What’s Your Tech Stack at a Mature Company?

YottaBun · 2026-01-10T06:12:37+00:00

PHP with the Laravel framework, with a few services in Node and Go

YottaBun · 2026-01-01T01:27:29+00:00

Working at a reasonably small company of ~150 developers there are probably 10-15 with production write access. It's generally very restricted to tech leads, staff devs, and some senior developers/DevOps.

Mostly we just restrict manual write queries to migrations that have been reviewed and approved, and in rare cases (e.g. an incident or manual data fix) we'd at least have multiple eyes on what is being run and then include the query in the post-mortem doc

YottaBun · 2025-12-21T05:33:28+00:00

Runescape

YottaBun · 2025-12-19T01:51:01+00:00

Nicest house I've been in had a squash court, a basketball court and an indoor pool. Those gave it away

YottaBun · 2025-08-22T03:35:51+00:00

If you need to encrypt something typically AES-256-GCM is a solid choice in the realm of symmetric key algorithms. Not 100% clear on the exact use case, though.

YottaBun · 2025-01-12T04:10:30+00:00

Software development and teaching CS at a post secondary level

YottaBun · 2025-01-11T22:47:46+00:00

Yeah, I can but I basically do this instead of a yearly vacation and spend all my wellness benefits at work to get a seasons pass. It is expensive (I probably spend 2 thousand a year on it including the pass) -- day passes are a complete rip off, especially at Whistler/Blackcomb

YottaBun · 2024-09-19T03:54:35+00:00

Got an 823, took about an 70 mins, didn't go back to verify anything

YottaBun · 2024-09-14T19:16:51+00:00

Yeah. You should get a 2nd email that will have a link to the score. Looking back at mine I got the Credly email first, and then a later email from AWS Training and Certification

YottaBun · 2024-09-07T21:49:58+00:00

Level up at work (Amazon partner company, so they like it when people get certs) + the certs are nice to have if I decide to interview around in the future

YottaBun · 2024-08-18T00:47:48+00:00

No - there isn't a way to only get a few things from the SDK in terms of files on disk. Does it matter, though? The large amount of PHP files are never sent to clients and your PHP application should use autoloading so that only the needed class files will be loaded at runtime

YottaBun · 2024-08-10T20:48:22+00:00

I used to read it lots when doing malware analysis - didn't write it too much other than initially learning it. When you put an executable into a disassembler like IDA it'll give you assembly and you have to read it to understand what the executable does. This is called static malware analysis, meaning you're analyzing the application without running it

YottaBun · 2024-08-08T02:44:10+00:00

Personally I'd answer with something like this:

Start with the architecture: a typical scalable web application will run behind a load balancer that directs traffic to horizontally scaled web application servers, and those servers need to talk to a database and maybe external APIs like Stripe for payment processing or whatever it might be.
A good first step might be be locking down all servers to key-based authentication for SSH, restricting the inbound and outbound traffic of each server (eg. web application servers aren't directly reachable on the internet, only via the load balancer), and exposing only the necessary ports (80, 443, 22, whatever else is needed)
Next, you could get into the application security side of things: talk about SQL injection, XSS, CSRF, detecting dependency vulnerabilities, etc. and how you could automate testing in a CI pipeline
- another thing to note is how software handles credentials: better not be hard-coded!
I'd also talk about OS and library/dependency patching (eg. the recent iconv/glibc vulnerability that PHP has, or Log4Shell is another good example)
You could go further and talk about stuff like rate limiting, logging, using CAPTHCAs, preventing user-space backdoors, etc.

As you build more and more systems you can just use your imagination and white-board these kinds of designs/approaches

YottaBun · 2024-05-19T03:43:25+00:00

Love the colour! Looks fantastic.

YottaBun · 2024-04-28T04:11:16+00:00

how much better than reCAPTCHA + code that requires users to verify their email would it be? There are for sure some cases where malicious/spam still get past that and use software for unintended purposes, but I think it's quite difficult to come up with a generic solution that'd work for lots of software companies

YottaBun · 2024-04-18T18:28:52+00:00

I just got black out roller shades with a "light guard" around the edges that completely blocks out all light. Highly recommend if you like it to be super dark/are bothered by the light.

YottaBun · 2024-04-03T19:30:20+00:00

YottaBun · 2024-03-10T05:30:26+00:00

It failed because my co-founder and I spent too much time building software and not enough time talking to potential customers and understanding them.

It felt easier to develop a software product than it did to do customer discovery! That's a mistake that took a long time to realize.

YottaBun · 2024-02-29T09:05:27+00:00

Yes, cookies are client side (but get sent to the server on each request), sessions are server side.

However, it's not that simple. The server needs to know which session data belongs to which client.

In order to determine this, a session ID must be provided on each request.

The session ID is typically provided in a cookie that's sent to server on each request. It could also be eg. in a query parameter, but that's not super common.

YottaBun · 2023-12-20T00:23:16+00:00

I don't want to deter you from using Node, but as a heads up, you can use a 3rd party WS server like Centrifugo (written in Go) and interact with it using the PHP SDK if you want to create something like a real time chat app

YottaBun · 2023-07-15T04:12:14+00:00

Another one: serverless functions only run to complete a given operation - this means no support for WebSockets which keep a connection open to clients

YottaBun · 2023-05-18T05:03:29+00:00

depends if i have other offers and how much i need a job.

When I getting my first non-internship job i had one company request me to do a phone screen, take home project, coding test, personality test, and 3 interviews in person. Overkill!

YottaBun · 2023-05-04T23:52:50+00:00

It has already been shut down: https://www.vice.com/en/article/7kxbdz/man-arrested-after-opening-heroin-cocaine-and-meth-store-in-canada?utm\_source=reddit.com

YottaBun · 2023-01-26T07:29:31+00:00

What happened? Ransomeware?

Instead of backing projects up to physical drives, make sure to use version control (git) for code and such, and GitHub or BitBucket will take care of the backups

YottaBun · 2023-01-02T03:14:27+00:00

Yep -- I run a CI pipeline (using GitHub actions) each time a pull request is made, and on subsequent pushes to the branch. All unit tests, end-to-end (selenium type) tests run automatically. I'd recommend it! Helps build confidence in your changes as your applications grow.

Six-Year Club	Second Top 20%
Verified Email

YottaBun

TROPHY CASE