A warning to business owners and managers, you are a big part of the problem!
Published on 2022-01-13. Modified on 2022-11-03.
In my last couple of articles, mainly So-called modern web developers are the culprits and Is the madness ever going to end? I have written about some of the major problems with so-called modern web development and I have addressed the issues to the developers themselves, which is where I think most of the blame lies. However, in some cases the business owners and managers are the true culprits. They are the major driving force behind the bad decisions, so if you're a business owner or a manager looking for the quick fix, I advice you to read this article carefully.
The issues I am about to address in this article are serious matters and it is something I have seen more than once.
I am an entrepreneur myself and I am currently involved in a business venture with a company that had burned their fingers badly just before we went into business together. So, this article is not just a rant, it is an attempt to make a serious matter manifestly clear because it is at the root of the problems. If you're a business owner or manager and you haven't read my previous articles, take a moment and go read them before you continue, then come back to this.
I am blaming the developers for the problems we're facing, but in some cases the developers have no choice, they are being pushed by the business owner and/or manager.
The thing I have heard over and over again from business owners and managers is this sentence:
We need to get something up and running quickly, then when we're making money, we can make it better, add security, and fix any issues.
Let me try to help you understand why this is such a catastrophic way of thinking. If you are going to build a house, you first need to build a solid foundation. If you mess that up, then no matter how much money you have made, when you start to see cracks in the building, you cannot fix it by simply mending and bending this or that, you need to tear down the house, remove the bad foundation, and then build a new house on top of a new solid foundation. It's the same situation with technology and software.
This illustration is what you get when you go for the quick fix. Sure, you've got something up and running fast, but it's not going to last in the long run.
This drawing represents what you get when you follow the "modern way of web development".
Allow me to address some of the major issues I have had to clean up at a client more than once.
-
Unsolvable security issues
These types of security issues lies in the huge dependency hell you have to deal with when you make your software depend on one of the famous but complex and heavy frameworks. And by framework I mean all of the modern big timers whether on the back end or on the front end.
These monsters make you productive quickly, but they are build on top of a ton of sub-modules, many which have a serious lack of developers and mountains of issues waiting to be solved.
I place these under unsolvable security issues because I haven't seen a single time where a developer who used any of this where himself or herself able to fix the issue, on the contrary, they had no choice but to sit and wait until someone else would fix the problem.
Every single time you import code into your project and no one has reviewed it and understood it, it must be flagged as a supply chain attack vector, and this is a serious issue. I have personally seen business owners suffer greatly by these kinds of problems.
Update 2022-11-03: See Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack as a new example.The solution is to avoid complexity like the plague and build as much software in-house as possible. To have a solid documentation implementation that ensures that everything gets documented in details. To make sure that when you depend on outside software (this cannot be avoided and also doesn't make sense to avoid completely), you go for the simplest and most discrete solutions. Small reusable libraries rather than big frameworks.
Don't assume that because a framework or library is popular and open source, then many people will see the code and quickly discover security issues. It doesn't work like that. Very few people spend any time reading other peoples code.
Hence, the simpler you make things, the easier it is for everyone to truly understand what is going on beneath it all.
-
Major performance issues
This is almost a given in so-called modern web development. When you choose to run on something that is horribly slow, such as Rails or Django, you will not only need to require much more powerful servers, but you will also require many more of them. That is, if you end up having a successful business with lots of customers.
When something like this happens, you can choose to throw more hardware at the problem, but this is also when you start to seriously regret your shortsightedness because now, instead of running on just 4 servers, you need 21.
So your quick fix got you up and running fast, but the long term consequence is serious. And this is not only from a financial perspective, you have to take into account the impact your machines are having on the environment. In the future I am sure that companies who don't account for the environment will end up loosing customers because nobody will want to deal with a company who acts so careless. We're not there yet, but I believe we will get there eventually.
What is that you say? "We deploy in the cloud or go serverless, we don't need to run on our own servers!" Keep reading.
-
Getting locked in and facing up to 4 to 10 to 20 times the normal expenses
This is when you follow all the hype and trends and believe that because everyone else is doing it, it must be right.
"Let's go cloud! No wait, let's go serverless!". Woooo! We're so cool right!? Wrong!
Even though the words "cloud" and "serverless" actually have a specific meaning and are not fully buzzwords, they are still buzzwords in a business sense because the cloud and serverless is just managed servers. It doesn't matter whether you choose Amazon or someone else. Depending on the plan you choose, you'll either get shell access and/or a nice GUI and then there follows the ease of deployment. One incredible nice feature is the automatic deployment of more servers if the need suddenly arises.
What you might fail to realize is that all of this is a trap. It's a trap to lock you in because Amazon (and all the others) know full well that once a customer depends heavily on their services, and once a customer has build his entire infrastructure on the cloud or serverless, he cannot easily get out of the situation when the wheels are rolling.
You don't want to find yourself in a situation in which you need to migrate everything from a heavy dependency on cloud or serverless back to self-managed servers - even though self-managed servers are much cheaper. It is always many time more difficult to migrate than it is to build for self-management from the beginning.
A single entrepreneur who is also making all of his software himself may benefit from a cloud service because then he doesn't have to worry about server deployment, but as soon as you see any serious growth, you will start to see a serious bill.
-
Bad customer experience
This is a major one too. So many websites performs horribly even though they only serve text and images. They are slow at loading and unless you use the latest Chrome or Firefox they sometimes will not even work correctly.
Not only does your service force your customers to use specific browsers in order to use your service, but the bad experience will not go unnoticed. Some will complain, but most wont even bother doing that, if your service is slow or annoying to use, you lose.
-
Bad working environment
I don't know why so many business owners and startups feel a need to look upon the team as "one big family" that have to do a lot of social activities together. Nothing of this matters. People have family and friends they want to spend their free time with, they don't want to spend it with you.
But that's not the issue, the issue is that social activities, free bars on Friday, and what not, is supposed to make up for all the lousy choices you have made when you forced your developers to work with crap and didn't listen to the advice you got. This is creating a bad working environment in which people just stop caring. You have to go to work, sure, but you don't have to like it, and you don't have to take responsibility.
Listen to the advice you get from your developers, especially in the beginning.
And don't follow in the trap of "ease of work". In the past 20 years we have gone from a need to make software simple and performant, to an ease of development because hardware was cheaper than developers, and now we have reached the bottom of the pit where we find that what matters most is hiring cheap and low-skill programmers.
Greed is fantastic right? Money, money, money. The funny thing is that all the bad choices you make in the beginning because you want to save time and money comes back and bites you in the ass. In the long run you pay dearly for that.
I could properly go on and on for hours, but I will stop here with one last advice: Stop going for the quick fix. You need to think long term not short term. No amount of will power or money (unless you're really loaded) can make up for your mess when you have to do everything over from scratch, which is what I have seen multiple times.