I've recently built a web app with Node and the time we spent solving problems which have already been solved a thousand times is astonishing. Things like picking an ORM, having a proper database migration system, running a test suite. It's actually quite depressing when you come from Rails where everything is working coherently out of the box.

The fact that there is no standards in the Node ecosystem make it a bit more painful. You have to carefully choose between many different libraries to solve your problem. Some of them are in TypeScript, other still use callbacks, etc. We basically had to glue together many libraries to get something working. All those hours could have been spent building the actual product and delivering value to our customers.

Hope they will ship many more releases!

React is okay as a front-end but without a full stack framework, the current state of Javascript is like stepping back into 20 year old PHP development, where everyone just hacks together anything they can find with no structure, no convention, and no security.

There was some initial burden I admit with NodeJS but I have at least got to the productive plateau (with TypeScript). Once you figure out the pattern that works for you, it gets simpler. The inventing part is what drives most developers crazy, and it did for me too. It's perhaps too non-restrictive but well, hopefully there's somebody in your company showing you the right way. And you don't want to install every basic package by hand? But have them already included? You understand that adds quite a bit of bloat to projects that have no need for eg CORS or body-parser. And "code hacked together" is only a problem with bad programmers, you can get working and secure code with NodeJS, it just needs thought put into it. And yes, Rails has advantage with this but I think you made that argument clear.

Instead of making the argument "NodeJS is bad" you should aim that at the frameworks of NodeJS. SailJS was a good attempt at Rails but it's way too restrictive with its patterns (and sadly the documentation is not good). Deno looks promising and I hope people will be building better frameworks on top of that.

In the Ruby ecosystem, Rails will get you very far. In Python, Django will do the same. PHP –> Laravel. Scala –> Play.

JS does not have an equivalent, and the community seems to actively dislike the approach. That's fine, a monolithic framework approach isn't always the best option, but in the Node ecosystem it's not even an option on the table.

Perhaps because Express & Koa were "good enough" there never was a large enough momentum behind say SailJS to make it work. Nevertheless my experience with ORMs or scaffold generators has been that I always feel they are one custom use case away from turning from time-savers to time-sinks. When you write your own SQL and implement your own models/services or whatever abstraction you decide to use, you get a much deeper understanding of what is going on than just trusting your framework to do it for you. And is that good or bad? That is certainly a topic for debate.

This is interesting to me, because Ruby has Sinatra (and others) that compare well to Express/Koa. Python has Flask which is very popular, as well as a number of fantastic alternatives. These ecosystems have very mature, well designed, small web frameworks, but still people choose the larger frameworks in these ecosystems, and all of the frameworks get good maintenance.

I wonder if it's a cultural thing in the JS ecosystem. Maybe the ease of publishing a package creates a race to the bottom in terms of package scope, which makes it so difficult to sustain larger more all-encompassing packages.

I've worked with Ruby+Rails/Sinatra/Cuba, Python+Flask/Django/Bottle/Sanic, and Node+Express, and when I was in the Node ecosystem I sometimes really wanted that Rails/Django equivalent – not always, but the lack of it would cause me to avoid Node for large backend projects.

If you need complex relationship models, ObjectionJS sits on top and will auto-manage relationship tables and all that nasty stuff for you.

I'd echo the sentiments of the other developers here. Building a backend or full-stack app in Node is painful at every step of the journey. You're writing basically everything by hand, while using sub-standard orms and route handlers.

I've decided I like React enough to continue using it. But I'll be sticking to Rails for the backend.

It's not clear to me why people make this choice with node when after you choose it you are left to solve solved problems from scratch. Chosing node is the explicit choice to enter an ecosystem that does not have good cohesive solutions to basic problems. To do things that could be done easily with a framework like rails the very hard way.

My point was indeed that there is no real Rails equivalent in the Node ecosystem. Something mature which is supported by a large community over many years. Django, Spring Boot, Laravel, Phoenix play such a role in each of their language.

In Node you have to come with your own set of libraries, structure and convention, which is not the most efficient way to start and maintain a project. I agree that more senior programmers might avoid most of the common mistakes, but still you might spend time discussing little details such as structure and conventions. Frameworks such as Rails make at least some of those discussions irrelevant and allow you to quickly move on.

That was the entire point.

Deno is not a framework.

As in building frameworks on top of Deno, like Express/Koa/etc are built on top of Node; Node is not a framework either

In the end I think Rails and Node have different purposes. I would still use Node for proxy-style servers. Something with a small and focused scope which has to scale.

For business intensive apps with a large scope, Rails-like frameworks are still way more productive and robust even if they are less trendy for the moment.

The current frontend state is another story indeed. Frameworks like Ember tried to bring the same Rails-like structure to the frontend world but it isn't as popular and trendy as React for whatever reason. I think it's very costly for frontend teams to reinvent a coherent structure, convention etc for every new project. At least React has brought the same way of thinking in the frontend industry.

Regarding Node.js, however, I would say the pain is not worth it. For the same purpose I would now reach for Go (for networking stuff) or Rust (for high performance). This is after several years in a Node shop.

React bringing the “same way of thinking” in the front end industry may be true now, but it definitely was not the case for many years. I saw three or four react projects and they were architected very differently, with different routing, different state patterns, different approaches to updating backend state, different build systems, etc.

meta: I won't mind _this_ comment being downvoted since we're so far afield from the OP, but it's worth it to me to clarify intent in responding to a friendly peer.

