Like what you see? Subscribe here and get it every week in your inbox!
Issue #243 - November 5, 2023
If you are looking for work, check out this month's Who is hiring?, Who wants to be hired? and Freelancer? Seeking Freelancer? threads.
Here are the top threads of the week, happy reading!
1. Ask HN: If you were to build a web app today what tech stack would you choose?
Top comment by martinald
.NET 8 for the backend, and then blazor webassembly for the front end if it's complicated, or just boring old server side rendering with htmx if it's not.
I've seen a lot of projects fail/struggle in golang (package ecosystem is still missing a lot of basics imo) or nextjs (very buggy).
.NET has been my secret weapon. It's boring, works really well, has a good ecosystem and asp.net is really well thought through and you can go as "deep" as you want with middleware etc. Plus performance is extremely good, as is the deployment story with docker these days (having to use Windows server with .net Framework a few years ago was a nightmare, enough to put me off, but in .net core Linux is a first class citizen now).
Also the IDEs are great these days, especially rider.
2. Ask HN: Cloudflare Workers are down?
Top comment by elithrar
This should be resolved. We’re still investigating the underlying root cause, and intend to share a write-up once we have that in hand.
This is not the way we wanted anyone to start their week.
(I am the PM lead for Cloudflare Workers: Databases & Storage)
3. Ask HN: How can we help Firefox not to dissapear?
Top comment by numbsafari
Mozilla needs new leadership, one that is focused on building the userbase, rather than lining their own personal pockets and riding it into the ground. The chair of the board receives 3x the salaries of the rest of the executive leadership combined[1].
There are so many ways that Mozilla the organization could do more to promote not just a browser, but the open web writ large.
1: https://assets.mozilla.net/annualreport/2021/mozilla-fdn-990...
4. Ask HN: What companies have blown you away with their customer support?
Top comment by gameshot911
Charles Schwab. Not only do their (at least checking) products have great benefits (like no ATM fees and free international transactions), but every time I've called they've been extremely helpful.
I once had my debit card canceled due to fraud while traveling internationally, and they shipped a replacement via both UPS and Fedex to ensure a replacement got to me as quickly as possible.
I have no doubt they've lost money on me as a customer in my lifetime, but I have nothing but amazing things to say about them and I suspect they'll make it up later in life when I have more assets to work with.
5. Ask HN: To what extent have digital payments replaced cash in your country?
Top comment by wheels
Since nobody's chimed in here from Germany yet:
Germany's broadly a hold-out. Particularly a lot of restaurants, bars and clubs are still cash-only, and some smaller shops definitely prefer cash. Used cars are, interestingly, almost always cash-only. Person to person transactions (i.e. buying something you pick up in person) are almost always cash. Open air markets (produce, flea markets) are always cash.
Electronic payments are becoming more accepted, but it's wise to almost always have some cash on hand.
Cash retains a certain appeal for privacy reasons, and, let's be honest, for businesses avoiding paying their taxes. I'm actually happy cash remains. I don't like the idea of everything I ever buy being recorded. I also don't mind when e.g. going out that I have to consciously get more cash from the ATM when I've blown through my evening budget.
This is in amusing contrast with my trip to Sweden last year, where I pulled out the equivalent of €100 for emergencies, and had trouble getting rid of it in the week and a half there since most places didn't seem to even take cash.
6. Ask HN: Is Express still "de-facto" for building Node back ends?
Top comment by NylonMeltdown
Maybe it's still standard, but if you don't want to shoot yourself in the foot, just stay away from it.
Express's API is horrible. It's not integrated with Promises (async/await) at all, so be prepared to wrap every async endpoint (so probably all of them) with a custom error handling wrapper. If you don't (and don't have a big catch-block around the whole implementation), an unhandled error will hang the connection forever without a response.
Also, the API makes it pretty much impossible to write "wrapping" middleware, for example if you want output validation. As soon as an express middleware calls `next`, it's done and there's no way intercepting it before a response is sent.
It also still doesn't support Node's HTTP2, just some (nowadays) weird third-party HTTP2 implementation.
The standard `compression` middleware also seems abandoned, not supporting brotli (so you'll have worse loading times), despite Node.js natively providing the required functions for years.
I'll second `fastifiy` or `koa`.
7. Ask HN: How would French police locate suspects by tapping their devices?
Top comment by runjake
Software implants (“RATs” or “rootkits”) or baseband access (“backdoors”).
The baseband is an embedded computer inside the phone that controls the device’s sensors and radios. It runs off of its own OS and is separate from the consumer-facing OS. The phone’s OS then talks to this embedded system.
All phones do this, even the iPhone whose baseband OS was some variant of L4 Linux, IIRC.
Various Intelligence Community people and documents have made statements that they can remotely activate the baseband to interact with a target device.
8. Ask HN: Do you know what is going on at Wise?
Top comment by nyargh
Got burned by Wise doing an international transfer a few years back. Money was withdrawn but never reached the receiving bank. Wise wouldn't help at all, even after getting a statement from my sending bank that Wise had my money. Never again.
OFX is boring but has good spreads, always been able to reach a human and always worked for me for international transfers.
9. Ask HN: What podcasts do you listen to?
Top comment by surprisetalk
I maintain a list with ratings here, but it's a bit outdated:
[1] https://taylor.town/podcasts
99% Invisible
Articles of Interest
Conversations with Tyler
Dan Carlin’s Hardcore History
Everything Everywhere Daily
Nice Try!
Radiolab
The Memory Palace
Quanta Science Podcast
Cortex
The Anthropocene Reviewed
S-Town
On the Metal
Hello Internet
EDIT: I can't update my website because cloudflare is down haha
I'll try to update later today.
A lot of my rankings have changed as podcasts often degrade in quality over time
---
EDIT:
Series that I enjoyed at some point in the past:
Against the Rules with Michael Lewis
Akimbo: A Podcast from Seth Godin
American Innovations
Brains
Cautionary Tales
Chemistry for Your Life
Dear Hank & Jon
Deep Questions with Cal Newport
Endless Thread
Everything is Alive
Experimental History
Freakanomics
Harmontown
Hey Riddle Riddle
The Joy of Why
Land by Hand
Monday Morning Podcast with Bill Burr
More Perfect
Patented: History of Inventions
The Permaculture Podcast
The Peter Attia Drive
Planet Money
Reasonably Sound
Reconcilable Differences
Reply All
Revisionist History
The Strong Towns Podcast
Stuff You Should Know
The Tim Ferriss Show
Trailblazers with Walter Isaacson
Twenty Thousand Hertz
devtools.fm
The Changelog
Elm Town
Future of Coding
Hest
Software Unscripted
TODEPOND PODCAST10. Ask HN: How to survive indefinite DDoS attack?
Top comment by bityard
I work for a company in the DDoS mitigation space and there is not nearly enough information in your question for anyone to offer any kind of sensible response for your particular situation.
What is your business? How much traffic "normal" do you get? What is the size of the attack? What is the bandwidth of your upstream connection? Who are your customers? Where is it hosted? What are your acceptable thresholds for false negatives and positives? Do you know who is attacking you and why?
Most every hosting provider will have some sort of DDoS monitoring and mitigation on their networks already. Their response to sustained or repeated attacks might range from scrubbing the bad traffic before it gets to you and not notifying you at all, to reaching out to you to work with you on both ends of the issue, to cancelling your account.
If you just have a fairly simple website that you host yourself, Cloudflare likely a fine option. If you have more advanced needs, you should talk to a more comprehensive DDoS solution vendor.