Tangentially, who else misses the time when React was just a side project by FB? Increasingly it seems to be led by Vercel who makes profit from React-based solutions.
lol pre hooks world was fine. Hooks are great but react took over the world because of the clarity of class component lifecycles. If hooks were there from the start it wouldn’t have been as popular.
Also Vercel/NextJS is like if DHH was charging people to use Rails. We are in the “enshittification” part of react development.
Ah, the clarity of useEffect(() => { return () => { handleUnmount() } }, [])! How did they manage to live with the ugly componentWillUnmount() { handleUnmount() } for all those years?
(By the way, don't forget that [] or it does a completely different thing that you never want.)
I started off with hooks and started learning about class components just to clear interviews and damn it provides clarity of when, how components are gonna re-render. If you can get past the HOC hell hole and the "this.add = this.add.bind(this)". I felt it made it very clear how and in what order things run. Its definitely true when OP said if things did not get so clear with class components we would never have gotten hooks.
> I felt it made it very clear how and in what order things run.
I'm sorry, the entire community rallied around hooks PRECISELY because the life cycle methods were not clear and were very problematic.
It seems extremely strange to see such opinions.
When you see a hook you know exactly when it's going to execute and why and because of what. You don't have to layer the methods with tons of checks making sure the life cycle method has been run in the right context, it literally just works.
Hooks gained momentum because of advantages in composability and removing a lot of pain with HOCs. Brevity also helped. The obfuscation about re-renders and memoization of variables is absolutely a downside that I see junior devs really struggle with all the time — something that “just works” with class components.
Anyway, both are fine and usable haha. Just think there are arguments to be made on both sides.
It's complicated. If you want the vercel like experience of deploying to a serverless environment it's not as trivial. There is a reason that open-next exists.
It's actually not that hard to be honest, their Docker examples are pretty good and well accessible from the documentation. Where have you gotten stuck?
If React powers your dev platform then you may not want React to be particularly powerful and easy to use. Otherwise some people will just use React directly and other people will build their platforms on top of React and undercut your platform. Financial incentives are a powerful thing
If Meta wanted to, they could've expanded it themselves. They didn't, hence all these other companies.
Between MUI and Next and RTK-query, IMO, React is finally approaching something usable and complete.
Not a React fanboy. I loved Angular v1, in fact. Just hate how minimalist and useless vanilla React was.
Edit: And maybe this is a problem of scale too. At Meta's size or similar, React is just one component and one team that works alongside dozens of others to deliver a working product. But when they open source it, smaller companies and individuals also try to use it but without Meta's scale and resources. And they inevitably find it lacking because they don't have whole teams working on the rest of the problem (like basic routing, which Meta handles in their derivative of PHP, I think?) , so they have to hope someone else (like react router) solved that problem in a drop-in way. That's why Next is so magical for small and medium businesses; they do a lot of that curation and infra building for you, for a reasonable fee.
I definitely don't. IMO Next/Vercel is a better steward of React than FB was, and turned it into an actual framework usable for a site, not just a UI lib that took ten thousand other libs to make a website out of. The React world is quickly standardizing around Next as most of its stack (maybe with a state manager thrown in if useContext isn't enough) and that makes life a hell lot easier.
And being a Vercel customer has been wonderful. Their systems are so much nicer to work with than legacy web stacks/VMs/containers, or trying to hook something up in PHP or Java. The dev ex is awesome, being able to `create-next-app` and deploy to Vercel in like 3 minutes.
yeah probably, even if the current team doesnt want that, a board member or future executive will push for it and do it
currently, deploying on vercel is so easy and the project structure works on any other compute instance that migrating away will be easy too, and breaking versions of Next or NextAuth can just not be used
How is this much different from being locked in to AWS or Docker Desktop or Oracle's Java or MySQL or WordPress or Cloudflare or OpenAI?
Vercel is a business with a very good value proposition. And Next is open source with a huge community. It's not perfect, and Vercel isn't perfect, but among its peers (the web industry) it stands out to me as one of the two companies I'd trust to steward the future of the web (the other being Cloudflare). Way way way more so than Meta or Google, because at the end of the day at least these companies are selling good web hosting, not shitty advertising, and aren't run by total dicks either.
Do I wish they were nonprofits with shared governance? Yeah, maybe. But short of that, their track record has actually been incredible.
The web is still immature enough (surprising, I know) that new companies and technologies rise and fall all the time. Today's vendor lock-in is tomorrow's opportunity for another young upstart, the same way Next was to React, the way React was to Angular, the way Angular was to the frameworks before it. I'm not too worried.
