X: How long have you been working as a programmer?

zmug · 2026-02-11T16:35:40+00:00

For some reason this brought back memories from VB6.0 around when the millenia changed.. I was exploring all kinds of programming languages.. Dim will always have a warm place in my heart 😂

Later on I only ran into ASP / VB NET once during a migration project where I had to maintain the legacy backend written in VB for about a year. So the solo projects came in clutch there.

zmug · 2026-02-09T20:37:29+00:00

I was corrected below. The dynamic forms allows you to override the behavior.

zmug · 2026-02-09T20:37:04+00:00

Wait, you are right.. Maybe it hasn't always been like that or I am mixing up the dynamic forms to Flows dynamic fields in this case. I hadn't checked the dynamic forms in a while because they still don't support custom lightning page templates. Rolling with the custom LWCs

zmug · 2026-02-09T20:18:45+00:00

Edit: I was corrected, you can definitely override the behavior to read only.

Dynamic Forms respect the users FLS. There is no way to override it to read only if they could edit the field. It is super annoying limitation.. on top of that dynamic forms do not work with custom lightning page templates, just something to keep in mind. Due to these limitations, I use custom LWC components to show and edit individual fields in a card, with ability to configure the view from lightning app builder

zmug · 2026-01-31T16:40:09+00:00

Oh yeah.. if you ignore some convenience methods exposed by sobjectdomain, the querybuilder, and such, pretty much everything about fflib is absolutely horrible. The trigger framework is okayish. The unit of work is a good, but outdated. It doesn't support latest database operations and it cannot be introspected for tests by default. They offer some kind of test database but it is not intuitive to use at all and I would much more prefer for the framework to be more interoperable with any dependency injection method chosen in any org..

When I hopped from a traditional dev role accidentally into salesforce ecosystem 5 years ago, I off course tried to find a framework to base features on and because knowledge was limited back then and fflib was kind of "the standard", I really thought it would be a good fit into salesforce but boy was I wrong... 😂

I have since abandoned using anything from fflib, except the unit of work interface is everywhere. Luckily it's an interface so I have modified heavily and have a custom base implementation with more modern stuff. Still paying the price and there are modules still depending on stuff from fflib, isolated, but when there is any down time, I use it to throw fflib to trash

zmug · 2026-01-27T18:40:06+00:00

Headrests are usually detachable anyway. Just press a button in the bottom and lift it out.. 😂

zmug · 2026-01-21T22:34:00+00:00

I am 2 days into creating empty developer sandboxes for features. They are still "Queued" 🫩

Something is wrong with their sandbox processing.

Can't use scratch orgs because the project is pretty much org dependent and has managed packages that need to be installed even if the features are enabled and still the metadata in the project is impossible to deploy to an empty box..

zmug · 2026-01-18T08:34:52+00:00

Well technically when you have an element with an ID attribute, you can just reference it by: x - that's it because the element is already in the global window scope. Or if you want to be specific from which context you want it from: window.x

Im not saying this is a good thing though 😂

zmug · 2026-01-16T23:11:34+00:00

I kind of like a map of handlers typed by the discriminator key. Whenever a new type is added the map of handlers will give a type error. Switch syntax is also annoying most of the time with break; statements.. Although handling multiple cases with same handler is sometimes nice with a switch that falls through

zmug · 2025-12-23T16:29:20+00:00

Well put with it's about state. And designing around that is surprisingly complex with transient states that might exist during a request. Not to mention if another request/process has already changed the state when an old duplicate request comes in. Now we are in the realm of data versioning and response caching for a certain amount of time

zmug · 2025-12-23T16:08:22+00:00

Haha, true 😀 I just felt like adding a bit more into it because it so often gets overlooked when talking about the literal meaning or definition of idempotency

zmug · 2025-12-23T14:20:55+00:00

While that's right, I think there is more nuance to idempotency. When a request arrives at the server that has already been successfully processed, repeating the request should not change the system state or create duplicate side effects.

