← Back to context

Comment by carlhjerpe

3 days ago

https://www.xkcd.com/1737

If you're OBVIOUSLY not the target audience you don't have to dismiss it because it doesn't fit your usecase. There's probably a thousand "apps" where this is just fine for every one "Sry we work with the government or are planet scale apps" you're talking about.

It's exhausting to read dismissive online dick-measuring comments, if you have the issues you're explaining you already know this doesn't apply to you. It's on the same level as "Bro I asked a question to an LLM and it gave an interesting answer and I'm unique because nobody but me can ask questions to LLMs like I can" style posts.

2 comments

carlhjerpe

Reply
jameshart  3 days ago

I don’t think I was being dismissive, I was just pointing out the lack of universal applicability of this suggestion.

It is my experience that many people do not realize that it is possible not to have developers just connect to prod databases with admin privs.

Pointing out that there comes a point where this sort of approach isn’t the norm is part of how people who reach that level of scale learn that. https://xkcd.com/1053/

And that level of concern isn’t reserved for planet-scale - once you have a couple of million dollar contracts on your B2B SaaS platform you should be taking production data ops seriously enough that this sort of approach is unlikely to make sense.

And I shouldn’t need to say that user privacy ought to be a concern even for small operations.

  • carlhjerpe  3 days ago

    > It is my experience that many people do not realize that it is possible not to have developers just connect to prod databases with admin privs.

    Dismissive, everyone knows this but they probably can't be arsed/don't care

    > Pointing out that there comes a point where this sort of approach isn’t the norm is part of how people who reach that level of scale learn that. https://xkcd.com/1053/

    Not everyone has these ambitions

    > And that level of concern isn’t reserved for planet-scale - once you have a couple of million dollar contracts on your B2B SaaS platform you should be taking production data ops seriously enough that this sort of approach is unlikely to make sense.

    Sure, but you're talking about "seriousness" with the same dismissive "I'm better" tone here again, your usecase and the business you work for doesn't reflect what everyone else is doing

    > And I shouldn’t need to say that user privacy ought to be a concern even for small operations.

    Depends a lot on what PII you're collecting. But rather than stating "You shouldn't collect PII you don't need" since I don't know your usecase I'll say "I try to minimize the PII I collect so I don't have to deal with these issues yet".