[1] Technically, Node didn't invent server-side JavaScript; Netscape's application servers supported a version of the same idea in the '90s, back when Netscape was still a thing. But there was a long period where JS was effectively ghettoized as a language for browser scripting only, and Node is what broke it back out of that.

and

a generation of programmers that grew up on Javascript thinking it would be cool to write JS on the server too.

It's funny because many frontend web developers are keen to point out the distinction between Javascript, HTML and CSS and the importance of why HTML and CSS are distinctly different mark ups. Yet will then discuss frontend and backend code as if it's the same beast.

Maybe this opinion is an age related thing though. I've been publishing websites since the 1990s ('93 I think my first site went live). So I've always seen frontend and backend as separate entities - as they were for most of the web's evolution.

"The right tool for the job", yes, of course -- but why would you insist that a particular set of traditional architectural constraints must needs be permanently enforced at the level of language and runtime? Being locked into a "3-tier architecture, server-side" perspective is a common trap for many senior developers. As is dismissing the real (and amazing) progress and expansion of possibilities inherent in the accelerating changes in front-end technology. Of course there are ignorant juniors. Of course the signal:noise ratio in the world of modern web and mobile dev is suboptimal; there's so much churn and noise and froth. But also progress, evolution, improvement. To write it all off, clinging to comforting notions that what we mastered a decade or more ago is the best -- let alone only -- way to do it?

"The difficulty lies not in grasping the new ideas, but letting go of the old."

1. it was too difficult to get any other language first class support for browser scripting (the reasons for that are obvious)

2. frontend developers wanted to reuse the same language for front and back (often because they simply didn't want to learn another language).

Let's also circle back to my point about the right tools for the job. Javascript has always made some sense for frontend development - it might not be the best designed language from an academic perspective but it suited browser scripting well enough to get the job done. Plus in the early days we didn't need anything particularly pretty anyway. But JS definitely did not suite backend development when Node was first being deployed. In fact I'm pretty sure Node was just a hobby project where some guys thought "Chrome's JS VM can run headless - lets see where this takes us." (this part may be incorrect but I have a vague recollection of that being the case). However without tools like Docker nor any decent way of running parallel execution stacks (nor a first class web server supporting Node ala mod_perl / mod_php / phpfpm / et al) it meant Javascript was simply not a good language for backend development for a relatively long time because the tooling wasn't there and the language lacked the primitives to compensate (like how Python, Perl and Ruby could all self host their own threaded web server).

These days Javascript still doesn't support threading but it does have other primitives that do a reasonable job of compensating. Plus with tools like Docker, you can always scale sideways when your application failed to scale upwards. The tooling around JS has improves, the language itself has improved and the way we host web sites has also evolved (eg cloud environments running containers vs VMs or even bare metal servers running web servers written in C++ which spawn language VMs as separate processes). The whole landscape of backend development had to change as well as Javascript itself before it really because a first class backend language.

So to summarise, yes you're right to and extent. But you answer a subtly different question: "why is node still popular?" rather than the question I was answering: "why did it become popular?"

Ironically it was the popularity that gave node the momentum to improve; rather than node initially being good that gave it popularity (though obviously node improving would have had a snowball effect on node's popularity as well).

Definitely a fair point about addressing the original question. IME, node _became_ popular in part because it allowed web developers to start solving problems themselves, directly, using a language they already knew [albeit a kind of terrible/problematic language at the time], to do things like CLI scripting for automation of tedious FE dev workflow tasks (a la Grunt and bower), or standing up dirt-simple web servers. At that point the floodgates had opened. With the concomitant (and ongoing) shift in architectures toward executing more and more of the application on the client side (with hugely popular services like gmail and google maps demonstrating the power of "Ajax"), the rest became almost inevitable. With Node, like Javascript in general, the quality followed the popularity, as world-class engineers set to fixing and improving what was available to work with, to shape it into something better-suited to the task. The process might even be ~akin to selective adaptation in biological evolution.

nodejs is JavaScript bindings for libev. http://software.schmorp.de/pkg/libev.html

Other comments listed npm modules with Rails equivalents, so I won't repeat.

The one thing I got out of nodejs is becoming reacquainted with working closer to the metal. Minimalism for some HTTP endpoints (what the kids call REST) can be fun.

Rails, PHP, nodejs et al, J2EE, etc. I've got no dog in this fight. Each is uniquely terrible. I hate them all.

https://sailsjs.com/

Just my two cents, I would be happy to hear some success stories from it though.

- Parcel is like if Webpack were a build system and not a programming language to create a build system with. - Vue has good set of solutions. Nuxt is a nice version of "here's what you're probably going to want, already glued together." - If Deno ever becomes a thing, it will be cool.

It feels like maybe if we're lucky, in five years, there will be an ecosystem for modern JS that doesn't suck.

I personally prefer callback convention, but it's not the only paradigm. Primises/Futures, and async/await is also very popular.

Node.JS makes you think async, which has a learning curve, but I prefer that over multi threading locks and data races.

Go is also great. But I think JavaScript is much easier.

Use Angular on the client and something server side in Node and you're set.

Use Typescript and you'll be able to refactor easily too.

Nobody uses just React+Express w/o TS for something serious.

Yup. Because there is no Rails-like framework in NodeJS.

>Use Angular on the client and something server side

That "something server side" is the entire problem. In 2006 if you're writing a web app, the answer was Ruby on Rails. In 2019 the answer is "Angular or React or Vue on the front end and something server side". No generators, no scaffolds, no auto-generated migrations, no opinions, no ORM, no standardized way of doing anything, no naming scheme, no guidance. Just "something server side".