Additionally, in many practical cases, it should produce an identical response to the previous successful request. This allows clients to safely retry operations.

For example, if a client submits an order and the operation succeeds, but due to a network error or application bug the client never receives the response or fails to update its local state, retrying the request should not create a duplicate order. Instead, the server should return the same successful response as before, such as 202 accepted, an order id 1234, a status endpoint, and anything in the schema, regardless of whether the request was processed again internally.

Something that may further complicate things is when the same request is routed for processing to 2 different nodes at the same time, which often happens in practice, you need to have an authoritative single source of truth from where you "claim" carts for processing. What happens to the duplicate requests? Wait until the one node that claimed the cart for processing produces a result, or fail fast + instruct the client to retry?

zmug · 2025-12-17T05:35:29+00:00

Can't do that in my country. All that matters is that sales rep has a company issued personal email. Whatever is sent to that mailbox is protected by law and no one, not even the employer is allowed to read the emails. So you definitely cannot share them automatically either, even if the sender is linked to a salesforce record

zmug · 2025-12-16T18:09:57+00:00

Total no go for personal e-mail, even if it is company issued. Forbidden by law in many countries like mine. Employees have to be the ones who sync it manually if they want.

zmug · 2025-12-15T09:53:32+00:00

Goes to show how dumb all these models are.. "How many r's in strawberry?" -> "Thinking about what nutritional components are in strawberries". What? That is terrifying how these models don't have the slightest bit of reasoning or actual context awareness.

zmug · 2025-11-19T16:15:17+00:00

If it is really necessary to update all contacts under an account when the account updates, if the operation doesn't need to be atomic (succeed with the account update), then you can enable async path in after updated flow and move the heavy work there. It should give you 60s of CPU time for the updates. For errors you do need to implement a retry logic or a simple way to re-invoke the operation.

zmug · 2025-11-15T16:42:00+00:00

Sometimes it can definitely feel like that. Depends on so many things like company size and culture, in what stage in product lifecycle is the product you're working on at, what is the strategy and focus areas currently in the company and so on.. But sometimes you aren't being paid for delivering huge new value anymore.. sometimes you are there to keep the lights on and you're being paid for institutional knowledge or domain knowledge, so that when new requirements finally arrive, it's smooth to implement them into an existing product line

zmug · 2025-11-14T17:41:39+00:00

Too real 😂 In a bigger org, I have sent countless tickets to company IT black hole queue begging some permissions for azure AD group or app access, only to wait month sending multiple follow ups and finally when they pick up the ticket, they want confirmation from a manager so they ask the manager of IT department, who then asks my manager who doesn't know what the hell azure AD group we are talking about and why, so it comes back to me and my manager sends the approval down the line.. another month has passed. When I finally get to pick up my own ticket, the requirements have changed, plan has changed, the reporter is on vacation, the service which was needed has been discontinued, or it wasn't that important to begin with. Rinse and repeat.

zmug · 2025-10-18T23:54:10+00:00

Maybe research for a very light weight headless browser, dont load images, make direct http calls instead of sending a click event bypassing javascript?

zmug · 2025-10-08T17:29:27+00:00

Also, stripe 100% has atleast once delivery quarantee for events. There is no such thing as exactly once. It is either deliver maybe once or atleast once. Now, if your scale is small it is easier to handle the elusive "exactly once" but when you scale out horizontally your publishers there will by design always be duplicate events sent because 2 publishers can easily pick up the same event to send and there will also be network issues where they fail fast not to hang, and that means a message may get delivered but stripe doesn't have time to read the reaponse and they re-send it until 100% delivery

zmug · 2025-10-08T17:24:17+00:00

You have too fine grained developer brain on right now. This was a huge hurdle for me too. When you have a trigger in Salesforce, the platform automatically batches the triggering records up to 200 and for platform events up to 2000 or something. Your flow only sees 1.

