Justin Searls, an expert in build vs buy decisions, talks about implementing POSSE in response to the stratification of social networks. Topics include dependency selection, building vs buying software, analyzing dependencies, transforming personal website into a central platform, syndicating content on social media, the anti-social nature of social media, and inviting thoughts on build versus dependency selection criteria.
Minimizing dependencies and prioritizing self-reliance in projects can reduce risks and vulnerabilities.
When making the buy vs build decision, consider the specific context and requirements to determine the most efficient solution.
Assessing the number, reputation, and maintenance of dependencies helps reduce risk and ensure long-term viability of the code base.
Deep dives
Importance of Self-Reliance in Dependency Selection
When selecting dependencies, self-reliance is a key principle to consider. It is important to minimize the number of dependencies and assess the total cost of ownership. Relying on numerous dependencies creates a chain of trust with strangers and increases the risk of security vulnerabilities. By prioritizing self-reliance, developers can keep the likelihood of their sandcastle getting knocked over to a minimum.
The Trade-off of Buy vs Build
When it comes to the buy vs build decision, the ability to fully leverage existing frameworks and languages plays a significant role. Modern frameworks and expressive languages have improved to the point where rolling your own solutions can be more efficient and effective. However, there are still certain areas where buying a ready-made solution makes sense, such as when the problem is a common one with existing solutions. The decision to buy or build should consider the specific context and requirements of the project.
Considerations for Dependency Selection
When selecting dependencies, it is crucial to assess the number of dependencies and their surface area. Having an excessive number of dependencies, especially with complex dependency trees, can increase the risk and maintenance burden. It is essential to evaluate the reputation and maintenance of the dependencies and ensure that they align with the project's goals and values. Closely examining the dependencies and understanding who maintains them can help reduce the risk of relying on vulnerable or deprecated code.
Importance of Minimizing Dependencies
Minimizing dependencies is crucial because having a large number of dependencies can lead to version resolution issues and potential dependency conflicts. This can hinder updates and limit the flexibility of the code base. Additionally, libraries with zero runtime dependencies can signal higher quality and competence, as they indicate that the code is more self-reliant and focused on solving a specific problem. Avoiding wrapper libraries, which often introduce unnecessary complexity and can be difficult to replace, is also recommended.
Considerations in Selecting Dependencies
When selecting dependencies, it is important to consider their maintainability and future viability. The nature of the project and the dependability of the libraries play a role in determining their healthiness. Libraries that are well-maintained and actively developed are more likely to provide long-term support. However, it is not always easy to predict the future of a project, so it is essential to assess factors such as the level of activity, the responsiveness of the maintainer, and the likelihood of abandonment. By understanding the purpose and characteristics of the dependency, developers can make informed decisions about incorporating it into their code base.
Jerod goes one-on-one with our old friend Justin Searls! We talk build vs buy decisions, dependency selection & how Justin has implemented POSSE (Post On Site Syndicate Elsewhere) in response to the stratification of social networks.
Changelog++ members save 9 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
Statsig – Build faster with confidence. Startups to Fortune 500s rely on Statsig to make data-driven decisions. Ship smarter and faster with the unified platform for feature flags, experimentation, and analytics. Our listeners get free white-glove onboarding, migration support, and 5 million free events per month.
Neon – The fully managed serverless Postgres with a generous free tier. We separate storage and compute to offer autoscaling, branching, and bottomless storage.
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.