Under the Radar 13: External Dependencies
00:00:00
◼
►
welcome to under the radar a show about
00:00:02
◼
►
independent iOS app development I'm
00:00:04
◼
►
Marco Arment and I'm David Smith under
00:00:06
◼
►
the radar is never longer than 30
00:00:07
◼
►
minutes so let's get started so today we
00:00:11
◼
►
wanted to unpack the situation that
00:00:15
◼
►
occurred I guess it was the end of our
00:00:18
◼
►
beginning of this week end of last week
00:00:20
◼
►
something like that where parse a fairly
00:00:23
◼
►
widely used platform for app backends
00:00:27
◼
►
design announced that they will be
00:00:28
◼
►
shutting down and the while the actual
00:00:32
◼
►
situation and the nuances of that aren't
00:00:34
◼
►
particularly like generally applicable
00:00:36
◼
►
they're interesting the actual sort of
00:00:38
◼
►
the fundamentals of that of having this
00:00:40
◼
►
big general-purpose flat platform that
00:00:42
◼
►
was used by lots of apps finally
00:00:44
◼
►
shutting or deciding it was going to
00:00:45
◼
►
shut down has a lot of knock-on effects
00:00:48
◼
►
that are probably worth unpacking before
00:00:51
◼
►
we dive into that app robbing sense to
00:00:52
◼
►
just sort of talk about what parse was
00:00:53
◼
►
and so parse was this platform that made
00:00:56
◼
►
and relatively easy to make a back-end
00:00:59
◼
►
for your application that would do
00:01:00
◼
►
object persistence user management
00:01:03
◼
►
things like that like a very basic
00:01:05
◼
►
high-level like non specific to a
00:01:07
◼
►
particular industry back-end sort of
00:01:09
◼
►
system that a lot of apps could use and
00:01:11
◼
►
it had fairly attractive pricing and
00:01:14
◼
►
including a free tier which is always a
00:01:16
◼
►
bit of a trap for these kinds of things
00:01:18
◼
►
where you can say oh we can use it for
00:01:19
◼
►
free and if our app gets really
00:01:20
◼
►
successful then we only then what we
00:01:22
◼
►
have to pay an advantage a couple years
00:01:24
◼
►
ago was bought by Facebook which it made
00:01:26
◼
►
everyone who is using it kind of happy
00:01:27
◼
►
because oh now it's not this sort of
00:01:29
◼
►
fly-by-night thing it's backed by you
00:01:31
◼
►
know this major corporation but now it's
00:01:34
◼
►
ship being shut down Facebook has
00:01:36
◼
►
decided that that's not something that
00:01:37
◼
►
they want to invest in and continue to
00:01:39
◼
►
maintain and so a year from now they are
00:01:42
◼
►
going to be turning it off they're doing
00:01:44
◼
►
it pretty well like they're getting a
00:01:46
◼
►
year's notice and a bunch of migration
00:01:47
◼
►
tools but at the end of the day this
00:01:49
◼
►
thing that I've heard varying reports
00:01:52
◼
►
but you know at least I think it's fair
00:01:55
◼
►
to say a quite a lot of apps make use of
00:01:57
◼
►
at least in part he's just gonna be
00:01:59
◼
►
turned off and as a result the apps that
00:02:01
◼
►
use it if they haven't been updated or
00:02:03
◼
►
migrated are just going to stop working
00:02:05
◼
►
and that's kind of tricky yeah I think
00:02:08
◼
►
one of the weird things about this is
00:02:09
◼
►
like you know kind of ties back to app
00:02:11
◼
►
economics where
00:02:12
◼
►
in order for these apps to continue
00:02:15
◼
►
working it has to be worth their
00:02:16
◼
►
developers time and and their developers
00:02:19
◼
►
have to have the budget to now do a
00:02:22
◼
►
noticeable update and you know they've
00:02:24
◼
►
made it relatively easy they've released
00:02:26
◼
►
big parts of their service as open
00:02:28
◼
►
source that you could just install at
00:02:29
◼
►
any server microsoft azure has started
00:02:32
◼
►
trying to attract people to migrate to
00:02:34
◼
►
them and they're making a little bit
00:02:36
◼
►
so there are migration options here that
00:02:38
◼
►
aren't gonna be incredibly work heavy
00:02:41
◼
►
but it is still work you have to still
00:02:43
◼
►
do an update there are going to be
00:02:44
◼
►
things you have to change and rewrite
00:02:45
◼
►
and so it has to be worth that happening
00:02:49
◼
►
by the by the apps developers so if
00:02:52
◼
►
you're relying on an app that uses this
00:02:53
◼
►
that hasn't updated in a long time that
00:02:55
◼
►
might never be updated for this it might
00:02:57
◼
►
never be worth somebody's time to update
00:02:59
◼
►
it and that's unfortunate and that that
00:03:01
◼
►
is going to cause a lot of problems in
00:03:02
◼
►
the app stores these apps was kind of
00:03:03
◼
►
slowly you know collect 1 star reviews
00:03:06
◼
►
and stopped working and and they just
00:03:08
◼
►
kind of live as zombies forever yeah and
00:03:10
◼
►
so as developers when I see something
00:03:13
◼
►
like this like I said like the a the
00:03:15
◼
►
specifics of the PAR situation are sort
00:03:18
◼
►
of inch vaguely and or like
00:03:19
◼
►
intellectually interesting but aren't
00:03:20
◼
►
actually practically that interesting
00:03:22
◼
►
but what it makes me think about is it
00:03:24
◼
►
makes me evaluate the dependencies that
00:03:27
◼
►
I have in my own apps and as I build
00:03:29
◼
►
apps and increasingly a fewer and fewer
00:03:33
◼
►
of the things that I've built have no
00:03:36
◼
►
web component whatsoever because the
00:03:38
◼
►
feel seems like these days like you're
00:03:41
◼
►
gonna need some kind of back-end for
00:03:43
◼
►
your application either something like
00:03:45
◼
►
