by Sev Geraskin
—
Fri Jan 13 2023
Hi, I am Amelia, and I heard about this fantastic web platform that your startup has developed. I open my Macbook and type in your web address. Your website tells me it can’t be reached and gives some unintelligible error about the DNS probe. I try again and get the same message. I am going to tell my friends that your platform does not work.
Your tech-wiz friend later tells you that he made a small error in the NS configuration. It doesn’t mean much to you, and they say it’s no big deal, and they fixed it, so it’s ok.
Or, something popped up on your newsfeed about the latest DNS flood attack bringing down DNS Resolvers in the western part of the US, but boring, and who cares anyways.
Hi, I am Sean! I am about to go check out your website. I alt-tab from Call of Duty and open your site in another tab because I don’t want to close live streams I watch on another monitor. Great logo and graphics! I scroll down, but it is choppy. I click a button, and nothing happens. I click 1000 more times to be sure. This site sucks! Alt-tab back to the game.
Your web dev said something last week about optimizing your uncompressed images and videos due to their memory usage and blocking javascript. But hey, that’s not important since the website already looks good, and you need to ship a feature that your competitor released last week.
Ciao, I am Giorgia from Genoa, Italy! I heard about your excellent website. I type in your address in my browser. I see something loading… still loading… still loading… Ciao!
Your dev mentioned something about using content delivery networks more effectively and deploying to another region to improve latency. She said it was going to take two weeks. That’s two weeks too long, and the site loads fast on your laptop, so nope.
Hi, I am Sanjeev from Mumbai, and we need that enterprise tooling from your website for $999. We fill out your order form with our address and excitedly click submit. Your site surprises us with 400 error. We need that tool now, so we are buying it from your competitor.
Last week, your devs rolled out the backend address validation library since you got a lot of order spam. They tested it in US and Canada, and it works great! Particularly proud of the regex that passes on only Zip and Postal codes and fails on everything else.
Hi, I am Karen from Indianapolis! Your product is gold! I tab tab tab through your order form and click submit. Nothing happens. I click again. Nothing happens. I look up, and one of the fields is red. I guess I somehow skipped it. Oh well, I'll go back up and fill it out. But wait, my moms calling me, so I will do it later.
Two hours later: what was the name of your site again?
Your old dev left, and you asked your new dev to quickly add a product field that should only take five minutes. He did it quickly, in five minutes and deployed the new site. What's a tab order anyways?
Hi, I am Bob from Seattle. I am on the go and order a bunch of your products on my cell. I put in my credit card information. Darn it, that card is expired! Ok, pulling out the new one…. What happened to my order???!
Last week you overheard your devs arguing about ephemeral vs persistent state and potential data loss. So you asked them to keep the argument ephemeral and go back to coding. So they did.
Hi, I am Marina from Kyiv! I am in the coffee shop, and I found an open WiFi! I go to your website, enter my username and password, and log in. I order a bunch of stuff and put in my credit card information. I love your site!
Next week: My credit card is blocked. :( Who ordered all those purchases for $10,000?
Your operations folk claim your site is secure and show you an encrypted end-to-end ordering process. They uploaded the certificate to your server. The site works so well that users can access it via HTTPS and HTTP.
I am Cheng from Vancouver! I am using your service to stream how-to videos from the library PC. The library is closing, so I've got to run.
Two months later: I didn't watch any of those videos. Why am I getting those usage upcharges?
Your engineers quickly implemented token-based authentication. The design's key features are the storage of tokens in persistent storage without an expiration date.
Hi, my name is unimportant, and neither is my location. I go to your website and signup. Your site returns ?customer_id=5000. Then, I go to ?customer_id = 4999, 4998, 4997… My pet bot got the emails and addresses of all your customers.
Your junior dev shipped authentication. Only authentication.
Salut, I am Annette from Lyons! I integrated my client with your API, and the client is fetching critical data for my application. Now, I get calls from customers saying my app does not work. The API calls take over 20 seconds or time out. I am losing customers!
Your devs quickly wrote queries for your single-instance SQL database. The queries work, even without indices, JOINs, or LIMITs.
Hey, I am Mike from Toronto! My app now uses your API. What a terrific product!
A month later: My app is broken. What’s wrong with your API?
Your dev released all kinds of goodies and features. All are deployed to the one API version to rule them all. Who needs contracts, anyways?
I am Emma from Philly! I integrated my open-source app with your API. My engineer created an API integrator module with production API credentials and pushed the module and credentials to my public repo.
A week later: You are charging me $20,000 for usage?!!
Your API request logs have all kinds of funny IP addresses. Emma from Philly issued millions of requests from all sorts of locations. However, your devs are working on features, and your single operations guy is burning the midnight oil, just keeping the lights on.