a lot.

                                          For me the positive feedback is needed to get up to speed and get into flow, or to provide reward after the hard work. In remote work this is not that trivial, while in the office when I was leading a team I always made sure my teammates got positive feedback from me, and they also instinctively provided it for me, and others, or help, if that was needed. I really miss the natural meta-communication present if personal meetings.

                                          1. 5

                                            Anxiety is the #1 problem for me. It’s so difficult to concentrate and get ‘in the zone’ when the project, company, or personal life seem in chaos. The global pandemic has been a real issue for me personally, even though I shut out all news, take breaks, exercise, etc. I have no idea if I am normal or some kind of bad dev :shrug emoji:.

                                            1. 5

                                              Anxiety definitely affects my ability to focus too. Sometimes I find that just taking the first small step helps, because often my anxiety is overblown, and even when my fears were accurate, action makes them less scary. Ymmv.

                                            2. 5

                                              Structured Procrastination can be an effective strategy for people like us.

                                              anyone can do any amount of work, provided it isn’t the work he is supposed to be doing at that moment

                                              The trick is to find some bigger, nastier task that you ought to be doing, and work on your smaller goals as a means of procrastinating on the big one.

                                              1. 5

                                                It’s a pretty delightful read, but I think on balance I’d rather focus on improving rather than outwitting my foibles.

                                              2. 2

                                                If you find a subject thoroughly boring though, I don’t think any advice is really going to help.

                                                But what do you do when you have to get the task done? Quit your job? Pay someone else to do it? Beg a teammate?

                                                1. 9

                                                  Personal approaches: go for a quick walk, nothing long 10-15 minutes to clear your mind. On the way back pick the least bit of work you can think of to start. When you get in just start doing it.

                                                  Or I do some push ups/jumping jacks/burpees/whatever just to get my body/brain into its time to do something mode and then start work.

                                                  I find personally that just getting started tends to be my problem so this tactic tends to yield good benefits. To each their own.

                                                  Or you might like my Grandpa’s view on things, he grew up through the Great Depression. Nobody likes cleaning the toilet, but if nobody does it it will never get done so you have to buck up and just get it done.

                                                  1. 2

                                                    I find personally that just getting started tends to be my problem

                                                    Same here. The Pomodoro technique helps me start.

                                              1. 22

                                                I have been blogging for 15+ years. I think looking for external validation is short sighted. While people have contacted me occasionally and thanked me, and I have even gotten a few $$$ from my blog, the real reason I write is intrinsic. It clears my mind and provides a way for me to realize what I am really thinking. I do it publicly because otherwise I wouldn’t (not much of a journaler).

                                                However, if you don’t like the way the internet is currently organized, blogging is a great way to make a small change. Never been easier, all you have to commit is your time.

                                                1. 9

                                                  This is the same with me. I typically write a post describing how I got to a certain conclusion and what choices I made along the way. It helps me internalise those and then look back and refresh my memory when needed. If it helps others who stumble upon the post - all the better. But it is not the main reason.

                                                  IMO blogging for fame or money ultimately will lead to SEO, marketing, merch and all other things of this nature in one form or another.

                                                  1. 3

                                                    You’re describing a very valid use case for a blog. It is just as much there for you as it is for someone else that might discover it and find it useful. It’s a good balance to have.

                                                  2. 8

                                                    Likewise, I’ve been doing it in some form since the late 90s, mostly in the same place.

                                                    I don’t run any analytics, but if I had to guess I’d assume that my readership spikes as high as a few dozen, once or twice a year, but mostly hovers in the range of 7 or 8. I could name most of them - friends, family, former coworkers. Writing for that handful of people feels valuable, as does documenting technical stuff in public view. Still, after publishing something on the order of 400k words I’ve got to say that the ratio of fame and fortune to time & effort expended is not exactly impressive, if that’s what I were looking for out of it.

                                                    Not that there’s no external validation: A long history of public writing has probably been narrowly better for getting jobs than not, though I’ll be extremely unsurprised if it bites me in a career-limiting way one of these years. Once in a while I get a few internet points. But I wouldn’t really advise most people to look for it. I selfishly want more blogs to read, but I also think that a whole lot of people might do just as well writing a newsletter for a handful of close connections or similar.

                                                    (I’d also point out that airing your thinking and details about your life on the public network has turned out to be a very, very different risk proposition than it seemed when I got a GeoCities page in ~1997. At a bare minimum, you’re teaching the ever-growing panopticon more about you, and there are plenty of scenarios where it leaves you more vulnerable to malicious actors, of whom there are plenty.)

                                                    1. 1

                                                      Good point about newsletters! For some it can be an even more convenient option for a platform that they own and control.