parse or you know that's sort of like
00:03:47
◼
►
off the shelf or something you build
00:03:49
◼
►
yourself and you're probably gonna need
00:03:51
◼
►
these for at least one of three reasons
00:03:53
◼
►
like you're gonna need some kind of your
00:03:55
◼
►
apps probably going to do something
00:03:56
◼
►
back-up related or people are if they're
00:03:58
◼
►
people are putting any amount of data
00:04:00
◼
►
into your application they're probably
00:04:02
◼
►
going to want to be able to have it
00:04:04
◼
►
backed up and this is something that for
00:04:06
◼
►
a long time I used to ever say oh I rely
00:04:08
◼
►
on like the iTunes iCloud backup system
00:04:10
◼
►
but that is all kinds of problems and
00:04:13
◼
►
issues that you'll run into where like I
00:04:16
◼
►
have a recipe manager and I ran into
00:04:18
◼
►
issues where like their recipes were
00:04:20
◼
►
fully backed up in like the latest
00:04:22
◼
►
backup that they did but they
00:04:23
◼
►
accidentally deleted the app and so now
00:04:25
◼
►
the only way they
00:04:26
◼
►
get their recipes back is to do a full
00:04:29
◼
►
restore of an old backup on to their
00:04:32
◼
►
device potentially destroying newly like
00:04:35
◼
►
newer data on in other apps and things
00:04:38
◼
►
like it's a mess so you wanna be able to
00:04:39
◼
►
backup your data or you want to be able
00:04:41
◼
►
to sync your data between different
00:04:43
◼
►
devices so you'll need some kind of
00:04:45
◼
►
back-end to do that or you just have an
00:04:47
◼
►
app that has like a core service like
00:04:49
◼
►
obviously like I imagine an overcast you
00:04:52
◼
►
need a back-end or this you're like a
00:04:55
◼
►
lot of what you do wouldn't work if you
00:04:56
◼
►
didn't have some kind of back-end to run
00:04:58
◼
►
for it oh sure I mean you know there are
00:05:01
◼
►
podcast apps that don't use server-side
00:05:03
◼
►
backends like as intermediaries and just
00:05:05
◼
►
crawl feeds directly and everything but
00:05:07
◼
►
that's not how I built mine and and it
00:05:10
◼
►
affords me a bunch of advantages to have
00:05:11
◼
►
done it the way I do it but now I have
00:05:13
◼
►
this big dependency I'm on my surface
00:05:15
◼
►
yeah and I think ultimately like that's
00:05:17
◼
►
the right word like at the end of it
00:05:19
◼
►
building these backends that are maybe
00:05:22
◼
►
they aren't always required but are
00:05:23
◼
►
going to be required in a lot of cases
00:05:25
◼
►
like the biggest thing that I think this
00:05:28
◼
►
situation is instructive for is making
00:05:31
◼
►
us aware of the things that were
00:05:33
◼
►
dependent on and that our apps are
00:05:35
◼
►
dependent on because we're always gonna
00:05:38
◼
►
be dependent on something it seems like
00:05:39
◼
►
there's no way to really say like ok I'm
00:05:41
◼
►
gonna be completely independent because
00:05:43
◼
►
ultimately you're gonna be like I'm very
00:05:44
◼
►
reliant on Apple for example and iOS
00:05:48
◼
►
like if if Apple announced you know
00:05:51
◼
►
tomorrow that hey we've decided you know
00:05:54
◼
►
this iOS thing isn't really working out
00:05:55
◼
►
we're just gonna turn it off like we're
00:05:58
◼
►
just gonna stop making iPhones I'm not
00:06:00
◼
►
saying it's likely but if they did my
00:06:02
◼
►
apps would stop working like in the same
00:06:04
◼
►
way that if parse decide you know to
00:06:05
◼
►
going away meant that absolute relied on
00:06:07
◼
►
it go away like or maybe a more
00:06:09
◼
►
practical example for like i-4 on the
00:06:11
◼
►
Apple side of things as if they decide
00:06:13
◼
►
like you know what cloud kit isn't
00:06:14
◼
►
working out we're gonna turn that off or
00:06:16
◼
►
those types of things or like I rely on
00:06:19
◼
►
my hosting provider I post all my own
00:06:21
◼
►
all my Linux servers online out and you
00:06:25
◼
►
know if they decide they're gonna go out
00:06:27
◼
►
or they go out of business or they
00:06:29
◼
►
decide they're not gonna do the kind of
00:06:30
◼
►
hosting that I need anymore
00:06:31
◼
►
suddenly like I'm in a big bit of a bind
00:06:34
◼
►
and so like there's no way to avoid
00:06:35
◼
►
being dependent you're always dependent
00:06:37
◼
►
on something
00:06:38
◼
►
but like you can there's a lot of
00:06:41
◼
►
dependencies that you kind of have some
00:06:42
◼
►
choice in like do i want to be so wed to
00:06:46
◼
►
a particular platform or back-end or
00:06:47
◼
►
system or do i want to be a bit more
00:06:50
◼
►
flexible and do you know Bujji it ends
00:06:52
◼
►
up like the more custom you make it and
00:06:54
◼
►
how much of it you control you're gonna
00:06:56
◼
►
have more like Portability and be able
00:06:59
◼
►
to be like you know if this particular
00:07:00
◼
►
host goes away I can just get another
00:07:02
◼
►
one and your how to be able to look at
00:07:05
◼
►
the trade-offs and make more choices
00:07:06
◼
►
than if you're just all in on one thing
00:07:09
◼
►
that's when you start to get a little
00:07:11
◼
►
bit awkward yeah and that's why I like
00:07:13
◼
►
the the selection of what you depend on
00:07:16
◼
►
this this is why I'm usually very
00:07:18
◼
►
conservative with these you know
00:07:19
◼
►
obviously I try to minimize how many
00:07:21
◼
►
external services and companies and
00:07:23
◼
►
things I depend on but you know the
00:07:25
◼
►
betterment something as you said this is
00:07:28
◼
►
why I always try to choose as
