Ask HN: Language-agnostic concepts a Backend Engineer should know?
Hi, what concepts do you think a backend engineer should know which are language agnostic/independent? An example could be knowing the different ways of how to connect to the database from the backend such as ORM or basic SQL and their pros and cons?
59 comments
[ 4.2 ms ] story [ 164 ms ] thread- Database Migrations
- Kubernetes
- Basic RPC and code generation i.e. gRPC, OpenAPI and GraphQL.
- Realtime Concepts, i.e. Kafka, MQTT
- DevSecOps
- Builds. i.e. make files.
- Jobs, i.e. cron or batch and job workflows.
- Offsite incremental DB backups and restore.
- Infrastructure as Code i.e. Pulumi.
If you understand the system a layer of abstraction or two below the layer you work in, you will be able to debug deeper. Learn system calls, Various ways how to examine processes.
I learnt a lot of this back in the day by completing war games on a site called digital evolution (dievo). Those are antiquated now but still a really fun way to learn it.
It might be niche, but it can also be a differentiator--even if I'm not the fastest coder or the best architect I have these other skills that make me valuable at critical times. That's worth something anywhere.
And it's not even knowledge of C or C++, or syscalls or whatever: it's just basic "use a debugger" (not merely pantomime the commands, but understand what's going on) skills that can be the real game changer.
Make, Ninja etc. are fairly straightforward compared to something like Gradle and just knowing my way around that and Clang/GnuCC has gotten me a lot farther in my career.
But if you do so, then I must ask: what are you doing on this site? What can you possibly get out of it?
It's useful to understand a few classic networking problems that a backend engineer might face — e.g. weird latency issues caused by Nagle's algorithm, or TCP CLOSE_WAIT leading to ephemeral port exhaustion between a proxy and an application node. It's useful to understand why we mostly moved to event loop-based servers instead of thread-per-connection servers as a way to handle c10k.
A backend engineer doesn't necessarily have to be an expert on any of these things, but they should be able to follow along if an expert explains that sort of problem.
What does any of this has to do with C?
>What can you possibly get out of it?
I hope you realise that many of commenters here are not even software engineers. HN covers more topics than just 'another arrogant software dev lectures someone on topic X'
Not GP. But this is explicitly a software thread.
> >>frameworks and libraries all work, incapable of tracking down and fixing bugs in your application stack...
Pretty sure they are implying that C/C++ lies somewhere in most software stacks.
So do many other things. It's nice to know every bit of tech behind the scenes but one has only this much time.
Basics of cryptography: there are many dumb errors to avoid.
Antirez's general advice about "10x programmers" is good: http://antirez.com/news/112
Thorough (not just basic) knowledge of SQL, if you don't count that as a language. The sqlite.org "technical and design documents" about sqlite's virtual machine and its query planner are well worth reading, and apply to other databases as well. ORM's are less important than SQL, and are usually language specific as someone mentioned.
Reasonable clue about socket programming, even if you're doing everything with libraries that wrap the details.
Comfort using debugging and profiling tools.
Lots of other stuff, I'm sure.
I'd say it's a book for inspirational bedtime reading, rather than careful study or reference. But it's great in that way. Security is about mindset more than anything else, and the book puts you right into it.
- Basics of server/runtime environment security (RBAC, least privileges, common threats, etc.)
I'd pay close attention to speed and "correctness". What's the consistency model of a system? Can we lose data and if so how? What's the throughput? Latency?
These help choose good technology for backend systems, and helps answer questions like:
- Can we do this in-band while serving a user request?
- Can we do it 100 times to serve a request?
- If it completes successfully can we trust it or do we still need to handle failure?
- Can we trust it immediately or eventually?
There are lots of technologies and terms for all of this but I've specifically avoided them because the important bit is the mental model of how these things fit together and the things they allow/prevent.
Also, I’ve had to explain this to so many other engineers, both junior and senior to me: most data is inherently relational. This next statement is a bit opinionated: 9 times out of 10 you probably want an RDBMS. I’ve seen so many attempts to shoehorn some ElasticSearch/Mongo/Neo4j/whatever database into a design because the developer wanted to work on CoolDatabaseTech. Then you’re stuck dealing with joins in CoolDatabase that it wasn’t really designed to do and frustrated at CoolDatabase’s lack of drivers in X language. Later on you’re dealing with stability and scalability issues you would never see with BattleTestedRDBMS.
The amount of capability a well designed Postgres instance can output is insane. I’ve seen a single vertically scaled Postgres instance compete with 100+ node Spark clusters on computations.
One I've been bitten by several times is expecting APIs to allow me to read-my-writes, only to find that their underlying data store is eventually consistent. The integration point/API client on our end may end up being twice as complex or more just to handle that.
And the last 1 can be done (modeled) in a RDBMS when the scale/pressure/volume is low. In other words, wait until you feel the heat.
- The correct semantics for each HTTP method
- What different status codes indicate
- Common headers, particularly around caching
- HTTP 1.1 vs HTTP 2
- Common authentication protocols - OAuth 2.0, JWTs, etc.
Dependency inversion/injection
- Authentication: OAuth2 is probably the most widely used
- Authorization: RBAC
- Some rudimentary statistics: know how to read metrics, write metrics, etc
- Learn one RDBMS inside and out. Other database systems have their place but you’ll almost always encounter a Postgres, MySQL, MSSQL. Learn how to read EXPLAIN output, cursor based pagination, and indices.
These days most backend engineers also tend to manage data sources so understanding them is also a plus
No better way to know how to secure your code than the mindset of "Ok how would I break into this" :)
- the OSI model, DNS, TCP/UDP, TLS, and networking in general
- CPU flame graphs and other low-level performance/debugging tools
- the Knightmare devops story
- anger management
- Fault tolerance. - Backwards (or forwards) compatibility. - Scalability. - Testability. - Everything around state (backup/restore, migration strategies, data integrity, etc.)
Most other things are a one-time cost. These things are an ongoing burden to consider, but if you forget to consider them it can be devastating.
Also remember: any time you give a (internal or external) customer programmatic access to something, that is an API, and APIs have huge costs to maintain. That includes when you dump your database into "data lake" for internal reporting...
https://martinfowler.com/books/eaa.html
Understand how to load test your system and to reason about its behaviour under load and its failure modes when you push it too hard. It's one thing to be able to build a system and functionally test it such that you're confident that it behaves correctly when you send one request at a time. It's another thing to let thousands or millions of real users hit it for real in production and to have confidence that you are giving them all a good experience.