Josh on Tertulia: "Back in my day…Back in my day, you didn’t have to learn CSRF, CORS, and TLS to get a website running, you’d just slap some PHP tags into your HTML, maybe a head block at the start of your page for a database connection, and Apache would dutifully host your" / Tertulia

Back in my day…

Back in my day, you didn’t have to learn CSRF, CORS, and TLS to get a website running, you’d just slap some PHP tags into your HTML, maybe a head block at the start of your page for a database connection, and Apache would dutifully host your slapdash, insecure website, and it would mostly work on the Internet. Not so today — every step of the way building even this simple microblogging platform has been a learning experience. I realized while refactoring Apollo’s password reset and recovery endpoints that it probably took me several weeks to figure out what was going on with Http4s’ CSRF implementation well enough to create the middleware that does what I want: attaches the CSRF token to the request so that it can be rendered as HTML to a form. Meanwhile, I forgot about several design decisions I made early just to get the forms working, also before I’d written my cookie-based flash message system. I remember my first web application: I downloaded a PHP “login system” system someone had posted to a forum… somewhere, and I wrote an online game. I knew even fewer of the parts. In terms of web application software, I really do feel like I’m at the pinnacle of my abilities: I am skilled in type safe, functional programming, I know the web stack all the way down to the wire and all the way up to high-level, complex single page application frameworks and architectures. Never wrote a compiler, though, and my current side project (to this side project) is to build a Hack computer from transistors.

The little guy’s at daycare, time to make the donuts 🍩