00:07:29
◼
►
conservatively as possible so like yeah
00:07:32
◼
►
Apple could shut down the entire App
00:07:34
◼
►
Store and that would that would really
00:07:35
◼
►
be disruptive for us but that's very
00:07:37
◼
►
unlikely like the apps the app stores
00:07:39
◼
►
continued success is pretty important to
00:07:42
◼
►
Apple as well so I've aligned my
00:07:44
◼
►
incentives with this now pretty old and
00:07:47
◼
►
pretty important thing to its parent
00:07:49
◼
►
company that like it is very unlikely
00:07:51
◼
►
that Apple's Apple will do that and
00:07:53
◼
►
that'll be a problem for me
00:07:54
◼
►
Facebook shutting down parse this thing
00:07:57
◼
►
they bought did not have that kind of
00:07:59
◼
►
luxury like if you were a parse customer
00:08:01
◼
►
six months ago you're like looking
00:08:02
◼
►
evaluating this this dependency Facebook
00:08:05
◼
►
it isn't that important to Facebook to
00:08:07
◼
►
keep this running so that this this was
00:08:09
◼
►
foreseeable that like this was a high
00:08:11
◼
►
risk of happening that this company made
00:08:13
◼
►
this service it got big got bought the
00:08:15
◼
►
parent company didn't really depend on
00:08:16
◼
►
its continued operation for their core
00:08:18
◼
►
strategy so this was always gonna be a
00:08:21
◼
►
risk right so you know if if Linode I
00:08:25
◼
►
know however we're supposed to be
00:08:26
◼
►
pronouncing it I sale I know do you sale
00:08:27
◼
►
I know they say Linode if if that
00:08:29
◼
►
particular Linux VPS host gets shut down
00:08:32
◼
►
well that's unlikely because they're
00:08:35
◼
►
really big and they're they've been
00:08:37
◼
►
around a while but even if that happens
00:08:40
◼
►
migrating away from that is not that big
00:08:43
◼
►
of a problem because there are other
00:08:44
◼
►
Linux VPS hosts just like it and they
00:08:48
◼
►
and if if every Linux VPS host went away
00:08:52
◼
►
you could get a Linux server somewhere
00:08:53
◼
►
that behaved very similarly you know if
00:08:56
◼
►
every Linux server provider went away
00:08:59
◼
►
you could add as a last ditch run one in
00:09:01
◼
►
your house like you shouldn't but you
00:09:03
◼
►
could like in this so like the the
00:09:05
◼
►
transition options away from something
00:09:08
◼
►
are also very important like parse
00:09:09
◼
►
shutdown they did a decent thing here
00:09:12
◼
►
where they they open sourced a big part
00:09:13
◼
►
of their of their server and made it
00:09:16
◼
►
like installable on your own stuff but
00:09:17
◼
►
what if they didn't do that lots of
00:09:19
◼
►
things shut down and never do that
00:09:20
◼
►
because they just either can't or won't
00:09:22
◼
►
or don't feel like it so you know if
00:09:26
◼
►
let's suppose suppose you depend on an
00:09:28
◼
►
Amazon Web service for your business and
00:09:30
◼
►
Amazon shuts that down most of the time
00:09:33
◼
►
that is very hard to replace because
00:09:35
◼
►
they are so custom and proprietary you
00:09:37
◼
►
can't just kind of do your own thing if
00:09:39
◼
►
you dependent on any kind of like high
00:09:41
◼
►
level service like this then it is it is
00:09:44
◼
►
always a risk the the more like custom
00:09:47
◼
►
and proprietary and high level something
00:09:48
◼
►
is the risk of it being hard to replace
00:09:51
◼
►
if it ever does go away increases yeah
00:09:55
◼
►
and I think that's ultimately probably
00:09:57
◼
►
like the enticement and why it's this
00:09:59
◼
►
weird tension that you find yourself in
00:10:01
◼
►
as you're developing a service or as
00:10:02
◼
►
you're thinking about a feature you're
00:10:03
◼
►
saying like if I do it with this high
00:10:06
◼
►
level can't like constructor that this
00:10:09
◼
►
company's providing I can save myself a
00:10:12
◼
►
lot of time upfront because I'm not
00:10:15
◼
►
having to build that again you know I'm
00:10:18
◼
►
saying like if if there's this solution
00:10:20
◼
►
that they've come up with that like
00:10:22
◼
►
means that you know user authentication
00:10:24
◼
►
it's just like a thing that I can just
00:10:26
◼
►
ruff like plug into my app and it
00:10:28
◼
►
handles all the give a secure password
00:10:30
◼
►
storing and email resets and all that
00:10:33
◼
►
kind of stuff like say there's a service
00:10:34
◼
►
that does that off-the-shelf like that's
00:10:36
◼
►
you know days weeks months of time that
00:10:40
◼
►
you weren't spending building that thing
00:10:42
◼
►
that instead you're just kind of more
00:10:43
◼
►
integrating directly into your
00:10:44
◼
►
application and so like it's enticing
00:10:47
◼
►
and like you're getting this enticement
00:10:50
◼
►
at the benefit of that upfront time but
00:10:53
◼
►
it's sort of at the detriment of this
00:10:55
◼
►
this risk that you're increasing in your
00:10:57
◼
►
application and
00:10:58
◼
►
maybe that makes sense like if you're
00:11:00
◼
►
just kind of prototyping something and
00:11:02
◼
►
throwing it out there or you aren't in a
00:11:04
◼
►
situation that's very time limited that
00:11:06
◼
►
you have to you know you if you don't
00:11:08
◼
►
ship your app in a month it's you're
00:11:12
◼
►
gonna miss some kind of market window or
00:11:13
◼
►
opportunity that or like that's the only
00:11:15
◼
►
amount of like you just have that much
00:11:16
◼
►
money to make a run at it and you just
00:11:19
◼
►
kind of have to then great like it's
00:11:22
◼
►
there's nothing bad about those types of
