Sqlx is completely lacking in the query composability department, and leads to a very large amount of boilerplate.
You can derive FromRow for your structs to cut down the boilerplate, but if you need to join two tables that happen to have a column with the same name it stops working, unless you remember to _always_ alias one of the columns to the same name, every time you query that table from anywhere (even when the duplicate column names would not be present). If a table gets added later that happens to share a column name with another table? Hope you don't ever have to join those two together.
Doing something CRUD-y like "change ordering based on a parameter" is not supported, and you have to fall back to sprintf("%s ORDER BY %s %s") style concatenation.
Gets even worse if you have to parameterize WHERE clauses.
You don't need to derive anything, sqlx creates structs with the query results for you. The rest of your complaints are just the natural consequence of SQL's design. sqlx is no more difficult to use than similar libraries in other languages.
>so I became an employee, but that turned out to be a massive step back in terms of income. Despite the fact that I worked closely with lots of stakeholders and solved complex problems for them, their internal rules didn't allow them to pay me as more than a code monkey.
Surely there was a negotiation step before signing contracts? What happened there? What was the blocker that did not "allow" them to change their own internal rules that they themselves control? Surely there is a way to do that.
>I left, they ruined the application (it's apparently slow as molasses now), and now I'm about to go back
Then state what you want before going back, if it's important for them they will find a way. Don't accept these kinds of zero effort "oh our policy doesn't allow us to pay you more" explanations.
I normally do too, but in this case I did want to work there. And apparently I do again.
I negotiated my ass off, made a lot of good arguments, and everybody understood where I was coming from, but still wouldn't budge an inch. Maybe I should have walked away. In fact, I did, a couple of months later. But now I'm coming back again.
We'll see how it goes. Maybe I'll succeed at opening up higher pay scales for programmers, maybe I'll leave again after a year or so, or maybe I'll actually find happiness doing something I enjoy.
You can never get everything you want. Most programming jobs in NL don't pay much more than this. If you want to get paid what you're really worth, you need to work as a freelancer, but the tax service has just ruined that market.
And the advantage of this job is that I know I'll be working on things I love, they really want and appreciate me (if financially not quite as much as I'd like), and maybe I can push for change from the inside. Or maybe I'll leave once the freelance market picks up again. It's not like I'll be married to them.
There's a bunch of javascript webapps that won't let you even select text on screen, meaning this is the only way to get it into your clipboard. I had to use developer tools for years before firefox supported the clipboard API.
A machine that cannot be abused is unlikely to be useful for anything else. In this case, almost every time I work with LLMs I need to use the clipboard to transfer data.
That involves at least three steps - select the element in question, highlight all the text (which may not always be as simple as pressing Ctrl-A), then press Ctrl-V.
A click to copy button is one convenient step.
LLMs are no more special than sites like GitHub and many others, which all provide this feature.
If your app needs to do that, you instruct the user to select the text, and press C-c. We should not allow crap like this because they are too dumb to understand these instructions, or because your app is so special it just needs to do this on a click.
I'm not against that. Maybe a safe browswer mode (incognito) where this is disabled. Devs can polyfill to a popup that says (pleasue use ctrl c or right click copy.)
Who's "we"? I'm a software developer and I use click to copy buttons on websites all the time. Sites like GitHub, ChatGpt, and many more all have them, because they're useful. They're not "special", quite the opposite - this is a ubiquitous and useful feature.
It certainly could make sense to have a security setting that allows this capability to be controlled, in the same sort of way as allowing sites to access your geographic location. But simply saying "we should not allow" it is unrealistic and, frankly, pretty silly.
The framework that exists is crap and should be replaced with something where you as a consumer should not have to watch the eula changes like a hawk, and then the onus should not be on you as a consumer to do extra work to get refunded for a bait and switch.
I know there is some rule about commenting about this on HN, but a website about "buy European made" that immediately starts with _two_ cookie banners about "Your privacy rights under _US_ state privacy laws" does seem weird. (I'm not in the US)
This is very handwave-y and idealistic. Sure, 8 billion humans, and thousands of companies on a cosmic timeline will lift the "most capable entity" to the top, but the road there is going to be extremely long if you just "nah they'll get it" and not do anything else.
