Robs

- Building robust, maintainable software products across a variety of sectors since 2000 - Last decade building SaaS products with Distributed Cloud/Hybrid Architecture - Improving software quality practices and processes, advocating clean coding, testing, agile, leadership

@fjzeit Yep true, the core boundaries are defined. though backend connects with multiple systems with different workflows, processing, auth etc. There is web and mobile apps connected to it. The web apps are heavily vibed, mobile apps are a mixture. No desktop apps though.

cloud development is probably simpler to enforce as there are uncrossable boundaries between separated concerns. this gets more challenging when working on desktop and mobile apps as well as non-trivial backend processing as the boundaries are "soft" in the sense that a model can easily break the separation with something as trivial as changing an accessibility modifier.

has anybody modified their architecture to accommodate manual vs agentic coding? curious if anybody is yoloing certain parts of their system while maintaining high levels of developer control in others? i’m thinking a modern equivalent of the late 90s/early 00s where it was common for web front ends to have looser deployment controls vs back ends.

.net core itself has been the easiest thing to update ever. LTS or non LTS doesn't seem to matter too much over the past few years, especially since .NET5.0 Biggest issues have been third party NuGets. eg. Automapper, replacing newtonsoft from pre 3.x with system.text.json and Azure functions from in proc to isolated and custom code.

#dotnet LTS support window too short for upgrade and adoption cycles ⬇️ This still comes up a lot. Have Microsoft got the balance right between being able to get us new features quickly while also being able to support existing releases for a reasonable time? Or do you think LTS version should have longer cycles for example? github.com/dotnet/core/is…

@RaminNasibov Some things we have done so often they just stick with us forever Clink clink clink clink ....

Does anyone remember having to defrag their computer? 😆

It starts from its design with js Shoehorning a frontend browser only language to run outside a browser. There are going to be tradeoffs. It provided ease of adoption and use When nodejs came out in 2009, it's main benefit was async which helped with I/o , though other platforms caught up and surpassed it. On virtually every metric that matters such as security, performance, maintainability, scalability etc its incredibly flawed compared to other platforms. Terrible for CPU intensive work. Single threaded apps. ts is typed but it's easy to be loosely typed.. superset of JS and transpiles to it, rather than statically compiled. Package management is horrible., huge nested mini libs as source, not compiled libs. Eats Mem and CPU, which translates to higher costs at scale. And performance is not good. Not great for large applications especially over time with multiple developers, teams etc. I could go on but err.

why do senior backend devs look down on Node.js/Express backend devs?”

@codevsdev C++ . For the core reason that everything else will come easier if you master that overnight (mastery includes memory management). Do the hard first. Most other languages are much easier to learn and implement with, and will feel much smoother.

if you could master one programming language overnight, which would it be and why?

@SumitM_X Err I thought this was common Static pointers to a commit that won't change. A common use case is manual versioning. For instance have been using git version going on about 10 years for automated versioning, though if we want an explicit version we tag it.

Git already has branches. Why do git tags exist at all? What problem do they solve that branches cant?

Yeah did it for about 5 years until around 2005 (well a couple years after), than needed to do desktop stuff, than larger systems and enterprise. I used to use Nusphere PhpEd which was very good compared to other editors at the time. Enjoyed it, but found it limiting after time.

@rob_stemp You left it in 2005?

PHP had only one big problem: it was more famous than other programming/backend languages.

@sflorimm Deja vu

Backend interview question: Your UUID generator has never produced a duplicate. 3 years. 300 million records. Today it did. Mathematically, it shouldn't happen. But it did. What's the first thing you check?

Someone needs to understand the core problem, the vague abstract ideas that other humans have. there will be context that has no code, documentation, only discussed in meetings.. no LLM will have this context. Code can be farmed out, be it human or bot. Determining whether it's rubbish, good enough for the job or excellent requires understanding of more than code.

You’re in a tech interview and they ask you: “Why should we hire you when Codex can write code?” What’s your answer?