00:11:24
◼
►
things but it's this weird tension that
00:11:26
◼
►
you're finding of like because you're so
00:11:28
◼
►
locked in at that point you're setting
00:11:30
◼
►
yourself up for difficulty down the road
00:11:33
◼
►
because it's not necessarily like you're
00:11:35
◼
►
it's like short-term benefit and like
00:11:38
◼
►
long-term pain because you know
00:11:39
◼
►
developing it yourself there's also
00:11:41
◼
►
long-term pain it's a different kind of
00:11:42
◼
►
pain but like you have to then be the
00:11:45
◼
►
one who's maintaining it or when
00:11:46
◼
►
security issues happen you know you have
00:11:48
◼
►
to could be you're the one going in and
00:11:50
◼
►
patching your web server or you're the
00:11:54
◼
►
Linux distribution you're installing on
00:11:55
◼
►
your servers or whatever like you're you
00:11:57
◼
►
know at some point there's always the
00:11:58
◼
►
long-term challenges with these things
00:12:00
◼
►
but the difficult the difference is more
00:12:02
◼
►
one of your totally locked in and at the
00:12:06
◼
►
whim of whatever that company is and
00:12:08
◼
►
unless you're their biggest customer
00:12:11
◼
►
which for the kind of people who I
00:12:12
◼
►
imagine listen to a show like this
00:12:13
◼
►
you're unlikely to be a service
00:12:16
◼
►
providers made like biggest customer
00:12:18
◼
►
you're just gonna be kind of like rah
00:12:20
◼
►
you know sort of wash back and forth
00:12:22
◼
►
based on whatever makes sense for them
00:12:24
◼
►
and that may or may not be something
00:12:26
◼
►
that or a position that you find
00:12:28
◼
►
yourself in that you'd be comfortable
00:12:29
◼
►
with this episode of under the radar is
00:12:32
◼
►
brought to you by hover quite simply
00:12:34
◼
►
hover is the best way to buy and manage
00:12:36
◼
►
domain names when it comes to buying a
00:12:38
◼
►
domain name hover is the first place I
00:12:40
◼
►
check now when you have an idea for a
00:12:41
◼
►
project naming it can be difficult when
00:12:43
◼
►
you finally get that name you want to be
00:12:45
◼
►
able to quickly and easily get the
00:12:46
◼
►
domains that you need hover provides a
00:12:48
◼
►
simple fast and hassle-free method of
00:12:50
◼
►
buying domains I don't want to be faced
00:12:52
◼
►
with a thousand screens and all these
00:12:53
◼
►
add-ons high prices all these like
00:12:56
◼
►
custom weird services that seem kind of
00:12:57
◼
►
like scams I just want to get in it's
00:12:59
◼
►
like what I need buy it and get on with
00:13:01
◼
►
my life and building my new idea hover
00:13:03
◼
►
makes us very very easy
00:13:04
◼
►
their search is very nice it suggests
00:13:06
◼
►
things for you if nothing's available
00:13:08
◼
►
they can search all the TL DS all the
00:13:10
◼
►
crazy new ones in addition to all the
00:13:13
◼
►
and they have dot-com domain starting at
00:13:15
◼
►
just $12.99 a year great prices on all
00:13:18
◼
►
the other ones as well all these include
00:13:20
◼
►
Whois privacy for free with every hover
00:13:22
◼
►
domain because they believe that you
00:13:24
◼
►
shouldn't have to pay extra for
00:13:25
◼
►
something like that that's you know
00:13:26
◼
►
obviously you want to keep your private
00:13:28
◼
►
information private that's one have
00:13:29
◼
►
fantastic customer support if you want
00:13:32
◼
►
to call them they have a no hold no wait
00:13:34
◼
►
no transfer telephone support policy
00:13:36
◼
►
when you call them you talk to an actual
00:13:37
◼
►
human being not a robot not a menu you
00:13:40
◼
►
don't have to say like operator like the
00:13:42
◼
►
stupid speak menus it's a real human
00:13:44
◼
►
being you can just talk to directly they
00:13:46
◼
►
pick up the phone and if you do of
00:13:47
◼
►
course prefer the robots they also have
00:13:50
◼
►
great support documents and support
00:13:51
◼
►
guides and their website for getting
00:13:52
◼
►
everything you need and you can email
00:13:54
◼
►
them as well if you'd like and they also
00:13:56
◼
►
have a valid transfer service where they
00:13:58
◼
►
can take all the hassle out of switching
00:13:59
◼
►
from your current provider so because
00:14:01
◼
►
they do it all for you you can just give
00:14:03
◼
►
them your login to your old provider and
00:14:04
◼
►
they will transfer names for you if
00:14:05
◼
►
you'd like all that for free of course
00:14:07
◼
►
they have so much more great stuff they
00:14:09
◼
►
have volume discounts they have custom
00:14:11
◼
►
email addresses storage and forwarding
00:14:13
◼
►
and so much more stuff check it out
00:14:15
◼
►
today at hover.com
00:14:17
◼
►
use code perspective at checkout that is
00:14:20
◼
►
once again code perspective at checkout
00:14:22
◼
►
and you will get 10% off your first
00:14:24
◼
►
purchase at hover comm and you will show
00:14:26
◼
►
your support for under the radar and all
00:14:28
◼
►
of real afm thank you very much to hover
00:14:30
◼
►
for sponsoring this episode so it seems
00:14:33
◼
►
like we should probably also dive now
00:14:34
◼
►
dive into kind of like what we do how we
00:14:37
◼
►
approach this because I think we both
00:14:39
◼
►
have found ourselves at the end of the
00:14:41
◼
►
like the thought process on how we
00:14:44
◼
►
should bake backends for our servers
00:14:46
◼
►
with the like well we're gonna build
00:14:47
◼
►
them ourselves and we're gonna build
00:14:49
◼
►
custom applications running on you know
00:14:53