It doesn't make sense to be afraid of Next when it's really just repackaged cloud hosting in a very shiny wrapper. They resell AWS and GCP and Cloudflare infra at a markup but make it much much easier to use. It's a win win for everyone as far as I can tell.
What isn't? Android, iOS,. NET, Java,MySQL, AWS, Azure, GCP, Cloudflare, Nginx, Slack, Docker Desktop, Kubernetes, Chrome, Typescript, VSCode, the entire web is built off vendor lock-in.
A whole lot isn't. Django, Node, Electron, Caddy etc. Everything that companies open source that isn't monetized (like DraftJS, Gerrit). And don't forget Linux on which the entire web and all the commercial stuff you mentioned runs.
> Employees can easily access the user's data and impersonate any account
At every decent sized company I've worked for, topics like production data privileges, data classification (public, sensitive, confidential, etc.), data masking, and data anonymization for testing have been top priorities. And these policies are sometimes a true pain in the ass for developers, but they exist for a good reason.
I guess you shouldn't miss the timing to go from "move fast and break things" to "ok we're now a serious business".
And the secret they don't tell you is that at least some employees still need to have that access even at the largest companies. People working on the storage team probably can access the data whenever they like (although it's against company policies) and while there are probably access logs to ensure trace who accessed what, the employees still have and need the access to perform their job duties.
Being a "serious business" is very, very hard, because the world is hellbent to assign blame. Even most big business are not serious businesses in this sense (look at the cases that, to this day, are being brought to and won against big tech). In most cases, the outfall is relatively manageable. If you are less lucky, it won't be.
Having run a couple of businesses and feeling the pain I still don't see how to better the situation. It's good that businesses are put under pressure, because if they are not, bad actors would run wild. It is bad that running any business, at least to me, feels like navigating a minefield, and good actors are negatively impacted by that disproportionally.
Personally, I have come to accept that, no matter how hard you can reasonably try, with any business and at any given moment, there is a number of things that if somebody looked very closely, that would probably raise some red flags, because the cost of safeguarding against all of them is infinite.
This combined with their marketing strategy of copying popular indie products and turning them into NextJS templates creates paranoia in the minds of builders who trust Vercel with their codebases, analytics, and often even their data (via Vercel's storage products).
It seems that an enterprising Vercel employee has a goldmine of data to help inform their next "side project".
They won't have access to your private project info (code, analytics, data etc.) if you don't host on their platform. NextJS itself is an open source framework.
Suing for copying your product is tricky. In general I wouldn't rely on courts to protect your product IP. Execution is the only real moat. Any good product will have many copycats and competitors.
In my experience at early stages of a company data ACLs are often the last priority for companies. People are rewarded for shipping things that can get a mention in company's next board deck, and "added ACLs to our Postgres" never got a mention in a board deck.
I am sure a half motivated employee at your favorite cab service could see which addresses you frequently commuted to in first few years of that service's existence
Vercel is rapidly turning into a scourge in the open source world. Their strong coupling to React is also worrying, they are already trying to influence future React features for their NextJS framework.
> The employee did not have access to any source code, secrets, or the ability to change settings or deployments.
We are talking about an employee who has access to the customers personal information as part of their job doing something unethical.
I would be extremely surprised if Vercel didn't have industry systems and practices in place for security.
This is an edge case which can only be avoided by building Google-esque systems and practices. I don't think you guys really understand what your asking for here.
This will cripple them in so many ways, it makes so much more sense delay it as long as possible. Not because they can save a bit of money, but because they UX will fall of a cliff, feature velocity will ground to a halt and the product will drift further away from stuff we really want.
47 comments
[ 2.9 ms ] story [ 101 ms ] threadAlso Vercel/NextJS is like if DHH was charging people to use Rails. We are in the “enshittification” part of react development.
is this satire?
(By the way, don't forget that [] or it does a completely different thing that you never want.)
I'm sorry, the entire community rallied around hooks PRECISELY because the life cycle methods were not clear and were very problematic.
It seems extremely strange to see such opinions.
When you see a hook you know exactly when it's going to execute and why and because of what. You don't have to layer the methods with tons of checks making sure the life cycle method has been run in the right context, it literally just works.
Anyway, both are fine and usable haha. Just think there are arguments to be made on both sides.
It's complicated. If you want the vercel like experience of deploying to a serverless environment it's not as trivial. There is a reason that open-next exists.