Cant remember building a system for 50 users. But really that would be similar to building for 5 users. Typically when starting, a well structured monolith can be useful, though be careful to ensure decoupling early. Monoliths that get popular and not well designed early can become nightmares later. Tbf with today's tooling, distributed systems are much simpler to implement and maintain, given suitable platforms. For instance with azure and aspire, it's so incredibly simple to have a clean microservices setup with queues (be it storage or service bus) within an hour or two. However the same cannot be said with AWS and Gcp (even with aspire), or even different language platforms.

Interviewer: Do you know system design? Candidate: Yes. Interviewer: Design a system for 50 users. Candidate: Microservices, load balancer, queues… Interviewer: You’re solving for millions. I asked for only 50.

They do, to a degree. If you do small scoped work than yes works much better. With large complex things however this is where things fall over, limited scope, takes time and iterations. I've seen a lot people say they have implemented "complex" which isn't that complex just complex to them if they were to do themselves without AI. Where mostly AI is being used to do stuff that isn't complex just really time consuming.

Unpopular Opinion: AI agents don't make mistakes. They do exactly what you told them to do.🤔

@xoaanya Well, Google or any LLM. Anyway asides, portable document format... Although if you look at some of the huge specs it seems anything but.

can I ask a dumb question.... what does PDF actually stand for???

The term bearer comes from older terms meaning whoever has it has rights associated with it... For instance finance bearer bonds It got introduced in web apis as part of oauth2.0 Than we started using it with jwt tokens, it simplified authentication from previous approaches. When I was first started implementing auth with jwt around 2013, got to know it quite well

why do we write: Authorization: Bearer eyJhbGci... What does "Bearer" actually mean and where did it come from?

@DanielW_Kiwi I haven't read it since 2010, and while there are always parts to disagree with, generally came to the same overall conclusions about code structure, cleanliness.. which has served well for many years. Only the foolish outright reject lessons because they don't like something.

I honestly think there are some genuinely valuable lessons in this book. At the very least it gets you thinking about the structure of your code. If you don't like the advice and can articulate to yourself why, you are better off than having not read the book.

@MuwaffaqBadawi Riders a slug. Even with the u.i refresh . I have it installed on my fedora , but end just using vs code and CLI agents. VS is significantly better, faster.

I still don't get how people use Rider from JetBrains to develop .NET applications Do you guys just use it for the sake of working in other environments like Mac and Linux

One thing asp.net has always had even since .net framework 2.0 was comprehensive permissions and access control features built in with the membership system. Than .net core made rbac and abac significantly easier. Have built many apps with RBAC / ABAC .. the authorisation handlers are great, claims transformations necessary because we don't want to store extensive permissions in Jwts Jwts should store info about the users identity (who they are) with very limited course grain roles. . but are not suitable for fine grained "what they can do" perms ..

"Only Admins can do this." That check is easy to add to an API. Then the app grows. Now you have Admins, Managers, Editors, Support Agents, and custom access rules for a few users. Soon, your code is full of questions like: → Is this user an Admin? → Or a Manager? → Or a Manager with one extra rule? → Do we need a new role for this one action? This is where role checks start to break down. A better approach is to think in permissions: → Users have roles → Roles contain permissions → Endpoints require a permission For example, an endpoint does not need to know that a user is a Manager. It only needs to know whether they can update users or export reports. This gives you access rules that are easier to read, change, and test. And you can add new permissions without spreading new role checks across your API. I break down how to build this in ASPNET Core, using permission-based policies, claims, and clean endpoint rules. Worth reading before your next "just add an Admin check" turns into a much bigger problem: milanjovanovic.tech/blog/building-…

@Star_Knight12 Do something at least once. I don't use do while often but have used them. And so have many others.

never met a developer who uses do-while loop

@IamAroke Never been embarrassed to google a question as a developer. It's just a resource, like any other resource, prior we used books and magazines. Though I am curious that people would be embarrassed to google certain questions... What are they and why?

What's the most embarrassing question you've googled as a developer? And please don't tell me it's how to center a div 😂