◼
►
Linux VPS is that we use and probably
00:14:58
◼
►
worth saying why we kind of do that I
00:15:00
◼
►
mean to me it's it's you know first of
00:15:02
◼
►
all it's all about control for me I'm a
00:15:03
◼
►
control freak and I want to do
00:15:05
◼
►
everything myself and I want I want I
00:15:06
◼
►
want everything to be under my control
00:15:07
◼
►
because I don't want to have major parts
00:15:11
◼
►
of my roadmap dictated by a dumb change
00:15:16
◼
►
in my host that oh all of a sudden this
00:15:17
◼
►
entire thing I depend on is shutting
00:15:19
◼
►
down and I got to change that like you
00:15:21
◼
►
know Apple give us enough of those
00:15:22
◼
►
things we don't you know the with like
00:15:24
◼
►
new device releases and everything but
00:15:25
◼
►
those are you know kind
00:15:26
◼
►
an unavoidable part of working with
00:15:27
◼
►
Apple but when it comes to running your
00:15:29
◼
►
services you control a lot more of that
00:15:31
◼
►
and you can avoid those things and so I
00:15:33
◼
►
love that part of it and for me it's
00:15:36
◼
►
also it's also a lot about capability
00:15:38
◼
►
and and cost in a low cost and and and
00:15:42
◼
►
just being able to do a lot cloud kit is
00:15:44
◼
►
very appealing in a lot of ways and if I
00:15:46
◼
►
was making the new app today I would
00:15:48
◼
►
think very hard about how about whether
00:15:50
◼
►
I could just do it all in cloud kit and
00:15:51
◼
►
whether that'll be the right move for me
00:15:52
◼
►
but it is still limited in what it can
00:15:56
◼
►
do what it can't do
00:15:57
◼
►
and and so for me like a website or like
00:16:01
◼
►
a regular Linux back-end is the default
00:16:03
◼
►
for me I know how to do it it really
00:16:05
◼
►
isn't that hard which we'll get into in
00:16:07
◼
►
a little bit it really isn't that hard
00:16:08
◼
►
and it's it is surprisingly capable for
00:16:12
◼
►
surprising little cost yeah exactly I
00:16:14
◼
►
think there's the reasons are fairly
00:16:16
◼
►
similar for me like I like I think the
00:16:19
◼
►
thing that I like most is being able to
00:16:21
◼
►
tailor the backend of my application to
00:16:23
◼
►
not necessarily the application but it's
00:16:27
◼
►
tailored to the way that I think and the
00:16:29
◼
►
way that I solve problems in the way
00:16:31
◼
►
that I'm thinking about like the
00:16:32
◼
►
problems that are being solved in my app
00:16:35
◼
►
so when I'm dealing with something like
00:16:38
◼
►
sink like the generic term for like one
00:16:41
◼
►
of the hardest problems in computer
00:16:42
◼
►
science I like that I can like so I'm
00:16:47
◼
►
solving that problem in a way that makes
00:16:49
◼
►
sense to me that I'm not having to kind
00:16:51
◼
►
of shoehorn my application in the way I
00:16:54
◼
►
think about it into the model that a
00:16:57
◼
►
service provider provides and they say
00:16:59
◼
►
like well you know we handle conflict
00:17:01
◼
►
resolution using like last last updated
00:17:05
◼
►
wins or something like that and like
00:17:06
◼
►
maybe that works maybe it doesn't
00:17:08
◼
►
and so when you build your app builder
00:17:10
◼
►
yourself like I actually understand it
00:17:12
◼
►
like I have to go I've gone through and
00:17:14
◼
►
I've made the decisions at the various
00:17:17
◼
►
levels of like well I want this to work
00:17:19
◼
►
this way I want this to work that way
00:17:20
◼
►
and so then down the road when I'm
00:17:22
◼
►
debugging something and I have a better
00:17:25
◼
►
understanding of how how I expected to
00:17:28
◼
►
work and when things go wrong I have a
00:17:30
◼
►
sense of where they're made might be
00:17:32
◼
►
going wrong like is this an app problem
00:17:34
◼
►
is this a web service problem and like
00:17:37
◼
►
ultimately it probably also just like
00:17:38
◼
►
makes my apps better and makes me a
00:17:40
◼
►
better program
00:17:41
◼
►
like having this breath of experience
00:17:42
◼
►
that at this point like I can build
00:17:46
◼
►
something all the way from like the UI
00:17:49
◼
►
and the application the business logic
00:17:51
◼
►
inside of the application and then all
00:17:54
◼
►
the way through to like the you know
00:17:56
◼
►
then the web service that's managing
00:17:58
◼
►
that information and a database at the
00:18:00
◼
►
back that's storing that information
00:18:02
◼
►
like having being able to do all those
00:18:04
◼
►
things is just like good for me from a
00:18:08
◼
►
career and personal development
00:18:09
◼
►
perspective like I've learned to solve
00:18:12
◼
►
more problems doing it this way that
00:18:16
◼
►
ultimately I think makes me a better
00:18:17
◼
►
developer like I write less my apps are
00:18:20
◼
►
probably better because they're the kind
00:18:22
◼
►
of calls they're making like I know what
00:18:24
◼
►
the server is trying to do with those
00:18:25
◼
►
calls and so you don't end up just like
00:18:27
◼
►
well this is like the naive obvious
00:18:30
◼
►
solution I'll just kind of throw all
00:18:31
◼
►
this data at the server or I'll hey let
00:18:34
◼
►
me just ask for all of it every day all
00:18:36
◼
►
the time and because if the servers are
00:18:39
◼
►
overwhelmed that's not my problem like
00:18:41
◼
►
those are things that ultimately
00:18:43
◼
►
probably make my apps better and like
00:18:45
◼
►
you were saying it is kind of crazy how
00:18:46
◼
►
inexpensive it is to do a lot of these
00:18:48
◼
►
things now like just with a lot of my