                                                    2. 4

                                                      It’s amazing when you have such a strong internal drive and motivation. And it shows in the fact that you have managed to blog for so long. It definitely works for some people. In my experience, a lot of people don’t write with intrinsic reasons as their main motivation which is perhaps why more either quit or simply choose to have a social media profile rather than a website. That external validation is so much easier to get on social media with likes, comments, views etc. With a blog, it takes more effort.

                                                      1. 8

                                                        That external validation is so much easier to get on social media with likes, comments, views etc.

                                                        100%. And I’m no saint, I like it when a post of mine gets traffic, a comment, or hits the front page of a popular site.

                                                        I just think that extrinisic motivation will fade.

                                                        1. 1

                                                          Makes sense!

                                                    1. 1

                                                      I’m glad the next release of GDPR will make these content-blocking cookie walls illegal.

                                                      1. 1

                                                        Sorry I don’t follow?

                                                        1. 1

                                                          It only shows on mobile phones.

                                                          1. 1

                                                            Hmmm, weird.i don’t see it in incognito mode on my Android phone. What browser are you seeing this on?

                                                            1. 2

                                                              Mobile Safari.

                                                      1. 3

                                                        The only way to “settle” is to forget about passwords entirely. I can fully control a remote machine using public key cryptography without ever having to deal with dirty passwords. Why cannot I read my webmail or buy stuff from an online shop? It is ridiculous that in the age of public key crypto we are still using passwords.

                                                        1. 3

                                                          Do you think that non technical users can and will use public key crypto? I mean, I guess they are every time they visit a site with an https:// in the URL.

                                                          Is it just that the right tools haven’t been found yet? I was on a call with HYPR a few days ago (disclaimer, we’ve done some work integrating with their solution): https://www.hypr.com/why-hypr/ and it seems pretty sweet, but then we move from securing knowledge to securing devices.

                                                          Something has to hold the private key, after all.

                                                          1. 3

                                                            I doubt they will be able to manage private keys well.

                                                            Servers indeed are doing that now with HTTPS, but we expect server admins to be a little better at these things. And they still fail more often than we would like. IIRC, HPKP was deprecated because it was too easy for sysadmins to get wrong, or to have used against them by malicious actors, rendering their domain semi-permanently inaccessible. Are we going to expect casual users to do better than them?

                                                            Casual users may have even messier use cases. Say you have 5 devices that you want to be able to access all of your accounts from. Now you’d have to register all 5 public keys with every service you want secure access to. And correctly manage dropping the right key from all of them if you lose or discard a device, and add one to all of them if you get a new device.

                                                            1. 2

                                                              Build the protocol into the browser, have it manage your key. Browser vendors can even store an encrypted version of your key on their servers (optionally) to allow you to regain access if you lose it/sync to multiple devices.

                                                              Edit: Like BitID but instead of using a bitcoin private key you use any other type of private key, and it’s in your browser instead of in another app.

                                                              1. 2

                                                                You would still have to synchronize the private key between your devices. And even if nowadays you browser can sync itself across devices, it is done through an online account. Secured with a password.

                                                                Passwords are going to last, because they are immaterial, so you can have them with you at all times “just” by remembering them. Physical private keys are too complex to manage, and to easy to lose, thus locking you out. The last option we have is biometrical identification which would be easier for everyone (nothing to remember, everything with you at all times), but this is a further step in the privacy field…

                                                                1. 1

                                                                  Mozilla tried this with Persona (née BrowserId), and it did not take off.

                                                            1. 1

                                                              I just finished a guide about passwordless authentication for my employer, so this post and discussion are timely for me. We recently ran into an issue with outlook prefetching the links (more here if you’re interested: https://github.com/FusionAuth/fusionauth-issues/issues/629 ).

                                                              I think that the key takeaway is to know your audience and offer them options. As someone else implied, people who manage bars have different authentication expectations than people who value privacy aware web analytics software.

                                                              1. 0

                                                                Sidenote: I miss this Dropbox. It was a folder, that synced and it just worked.

                                                                Every year I find Dropbox adding features that I don’t want or understand that actually seem to get in the way of using it as a folder that syncs.

                                                                https://daringfireball.net/linked/2019/06/13/dropbox-sucks

                                                                And while rewriting a working product over and over makes sense in SV land, after all, how you going to keep those hundreds of devs you hired busy when you’re product was a folder that synced and was finished many years ago… A user like me who is continually charged more so many things I don’t want, maybe I’m but as thrilled about stories like this.

                                                                1. 1

                                                                  I still use dropbox as a way to simply sync files. There may be new features added, but I’ve successfully ignored them.

                                                                1. 12

                                                                  I’ve ranted against JWT before, and that rant includes a few links and citations.

                                                                  Here’s a three-year-old discussion on this site against JWT.

