Readit Newsvincejos commented on I Dropped the Production Database on a Friday Night vince.beehiiv.com/p/how-i... · Posted by u/vincejos
(Supabase ceo)
We do not push devs not to do migrations - we would strongly prefer if everyone used migrations and declarative schemas.
Especially at the scale that OP is at (see maturity model: https://supabase.com/docs/guides/deployment/maturity-model)
While I don’t question the maturity model in itself (which I read after the incident and that’s why I started gitting migrations just after), I realized it was harder than other Supabase features for it to work well, especially when you start working with other features than just authentication and Postgres.
In particular, webhooks and triggers don’t work out of the box. So maybe it’s not pushing in a particular direction but at least I’d argue it’s not nudging you to do it because it entails some hours of custom setup and debugging before the CLI commands like supabase db diff actually work as intended in my experience. But I know the Supabase team is improving it every release so I’m thankful for this work!
vincejos commented on I Dropped the Production Database on a Friday Night vince.beehiiv.com/p/how-i... · Posted by u/vincejos
Yeah, the whole thing is full of AI-isms. Started skimming and every other sentence has one.
"Picture this: Panic mode activated. You heard that right. But here's what surprised me the most" and so on. Ugh.
I tried to have a conversational, story-telling style, maybe that's why you think there are lots of "AI-isms".
But I take this as a feedback for the next editions: less fluff, more straight-to-the point writing. Thanks!
vincejos commented on I Dropped the Production Database on a Friday Night vince.beehiiv.com/p/how-i... · Posted by u/vincejos
I'm sorry, but there's "move fast and break things" and then there's a group of junior devs not even bothering to google a checklist of development or moving to production best practices.
Your Joe AI customers should be worried. Anyone actually using the RankBid you did a Show HackerNews on 8 months ago should be worried (particularly by the "Secure by design: We partner with Stripe to ensure your data is secure." line.
If you don't want to get toasted by some future failure where you won't be accidentally saved by a vendor, then maybe start learning more on the technical side instead of researching and writing blogspam like "I Read 10 Business Books So You Don't Have To".
This might sound harsh, but it's intended as sound advice that clearly nobody else is giving you.
Thanks for the feedback, I really appreciate it. Rankbid and other projects I've made, I built from scratch myself. They have strong, solid, technical foundations. Try them for yourself, even try to hack them if you want if it proves my point.
This was not the case of Joe AI. I joined later in the project, and the foundations where even weaker than what is shown in this newsletter (no API endpoint authentication whatsoever, open bar, for example) and so I had to secure and migrate everything myself when I joined them. This was what the Supabase migration was trying to accomplish. Before I joined, they didn't even have a database but I won't get into the details here.
Before Rankbid, and the other products I've built, I've worked at a B2C startup with millions of users and never caused a big outage there, I've been programming for more than ten years, and I have a double degree in computer science, and while I agree with what "should be done" in theory for production level apps, sometimes, you need to move very fast to build great startups. I've read many technical books in my life such as Designing Data Intensive Applications, High Performance Browser Networking. I know the theory, but sometimes you just don't have the time to do everything perfectly. That's what I try to expose in this blog post. I also wanted to share a humbling experience. Everyone makes mistakes, and I'm not ashamed of making some, even after years of software engineering.
My newsletter is about the intersection of programming and business. You might not find the "business" part interesting which is fine, but I think what you call blogspam has real value for engineers who have never sold before in their life and want to learn the ropes. I spend a lot of time writing each edition, because I try to respect the time of my readers as much as possible to deliver some actual insights (even if there is a bit of fluff or story telling sometimes).
And for Joe AI: it has since become much more secure, and is progressively implementing engineering best practices, so customers don't have to worry.
vincejos commented on I Dropped the Production Database on a Friday Night vince.beehiiv.com/p/how-i... · Posted by u/vincejos
>Here's the technical takeaway: Never use CASCADE deletes on critical foreign keys.
The technical takeaway, as others have said, is to do prod deployment during business hours when there are people around to monitor and to help recover if anything goes wrong, and where it will be working hours for quite a while in the future. Fridays are not that.
When you are a 3 people startup, I'd argue there is no such thing as "business hours". I worked every day back then. I'll concede that the "Friday Night" part in the title might be a bit clickbait to that regard.
vincejos commented on I Dropped the Production Database on a Friday Night vince.beehiiv.com/p/how-i... · Posted by u/vincejos
Once you’re at a point where some of your business depends on it, you probably want the things like backups they provide…
Definitely! I had just finished the migration back then so that's why we were still on the free plan, but we had planned on enabling even PITR
vincejos commented on I Dropped the Production Database on a Friday Night vince.beehiiv.com/p/how-i... · Posted by u/vincejos
Did I read that correctly? They’re on Supabase’ free plan in production?
We’re just getting started and we’re even in Supabase’ paid plan.
Why do you take the paid plan when getting started?
vincejos commented on I Dropped the Production Database on a Friday Night vince.beehiiv.com/p/how-i... · Posted by u/vincejos
I hope the poster will learn about transactions at some point. Postgres even lets you alter the schema within a transaction.
What I learned, once upon a time, is that with a database, you shouldn't delete data you want to keep. If you want to keep something, you use SQL's fine UPDATE to update it, you don't delete it. Databases work best if you tell them to do what you want them to do, as a single transaction.
I use transactions all the time for my other projects and I've read the great Designing Data Intensive Applications which cover the topic of linearization in depth.
vincejos commented on I Dropped the Production Database on a Friday Night vince.beehiiv.com/p/how-i... · Posted by u/vincejos
> Scale your organic traffic 100% automatically with AI-driven, auto-published SEO blog articles.
If it's auto-published, how can anybody know that what was published is factually accurate?
IMO all AI-generated works still need a human editor, to smooth out the style, fact-check, and confirm that what's being published fits the brand.
I suppose it's possible that you can use multiple AI agents for this. (Have one do the research, another the writing, a third the editing and brand-alignment, etc.) But, still, as somebody who runs a company, I'd never greenlight this. It's too risky. And that goes double for images, which are very difficult to get right in a professional/business context.
I'm being charitable here and am not going to dwell on how this sort of thing harms the commons and can poison the internet with bad information.