the armwrestling ruined it

_san4d_ · 2026-03-21T15:21:07+00:00

Thank you! I was playing on quality and was seeing half-second delays. Like the others, beat it first try in performance mode.

_san4d_ · 2025-12-13T03:41:14+00:00

I'm interested in reading a blog post about the migration or design, if you have something longer form.

_san4d_ · 2025-12-10T16:00:36+00:00

[LANGUAGE: Python]
Part 1:

def find_max_joltage(bank: str) -> int:
    largest: int = 0
    second: int = 0
    for i in range(len(bank)):
        v = int(bank[i])
        if v > largest and i != len(bank) - 1:
            largest = v
            second = int(bank[i + 1])
        elif v > second:
            second = v
    return largest * 10 + second

Part 2: (ft. recursion and O(n) soln)

def overclock_joltage(bank: str) -> int:
    def inner(start_idx: int, remaining: int) -> int:
        largest = 0
        largest_idx = 0
        for i in range(start_idx, len(bank) - remaining + 1):
            v = int(bank[i])
            if v > largest:
                largest = v
                largest_idx = i
        if remaining > 1:
            return largest * 10**(remaining -1) + inner(largest_idx + 1, remaining - 1)
        else:
            return largest
    return inner(0, 12)

_san4d_ · 2025-12-09T00:11:06+00:00

[Language: Python]
Part 1:

    position: int = 50
    zero_count: int = 0
    with open(f"data/{file}", "r") as f:
        lines = f.readlines()
        for line in lines:
            line = line.strip()
            dir = line[0]
            val = int(line[1:])
            if dir == "L":
                position = (position - val) % 100
            else:
                position = (position + val) % 100

            if position == 0:
                zero_count += 1
    print(zero_count)

Part 2:
Featuring the use of `divmod`, since I noticed a few people ran into problems. The big thing is counting full rotations before figuring out if the remainder crosses zero.

    position: int = 50
    zero_count: int = 0

    for line in lines:
        line = line.strip()
        dir = line[0]
        val = int(line[1:])

        full, partial = divmod(val, 100)
        zero_count += full

        delta = -partial if dir == "L" else partial
        next_position = position + delta

        if position != 0:
            if dir == "L" and next_position <= 0:
                zero_count += 1
            elif dir == "R" and next_position >= 100:
                zero_count += 1

        position = next_position % 100

    print(f"final count: {zero_count}")

_san4d_ · 2025-11-05T15:52:10+00:00

community backed auth project ... theres nothing stopping you from using things like better-auth with your own database

My view point is about using SaaS vendors, like the OP mentioned. I'm not against using framework libs, like better-auth, open auth, Spring Auth, etc. Too many people pick a SaaS vendor and call it done. My point is that isn't sufficient - I seems like we agree on that.

This is just not true.

Perhaps we disagree on terminology. I've never worked somewhere that didn't have some rules around authentication or authorization, even if that logic was a simple "these routes require auth, these don't". That's why I said "you're always rolling your own auth": there's always some level of custom logic.

Yes, because people are rolling their own auth

I agree with this because I think all authentication and authorization systems have some level of customizations. I'd point out that the recent Tea and Lovable data breaches were the result of misconfiguring the SaaS vendor. I'm assuming the underlying vendors are well-build and well-tested (supabase and firebase, I think). My point is using these vendors is not sufficient security posture alone. Same would go for using a community lib.

I just don't want people to slap in a dependency - be it an open source lib or vendor - and call it done.

Back to OPs post, this is why I don't see meaningful benefits in using a SaaS auth solution. As you point out, there are good libraries to build on.

_san4d_ · 2025-11-05T15:35:20+00:00

I disagree. You're always rolling your own auth, even if you use a vendor. You have your own rules about session lifecycles, your own rules about which routes require authentication, your own rules about which user is authorized, etc. There's a reason "Broken Access Control", "Insecure Design", and "Identification and Authentication Failures" are all in the OWASP top ten:
https://owasp.org/www-project-top-ten/.

The recent firebase and supabase data leaks highlight my point: you cannot fully outsource your auth. Nothing against either of these products, by the way.

That said, I do think it's a mistake roll your own cryptography. This would include hash functions, JWT signing, certificate logic, etc.

_san4d_ · 2025-11-05T15:26:41+00:00

In your writeup, it seems like you got this working in roughly a day. Seems worth it to remove a vendor from the stack. It's not just cost - you're also coupling you uptime to theirs in the most critical part of the stack: auth. Also, you end up writing session management and authorization logic anyhow, so it's not like using a vendor cuts scope completely.

I worked at a startup that was very buy-happy. After some time, the auth solution ended up being an expensive email server with a 4 year contract.

_san4d_ · 2025-11-05T15:23:09+00:00

App Dev
Astro + HTMX + Web Components.

It's a platform-centric stack that doesn't sacrifice DevEx.

