• 9 Posts
  • 152 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle





  • For sure, in PCI environments this doesn’t work. And in the Series F company we don’t use this approach for that very reason. But there’s tons of companies that don’t have or need external certifications, and it works for that much more common scenario. For the small web (i.e. most of the web), it’s ideal.

    The important takeaway isn’t “wow, doing production builds on your PC isn’t secure.” Do it on a dedicated box in production, then. The important takeaway is there’s a mountain of slow things (GitHub workers, docker caching, etc) which slow developer velocity, and we should design systems and processes which remove or eliminate those pains.





  • Hi friend, this was just meant to be an introduction, as I get started blogging and sharing back some knowledge and lessons I learned along the way. I’ve never written a blog before (or much of anything!), and I’m sorry you didn’t find value in this.

    I wasn’t intending to boast, but I can see how it came across. I just meant to say, “companies are trying to tell you that you need ‘XYZ’ to scale,” and at least at the size of business I ran, you didn’t need any fancy tech at all – we could have made do with a dead-simple setup: a single server running Go and SQLite. It’s something I wish I had known when I started.

    I’ll take your feedback to heart and try to produce larger, more substantial posts to follow. Thanks for commenting.


  • I’m concerned that your preferred solutions may ignore the needs of working with peers. When I’ve worked with similar solutions before, we had a lot of on call, and it all went to the same person, regardless of who actually answered the phone.

    Totally hear you and have the same experience myself. The approach I’m advocating for is simply running a binary on a server with rsync to deploy, and architecting your product around that limitation. Teaching a team the basics of Linux sysadmin will be incredibly useful for their careers, and it’s something that the whole team can easily learn. Then you don’t need to hire a k8s team – any engineer can do some basic debugging when things go sideways.