I named a specific company, pointed out a specific example of the dynamic featuring GCC and Debian is just one iceberg in the OSS ocean demonstrating that there are more than 30,000 packages built on the principle that free software is better than closed source.
I'm not sure how much more specific and concrete you want the argument to get, but that seems fine to me. The market is big, people care about this part of it. There will be a sponsor for the work if Google isn't up to the challenge.
The only reason everyone uses Chrome is it is really good at what it does and to date Google has been a high quality steward.
Another uphill struggle is cloudflare. Get ready for sites being unavailable because of CF, and endless captchas that make you wonder if they even work.
This would be an excellent opportunity for CF to assert a commitment to a secure and private web by propping up one of the FF forks, even a little bit, and simply make sure it's not auto-killed by their managed policies.
Obviously if a customer wants to manually kill it, it's on them, but CF has a lot of power in choosing defaults.
As someone who cares about privacy, knowing that the company that MITMs a massive chunk of my TLS traffic to websites also controls my browser's funding would make me feel uneasy.
My experience is that anything that tries to tamper with the UA will send CF into a frenzy.
My regular firefox instance is pretty much okay. Unfortunately there is a bunch of super popular crapware shit like Teams and Slack that refuses to properly work on Firefox, unless you tweak the UA. The last time I had to do this was about half a year ago, but Slack refused to let me "huddle", unless I changed my UA. Same with Teams, it straight up said I need to install chrome if I want video chat.
Any time I forgot to change back my UA, CF would not let me in anywhere. I got the captcha, clicked on it, it said "all good", reloaded the page, and I got redirected back to the captcha. Endless loop.
Cognito and Auth0 are so popular because 1) somewhere in the past 5 years developers got bullied into believing that doing authentication is now hard, high risk, dangerous, hard to get right, and all kinds of scare words in the name of the security theater, and, 2) there are a lot of incompetent people who somehow don't understand that you should not put your database on the public internet without authentication.
Just outsource all of that to us, we will all take care of all that very hard work for you, really, just 5.99$/month at first, and when we inevitably get hacked, because actually it's us that have no fucking idea what security is, since we only understand security theater compliance language, you can point your fingers at us so you don't get fired, and we will wash our hands with some vague PR words. Win win.
I think auth in the way that b2b services require it is, at the bare minimum, awkward, and made more difficult when you step out of a language ecosystem where that problem has been solved extensively.
As you say though it’s not technically hard, it’s just a massive fucking faff. OIDC, identity providers, oAuth2, SSO… and I would argue that solutions like Cognito complicate that setup far more than they should.
Plus, it’s an easy B2B money maker when so many businesses lock their SSO functionality behind a top-tier enterprise plan. So that’s the real reason for making auth harder than it is. If it was about security it would be a basic feature.
All true, but glosses over a lot of nuance and wide variety of contexts, particularly B2B.
We’re likely going to switch to Cognito because maintaining OIDC auth has been a pretty big cost for a small company. IdP configurability in particular is painful both technically and in customer support.
One downside to Cognito/etc though is while they’ll handle the tech side (Okta notwithstanding), it’s still up to you to troubleshoot and configure and integrate correctly. Lots of opportunities to “solve” the security risks, but hurt customer and user experience in the process.
I'm the founder of WorkOS and we solve this problem for developers, primarily focusing on the challenges around enterprise SAML, SCIM, complex RBAC, fine-grained authorization, and more.
Sure, but you are forgetting about compliance and adopting the same standards org wise across thousands of projects spanning hundreds of teams and jurisdictions, and separate industry standards across. Thats what adopting something like Auth0 is for.
You can derive FromRow for your structs to cut down the boilerplate, but if you need to join two tables that happen to have a column with the same name it stops working, unless you remember to _always_ alias one of the columns to the same name, every time you query that table from anywhere (even when the duplicate column names would not be present). If a table gets added later that happens to share a column name with another table? Hope you don't ever have to join those two together.
Doing something CRUD-y like "change ordering based on a parameter" is not supported, and you have to fall back to sprintf("%s ORDER BY %s %s") style concatenation.
Gets even worse if you have to parameterize WHERE clauses.
reply