If I said "use Ruby to create a web app" you'd load up Rails. If I said "use Python" you'd load up Django. If I said "use NodeJS", you'd just... list all your NPM packages?

To be honest I wouldn't suggest Node as a solution for your backend which is probably why I said "something server side" because when I think Node I just think of a thin API wrapper that uses an RPC to call your Java services or what-have-you. The only reason you even do that is to give the FE people something to mesh data together from services for their clients while you can keep backend APIs generic. Luckily graphql will start to replace that convention.

Makes me want to build such a framework in TS... but why would I do that when I can just use Spring. :)

I agree though that using TS and not worrying about actually defining types can be great. I do think you can run into sort of wandering inference bugs or cases where other peoples' types can be poorly defined, but that's a rare problem in my experience and well worth the benefits you get otherwise.

Anyway, I'm definitely not trashing TypeScript or suggesting no one should use it or anything. I almost always start new projects with it.

As an example, I spent quite a long time investigating ORM libraries for relational DBs, and the projects that were half dead were the majority.

Knex was suggested by everyone, but at that time the project leadership was changing so the future was uncertain. I settled on Sequelize, which had most of the functionality, but several points did not make sense:

- the documentation is hard to search

- I had to create a PR for sequelize-cli (separate module, that is not recommended for production!) to get the same functionality of `rails db:create`

- the syntax was changed to use Op instead of strings for security, in a minor version

- the way associations are defined is weird at best

- no support for ES6 in the cli, so all migrations are ES5

Etc.

And this is just for an API server. I looked into the frontend part and it was so much work.

I am still using Node for server processes when I have to, but I wouldn't recommend it over Rails. The way you can generate a simple app that does something useful, configure it and deploy it to Heroku in few hours is unchallenged.

Doesn't matter if you're coming from outside or not, no one can predict the future.

For example winston was probably the most recommended logging library (14k stars) and was a good recommendation at one point. But then they decided to do a rewrite for v3 which introduced a ton of bugs and incompatibilities. I spent several days trying to get it to log in the old format and failed and ended up downgrading back to v2.

This is a recurring theme in the js ecosystem (another example is react-router which is just a huge piece of shit and no one should depend on it despite its 37k stars).

Put on top the fact that NPM doesn't want to deal with version conflicts and installs 173 versions of the same package and you get a huge directory full of security warts.

The JS ecosystem is just immature.

No one does, they just throw it in production and hope whatever way they figure out how to get the thing they need done at that moment doesn't burn them later.

What anm89 says is on point. All solutions available are awful in their own special ways. If a router solution _is_ needed, and there's no chance you can't just rely on the browser history API, imo stick with RR despite it's major downsides, because at least there is the major benefit of vast community support; all solutions seem fairly shit otherwise (just cross your fingers you don't need to do any React Native work that needs a routing/navigation library cos hoo boy it's a shitshow)

They have a react version. I experimented with it in one of the small projects i worked on. My experience was positive.

Most importantly, it's API is simple and easy to use.

https://github.com/frontarm/navi

The backend was written in Go, and I just ran go build and it worked without problems. The fact that it just worked without me having to change anything shows how important backwards compatibility is to that community.

The past few weeks I've been working on a backend Typescript project, and the number of packages I've seen that don't use semver or any similar versioning system makes me cringe. I even saw one that wore this as a badge of honour in their README :s If you release a library and you don't have a sensible versioning system, you are just making life harder for your users. (I'd argue for a CHANGELOG too - the GitHub releases section doesn't count)

[0] https://github.com/gajus/slonik

[1] https://github.com/mmkal/slonik-tools

Action text in RoR <=> DraftJS (Isomorphic ReactJS plugin with server side rendering), Froala (compatible with most of SPA frameworks)

Active Record in RoR <=> SequelizeJS (ORM), Slonik(Non-ORM, my recommendation) in NodeJS

Action Cable in RoR <=> WS, Socket.io 2.0 (recommended)

DraftJS - https://github.com/facebook/draft-js

Froala - https://www.froala.com/wysiwyg-editor

SequelizeJS - https://sequelize.org/master/

Slonik - https://github.com/gajus/slonik

WS - https://github.com/websockets/ws

Socket.io - https://socket.io/

Put another way, you're exactly right, it is apples to oranges, or a better analogy might be a Porsche to a Pontiac. Why would you ever choose the thing which is inferior in almost every way?

You should have a look at things like adonisjs.com to get a better comparison. I am not saying node-based tech is better or worse, but to dismiss all nodejs server side and say Rails is better at everything is not a healthy attitude, especially regarding the shaky history of the Ruby language itself (eg. The whole RubySpec thing).

And; how can node be inferior in every way when it isn't even the same kind of entity? It seems you are barking up the wrong tree.

It is a testament to how successful Rails is when it is hard to distinguish it from the programming language it runs on. Congrats to them.

I didn’t realize that Github ran mostly on Rails until this article and was kind of surprised given the scale of the site and Rails reputation for performance.

It’s a great reminder of architecture/design truism: if your site is not inherently performance bottlenecked, then you problably shouldn’t let language or framework performance be the sole deciding factor in choosing or whether to migrate to a platform. Unless we’re talking about >= order of magnitude difference, or a site whose user experience is being limited by performance. Perf and scalability are just one factor.

Pragmatism across many factors with perf/scale being one, and making yourself as blind as possible to technology religion, biases, personal investments, and digging beyond simplistic conventional wisdom (rails has perf issues), looks to remain a core ability for making arch decisions.

