> every change to your database will break your client unless they are updated simultaneously every time (impossible for mobile apps)
You can just put up a UI forcing the user to update. Which is perfectly fine since you won't be making backward-incompatible changes to your database every month. Adding a new column doesn't break existing clients.
> or your client is aware of every backend change (very complex)
You can just put in a build date in your frontend and compare it against the date a breaking change was made. If it's <, refresh.
> Your DB is likely to contain internal state that has no business being sent to the client.
Which is why not all tables need to be sent to the client. The post gives an example of exposing the friends table to the client but not others.
> If you do this, any business logic not captured in your backend has to be duplicated in each front end.
No, the post says to make your backend layer as thin AS POSSIBLE, not to not have a backend layer at all costs even if it means duplicating code.
> How do you make breaking DB changes if you take on this strategy of API design?
You change the frontend!
> This advice may be good for a proof of concept, a prototype, or an early version which stands a good chance of getting rewritten.
Which is why the blog post begins by saying, "Say you've started a startup today"
> I would not recommend it for anyone wishing to build a lasting architecture.
In a startup, I wouldn't recommend over-designing on day 1, because that's a good way of not delivering enough business value fast enough and so going bust.
> Take a look at your favorite famous internet company and look at their API and try to deduce if they follow this advice or not.
As the blog post says, you shouldn't cargo-cult Google or Amazon. You don't operate at their scale, you don't have as much traffic, you don't have as many teams, and so on. You should what makes sense for you given your company's maturity and where in the product lifecycle you are.
> This article doesn't use the word "permission" or "validation"
The article talks about it multiple times: using a database user account with limited privledges, exposing some tables but not others, exposing read but not write access, giving users access only to data they own.
> it's nearly impossible to parse and check an arbitrary SQL query for malicious intent
Which is why the article doesn't propose trying to parse and check queries for malicious intent.
> it now passes the responsibility of query performance to the FE engineer. Are appropriate indexes in place? Does the query make inappropriate JOINs?
No, in the proposal, we have backend engineer(s) to advise and assist frontend engineers. Having appropriate indices and JOINs doesn't mean you have a layer that doesn't add business value. And when it does add value, write it!
> schema changes now mean that you need to update your front end code. This means guaranteed hard downtime, because you can't control what JS folks are running in the browser.
I don't know if I understood you, but you can just force a refresh in the browser.
> you also need to make sure that queries aren't designed to intentionally DoS your DB.
That's a valid point I didn't think of.
> There's a lot wrong with the ideas presented here.
It's hard to take your criticism seriously when many of your reactions are a result of your own misunderstanding of the proposal.
> 1. You can't trust the front end. Backends must be written assuming that every call from the front end is malicious.
This is already taken care of in the proposal, by permitting clients to access only data they own.
> 2. There will be multiple front ends. If all your business logic is in the front end, you'll have to duplicate it into all of them. Where it will rapidly get out of synch and you'll have different behaviours on different clients.
No, because a) not every startup starts on multiple platforms b) you can always put common behavior into a piece that's reused. This can be a library linked in to multiple frontends, or a backend API. The post says your backend should be as thin AS POSSIBLE. It doesn't say you shouldn't have a backend at all costs, even if that means duplicating code.
> Forcing your UI to use the same entities as your database.
Nothing prevents you from mapping the entities to different ones for your frontend, in cases where you need that.
> The advice in the article strikes me as dangerously sensible-sounding while being mostly wrong.
I don't think you even understood the advice in the first place, as I can see from your misconceptions above.
Not the parent, but I read the book, and the principles have become so common nowadays that I never really had a wow moment. It was more like "Yeah, this guy is telling me things I already know." It is nice to see the common knowledge built up from scratch, rather than just automatically accepted the way it is, but I wouldn't consider the value you get from the book worth the time, today.
8 vs 11 is too small a sample size to say either way. It may very well be that a couple of these startups succeeded due to their business model / luck / sector / whatever which wouldn't apply to the next startup.
If it were 0 vs 11, that would mean something, but 8 vs 11 is too close.
Instead of counting unicorns, we should count the number of successful exits, such as acquisitions. Or, second best, the number of companies that reached (say) series C funding.
> the idea that the highest rated films and shows on IMDB represent the "best" of the mediums is kinda silly.
OP here. If you have a better source, use it. Which source is the best was not the point of the article anyway. The point was that you should look for good stuff, not blindly watch the new movie or read the new book.
It's not about looking back at earlier versions that have shipped and trying to classify them, nor is it about asking someone else. Rather, when there's a disagreement as to whether we can launch what we have, with one side saying, "It's fine to launch, it's an MVP after all" and the other side saying "No it's not at MVP quality yet", take a step back and remember that both sides may mean different things by MVP, as the post says.
Is there an Electron alternative that uses the OS's rendering engine (Webkit on macOS, Edge on Windows), for developers who think that bundling a whole browser with their app is not the right tradeoff?
Before you can talk about what the key features should be, you should identify what jobs the customer is hiring the product to do. That anchors the discussion; otherwise you'll be talking in a vacuum about whether to build feature X or Y without anchoring it to a job the product needs to do.
The jobs to be done framework too brings the customer into the room. If we're building a photo editor, and I say, "I wouldn't use a feature that makes lips red and removes pimples", then we can talk about the job the photo editor is being hired to do, like "make me look pretty on Instagram". I can put forward my bias like "I don't care about that" and someone can counter that.
Futurecam is a computational photography camera app for iOS that process 1Gb of image data per second on an iPhone 7. It can do things that SLR's can't, like changing shutter speed after capture. Check out http://futurecam.app to find out about more features and how it works.
I ran Futurecam as a startup for 3 years and now I'm moving on, so I'm making it open source, under the MIT license. https://github.com/kartickvad/Futurecam
> Fast forward almost a decade
If your system lasted a decade, that's a success, and any startup that just started would love to be in your shoes.
> management still doesn't understand the concept of "overwhelming technical debt".
That's a problem with your company, not with the suggestion in my post of adding in layers of abstraction when needed rather than ahead of time.