Most web frameworks do both at the same time to the point where having to write code which enforced a type contract after deserializing is a delabreaker for me. I eant to be able to define my DTOs in one place, once, and have it both deserialize and enforce types/format. Anything else is code smell

I'm in the same boat. I mostly write Rust and Python. Using serde_json and Pydantic, you get deserialization and validation at the same time. It allows you to de-serialize really "tight" types.

Most of my APIs are internal APIs that accept breaking changes easily. My experience with protobufs is that it was created to solve problems in large systems with many teams and APIs, where backwards compatibility is important. There are certainly systems where you can't "just" push through a breaking API change, and in those cases protobufs make sense.

> My experience with protobufs is that it was created to solve problems in large systems with many teams and APIs

Also significant distribution such that it’s impossible to ensure every system is updated in lockstep (at least not without significant downtime), and high tail latencies e.g. a message could be stashed into a queue or database and processed hours or days later.

I think people are wary of moving to gitlab because its a similarly large platform and dont want to repeat their mistakes

Gitlab works fine for me. Been using it at work for a few years and recently moved all my personal repos there

What mechanisms do you have to allow people to remove their comments from your databae

It's A16Z, they definitely had an LLM recommend a set of books that nobody there has actually ever read. Except maybe Snowcrash

it's interesting that staying up to date with your dependencies is considered a vulnerability in Node

Having a cooldown is different from never updating. I don’t think waiting a few days is a bad security practice in any environment, node or otherwise.

But only if most of everyone else doesn't do so.

People who live on the edge of updates always risk vulnerabilities and incompatibility issues. It’s not about node, but anything software related.

The every day practice of software engineering has little to do with the academic discipline of computer science. What makes a good software engineer is not usually the same thing that makes a good CS major

Sure, but basic CS knowledge is an expectation in much of the software field (albeit less since the mid-2010's javascript boom). A lot of companies aren't going to hire you if you don't know the basics of data structures and algorithms

The skills required to get hired and the skills required to do the job are, again, not related

but then you wind up with an entire repo, or an entire engineering team utterly hobbled by a lack of expressive typing (or advanced concepts generally) and debased by the inelegance of basic bitch programming.

Disclaimer: I'm not the OP, and there are certainly places where using recursive type definitions is justified.

My interpretation of OP's point is that excessive complexity can be a "code smell" on its own. You want to use the solution to match the complexity of the job and both the team that is building it and the one that is likely to maintain it.

As amused as I am by the idea of a dev team being debased by the inelegance of basic bitch programming, the daily reality of the majority of software development in industry is "basic bitch" teams working on "basic bitch" problems. I would argue this is a significant reason why software development roles are so much at risk of being replaced by AI.

To me, it's similar to the choice one has as they improve their vocabulary. Knowing and using more esoteric words might allow adding nuance to ideas, but it also risks excluding others from understanding them or more wastefully can be used as intelligence signalling more than useful communication.

tldr: Complexity is important when it's required, but possibly detrimental when it's not.

I thought shaders just needed to be compiled to spir-v

My comment was specifically about cross-platform. Apple operating systems don't know what spir-v is.

Oh well sure if you're targeting apple as a platform you're gonna have to deal with their special snowflake graphics API

I wish Apple had made a point to support Vulkan. I know about MoltenVK and all that fun stuff, but for a time, there was a graphics API that worked on all of the major platforms: OpenGL.

Vulkan was meant to succeed OpenGL, and despite my annoyances with the API, I still think that it's nice to have an open standard for these things, but now there isn't any graphics API that works on everything.

People have gone to jail for less than this lol

A fairly minor breach of copyright?

Or, if you take the view of the court in the case of Andrew Auernheimer (weev), it exceeds authorized access and exfiltrated trade secrets

That is somewhat different as it required brute forcing IDs and his conviction was overturned (although the reasons do not establish a clear precedent).