Experience can actually be a negative: I wouldn’t have a problem developing efficiently in node or coming up with an alternative to migrations for example.

But what I can or cannot ramp up on quickly the fastest is likely irrelevant and maybe detrimental when considering what’s best for a project as a whole.

Seeing comments here about productively gains from specific Rails features, and another comment saying they can’t imagine living without migrations as a built in feature, just seem like great reminders of how important it is to try and avoid making decisions relative to the experience or needs of only one or a few people.

It seems like good tech arch decisions need to consider DX issues enough to seem very similar to good UX decisions, the primary contrast being the users have very different stories and requirement scenarios.

Ryan Dahl has a speech about his regrets with Node, and most of them center around the way code is managed.

IME, the sloppiness to how code is managed in Node, combined with the lack of conventions/dominant Rails-esque framework in the Javascript ecosystem, leads to codebases where no one is sure how or why something is set up the way it is.

As annoyed as I sometimes get with Rails' forced conventions or auto-magic abstractions, the beauty is that they are consistent. With a team full of experienced Rails engineers, you can pretty much guarantee that multiple people on your team can explain the "why" behind something quickly. This is a massive productivity save, especially when you're ramping up.

https://trix-editor.org/

https://edgeguides.rubyonrails.org/action_text_overview.html

Rails is a web framework. Why does it have anything to do with a WYSIWYG editor on the frontend? There's a giant vast offering of WYSIWYG editors to choose from that POST data back to your web backend just like any other form. I don't want rails to have any opinion or "state" of WYSIWYG selection for my application.

I kinda feel like Rails had it's heyday around 3.2 or 4.0 and since then has been creating problems to solve instead of solving actual popular use cases.

Man did you pick the wrong framework.

>There's a giant vast offering of WYSIWYG editors to choose from

As someone who has tried them all, I can definitively say this is not true. Trix/ActionText is the only one that works.

>Why does it have anything to do with a WYSIWYG editor on the frontend?

Because Rails is a full stack web framework. It includes its own front-end for tons of stuff. It's opinionated and wants people to do things The Rails Way.

That's an obviously false statement. There's like a dozen react based ones alone and at least as many vanilla JS ones all over the web. I've implemented several in Rails before with image upload support. Works no differently than any other web backend.

> Because Rails is a full stack web framework. It includes its own front-end for tons of stuff. It's opinionated and wants people to do things The Rails Way.

No, Rails explicitly does not have opinions on everything. It doesn't even come with built in authentication handling, which is a pretty major web framework component. I like that it has strong opinions about things like handling the HTTP request/response, configuration, code layout, ORM, etc but leaves a lot to the user to implement. In the past they've even culled features off into their own gem when they decided it wasn't relevant enough. A WYSIWYG text editor doesn't seem all that much like core functionality to me.

  rails new app_name --skip-action-cable --skip-action-text etc...

  rails new -h  see all the options

I don't want to start a flame war here, but I think Rails (and gem ecosystem in general) is a better choice than Django, at least for SaaS apps.

These are all my personal opinions, take it with a grain of salt. Having said that, here we go:

* Authentication - it is a pain if you'd like to deviate from the standard Django User model (using username to login instead of an email). I don't like Devise either.

* Asset pipeline, even though it is not updated anymore (sprockets) and partially replaced by the webpacker, is still better in Rails

* Configuration spread across multiple files, by environment, instead of a single config.py file

* Sidekiq has a better API compared to Celery. Also, Celery's default broker is RabbitMQ, not Redis. It is really hard to find managed RabbitMQ hosting, for Redis there are plenty

* Mailer previews, small but quite useful utility

* Better security by default: Rails comes pre-configured with a bunch of security headers[0].

* Testing - Minitest and Capybara is just a joy to work with.

* I prefer ActiveRecord over Django ORM

* Rails isn't afraid to deprecate things and move forward. This isn't the case with Django, which is big on backwards compatibility. I don't like it, since it puts into a disadvantage folks who are starting new projects. Different strokes for different folks, I suppose

I could go on and on, but I remember struggling a lot with Django/Celery when building a SaaS app. I decided to switch to Rails and haven't looked back (Rails has its warts as well). YMMV

[0] https://guides.rubyonrails.org/security.html#default-headers

EDIT: Added last point about backwards compatibility

In terms of feature and ecosystem surface, there is one area where I think Django is a clear winner: Django Admin. It is a very mature part of the framework and there is a large ecosystem around it. Compared to how useful that is for standing up an MVP SaaS (especially in anything remotely enterprisey), I would find it difficult to consider Rails if I ever envisioned needing admin.

For what it's worth though, I think that Django and Rails are both exceptional choices and in terms of ergonomics, best in class. I wouldn't have complaints about the framework to coming into a project using either one.

I thought Django Admin was cool when I first set it up, but as soon as I hit a few of the issues the parent mentioned, Admin broke or became irrelevant.

It's super weird because Rails is known for convention over configuration and includes default packages for basically everything you might need EXCEPT auth and admin. Meanwhile Django removes a lot of the magic of Rails and lets you do it yourself, except for bundling auth and admin into the core product.

I have found that at least for my users, admin type functionality and views generally require a lot of custom work that is not easily turned into convention. About 4 years ago I stopped using Active Admin completely and just started using Ransack + Kaminari gems on their own. I have been a much happier with the way that pattern has worked out.

Rails has its downsides (helloooooo memory usage!) but for getting up and running fast and having a full toolkit available to get the basics done, it's a pretty amazing project.

