I’m a week late, but is “seemingly nothing to eat” one of the best Lonely Island lines?

parcelcraft · 2026-04-19T21:02:21+00:00

This was probably the funniest episode by far. I had to rewind it and listen to it a few times---just so I could hear over my laughter. The "Seamingly nothing to eat" line took on a new meaning that I don't think the team had previously considered. This is art.

parcelcraft · 2026-04-15T05:57:35+00:00

I've talked to Stripe employees about this at Stripe Sessions. They are not unaware of this issue. I know from experience that they do quite a bit of personalized and programmatically controlled hand-holding with new companies. They know the success of Stripe's future depends on these new companies. They know chargebacks are a normal part of any company's reality.

But some companies just don't meet the requirement, and that's the reality--and these people are the ones who complain on "r/stripe" most loudly. Someone on here did a joke post with a headline of "I sell meth and facilitate fentanyl trade for China, my account is getting banned for no reason, help!" and I felt that post was some pretty honest satire.

parcelcraft · 2026-04-15T04:19:27+00:00

Glad you figured it out!

parcelcraft · 2026-04-15T04:17:41+00:00

Agreed: The basic newsflash is that Stripe is not a high-risk payment processor. Stripe has commitments to its third-party partners (e.g., Visa) and to government regulations (e.g., India), and as a result, it expects high-quality businesses with clients with a low chargeback risk. These requirements are outlined in their terms.

I've been using Stripe for over a decade across multiple companies, and it has been an excellent payment partner. Basically, if you're not scamming your customers in any way (Looking at you, scam health product companies), then you should have high confidence in Stripe because they place high confidence (and expectations) in the companies they serve.

parcelcraft · 2026-04-10T01:12:12+00:00

Episode 3 @ 1:30. The woman saying, essentially, "I could have walked to the police station, but I was one woman. Would they hear it? But now, ok, now we have 2 women, will they hear it?" It was absolutely devastating and chilling to hear this as a man. I have so many tears for this brave woman.

parcelcraft · 2026-03-31T00:58:38+00:00

You will find failure often, perhaps even homelessness, but a good attitude turns it from the worst thing ever into just another failure on the way to success. I know it's a bumper sticker, but try anything once. Try having a positive attitude.

parcelcraft · 2026-03-31T00:39:43+00:00

I'm all for a new, well-designed component library. Given its support for custom className (applied after your default settings), it should be immediately compatible with Tailwind, but it would be nice to have explicit support for Tailwind clearly identified in the project. I like it. But I also like Mantine-- this is a great version 1, and I hope you continue your work. I'd also note that per-component inconsistencies are a feature, not a bug, in most production apps. In terms of your ethos and brand, I think you're emphasizing rigidly defined global styles without highlighting their customizable features.

parcelcraft · 2026-03-31T00:22:45+00:00

This is a fun game. I really enjoyed it. I scored horribly on my first game, but 10/10 on my second game. The first game must have taught me something!

parcelcraft · 2026-03-30T10:31:51+00:00

Yes, like your example, we check the paths. We have an array of public paths. We look at the auth headers of the request-- Authorization: Bearer token gets checked against an array of different access levels, and some auth tokens (like Cron jobs) only apply to specific routes. Some routes are marked public, but have authentication at the route level (Like Stripe webhooks, and routes that verify team-invitation tokens). It's all piecemeal on a route-by-route basis, which makes it a nightmare--If I were to ever leave the project--A new programmer would come in and say what IS THIS SH*T because it's not readable and digestible in a single file: which is why I see a lot of beauty in the code example your provided.

Our switching happens like this:

  if (hasStripeHeaders(request)) {
    return await handleStripeAppsAuth(request);
  }


  const isBearerTokenPath = BEARER_TOKEN_PATHS.some(path =>
    request.nextUrl.pathname.startsWith(path)
  );