Between MUI and Next and RTK-query, IMO, React is finally approaching something usable and complete.
Not a React fanboy. I loved Angular v1, in fact. Just hate how minimalist and useless vanilla React was.
Edit: And maybe this is a problem of scale too. At Meta's size or similar, React is just one component and one team that works alongside dozens of others to deliver a working product. But when they open source it, smaller companies and individuals also try to use it but without Meta's scale and resources. And they inevitably find it lacking because they don't have whole teams working on the rest of the problem (like basic routing, which Meta handles in their derivative of PHP, I think?) , so they have to hope someone else (like react router) solved that problem in a drop-in way. That's why Next is so magical for small and medium businesses; they do a lot of that curation and infra building for you, for a reasonable fee.
And being a Vercel customer has been wonderful. Their systems are so much nicer to work with than legacy web stacks/VMs/containers, or trying to hook something up in PHP or Java. The dev ex is awesome, being able to `create-next-app` and deploy to Vercel in like 3 minutes.
currently, deploying on vercel is so easy and the project structure works on any other compute instance that migrating away will be easy too, and breaking versions of Next or NextAuth can just not be used
Vercel is a business with a very good value proposition. And Next is open source with a huge community. It's not perfect, and Vercel isn't perfect, but among its peers (the web industry) it stands out to me as one of the two companies I'd trust to steward the future of the web (the other being Cloudflare). Way way way more so than Meta or Google, because at the end of the day at least these companies are selling good web hosting, not shitty advertising, and aren't run by total dicks either.
Do I wish they were nonprofits with shared governance? Yeah, maybe. But short of that, their track record has actually been incredible.
The web is still immature enough (surprising, I know) that new companies and technologies rise and fall all the time. Today's vendor lock-in is tomorrow's opportunity for another young upstart, the same way Next was to React, the way React was to Angular, the way Angular was to the frameworks before it. I'm not too worried.
It doesn't make sense to be afraid of Next when it's really just repackaged cloud hosting in a very shiny wrapper. They resell AWS and GCP and Cloudflare infra at a markup but make it much much easier to use. It's a win win for everyone as far as I can tell.
At every decent sized company I've worked for, topics like production data privileges, data classification (public, sensitive, confidential, etc.), data masking, and data anonymization for testing have been top priorities. And these policies are sometimes a true pain in the ass for developers, but they exist for a good reason.
I guess you shouldn't miss the timing to go from "move fast and break things" to "ok we're now a serious business".
Having run a couple of businesses and feeling the pain I still don't see how to better the situation. It's good that businesses are put under pressure, because if they are not, bad actors would run wild. It is bad that running any business, at least to me, feels like navigating a minefield, and good actors are negatively impacted by that disproportionally.
Personally, I have come to accept that, no matter how hard you can reasonably try, with any business and at any given moment, there is a number of things that if somebody looked very closely, that would probably raise some red flags, because the cost of safeguarding against all of them is infinite.
This combined with their marketing strategy of copying popular indie products and turning them into NextJS templates creates paranoia in the minds of builders who trust Vercel with their codebases, analytics, and often even their data (via Vercel's storage products).
It seems that an enterprising Vercel employee has a goldmine of data to help inform their next "side project".
Suing for copying your product is tricky. In general I wouldn't rely on courts to protect your product IP. Execution is the only real moat. Any good product will have many copycats and competitors.
Is there some tech incubator clause buried in their TOS and this is all okay?
I am sure a half motivated employee at your favorite cab service could see which addresses you frequently commuted to in first few years of that service's existence
1. Vercel shipping Indie hackers projects ( their customers) as "app templates" as a host, for marketing purpose
https://twitter.com/nico_jeannen/status/1712749652133683632?...
2. The mentioned infringement of a Vercel employee, mentioned here ( he seems to be fired)
https://twitter.com/nico_jeannen/status/1713139186474406206?...
3. Very broad ToS -> Vercel may delete your app for no reason at all
https://twitter.com/bk_7312/status/1713197808264839479?t=h1T...
We are talking about an employee who has access to the customers personal information as part of their job doing something unethical.
I would be extremely surprised if Vercel didn't have industry systems and practices in place for security.
This is an edge case which can only be avoided by building Google-esque systems and practices. I don't think you guys really understand what your asking for here.
This will cripple them in so many ways, it makes so much more sense delay it as long as possible. Not because they can save a bit of money, but because they UX will fall of a cliff, feature velocity will ground to a halt and the product will drift further away from stuff we really want.