                                                                  Here’s another anti-JWT article that goes into some detail.

                                                                  Here are a couple of articles explaining why JWTs as a “replacement” for session cookies are a bad idea.

                                                                  1. 2

                                                                    I would second the comment at the bottom of the email thread, would love your rant as a blog post.

                                                                    1. 1

                                                                      How do you feel about solutions like Cognito?

                                                                      1. 1

                                                                        Mixed feelings. On the one hand, I generally push people to use someone else’s battle-tested auth system rather than rolling their own. On the other hand, I dislike ones that use JWTs since they inevitably mean using a JWT-parsing library with all the attendant risks.

                                                                      2. 1

                                                                        I mostly agree with this - I think for 99% of people, using JWTs is dangerous because it’s easy to miss one small thing and mess up the security of the implementation. And most people do it because it’s easy - when you’re writing a flask service nobody wants to handle setting up sessions because that involves a whole bunch of other components that aren’t built-in.

                                                                        I’ve seen one implementation do it well: short-lived JWT access tokens, long lived session refresh tokens.

                                                                        The access tokens are signed by an auth server and can be verified by microservices while the long lived refresh tokens are just session tokens - you can get an updated JWT by talking to the auth server again. This has the advantage that auth is centralized but any microservices only need to see the short lived token to verify the user’s identity. There are limitations (you can’t immediately expire all auth tokens - you can only expire the refresh tokens, so you may have living sessions until the latest auth token expires) but when done correctly it can be a useful technology.

                                                                        1. 3

                                                                          I’ll refer you back to my “rant” – this scheme is literally just one of (signed cookies | bearer tokens) but with extra work and less safety. JWT isn’t offering anything you wouldn’t get from one of those other options, except for the “feature” of people sometimes being able to literally Jedi-mind-trick their way into your services by waving their hand and saying “You don’t require me to have a valid signature” and your servers agreeing.

                                                                          Or for a more comprehensive reply, read any of the “don’t use JWT for session tokens” articles. They tend to cover this scheme and debunk its usefulness.

                                                                          1. 2

                                                                            I think for 99% of people, using JWTs is dangerous because it’s easy to miss one small thing and mess up the security of the implementation.

                                                                            I think it’s also worth contrasting between consuming JWTs and creating them. Lots of identity providers create them and those JWTs should be pretty bullet proof (no none algos, supporting good encryption protocols). It’s their job, after all.

                                                                            Rolling your own JWT seems far more problematic to me.

                                                                            There are limitations (you can’t immediately expire all auth tokens - you can only expire the refresh tokens, so you may have living sessions until the latest auth token expires) but when done correctly it can be a useful technology.

                                                                            This post (full disclosure, written the CEO of my company) talks about JWT revocation options. May be of interest to you: https://fusionauth.io/learn/expert-advice/tokens/revoking-jwts

                                                                        1. 12

                                                                          As we can see the pool of people willing to work on Perl projects is shrinking fast.

                                                                          This may be true, but it’s a bit of a stretch to say that “we can see” anything based on what appears to be a made up graph.

                                                                          1. 5

                                                                            Yeah, I’m not so sure that the number of people able and willing to work with Perl is that close to 0. I know a number of people under 35 who have worked with it (including myself, although I’m pretty close to turning 35 😅)

                                                                            1. 5

                                                                              Sounds like author is living in their own bubble ;) I work for two different Perl companies and hardly anyone is over the age of 35.

                                                                              1. 5

                                                                                I agree. Perl consultants and distributors have told me that if anything, the Perl mindshare is growing. People are rediscovering it, and using it for new projects because it is ubiquitous, mature, and way more capable today than it was 20 years ago.

                                                                                Sure, other languages might grow faster, but what’s getting smaller is a slice of the ever-increasing pie of developers, so it’s still increasing in absolute numbers.

                                                                                1. 3

                                                                                  In the company I work in, there is significant number of perl scripts that are powering the infrastructure which is used every day, plus some people are using perl to write new scripts (for one-time jobs, after few months those scripts will be tossed out).

                                                                              2. 2

                                                                                That graph was made up, but this one isn’t:

                                                                                https://trends.google.com/trends/explore?date=all&q=Ruby%20-%20Programming%20Language,Python%20-%20Programming%20language,Perl%20-%20Programming%20Language

                                                                                And I just looked on indeed, and saw 1932 Perl jobs (“perl developer”), 2679 ruby jobs (“ruby developer”), and 15867 python jobs (“python developer”).