The downside of SQLAlchemy is that it's less pleasant to use for simpler queries/tasks, so which ORM is better depends on the project. I've worked on codebases that never crossed that threshold, and ActiveRecord gave a consistently great developer experience. YMMV.

[0] https://docs.sqlalchemy.org/en/13/core/tutorial.html

For people getting started with engineering, AR is a nice wrapping/mapping of SQL => object oriented models. There's a mix of productivity, approachability, and feature set that puts AR ahead, for me, as a general use ORM.

I would agree, though, with a strong and experienced engineering team Ecto and Elixir are quite nice.

* Django has comparatively limited I18n and localization faculties compared to Rails (with Django’s i18n built atop gettext, which I always found kind of brittle with .po files/string-based keys)

* No intelligent/efficient class reloading in development. The whole development server just restarts when you make changes

* No reloader for the shell (horrible for developer ergonomics - you can't just type "reload!", you have to restart the shell to pull in any change)

* Caching faculties in Django are much more limited - no template digests (to make template fragment caching much more robust)

* ActiveSupport has also always been a god-send for productivity. It may seem small but things like “Array#to_sentence” and the time functions (i.e. 1.day.ago) are incredibly useful.

* No default assumption of multiple environments (no default development/testing/production configuration files, environment detection, etc). This is pretty ridiculous for a web application framework.

* No built in credential encryption (makes keeping a team in-sync with keys for integrations a comparative pain)

* Dependency management is much more challenging in Python. The de-facto virtualenv + requirements.txt combo is lossy (no dependency graph) and awkward compared to bundler. There are other solutions here but something so foundational shouldn’t be so hard.

Django was the first web application framework I learned and I still work with it professionally from time to time (as recently as ~2 months ago). I am just a bit stunned by how much it has fallen behind in terms of its broad state of maturity, community/ecosystem, productivity, etc.

I don't quite share the same experience with i18n though. I always found Django statical code analysis to extract translation keys to be superior in many ways to other translation systems. It is giving useful context that are stored in the PO files and good translation tools use them. I also never had any issue with string based keys. You can chose an english based key or an abstract whatever you prefer.

Some of the annoyance you mentioned, that I agree completely, are more of a language issue like: reloader, or dependency management.

For multiple environments there is a very simple pattern you can put in place using an environment variable and conditional imports. something like:

  from settings.base import *
  
  if env == 'prod':
    from settings.prod import *

Take a look at this dated doc for zope 4 - anyone who's had to fight with bundler should see some similarities - good and bad i think:

https://docs.plone.org/4/en/old-reference-manuals/buildout/b...

You can still use it today, too (but you probably don't want to):

http://www.buildout.org/en/latest/

ActiveRecord was also surprisingly slick. I'd previously mostly used Doctrine and over the years I've mostly come to dislike it. AR was fine though and had some features I liked quite a bit. Scopes are really neat. Like any ORM though there are plenty of double edged swords all over.

I'm actually keen to work with Ruby more since working on that project. Rails is really nice, even if it's a lot different from how I'm used to working. It felt very productive.

This means a lot of interesting engineering work and optimizations are out of your hands. Some people think that's a bad thing, I think it's a great thing. Depends on your goals.

That being said, I am not a Ruby developer, I am a Python developer, so I'll try to address these points as best I can from the other side of the equation.

* Authentication - this is fairly simple to address. It's a fairly easy-to-use pluggable backend. It's not very hard to write a system to replace the default which would let you log in using other credentials. Also, a few years ago you couldn't replace the default User model - that has since been changed.

* Asset pipeline - fair point, but I prefer to keep my assets separate from the backend if possible - my current work project has a backend API in django with a separate frontend repo with all the JS/CSS

* Configuration - the best solution for this I've found is django-environ[0]. Alternatively, the built-in `DJANGO_SETTINGS_FILE` environment variable lets you specify a different base config file.

* Sidekiq/Celery - The API, I'll give you, however it's fairly easy to configure Celery to use Redis

* Mailer previews - I've used mailhog[1] before. This gives you a local mailbox to test with and will be closer to your final configuration anyway.

* Better security - possibly by default, but I haven't had any issues with django-rest-framework in the past

* Testing - pytest with pytest-django is also great to work with.

* Django ORM vs ActiveRecord - I don't have a ton of experience with ActiveRecord but I like the Django ORM. There's also SQLAlchemy, but it's a bit odd to rip that out of django if you don't need to.

I like Django because it's solid out of the box, but still provides a way to extend the core to be as flexible as you want. I assume it's possible to do this with Rails, but that's not my area of expertise.

I do appreciate you outlining things you like better as opposed to just saying "Django is terrible". I'll definitely have to try Rails again and see what I think of it now.

[0] https://github.com/joke2k/django-environ

[1] https://github.com/mailhog/MailHog

if you don't have complicated statistical/machine learning needs, i'd recommend ruby on rails every time. it's so fast to get started and productive. and the language is performant enough to get you to initial success (at which point you can choose to spend money to attain greater performance).

It is a huge mountain of work you have ahead yourself if you are a newbie in both domains.

Sure you might be able to slap together a simple CRUD app following a tutorial but truly knowing what you are doing will take months, if not years. It is a huge investment.

When I first came across Ruby -- and particular Rails -- I loathed it. Ruby's syntax allows you to get pretty creative, and jumping into Rails + Rspec is like jumping into a Perl repo that's been managed by 3 different people over ten years. There's all kind of things that -- because the syntax is so loose -- it's not clear what's going on. It doesn't help (in my opinion) that Ruby's own style guide almost encourages this: dropping the "()" from functions that take no arguments; Eiminating "{}" around certain hashes passed into functions; The "!" marker having a seemingly different meaning in almost every library, etc...