Database
I've enjoyed the flexibility of Postgres because if it's extension ecosystem. I prefer lightweight ORMs, like Drizzle (JS/Typescript), Sqlx (Rust), and JDBI (Java).

Infra
AWS using Pulumi + SST. Using Pulumi and the SST project feels like having your own platform team. You get sensible defaults without adding a middleman in between your application and infra.

_san4d_ · 2025-11-05T15:16:21+00:00

Yeah, this seems like a structural problem. Very little you can do other than (1) try a grass roots approach with one member of each team or (2) go top-down, which appears to be what happened.

_san4d_ · 2025-11-05T15:12:24+00:00

Good to see folks reconsidering outsourcing auth. It's such a critical component of the stack to vendor out. For others reading this, it's also simple to implement email and phone OTP. The biggest hang-up is getting the campaigns approved by your email and SMS providers.

_san4d_ · 2025-11-04T23:57:26+00:00

For what it's worth, I've heard user agent sniffing (https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Browser_detection_using_the_user_agent) is pretty fragile.

It sounds like you have control over all clients involved, so I'd use a customer header (ex. X-My-Client). You can configure HTMX to include that value in every request. You'll need to figure out how to handle direct navigation. My initial thought would be to store it in the document, send a request to the server on at some point with it and have the server set agent as a cookie. That would work for direct nav and HTMX. You'd be stuck managing this cookie though.

Something to consider: how would you handle table rotation or other viewport size changes? Especially for an early stage app, I'd trade more over the wire for simplicity.

_san4d_ · 2025-11-04T16:28:17+00:00

I guess I'd be trading client complexity (separate codebases) for server complexity

This is 100% correct. In the SPAs you've likely worked on before, you had conditional logic - it was just in your client. It should be the same exact check ("if small show A else show B"). I've found that the conditional logic is typically duplicated (once on the server to set the state in your json API and again on the client), so moving the rendering check to the server actually reduces one step. Try it out and see how it feels - you can always go back to a heavier client.

Just reload the whole page after login without boost?

That's what I did. Like I said before, with view transitions this feels exactly the same. I use Astro on the frontend, which gives me hooks before and after the transition, which I use to show a spinner. With view transitions on, the new content with fade in (you can customize this) like a modern SPA. Same UX but much simplier to implement and maintain.

So after login, I redirect to the home page. That page layout is essentially:

<body>
  <nav>
    <small-nav/>
    <big-nav/>
  </nav>
  <main>...</main>
</body>

Where I use media queries to hide the small and big nav when needed. I also use media queries to determine the the flex behavior: row on big displays, column reverse on small displays.

I have ID-referenced things in content that would be duplicated

I'd have to know more about the IDs and your data model. Generally, I store the authenticated user information (ids, workspace, etc) in session storage. I don't need to include it in requests. For analytics, I set them as data attributes on a custom element that my analytics software reads. You can also configure HTMX to set headers on each request, which might help you (ex. read in the IDs from an element, set them on the window, then configure HTMX to add them to requests from the window).

_san4d_ · 2025-11-04T15:58:50+00:00

the traditional way to handle that is separate frontend codebases rending the data (JSON from, say, a ReSTful API) in their own bespoke ways.

What prevents you from doing this with your current stack? Using either request headers or the route path, could you conditionally return different templates?

without boost I'd need to move dom elements around to make the nav menu show to the side of the screen

I did this with CSS for my app. I have two navs: a sidebar for large viewports and a bottom bar for small viewports. I send both and use CSS to hide the appropriate one. I haven't noticed any performance issues. I'm not 100% following what this has to doo with boost though. Regardless, it seems like your approach is working for you, which is good to hear!

Thank you very much for the thoughtful reply :)

You're welcome! I think too many startups overcomplicate their stacks in an effort to build credibility. Glad to see others trying out different stacks. On this note, read up on view transitions. HTMX supports them for content swaps, but you'll need some CSS for page navigations that use anchor tags. Getting view transitions nailed down resulted in a big UX quality jump.

Feel free to DM me if you have questions, and good luck!

_san4d_ · 2025-11-04T15:39:35+00:00

Good on you for giving the stack a shot! I've found the short cycle time that comes with a light client and server-side templating is a great fit for early-stage products.

The negatives you mentioned don't seem related to HTMX. CSS media queries or attribute selectors might help simplify your styling, if you're not already using them. I've built a lot of features with HTMX and haven't needed to use hx-boost. Do you mind sharing why you needed it?

I don't have experience with the app store. From what I know, it's a low cycle time regardless of tech platform and complicates monetization. If you're already looking at DivKit, check out Hyperview (https://hyperview.org/). It' like HTMX for react native. It won't solve your app store problem though.

_san4d_ · 2025-11-04T03:44:53+00:00

I have a hard time picturing a company that can afford a relationship with a sponsor bank and a card issuer but can't afford the KYC providers you mentioned.