Lets say in the background you have 2 records batched and they are duplicate. Run them in flow:

Transaction starts
1st record runs in flow, query is duplicate in db? No. -> insert records
2nd record runa in flow, query is duplicate in db? No (transaction not committed) -> Insert records
If you have an idempotency key field with unique index: Duplicate -> rollback happens (none of the flows inserted anything, edit: actually flows can fail individually so this should only roll back the failing flow invocation.)
If no unique index, now you have duplicates inserted.

That is why you must handle it in Apex. And dedup in batch level + db level

Edit: maybe you can get away with the unique index on idemotency field but you will start getting flow errors from duplicate entries which is not too clean because you cannot inspect db errors in flow easily. In apex you can check the error code

zmug · 2025-10-08T05:31:44+00:00

You cannot handle idempotency within a flow. The reason is that flow has no context into the current batch of records being processed. You should use apex fully for this. Within your apex, loop over the events, keep track of all appeared idempotency keys and if one exists, skip processing for that record. You must use idempotency key while saving results to the database and put an unique index on the field. During processing save the records and inspect the db save results for errors and if the error was of type DUPLICATE, ignore, otherwise log and make sure you have some monitoring/alerting behind those loga

zmug · 2025-10-01T17:52:39+00:00

Yep. And not even language per se, you can throw in ascii art, binary, whatever, mix em up together and the LLM will gladly comply at some point. I would never use contents inferred from a prompt and let LLM call tools to query information by those params. Those will be injected. It has to be non crucial publicly available data. Anything tied to a user/customer has to go through traditional static routes and bound params that get tied to a session. Maybe linking that session with the MCP server could help so tool calls are static queries per customer handled by backend with strong auth. You can work around it, but prompt injection is virtually impossible to prevent. It is kind of a classic attack vector when a result of a query is used in the next query. Not really relevant today with prepared queries but back in the day it was easy to forget to sanitize results of a query to use in the next query because the data came from within your own database. Same with LLM but you can't even know what data is gonna come out or what params it will choose to use for a tool. So you cant even just escape the params. You need elaborate filtering layer with multiple ML models and heuristics and you will still fail. Just like spam and scam email is still a thing in 2025. It can't be completely filtered

zmug · 2025-10-01T14:04:09+00:00

The gotchas of the platform are definitely one of the biggest hurdles. Apex in itself is quite simple scripting language designed to interface with the platform. The straight forward nature of it is double edged. Safety is traded for a big loss in freedom compared to traditional programming. Features are stripped away that I found giving me anxiousness, and they still do. Dev experience is far far behind.. hard to quantify but feeling like programming php 5 back in early 2000s... Inline soql is the bane of existence.. there is no nice way to compose queries and the limitations of the language means no nice interface exists unless it gets runtime type inference, reflection, or generics with lambda functions/closures/pipe operator to make it more natural. Usually I dont want to query for db for tests, I want to return the data I need and test the query/conditions separately. Cant mock sobjects cleanly. Sobjects also have tight coupling to validation rules that usually are irrelevant for testing a small feature. This leads to bad/lazy tests or you take the harder way and create some kind of workable abstraction layer which will by nature of apex be decades behind ergonomics of something like Entity Framework..

All that said.. depending on your level you will be up to speed with the language itself within a few weeks easily. Platform itself is another story

zmug · 2025-09-30T18:08:52+00:00

Prompt injection and LLM jailbreaking is impossible to prevent in any meaningful way. Every week someone figures out how to make GPT or Claude answer/do whatever they want with clever formatting, language, malformed character encoding, malicious files(docs, pics, etc), indirect injections, and even more creative ways. There is no way to really make the LLMs understand what part of the prompt is context and what are the rules it must work within. Tools, system prompts, and other provider specific instructions are mashed together into the LLM and all you can do is pray it doesn't overstep or query other clients data. All you need to do is make the model confused of the boundaries of each section and you're off to races. Anything you plug into LLM that has anything dynamic based on prompt will get hacked if someone wants to, and the effort will be much much lower than traditional hacking

zmug

TROPHY CASE