When you're new to Rails and Rspec, it's easy to have no idea what's going on.

That being said, you can prototype an entire business in a few days Rails. It is that easy. It's incredibly polished. It's opinionated in mostly right ways, and all of its libraries are, too -- which means you don't often find people doing crazy shit (except Devise, everyone is always doing something crazy with Devise).

As much as I hated Rspec with a passion, I do feel like it's the best testing frameworks I've ever come across. It lets you be SUPER expressive about what you're testing.

I go against the Ruby & Rspec style guides on a few things, but I feel like no other combination let's you write code that's so expressive.

And, finally, anything you want to do in Rails has a library built in that does it very well. And unlike in -- say JavaScript for example -- there aren't ten libraries to pick from. There is a clear winner, and I think that's good for the community.

Also, almost every major API you can imagine has a Rails Gem so that it plays nicely with the framework.

Don't get me wrong, I loved Django and I still think it's a great framework. My love for Python, Elixir, and Kotlin are strong.

Ruby & Rails are by no means perfect, but I do feel like it's a very clear winner if you're starting a new web business. The number of companies I've seen flounder because they wanted an App + a website + (obviously) backend business logic... and all of that in one language, in one code base -- it's impressive. I've seen a lot of Rails businesses fail. But despite what people warn about scaling, I've never seen a Rails-based company fail because of Rails. Plenty have flourished -- Shoppify, GitHub, AirBNB, etc...

I could go on and on about the advantages WRT hiring, too. Don't even get me started...

Seems like this describes any app in any language I’ve ever worked on. Certainly Rails apps are more prone to this phenomenon because of the low barrier entry. Having worked with apps that have grown from Rails 2 through 5 (and soon 6) it’s quite possible to build Rails apps that “age well”.

Case in point for a Rails app that can age well is GitHub. When they launched in 2008 they were probably using Rails 2.0.2 (best guess based on release notes).

I am only familiar with Django and Rails, can't comment about Laravel.

If you are building a basic CRUD app, definitely stick with Rails. If you are doing some kind of CMS or need machine learning pipeline, go with Python.

A warning about Ruby/Rails: some folks have moved on to shinier languages/frameworks and as a result there are lots of unmaintained gems (gems are 3rd party libraries in the Ruby world) out there. For instance, I needed a curl wrapper written in Ruby. Nothing worked for me so I ended up forking Ethon [0]. I am hesitant to send PRs, since I doubt that they will get merged. Now I am maintaining two codebases at once. I will probably rewrite it from scratch at some time.

A warning about Python/Django: dependency management is kind of a mess [1]. See linked discussions [2][3][4][5].

[0] https://github.com/typhoeus/ethon

[1] https://xkcd.com/1987/ (Add pipenv and poetry to the mix)

[2] https://news.ycombinator.com/item?id=20672436

[3] https://news.ycombinator.com/item?id=18612590

[4] https://news.ycombinator.com/item?id=17607083

[5] https://news.ycombinator.com/item?id=13459740

Curious, why didn't something like faraday worked for you?

2. Nothing is stopping you from using multiple files for config. We use a config module with a separate file for DB, caching, DRF and etc.

3. Testing with pytest is pretty nice too.

Django rest framework is what makes Django great these days.

That said, everything is easy once you know how to do it. If this was the first time you've done this or there was research involved, it definitely makes sense that it would take longer!

I'm mostly asking bc I'm curious if you came upon a level of complexity that I simply haven't encountered.

Your complaints are valid from a subjective perspective, but if your bar for something being "a pain" is really "took longer than 10 minutes", I can't imagine how you function as a software engineer as even in Rails there are many things that will take longer to do.

That's when I decided to pick up Rails tutorial and it was probably one of the best tech-related decisions I made in my businesses.

I shouldn't use cookiecutter templates, plugins, scripts to make working with the software tolerable. It should just work and get out of my way. Well, at least when doing a greenfield development.

Take a look: https://rubyonrails.org/doctrine/

In comparison, I too could waste my entire weekend tinkering with something in Rails, but I instead choose to do things the right way and look up a tutorial to explain how to do it easily, which it sounds like you did with Rails. Why you didn't do this with Django instead of wasting weeks, I dunno.

Again, if you prefer rails for subjective reasons that's fine. But blaming Django for being "too much of a pain" just because it sounds like you chose to do things the difficult way is pretty unfair.

Every Django thread on HN usually involves a healthy amount of discussion about the pros/cons of Django, and it's really helpful. You would expect that Rails threads have a discussion about the pros/cons of Rails, right? Except instead, every Rails thread also turns into a discussion about the pros/cons of Django.

If Rails is so good then why do its users feel they have to constantly defend itself against non-existent attackers?

Ironically, the OP you're replying to is much more substantive than your own attack.

So if you are ever in a position to pick between Django and Rails for CRUD-y SaaS app, go with Rails. You can't go wrong with that.

I have seen both sides of it, that's why I decided to vent it out.

P.S. Don't get me wrong, I have tons of respect for people doing open source and don't want to badmouth Django folks. But in my limited experience, it just wasn't a great experience.

Not everybody is an expert on both, so it's nice to see concrete lists like the one posted above.

I think it boils down to people only being experts in Rails and fearful of having to change to other tech.

I used to get the same kind of answer when comparing Rails to other tech such as Node or Sinatra.

I've got my complaints about Devise, but I'll take those pains any day of the week over the alternative nightmare of "built in-house" authentication.