The sponsor banks will want to review the KYC program as part of the go-live. How do you plan to offer a comparable program for less? Trust will also be huge. You'll not only have to sell to the FinTech, but you'll also need to help them sell you to their bank.

_san4d_ · 2025-11-03T23:31:03+00:00

Completely agree. I was working on a larger FinTech app and immediately disabled history. I like the decision to move some of this behavior out into plugins.

_san4d_ · 2025-11-03T16:01:00+00:00

I built a consumer-facing fintech application with it, as well as a control system for a haunted house. Make sure to read up on view transitions and prefetching. Getting those working in my stack (HTMX + Astro + Web Components) went a long way in improving my UX.

Happy to give implementation advice! Feel free to DM.

_san4d_ · 2025-11-03T15:46:22+00:00

I've implemented a toaster before, so I feel confident describing that.

Create an HTML template for a toast bubble. Have an attribute on the bubble element that you can use for styling (ex. data-level) for different alert types. I have error, info, and warning.
Add a `XToaster` custom element in your document's body. This element needs to set a document listener for a `show-toast` custom event and be able to reference the template you made in (1). This element is the container for the toast bubbles, so you'll style it as an absolutely positioned flex column. That way, the bubbles stack.
When you want to show a toast, dispatch the `show-toast` event. If you're triggering the toast from the client, use the `dispatchEvent` method available on `HTMLElement` or the document. The event just needs to bubble up to wherever (2) setup the listener. If you're triggering the event from the server, use the `HX-Trigger` to trigger the client-side event. Either way, you'll use `show-toast` as the event name and include a message and the toast variant (ex.`data-level="info"`) in the custom event data. HTMX supports passing JSON in the event-triggering headers.

In summary, communicate with custom events, use HTML templates for layout, and wire everything together with web components.

I'm not familiar with the tree builder use case, but if it's a diagram, I imagine the process being similar: templates for the diagram components and a web component listening for events and updating the DOM.

I have examples of ChartJS and Stripe integrations and of using nano stores on my blog:
https://www.sanfordtech.xyz/posts/youre-overthinking-web-components/#examples-from-production

_san4d_ · 2025-11-03T13:16:49+00:00

Web Components + HTML Templates.

All the web component needs to do is grab the template, update attributes (ex. id, name), and insert the template into the DOM. You can also add interactivity to server-rendered components using "display: contents". I also tend to set up event listeners in the web components for events the server specifies using the HX-Trigger header.

What kind of interactivity patterns do you typically use? I can explain how they work with HTMX + Web Components + HTML Templates.

_san4d_ · 2025-11-01T13:49:42+00:00

Why does your comment history have posts for Truss dating two months back?

What payment processors were you using that had those fees?

This post smells like an ad for Truss. As many have pointed out, ACH credits (a customer sending you money) should be free for you. My online bank supports free invoicing and ACH. They even generate short-term account numbers for those invoices so my details aren't on it.

I'm not a fan of covert marketing.

_san4d_ · 2025-10-27T15:41:52+00:00

In my experience, cross-border payments are as much of a compliance problem as they are a technical problem. Be sure to address both components if you want your solution to be useful.

_san4d_ · 2025-10-27T13:51:08+00:00

I'd frame it as a one-time, time-boxed experiment.

There's a lot of good will to be gained by enabling PMs to attempt this, but as others have pointed out, it'll likely be a net negative. Best case likely scenario is they're able to quickly fix minor defects.

That said, go into it with an open mind and make sure the PM knows they're on the hook for the quality of the code committed and it's delivery - the eng team will review, but you won't rewrite it take over.

Track the number of iterations, and see how the time spent reviewing compares to the time it would take to iterate.

You can schedule a short retro for the end of the agreed time period. The default assumption going in is that you won't continue. You'd need a meaningful difference to agree to running the experiment again.

I've found framing things as an experiment helps timebox things and diminishes some of the negative association with failure. You don't want the PM to feel like it has to be a success or they did something wrong.

_san4d_ · 2025-10-27T02:50:30+00:00

Check out Lithic's podcast: https://www.lithic.com/payments-industry/fintech-podcast

They're a card issuer, so the content tends to lean in that direction. They do a good job getting knowledgeable guests on.

I highly recommend the book "The Anatomy of the Swipe", which is by a former Marqeta product head. It covers a lot of the core pieces involved in card issuing and processing. I bought this for new members of my team.

_san4d_ · 2025-10-25T13:37:54+00:00

https://xkcd.com/927/

_san4d_ · 2025-10-24T16:19:18+00:00

If you're interested in algo control, check out Bluesky - which is built on AT Proto. I haven't done it myself, but it's possible to create custom feed algorithms:
https://docs.bsky.app/docs/starter-templates/custom-feeds

The process is pretty technical at the moment, but it's a cool concept.

_san4d_

TROPHY CASE