djm_'s comments

You could do with using an LLM to make your site work on mobile.

Same over here, we're down due to a deploy. Heroku Status green as grass.

Edit: Good Twitter thread with some support replies [1]

https://twitter.com/nunotomas/status/1663642609527431168

This is so important if you want to avoid incredibly gnarly race conditions. In particular for us: jobs being run even before the transaction has been fully committed to the database.

We utilise a decorator for our job addition to external queues, such that the function that does the addition gets attached to Django's "on transaction commit" signal and thus don't actually get run until the outer database transaction for that request has been committed.

Dependabot is based on releases from the various package repositories; running of main is pre-release - hence they’re probably using GitHub Actions to pin their Gemfile-defined Rails version to a commit hash.

Correct. Which means if you’re taking deliveries it’s probably better to have a house number as you get validated more frequently.

I remember working with SagePay as a payment provider back in 2008 (before we knew of Stripe!) and finding it interesting that card address validation was only done on the numbers in a full address.

For example, from "20 Windsor Road, London, SE1 6JH" it would extract 2016 and validate that against the banks details.

I thought that was quite a smart way as UK addresses can come in all forms, shapes and sizes (as the post shows) – but the minimal bits required to be correct are indeed the numbers as all postcodes have them and an incorrect number would mean a incorrect postcode.

Edit: the funny bit was that they made you work this out and send it along with the request rather than just handling it internally :)

Fantastic write-up.

This seems to me like a combination of multiple foot-guns, first being the Docker one - followed by the fact Mongo was not configured to authenticate the connection.

Heroku by default run PostgreSQL open to the world (which is problematic for other reasons) but they get away with it by relying on PG's decent authentication.

My default is to prefer to build systems with multiple layers of security, such that there is no reliance on a single issue like this.

Yes! And it’s actually not either/or for us, we still use Docker Compose to run our services (Redis, PostgreSQL, etc) that don’t require file syncing with the host. It’s good at that.

As a Mac-using Python shop, we had serious file-sync performance issues when mounting our codebase inside a container via docker-compose. Nix completely freed us from them and allowed us to develop with Python natively speedily and without all the serious faff & headaches that usually comes with getting reproducible builds on everyone machines.

If you'd like to know more, I spoke at DjangoCon Europe late last year [1] on our setup; it's still paying serious dividends for us!

Happy to answer more.

[1] https://www.youtube.com/watch?v=Mx3yiE_CJOY

This looks great!

If you're building CLI tooling in Elixir, you may also be interested in TableRex, my ASCII-table drawing library. [1]

[1] https://github.com/djm/table_rex

Did you miss the whole pandemic bit or are you too “disconnected from reality”?

From experience, I can tell you that many people simply refer to this entire domain as CORS despite that S standing for Sharing. The Same Origin Policy is treated verbally more like the default state of CORS in some circles.

It is very confusing and I’m not entirely sure how it ended up like that.

There is a lot of movement in the offline-first/multiplayer space at the moment, after apps like Linear [1] & Figma [2] have pushed the paradigms.

[1]: https://linear.app [2]: https://figma.com

Some other projects which will help you implement the pattern that are worth checking out:

Replicache [3] - real-time sync for any backend. Works via simple push and pull end points and is built by a small team of 3 devs with decent browser xp (Greasemonkey, Chrome, etc)

Logux [4] - a client/server framework for collaborative apps. From Evil Martians, well known for: postcss, autoprefixer, browserlist etc.

[3]: https://replicache.dev [4]: https://logux.io

RoomService also used to be in the space but recently left it to pivot to something else.

The largest problem you’ll end up solving is conflict resolution so having a good understanding of the tradeoffs involved with your (or the underlying) implementation is key.

A solid set of changes and incredibly well presented for digesting what changed and why - congrats on the release!

The post is about how they built their own internal API Gateway; it's not a product Digital Ocean offer (yet?).

Yes, running pytest with the --pdb flag will drop you into the debugger on an unhandled exception which gets a comparable workflow but it's not quite the same as, a) writing tests to file first is not repl-driven development, and b) you generally have to think about doing it first.

In an ideal repl-driven world you could write the test in the repl entirely and commit it to disk once you're ready.

Followed you in case you ever do! I'm a big fan of Jackbox and I'd love to read about where CRDTs fit in your stack.

Generally if a service was to keep them it would be to keep a history of passwords you may not use ever again. They wouldn't be available for use in authentication.

Obviously this is very implementation specific though, and can't be considered a rule.

Augmented Reality. Adding copy/paste as a feature to reality definitely falls under that banner.

>latest hottest tech rarely make sense

I would agree! But I'd also say that I believe Elixir has moved past this part of the curve and is seeing serious adoption amongst companies.

I first got interested in 2014 and back then it was definitely still early days. 6 years later and I'm still yet to regret the decision to invest time Elixir and BEAM ecosystem.