At this point, if somebody doesn't want to use Devise in a project I'm working on, they better have a _really_ good explanation. To me, it's like suggesting setting the building on fire.

There are very legitimate reasons why your SaaS app might want a nuanced workflow for these things.

It's pretty effortless to override and/or completely rewrite the views/flow with something like Devise.

Every time I've ended up in this scenario I've wished that I had just built from scratch in the first place.

You have a multi-tenant SaaS application that needs to support the following:

* Accounts may have different password, lockout, and expiration policies.

* There's a generic "login" button on the marketing site that 50%+ of our users use. This generic login page must implement all account specific constraints (probably via a 2-step login form)

* Some customers have SSO. For some customers, using SSO is optional. For others, it is required.

* Owners of accounts have a limited impersonation feature that allows them to see only certain parts of information in eyes of one of their account members

I've had to do that with Devise. It was easy enough to fork the `devise-security` plugin and modify the configuration settings to handle lambdas. The lambdas were then set to pull the config values from the user's account configuration.

* There's a generic "login" button on the marketing site that 50%+ of our users use. This generic login page must implement all account specific constraints (probably via a 2-step login form)

That's super easy.

* Some customers have SSO. For some customers, using SSO is optional. For others, it is required.

I'm in the process of adding exactly this to my project's Devise configuration right now. It's a little tricky, but only because our previous attempt at SSO was very strangely done (and I now understand why so many users complained about not being able to log in).

* Owners of accounts have a limited impersonation feature that allows them to see only certain parts of information in eyes of one of their account members

User permissions are outside the scope of Devise, since it just handles authentication. But the Pretender plugin makes user impersonation dead simple.

I’d love to see more pushback from devs on this. So many products nowadays provide an “experience” for auth which makes things unnecessarily difficult. Not showing login and password fields on a single page, ambiguous 3rd party auth rules, weird account linking logic, etc.

If I were to bring in 3rd party gem for auth, I'd have gone with Sorcery rather than Devise.

You don't roll your own security. You just don't do it. There are far too many variables that you can screw up, and anything you come up with isn't realistically going to go through nearly as much battle-testing as a ready-made solution (either upfront or on an ongoing basis).

> Custom built auth isn't as scary as you make it to be

Custom-built auth should be scary. Anyone who's worked on the security story for a popular framework will tell you that.

If you're not scared by it I'd have to assume you're either not seeing large swathes of the problem space or you're a genius.

Don't write your own crypto. That's great advice. The idea that everyone's auth needs are so standard they fit for every app just hasn't been realistic in my experience.

Yes, you don't roll your own security. You use powerful primitives provided by Ruby and Rails, such as bcrypt, has_secure_password/has_secure_token, encrypted sessions, secure httponly cookies with prefixes + samesite attrbiute all served over TLS 1.2+, with HSTS and CSP

But those are things that people normally delegate to either libraries (crypto) or the framework itself (session handling).

Of course, there's lots of places one can screw up, such as sending non-expirable password reset tokens, revealing private information and membership status via F2A/reset tokens. But those are the kinds of screw-ups that can happen in other parts of the website too.

That said, Devise is one of the few things that I don't completely dislike about Rails.

It's not so hard, you just define a custom user class -- plenty of SO snippets if you're lazy. Though I agree that it would be better if common user schemes like email login were supported out of the box.

>* Better security by default: Rails comes pre-configured with a bunch of security headers[0].

Django has security headers also https://docs.djangoproject.com/en/2.2/topics/security/

> * Sidekiq has a better API compared to Celery. Also, Celery's default broker is RabbitMQ, not Redis. It is really hard to find managed RabbitMQ hosting, for Redis there are plenty

There are several on Heroku, including with free plans. https://elements.heroku.com/addons/cloudamqp . I agree that Celery has a bit of a learning curve (e.g. heartbeat, concurrency, etc.). The project is improving, and python overall is getting better at async.

> Django, which is big on backwards compatibility.

Version 2.0 breaks code from 1.11, which happened in 2017.

> I decided to switch to Rails and haven't looked back

Maybe Django improved since you last looked, and could merit another try :).

> I don't want to start a flame war

Nor do I. Both cake and pie are good. The ability to weave in the rest of the python ecosystem (e.g. pandas, keras) makes Django attractive to me for many projects.

(I've shipped Rails applications and would probably not myself ever pick Django for a new project. Obviously, I do more security work than application development work).

When I started with Rails I was so frustrated with ActiveRecord that I develop some of the Django QuerySet API as a gem[0].

[0] https://github.com/diegojromerolopez/babik

Doesn't sound right to me. ActiveJob just serializes the arguments to the job. The job runners spins up the rails environment (i.e. the code) and deserialize the arguments before executing the job.

There is no code serialization as far as I can tell.

But I think a lot of people overlook that one of the main reasons why Rails is so good / popular is that you get to see posts like the one we're looking at: Running GitHub on Rails 6.0

There's not too many other frameworks where there's a really strong track record of it running really popular sites (github, shopify, basecamp, airbnb). Not only are they popular, but they are well done sites that are pretty tech friendly. It just gives a sense of confidence that it will work for your small / large app and you don't get that with most other frameworks.

Knowing that billions of page views have been through the framework irons out so many edge cases. Both bugs and performance issues, and you often get that perk on day 1 when a new release is out because it's already been running on basecamp for months (and maybe other big sites too).

I mean check out this quote from the article:

> GitHub engineers sent over 100 pull requests to Rails 6.0 to improve documentation, fix bugs, add features, and speed up performance.