00:18:52
◼
►
things are just backed by like two or
00:18:55
◼
►
you know VPS is that cost I mean like at
00:18:59
◼
►
a basic one it's like $20 a month
00:19:00
◼
►
there's something like that twenty forty
00:19:02
◼
►
dollars a month like for a lot of my
00:19:04
◼
►
applications I end up spending you know
00:19:05
◼
►
maybe it's $100 a month in in servers
00:19:09
◼
►
and that's really not too bad for the
00:19:13
◼
►
can of capability in the throughput and
00:19:14
◼
►
the number of users that you can support
00:19:17
◼
►
even with just at that level oh yeah I
00:19:20
◼
►
mean evenly the twenty bucks a month
00:19:21
◼
►
server level on a modern host like line
00:19:24
◼
►
out or digitalocean you can get so much
00:19:26
◼
►
for this for this money now and when
00:19:29
◼
►
you're using boring old fast tools like
00:19:32
◼
►
MySQL or Postgres and you're you have
00:19:35
◼
►
like a modern web language in front of
00:19:36
◼
►
it you know you have even in the old
00:19:38
◼
►
ones PHP Ruby you know like Python or
00:19:41
◼
►
more recently you might have like go you
00:19:43
◼
►
know these these are so fast you can do
00:19:46
◼
►
so much you can support so much usage
00:19:48
◼
►
it's way more than you think because now
00:19:50
◼
►
you know you have these modern
00:19:51
◼
►
processors doing the virtualization you
00:19:54
◼
►
ssds on almost all these hosts now it is
00:19:56
◼
►
incredibly fast to do and so like you
00:19:59
◼
►
you really can support a lot on very
00:20:01
◼
►
little hardware yeah and I think
00:20:03
◼
►
ultimately that makes it a lot easier
00:20:04
◼
►
like it's there the hardest problems
00:20:07
◼
►
I've ever had to solve like the only
00:20:08
◼
►
time I kind of regretted doing backends
00:20:10
◼
►
myself is they were the early days of
00:20:13
◼
►
feed Wrangler my RSS sinking system
00:20:15
◼
►
which like I was doing stuff that in
00:20:19
◼
►
retrospect was really foolish and was
00:20:22
◼
►
just crushing my database like it was
00:20:24
◼
►
just my Postgres database was just
00:20:27
◼
►
constantly dying and falling over and in
00:20:30
◼
►
retrospect it was because I was being
00:20:33
◼
►
you know deserves I've made a few really
00:20:34
◼
►
bad assumptions upfront but even there
00:20:38
◼
►
like that's the only time I've ever
00:20:40
◼
►
really had to do any low-level
00:20:43
◼
►
performance tuning of any of my
00:20:45
◼
►
applications otherwise just out of the
00:20:47
◼
►
box things are just fast and work and
00:20:50
◼
►
it's fine in a way that like it would be
00:20:53
◼
►
problematic if I you know if I really
00:20:55
◼
►
needed to be like a database
00:20:56
◼
►
administrator like a serious like you
00:21:00
◼
►
know DBA whatever they call them these
00:21:01
◼
►
days like doing that kind of work but
00:21:03
◼
►
most of the times I just like install
00:21:04
◼
►
Postgres with the defaults you know
00:21:07
◼
►
tweak a few things how the way I like it
00:21:08
◼
►
and then it's fine and it just runs
00:21:11
◼
►
quickly enough for you know that my
00:21:13
◼
►
users don't even really notice any kind
00:21:15
◼
►
of performance issues or problems yeah I
00:21:18
◼
►
mean like you might think if you've if
00:21:19
◼
►
you haven't done this before or if the
00:21:21
◼
►
last media this was like 10 years ago
00:21:22
◼
►
you might think that running servers
00:21:24
◼
►
requires lots of like low-level tweaking
00:21:26
◼
►
and performance tuning and getting these
00:21:28
◼
►
right config variables to like exactly
00:21:30
◼
►
the right buffer size and everything and
00:21:31
◼
►
you don't really need to do that anymore
00:21:33
◼
►
that's very very rare for most people
00:21:36
◼
►
need to get that that down into the
00:21:38
◼
►
nitty gritty stuff it really is like as
00:21:40
◼
►
you said that you can just install these
00:21:41
◼
►
things with the defaults and usually
00:21:44
◼
►
that's usually what you need to do
00:21:46
◼
►
because everything is just so good now
00:21:48
◼
►
there's so much Headroom the software is
00:21:50
◼
►
very mature and a lot of these things
00:21:52
◼
►
and and the hardware isn't very mature
00:21:54
◼
►
to so it you really get a lot of weight
00:21:57
◼
►
with just the defaults now and I think
00:21:59
◼
►
if you think one thing that I was kind
00:22:00
◼
►
of looking forward to when we got it got
00:22:02
◼
►
into this topic is you said you had a
00:22:03
◼
►
few little pro tips for getting into
00:22:06
◼
►
this kind of administer
00:22:07
◼
►
because I think it is it can be a little
00:22:10
◼
►
bit intimidating to it's like you know
00:22:13
◼
►
like go and install Linux even then you
00:22:15
◼
►
starts like well what version of Linux
00:22:16
◼
►
what should I do
00:22:17
◼
►
how to get started and it's remember a
00:22:20
◼
►
bit being a little intimidating but at
00:22:21
◼
►
least like what the fun thing is once
00:22:23
◼
►
you get going like there's tremendous
00:22:24
◼
►
resources and you can just kind of get
00:22:27
◼
►
going and once you know it you know it
00:22:28
◼
►
because this stuff doesn't really change
00:22:30
◼
►
yeah basically like Google is your
00:22:33
◼
►
friend you know not not the corporate
00:22:35
◼
►
structure but you know the search engine
00:22:36
◼
►
its SEC overflow like all these things
00:22:38
◼
►
these are your friend because lots of
00:22:41
◼
►
people have been running Linux servers
00:22:43
