as someone that has complained about a lot of uber's resume driven development (see comments), I can attest that this system is a.) necessary, and saves the company millions b.) a simplification over the ... unusually…
This is the rare actually funny comment on hn.
> I'm going to assume you're a developer? No, but thanks for explaining my career to me and helping me empathize with toxic people.
bai
I appreciate so many of you are willing to crusade for free speech. But the reality is that platforming isn't free, and the process of deciding who gets platforms is political. The first amendment doesn't govern this…
Oftentimes, these tools are developed for much more complex sites than the people who author these rants have ever maintained. Of course it doesn't solve meaningful problems for sites that can be maintained by a handful…
Your suggestion for the problems with this project is "Why don't you just fork it and maintain your own?"
Get off your high horse. It doesn't matter what it was originally intended for if hospitals are over capacity, and opening up the ship will save hundreds, maybe thousands.
I think you make some good points here, and RLS is an ideal data security model in many respects. The parent's point is that tooling around this is weak, which undermines its value. Not being able to review and easily…
Having a JWT or whatever authn is irrelevant. The problem is an insufficient authz model. Exposing databases through APIs is not the problem. Exposing relations without authorization is. Under these frameworks, you can…
For the love of god, this is never how GraphQL was intended to be used. The official graphql website is very clear: https://graphql.org/learn/authorization/ > Delegate authorization logic to the business logic layer If…
Did you actually read the post? > The case for big tech today is still the economy of scale and not network effects (maybe facebook have those, but it exists only if the interface to facebook does not change). This is…
If you read more of Ben's writing, he talks extensively about how software companies dominate market share through network effects and vertical integration. You don't hear him talk about economies of scale because…
Disappointed to see the usual onslaught of HN cynicism. "Product doesn't meet my narrow expectations; is bad product." 1. We use Slab. It's a fairly ok product in a crowded space. Needs maturity. Far better than…
I think it's tempting to attribute to structure what can be better explained by accident. You obviously have more context, but from my experience developing product, there are almost always ways to change direction…
Have you ever worked in a polyglot ecosystem with rapidly evolving schemas? Tools like protobuf and thrift were designed to facilitate schema evolution since interfaces in these ecosystems evolve quickly and…
Security isn't black and white. SMS doesn't neutralize the value of 2FA since the effort required to compromise it are still considerable, such that the highest risk methods outlined by NIST require physical proximity…
+1 that the code is, unfortunately, most likely worthless. My company has one chief competitor. If that competitor went out of business and offered me their source code, I'm unlikely to pay for it. Code tends to be…
What middleman do you want to cut out? My proposal doesn't add any dependencies. It's also not possible to prevent duplicate charges if a user POSTs a form twice without idempotency keys, so idempotency is necessary.…
Also, I think the answers you're getting keep telling you to build distributed transactions because a.) they didn't read your post and are overindexing on "microservices" b.) this isn't an atomicity problem, it's a…
That's not what the OP is asking--they're using external services like Stripe. Creating a Stripe charge isn't something you can roll back.
Having built similar applications in microservice environments, I think there are usually simpler answers than distributed transactions. And if you do need distributed transactions, this is often a sign that your…
This was under consideration at one time by the Seattle build team and was a recurring point of discussion during infra summits. Unclear if we actually broke ground.
I worked at Uber from 2014-2018. Can confirm this. It was a very poorly managed org because it was extremely grassroots driven—leadership was underempowered to say no to front line teams or hold groups accountable. The…
No. He wasn't. He was /a/ product manager. There are various other leads in the area, all of which had higher rank than this dude.
as someone that has complained about a lot of uber's resume driven development (see comments), I can attest that this system is a.) necessary, and saves the company millions b.) a simplification over the ... unusually…
This is the rare actually funny comment on hn.
> I'm going to assume you're a developer? No, but thanks for explaining my career to me and helping me empathize with toxic people.
bai
I appreciate so many of you are willing to crusade for free speech. But the reality is that platforming isn't free, and the process of deciding who gets platforms is political. The first amendment doesn't govern this…
Oftentimes, these tools are developed for much more complex sites than the people who author these rants have ever maintained. Of course it doesn't solve meaningful problems for sites that can be maintained by a handful…
Your suggestion for the problems with this project is "Why don't you just fork it and maintain your own?"
Get off your high horse. It doesn't matter what it was originally intended for if hospitals are over capacity, and opening up the ship will save hundreds, maybe thousands.
I think you make some good points here, and RLS is an ideal data security model in many respects. The parent's point is that tooling around this is weak, which undermines its value. Not being able to review and easily…
Having a JWT or whatever authn is irrelevant. The problem is an insufficient authz model. Exposing databases through APIs is not the problem. Exposing relations without authorization is. Under these frameworks, you can…
For the love of god, this is never how GraphQL was intended to be used. The official graphql website is very clear: https://graphql.org/learn/authorization/ > Delegate authorization logic to the business logic layer If…
Did you actually read the post? > The case for big tech today is still the economy of scale and not network effects (maybe facebook have those, but it exists only if the interface to facebook does not change). This is…
If you read more of Ben's writing, he talks extensively about how software companies dominate market share through network effects and vertical integration. You don't hear him talk about economies of scale because…
Disappointed to see the usual onslaught of HN cynicism. "Product doesn't meet my narrow expectations; is bad product." 1. We use Slab. It's a fairly ok product in a crowded space. Needs maturity. Far better than…
I think it's tempting to attribute to structure what can be better explained by accident. You obviously have more context, but from my experience developing product, there are almost always ways to change direction…
Have you ever worked in a polyglot ecosystem with rapidly evolving schemas? Tools like protobuf and thrift were designed to facilitate schema evolution since interfaces in these ecosystems evolve quickly and…
Security isn't black and white. SMS doesn't neutralize the value of 2FA since the effort required to compromise it are still considerable, such that the highest risk methods outlined by NIST require physical proximity…
+1 that the code is, unfortunately, most likely worthless. My company has one chief competitor. If that competitor went out of business and offered me their source code, I'm unlikely to pay for it. Code tends to be…
What middleman do you want to cut out? My proposal doesn't add any dependencies. It's also not possible to prevent duplicate charges if a user POSTs a form twice without idempotency keys, so idempotency is necessary.…
Also, I think the answers you're getting keep telling you to build distributed transactions because a.) they didn't read your post and are overindexing on "microservices" b.) this isn't an atomicity problem, it's a…
That's not what the OP is asking--they're using external services like Stripe. Creating a Stripe charge isn't something you can roll back.
Having built similar applications in microservice environments, I think there are usually simpler answers than distributed transactions. And if you do need distributed transactions, this is often a sign that your…
This was under consideration at one time by the Seattle build team and was a recurring point of discussion during infra summits. Unclear if we actually broke ground.
I worked at Uber from 2014-2018. Can confirm this. It was a very poorly managed org because it was extremely grassroots driven—leadership was underempowered to say no to front line teams or hold groups accountable. The…
No. He wasn't. He was /a/ product manager. There are various other leads in the area, all of which had higher rank than this dude.