Combine that with the Rails approach of batteries included and you know that the core of your app is in good hands. You can't really go too wrong by using it along with a few well maintained gems.

dev.to runs on Rails too.

Currently I'm looking into AWS Amplify, which tries to be the Rails of serverless. Building a serverless app as you would build a monolithic app sounds intriguing to me.

> As soon as we finished the Rails 5.2 upgrade last year, we started upgrading our application to Rails 6.0.

> Instead of waiting for the final release, we’d upgrade every week by pulling in the latest changes from Rails master and run all of our tests against that new version. This allowed us to find regressions quickly and early—often finding regressions in Rails master just hours after they were introduced. Upgrading weekly made it easy to find where these regressions were introduced since we were bisecting Rails with only a week’s worth of commits instead of more than a year of commits. Once our build for Rails 6.0 was green, we’d merge the pull request to master, and all new code that went into GitHub would need to pass in Rails 5.2 and the newest master build of Rails.

Realistically how many hours of work went into this upgrade process then?

Edit: I should add I think it really is wonderful that Github contributed so much to the new release and was so involved. I'm just not sure that it is realistic or even ideal for the average Rails consumer to upgrade in this manner.

Rails 6 is not a month old yet. What this describes is co-development, over the last year, of Rails 6 to ensure that it meets the needs of a big, influential user of this OSS project:

> We were able to achieve this level of stability for the upgrade because we were heavily involved with its development.

This is not representative of a traditional upgrade.

Eileen wrote about the actual process a year ago when GitHub upgraded from Rails 3.2 -> 5.2: https://github.blog/2018-09-28-upgrading-github-from-rails-3...

It's hard to say, but I generally agree with upgrading regularly instead of waiting until you're so far behind that it's an ordeal.

I have a client that I've been telling for 2+ years to upgrade from Rails 4.2.3 (and Ember 2.8), but they only now funded it. So I'm having to do 3+ years of upgrades and it's a huge headache.

And at the end of it, if I've done my job correctly, the app will look identical.

https://guides.rubyonrails.org/maintenance_policy.html

Try to sell it to them like iOS update, you get security update from each framework upgrade. And should this not be a easier sell?

[0] https://jumpstartrails.com/ [1] https://www.hatchbox.io/

I never understood why RoR recieved so much hate in the tech community, or from CTOs.

Glad to see a prominent service like Github continue to use RoR.

I've seen quite a lot of "Rails-hate" over the last view years, and it can only be coming from people who never got to experience the world that was web development before Rails: Every project had it's own, usually quite creative, structure. There'd be configuration values in `config.inc.php`, but also in `configuration.php3` and `config.old.inc`, and `index.php` and so on. Just by establishing a standard folder structure, DHH probably made web devs everywhere twice as productive.

I also think its reputation of being too restricting isn't entirely deserved.

As but one example: I often opt to use SQL instead of the canonical query builder, especially for queries that do not return individual models but aggregate values or the like. You can even mix-and-match to your liking, i. e. writing individual clauses of the query (select/where/join/having/count) in SQL and using the ORM for the others.

So here' to hoping for another 6 good releases at least!

And the standard entry point for a NodeJS package is "whatever is defined as the main property in your package.json." Do otherwise at your peril.

That's actually good to know (or perhaps be reassured on). While key-value stores have their place, I've wondered if the rise of NoSQL in web dev was triggered in part by the widespread move a few years beforehand to ORMs, which trained a generation of developers to look at databases through the lens of object relations rather than table relations. I'm (re-)learning Rails with the Pragmatic Studio's Rail 6 course currently, and reminded of why I liked it -- but in the last few years I've also come to renew my appreciation of pure SQL.

(I also suspect that the tradeoff of abstraction layers -- in exchange for having little to no database-specific functionality, we give up any and all specific to the database we're using -- may not be a good one, but that's a different argument.)

Indeed. I'm currently in the process of porting my companies product from Firebase to Postgres. We're making full use of postgres-specific features where that makes sense. I can't see why we'd ever want to switch.

Most DBs are much, much better if you commit to them and actually use their features. I dislike the practice of treating them as interchangeable and think it's rarely a good idea.

As someone with experience from many more backgrounds than "old php", my dislike of rails has nothing to do with what you're claiming. Plenty of frameworks have had convention and structure prior to Rails.

That said, I'll admit it does have some good things going for it, even if it wouldn't be my first choice in most cases.

My biggest gripe is the autoloader; it makes finding where something comes from extremely confusing when ramping up new developers on large, mature projects.

The enforced, common convention is a boon and a curse- consistency across projects is an obvious benefit, though I prefer a different structure myself.

Beyond that my gripes are more related to ruby and the tooling rather than strictly with rails itself. Of course you can tweak and configure rails to behave any number of ways, but the more you do that the more you lose out on the primary benefit, which is the community one-true-way mindset.

Their (amazing) tool Gh-ost is broken on MySQL 8.0, which suggests that they're still based on 5.7.

It's a big issue for my company (and I guess for any mid-sized company), since at mid-sized companies the schema is likely big enough to have slow migrations, but not big enough to have fancy replication topologies. For such cases, there's nothing like Gh-ost :-)

Regarding MariaDB or PostgreSQL, can you enumerate/detail the app you've seen switching? Is it the, say, 1/2% area of all the projects? 5%?

Probably, in the low one-digit percentage, there are switches toward anything. I'm somewhat skeptical any non-trivial projects undertaking this kind of change. GitLab (to mention a large one) didn't really switch, as they were supporting both.