◼
►
for years and as you said the tools and
00:22:46
◼
►
the commands and what you need to do
00:22:47
◼
►
doesn't change very often usually
00:22:49
◼
►
typically that you learn this stuff like
00:22:51
◼
►
once and you have to learn something new
00:22:53
◼
►
maybe every two years like it's it's
00:22:55
◼
►
pretty it's pretty stable it doesn't
00:22:57
◼
►
change much so number one tip I can give
00:22:59
◼
►
is to pick a very popular but somewhat
00:23:04
◼
►
conservative Linux distribution to do
00:23:06
◼
►
this with four years I recommended sent
00:23:08
◼
►
to us which was basement right Hat
00:23:09
◼
►
Enterprise Linux I think today I think
00:23:12
◼
►
Ubuntu might have more momentum behind
00:23:14
◼
►
it so I actually just I just managed my
00:23:18
◼
►
first Ubuntu server recently and it's
00:23:21
◼
►
it's things are a little bit different
00:23:23
◼
►
but I was able to figure it out
00:23:24
◼
►
so between sent OS and Ubuntu you can't
00:23:27
◼
►
really go wrong turn on auto updates for
00:23:31
◼
►
as much of a system software as it makes
00:23:33
◼
►
sense to do that for usually every major
00:23:35
◼
►
district has a way to do this it's very
00:23:37
◼
►
straightforward that will take care of
00:23:39
◼
►
most security problems for you if you
00:23:42
◼
►
basically are not an idiot which you're
00:23:44
◼
►
not trust me you know if you're not an
00:23:46
◼
►
idiot and if you leave things mostly at
00:23:48
◼
►
their defaults with the distro and what
00:23:50
◼
►
it comes with modern Linux distros are
00:23:52
◼
►
very secure by default because they know
00:23:54
◼
►
that that matters like the default
00:23:56
◼
►
matter so they've all adopted pretty
00:23:58
◼
►
conservative and pretty secure defaults
00:24:00
◼
►
for the most part keeping things updated
00:24:02
◼
►
automatically is very easy and things
00:24:04
◼
►
like that on a other high level stuff
00:24:06
◼
►
only run the software that you need to
00:24:08
◼
►
be running and they're all very good at
00:24:10
◼
►
letting you manage this so like if you
00:24:12
◼
►
have a server that you have your website
00:24:13
◼
►
on don't also install like well let me
00:24:16
◼
►
install FTP so I can like trade files
00:24:18
◼
►
with my friends like no just leave that
00:24:19
◼
►
off that's just of just a liability it
00:24:20
◼
►
just don't do that
00:24:21
◼
►
you know install what you need to
00:24:22
◼
►
install and if you want to play around
00:24:24
◼
►
with different things you can create a
00:24:26
◼
►
second VPS for like five or ten bucks a
00:24:27
◼
►
month and play around on that don't play
00:24:29
◼
►
around in your main servers run only
00:24:31
◼
►
what you need to be running on them take
00:24:33
◼
►
advantage of the built in isolation in
00:24:36
◼
►
Linux machines especially with regard to
00:24:39
◼
►
networking almost every service that
00:24:43
◼
►
you'll be running will have some kind of
00:24:44
◼
►
like listening port where you can say
00:24:45
◼
►
alright this database should listen on
00:24:47
◼
►
this interface on this port if you only
00:24:49
◼
►
have one server make this make the
00:24:52
◼
►
internal stuff listen on localhost so
00:24:53
◼
►
that you can't log into MySQL from
00:24:56
◼
►
outside like you shouldn't need to do
00:24:58
◼
►
that anyway you should be doing things
00:24:59
◼
►
on the server if you need you know
00:25:00
◼
►
management stuff lock that down if you
00:25:02
◼
►
have multiple servers use use private
00:25:04
◼
►
networking every host that's worth their
00:25:06
◼
►
salt support the private networking
00:25:07
◼
►
between your between your own machines
00:25:09
◼
►
so if you have multiple servers need to
00:25:11
◼
►
talk to each other have them talk to
00:25:13
◼
►
each other only over private interfaces
00:25:15
◼
►
have things like MySQL or memcache
00:25:17
◼
►
listen-only on private or our local
00:25:19
◼
►
interfaces that helps a lot just make it
00:25:22
◼
►
don't don't rely on like being your
00:25:24
◼
►
password secure make it so that
00:25:26
◼
►
passwords don't even work from the
00:25:28
◼
►
outside so that also applies to things
00:25:30
◼
►
like SSH when you're doing login remote
00:25:32
◼
►
login so disable root logins once you
00:25:34
◼
►
have a user set up had that user have
00:25:36
◼
►
sudo access with the password and then
00:25:38
◼
►
that user account that you're logging in
00:25:40
◼
►
as say you're logging in as David make
00:25:41
◼
►
that the only user that can log in via
00:25:43
◼
►
SSH and make that key authentication
00:25:45
◼
►
only disable password authentication in
00:25:47
◼
►
SSH this is very simple stuff to do you
00:25:50
◼
►
can Google how to do it so that right
00:25:53
◼
►
there you have no way to log in with a
00:25:55
◼
►
password you have to have the the
00:25:58
◼
►
encryption key to log in that knocks out
00:26:00
◼
►
massive you know brute force
00:26:02
◼
►
possibilities and everything that helps
00:26:04
◼
►
so so much between that and private
00:26:07
◼
►
networking for private services you
00:26:09
◼
►
really eliminate a lot of problems now
00:26:11
◼
►
moving on slightly to user data collect
00:26:15
◼
►
as little user data as possible to get
00:26:17
◼
►
your job done because worst case
00:26:20
◼
►
scenario somebody hacks into your server
00:26:22
◼
►
worst case scenario they take your
00:26:24
◼
►
database what do they have think about
00:26:27
◼
►