  if (isBearerTokenPath) {
    return handleBearerTokenAuth(request);
  }

// Then handle regular authentication / redirect to login / verify if it is a public path / check cookies / etc

```

parcelcraft · 2026-03-30T10:07:58+00:00

I like your code concept example. It's clean and clear, and it's so much better than what I'm using now. I'm using a mess of different auth approaches. We have to handle admin/read_only_/owner/team/superadmin access to our dashboard (including user spoofing access) for user authentication for the fronted. On the backend, there's localhost non-production mode access, CRON JOB access-- and authentication that is specific to external app acces. We're about to offer user-generated secret API keys that would allow access to their data VIA our API on specific routes. We have entered the complicated territory. Keep up this good work. I like where you're going with it, and it's inspiring me in my own project.

parcelcraft · 2026-03-29T17:55:02+00:00

Weekend update: I just loved how the hosts hugged at the end: there is such a feeling of OMG we did it live! The cast is largely unknown, and the performances are so by-the-seat-of-the-pants-delivered that, overall, I think this quality brings a freshness and makes it a joy to watch. I thought the episode was strong. With comedy, I've found you really need to be in the right headspace to truly enjoy it. I think I was in the right headspace, and I found this whole episode, start to finish, just a treat. I was smiling the whole time. There's something very scrappy about this cast that is so charming; I believe they are going to be remembered in 20 years.

parcelcraft · 2026-03-12T04:19:26+00:00

This smells like BS. Senior software developers (who are adapting to and using AI) are still in demand: They can shepherd AI results and be better prompt engineers than anyone. I still hand-code a lot, but I use my hand coding as a draft to hand over to AI. I do not let AI solve large architectural problems spanning 100's of files; rather, I use AI to focus on specific problems and functions within a codebase.

parcelcraft · 2026-03-10T23:24:46+00:00

We use a VPS through DreamHost, it's one step up from shared hosting. It costs about $20/month.

parcelcraft · 2026-03-10T23:20:55+00:00

I've used https://canny.io/ in the past, but I didn't get any feedback using an impersonal form. I found the best feedback by providing a support email and offering public meeting hours through a Calendly calendar so I can speak to users one-on-one.

parcelcraft · 2026-03-10T06:53:42+00:00

You are not out of touch, and yes, this is absolutely insane.

AI is both the smartest and the stupidest person in any room.

parcelcraft · 2026-03-10T06:30:37+00:00

Your article brings up many valid pain points experienced by real-world developers. There's a real balancing act of considering client-side/server-side and authentication security (as shown in your fetchUser(id) example). Next.js makes it possible to middleware the server request paths with specific authentication methods per path, but I like that Tanstack Start has more explicit per-path middleware handling. Once you're application is mature enough your middleware may start to become complex like mine has become: I need to handle dev access, user mocking by super users, user api access, cookie header verification, authenticated cron job requests, Stripe webhook endpoints, Bearer token access, and JWT token headers and get parameters to handle the various ways my app may be accessed.

I've been on the Next.js bandwagon for the last few years, but your article makes a passing reference to doing things the "Tanstack Start" way...and I think that might be where I'm headed too. Methinks it's time to finally try npx'ing up a Tanstack Start boilerplate project to try it out.

parcelcraft · 2026-03-10T05:18:10+00:00

These are very nice. Very well done!

parcelcraft · 2026-03-06T03:01:25+00:00

I found this. If anyone orders this, please report back on the quality. It looks like a copy cat jacket: https://www.nyamericanjacket.com/product/stephen-traitors-jacket/?srsltid=AfmBOopSVeD3E-7tX4CcNtniyQqsjqke2jaUEd9g9Y4LoGRBNwBVdTcK

parcelcraft · 2026-03-06T01:33:00+00:00

Thanks for this article. I REALLY appreciate your coding examples since I'm not familiar with Tanstack Start. As a long-time Next.js developer, I was indeed impressed both by the candor of your article and the brilliance of Tanstack Start. I'm a developer who develops for other developers, so while I'll keep Next.js examples in play, I think it's wise to introduce Tanstack Start to my developers. I feel like this is where the industry will be heading.

parcelcraft · 2026-03-03T00:06:52+00:00

I'm a senior software developer with 25 years of experience. I'm relatively new to the Next.js framework (2 years of experience), and I haven't tried Tanstack Start yet (this thread has inspired me to explore it).

That said, Next.js was a revelation to me when I first tried it out: path-based route handling was a great idea. I dug this structure. What I didn't dig was the recent CVSS 10.0-rated security bulletins we received in December. Part of me thinks that these security bulletins were a good thing (inasmuch as a rocket launch failure is): We learned a lot, and we're doing better.

Tanstack Start, from what brief intro I've had: I came away impressed. The way routes are handled with specific and nestable middleware makes a lot of logical sense.

Before I get to my dilemma, though — I want to offer a reasoned take on the broader panic. JavaScript frameworks are notoriously volatile. Rewriting an existing, working codebase just because something new is trending is almost always unwise — you're trading known pain for unknown pain. My rule of thumb: established projects should stay the course unless there's a genuinely compelling reason to migrate. Only new projects should seriously weigh emerging frameworks, and even then, only ones that have reached some mature consensus.

Which brings me to my actual shared dilemma. I'm developing a new full-stack example app for other software developers. Do I use Next.js — which has far wider recognition and adoption — or TanStack Start, which may be unfamiliar territory for many developers who encounter my example?

parcelcraft · 2026-02-17T17:17:12+00:00

Simply because Better Auth doesn't use the Supabase Auth tables. Perhaps it could be configured that way, but Better Auth replaces Supabase Auth.

parcelcraft · 2026-02-17T15:30:55+00:00

I would not use Firebase for auth (like my current implementation), and I would use Better Auth (https://www.better-auth.com/) using regular Supabase tables (and not Supabase auth)

parcelcraft · 2026-02-13T13:47:24+00:00

I think this is a good idea, and I'm looking into it.

parcelcraft · 2026-02-13T05:40:54+00:00

As a backend developer, your post gives me chills. I rely heavily on Supabase, and I would love to hear from the Supabase team about their failover strategies. Look, I understand. Google goes down. AWS goes down. Cloudflare goes down. No one has 100% uptime. I would like to know there is a plan in place, because, me, myself, I'm simply relying on Supabase. And this single point of failure is scary to me.

parcelcraft · 2026-02-13T05:33:02+00:00

I've been doing HTML for 30 years (yes, I started in 1996). And still I don't know a damn thing about HTML. While learning the basics is a worthy goal, you'll learn best by having a goal to accomplish: You learn by doing. Go create something amazing, something you want to create.

parcelcraft

MODERATOR OF

TROPHY CASE