                                                                              1. 2

                                                                                I tend to agree with the author’s conclusion that, despite clocking in at 2000 words, this article barely scratches the surface. By the end of it, I am not yet convinced that the concept of degeneracy offers to me any new insight over simply striving to strike a balance between specificity and generality to aid adaptability, YAGNI, “elevator becomes useless but escalator just becomes stairs”-flavored metaphors for reslience etc. — but maybe I am too fixated on code (having just picked up John Ousterhout’s Philosophy of Software Design again).

                                                                                That being said, since the author has spend years examining this idea, I’m sure he’s onto something. I just wish I could read further thoughs on the matter.

                                                                                1. 2

                                                                                  He gave a recorded talk on a similar topic:

                                                                                  https://m.youtube.com/watch?v=_x-ZA0gDrkk

                                                                                  1. 2

                                                                                    This is why I love engineering blogs. I wrote one for a previous job: https://www.culturefoundry.com/cultivate/technology/the-culture-foundry-development-process/

                                                                                    I’m sure the process has changed (it changed even while I was there) but writing this down and sharing it let people self select.

                                                                                    I think a good way to do this, which might address some of the other comments about companies not being able to do this, would be to highlight the positive parts of your development process. Candidates aren’t dumb and can read between the lines. They can also ask questions during the interview process.

                                                                                    However, I expect that most larger places have different SDLC maturities across teams, locations or departments, so for this to work they’d all have to write blogs. Which may not be reasonable.

                                                                                    1. 3

                                                                                      Personally, I don’t think I really trust corporate tech blogs enough to gain any useful insight from them.

                                                                                      1. Did the author have a manager checking what they wrote to make sure it paints the company in a good light?
                                                                                      2. Even if the post author is given relative freedom to write about their subject, are the blog topics are narrow, marketing-approved selection which, while honest in themselves, do not cover less positive aspects of the company?
                                                                                      3. Is the development process described a reality, or is this a dream which they agreed on, which subsequently fell by the wayside when things got busy?

                                                                                      My point is not that they’re all lying, but that it’s not always easy to tell which is which.

                                                                                      There are so many tech blogs which just read as the result of a manager saying, “Fred, go and write a page or two about whatever it is you do, so that we look trendy”. No matter how good Fred is at what he does, the results are flawed, and largely uninteresting:

                                                                                      1. The author has been given a small amount of time to produce the post, so it is not well thought out or well written. Reviewing and revising posts are not considered a worthwhile use of time.
                                                                                      2. It is mainly focussed on internal methods or processes, but is written for an external audience, so even if it is ostensibly about a piece of open source software, or a development style, it’s often full of vague references to internal tooling which the readers can only imagine.
                                                                                      3. There is rarely any attempt to engage with the readers or listen to feedback. Nobody has time to “waste” moderating a comment section, and potentially having critical responses below the post would be considered risky (either you leave them, and they sully the pristine image you tried to present, or you remove them and risk driving away the only people who were interested in your posts).
                                                                                      1. 3

                                                                                        Those are fair points.

                                                                                        I guess I’d say that some information, even if you aren’t sure exactly what the truth of it is, is better than none. At the least it gives you a sense of the direction of the company. After all, if someone writes about java or clojure, you know something about the internals of their systems.

                                                                                        And it also gives you a hook to ask questions. If you ask about a step of their deployment process and get awkward silence or hems and haws, well, that is useful.

                                                                                    1. 1

                                                                                      Sorry folks, I’ll change the title to be more reflective of article content.

                                                                                      1. 1

                                                                                        Thank you Dan! Definitely helpful article.

                                                                                        BTW I really like very recent blog post by Rebecca on Letter to New Developer website

                                                                                        Gonna remember this quote for a long time to come!

                                                                                        It never gets easier, you just go faster. – Greg LeMond

                                                                                        1. 1

                                                                                          Glad you liked it. She did a great job!

                                                                                      1. 2

                                                                                        Would love to hear anyone’s experience, as this is something I’m contemplating doing.

                                                                                        1. 1

                                                                                          Ditto!

                                                                                          1. 1

                                                                                            We have a couple that we work on/have developed at Fanatics, I’d be happy to connect you with the folks who work on them. What sort of questions do you have?

                                                                                            1. 1

                                                                                              In general how difficult it was.

                                                                                              Whether you went with the community support path or the the path that lets you be listed on Terraform.io? If the latter, did you engage with the consultants they mention.

                                                                                              Why did you do it?

                                                                                              Any technical difficulties?

                                                                                              Did you get any uptake from external companies (unless it was for internal purposes)?

                                                                                              1. 1

                                                                                                We’re building a system that enables simple and Fanatics-opinionated definition of an entire application, so this is likely not going to see external use. It’s built upon Terraform because of all the amazing capabilities TF already has, and because I think there’s a lot of distance TF can still cover for us. I’ll get an engineer working on this to come share more, and feel free to ask either of us if you’ve got more questions.