it when you're designing your when
00:26:28
◼
►
you're designing your database you're
00:26:29
◼
►
designing your service what information
00:26:31
◼
►
do you really need from people and what
00:26:32
◼
►
can you get away with not having
00:26:34
◼
►
if you don't need to get people's email
00:26:36
◼
►
addresses don't get their email
00:26:37
◼
►
addresses if you like if you're taking
00:26:39
◼
►
passwords from people hash those so that
00:26:41
◼
►
you know people aren't getting like just
00:26:43
◼
►
the md5 like for God's sake don't do
00:26:45
◼
►
that like you know use secure password
00:26:47
◼
►
hashing like be Krypton strong settings
00:26:48
◼
►
there is lots of good practices for this
00:26:51
◼
►
lots of things to tell you how to do
00:26:52
◼
►
this I've considered even for overcast
00:26:53
◼
►
like I do have the email addresses for
00:26:56
◼
►
people because I figure yeah I need to
00:26:57
◼
►
be able to I have email addresses and I
00:26:58
◼
►
have hashed passwords with a strong
00:27:00
◼
►
bcrypt but I'm like I've been thinking
00:27:02
◼
►
recently do I even need the email
00:27:03
◼
►
address could I could I have that too
00:27:06
◼
►
cuz then then you have like if you steal
00:27:08
◼
►
my database you just have no email
00:27:10
◼
►
addresses like that would be amazing and
00:27:11
◼
►
I was thinking like the only if you hash
00:27:14
◼
►
the email address so it works just like
00:27:15
◼
►
that you like the password basically
00:27:16
◼
►
then you could still have logins you can
00:27:19
◼
►
still have password resets the only
00:27:20
◼
►
thing you really can't do is I can't
00:27:23
◼
►
like email people randomly out of my
00:27:25
◼
►
database but I've never done that I
00:27:27
◼
►
don't send a newsletter I don't do it
00:27:29
◼
►
like I don't do any that stuff so you
00:27:32
◼
►
know stuff like that
00:27:32
◼
►
think about just like what data you have
00:27:34
◼
►
what you're collecting and what you can
00:27:35
◼
►
afford not to collect simple security
00:27:39
◼
►
measures beyond that you know you should
00:27:41
◼
►
have database backups you should also be
00:27:43
◼
►
encrypting those backups there's
00:27:44
◼
►
built-in stuff there's a crypt command
00:27:46
◼
►
you can pipe thar through and everything
00:27:47
◼
►
like this really simple stuff on unix to
00:27:49
◼
►
do all this very securely make sure
00:27:52
◼
►
though that you are testing these
00:27:54
◼
►
backups make sure you can decrypt them
00:27:55
◼
►
it's so that's very important don't
00:27:58
◼
►
store the encryption key only on the
00:28:00
◼
►
server because then if that server gets
00:28:01
◼
►
wiped or gets lost or whatever you've
00:28:03
◼
►
lost your data and your backup
00:28:05
◼
►
decryption key that's no good one
00:28:09
◼
►
strategy I employ there is I write my
00:28:11
◼
►
database backups I copied them onto a
00:28:14
◼
►
write only s3 account so like the the
00:28:18
◼
►
account the credentials that are on the
00:28:19
◼
►
machines can only write to the bucket
00:28:21
◼
►
they can't read or delete from it so
00:28:23
◼
►
that way if somebody hacked into the
00:28:24
◼
►
machine they can't also go and delete on
00:28:26
◼
►
my backups so I have a separate you know
00:28:29
◼
►
separate credentials that I can that I
00:28:31
◼
►
can pull the backups off of there and
00:28:32
◼
►
restore that never live on my servers
00:28:34
◼
►
those those stay like with me and my
00:28:36
◼
►
personal documents those never live on
00:28:37
◼
►
the servers so you know keep things as
00:28:39
◼
►
secure and separate as you can just by
00:28:41
◼
►
design like this and that's really about
00:28:44
◼
►
it for basic security stuff it really is
00:28:48
◼
►
as you think and you don't have to do
00:28:50
◼
►
very much you don't have to like
00:28:52
◼
►
constantly keep on top of your servers
00:28:54
◼
►
and be constantly baby suddenly for the
00:28:55
◼
►
most part you set it up and it basically
00:28:57
◼
►
runs itself and if you set it up with
00:28:59
◼
►
sensible default using conservative
00:29:01
◼
►
software and some basic security
00:29:02
◼
►
settings like what I've said here
00:29:04
◼
►
you can be pretty much fine yeah exactly
00:29:07
◼
►
and I think that it's the kind of thing
00:29:08
◼
►
that if you can't do this kind of thing
00:29:12
◼
►
and if like if everything that Marco
00:29:14
◼
►
just ran through like is complete
00:29:16
◼
►
gibberish to you like you should
00:29:17
◼
►
probably do something about that it's a
00:29:19
◼
►
good it's an important skill to be a
00:29:21
◼
►
developer to understand some of these
00:29:22
◼
►
basics they sort of like the
00:29:24
◼
►
fundamentals that run the internet like
00:29:26
◼
►
you should understand what this is and
00:29:28
◼
►
you know just sort of take control of
00:29:30
◼
►
that and you know I just I just get a
00:29:33
◼
►
five-dollar like VPS somewhere and start
00:29:36
◼
►
messing around and start seeing you know
00:29:38
◼
►
learning cuz that's how most people even
00:29:39
◼
►
people learn this stuff you just start
00:29:41
◼
►
doing it and you get better at it
00:29:42
◼
►
alright we're out of time this week
00:29:44
◼
►
thanks for listening everybody and next
00:29:46
◼
►
week we're gonna go into a little more
00:29:47
◼
►
detail about our server setups lessons
00:29:50
◼
►
we've learned and how to minimize the
00:29:51
◼
►
workload we'll see you next week okay