In Apollo server you can add directives to your scehma for authz. It's dead simple.
I'm surprised how so many HN posts about graphql just slander it. If you go to the website and look at the use case of why it was made, it makes it pretty clear when it could be a good to use. My experience with it has been very straight forward and a joy
For me it was the prevalence of GraphQL that was annoying. I have worked with it and liked it as a technology, but it was a tell from the org I worked for an was definitely overkill for what we were doing. No matter how you slice it, GraphQL is added complexity compared to REST but of course, as with a lot in our industry, there are all the people bought in who put in the time to learn it who are going to shout, "Naw, it's easy!" To be clear I'm not saying GraphQL is super complex, just more complex than REST and if all you need is REST then that is what you should be using. Yet in my many interviews over the past year I talked to a bunch of companies who used GraphQL and I'd say, "Oh, cool, why did you choose it?" and they'd say something along the lines of, "Well, the CTO who wrote the original app thought it was cool at the time." So I've always got the impression that the backlash mostly comes from the huge evangelism it got making it out to be The New Way. Again, to be clear, I'm not saying it was marketed this way but it's how it felt at the time. Annnd again, I know this happens constantly in our field.
GraphQL (as in the language spec) offers no way to perform authz. Just because there are non-standardized extensions out there for some languages, doesn't mean it is available in whatever language you're using.
Sure. I could respond with a 4xx code because you’re not authorized for that field. Ah, but maybe you want to know which field? Too bad GQL doesn’t really support that.
GraphQL has strongly typed errors unlike REST. It is very akin to the Result type in many languages in that you are forced to handle errors even when writing the query, and the query will simply not compile if you don't.
For example, the Pothos library implements this pattern automatically:
type Error {
message: String!
}
type Query {
hello(name: String!): QueryHelloResult
}
union QueryHelloResult = Error | QueryHelloSuccess
type QueryHelloSuccess {
data: String!
}
This field can be queried using fragments like:
query {
hello(name: "World") {
__typename
... on Error {
message
}
... on QueryHelloSuccess {
data
}
}
}
But now I’m most likely returning a 2xx response. There are asshole corporate middle boxes somewhere that will cache it. If I return a 4xx response, from experience (albeit nearly 5 years ago) I’ll crash your client. Now what?
If someone has solved the asshole corporate middle box problem using GQL, that’s really good news.
My SaaS backend is a GraphQL Server that has single-handedly saved me tons of hours for integrations and coding. The first iteration of the app was using rest and that was a pain. Hitting multiple endpoints to get all the details of an order is not something I miss. On top of that, I get a beautiful playground that acts as a query builder and documentation.
Have you actually used GraphQL in production or for a wide-scale project? A lot of these criticisms for GraphQL comes from people who have played with it for an hour and determined it's not good. Give it a real chance and you'll see why big companies are using it and understand why the ecosystem is growing so fast.
Yes. Used it for a a couple of large projects at BigCo. Was actually brought in to "polish" a few things. One of the original team members thought it was cool. It was a disaster. Uncovered issue after issue. Convinced management to run a bug bounty program through hackerone and I'm going to let you guess what happened.
If you're so brave and confident find a good pen tester and let them have a go at your api. It's a humbling experience.
This is why the web (and computing in general) is the way it is today: everything prioritizes what businesses and developers want, and the desires/needs of the people who actually use it are considered afterthoughts and annoying inconveniences. :-(
Also, I’m not sure that most websites are about delivering and exploring content. I think most websites are fundamentally about either delivering ads or selling you stuff. “Delivering ads” usually requires JavaScript, and “Selling stuff” can be done without a bunch of JavaScript, but the experience wouldn’t be great.
I don’t dispute the thesis of “web pages today are often way too bloated”, but I think it’s important to be realistic about the problem space. The author calls out JavaScript driven carousels as an example of unnecessary bloat… yet the Amazon.com home page features one such carousel prominently. I doubt they would put it there without A/B testing the heck out of it. To be fair, Amazon is way smarter about it than most in how the page paints and is interactive very quickly, but my point is that it seems to me that most web users want something more than what JavaScript-less HTML and CSS can provide.
> To its credit, the owner of the DSP, Battle-Tested Strategies (BTS), voluntarily recognized the union and signed the collective bargaining agreement almost immediately.
> The problem? Amazon did not.
The headline is misleading and doesn't make it clear the workers don't directly work for Amazon. They work for Battle-Tested Strategies
> The union’s next step is proving that wrong. Amazon, it says, is a joint employer of the drivers, and in full control of the conditions that caused them to organize—low pay, unsafe heat conditions, and extreme performance requirements—despite the fact that it places those responsibilities on the DSP.
I want to switch back to Linux but I keep having gpu driver issues. Everything was fine until I got a 165hz monitor then had random crashes. If the fact I am using gnome on xorg vs Wayland was the problem (who knows, I gave up on debugging) then I'm all for it
I'd rather just use windows and run Linux in a vm then not use the features of the monitor that I bought.
Using a rtx 3070 with the Nvidia drivers. It worked fine until some update but like I said, I gave up on debugging.
It goes to show that I got downvoted for my original comment. I used to use Linux as my main os for about 7 years, but now my free time is more limited. I don't care to debug these type of problems when I am trying to just use my computer.
At work I remote into a Linux vm, so I'll do that at home as well whether my host os is windows or mac. It works for me.
Weird, i run a bunch of weirdo displays from 25hz to 240hz and never had any issues, even with nvidia drivers. Tbh i have more bugs with AMD although I perfer their approach more.
I have a fairly typical AMD 3600 cpu and 5700xt with a mid tier common mobo. All stuff that's super consumer and a few years old now. And I still encounter tons of random issues. And updates that break stuff that used to work.
Sure, its a lot worse for brand new laptops. But it never entirely works to the level you'd get from macOS.
Well, macos only has to support a low-digit number of sanctioned configs, so that’s much easier. For whatever it worth, I found linux’s device support the very best — while windows does likely have some random binary for a given device laying around the internet, it is often borderline malware, and may not work too well on a newer windows version (though credit where its due, windows’ backwards compatibility is phenomenal). Linux has a vast amount of supported devices out of the box, no “windows is looking for a solution”.
I would be interested in this but I recall a video comparing it to the m1 Mac mini and it's just not even close. I've enjoyed using visual studio for c/c++/c# but for usescases outside of that, I feel like the developer experience on Linux or Mac is better
Interesting an article like this would not mention h1b at all. On Blind you see posts of people laid off from fang willing to settle for whatever pay as long as the employor can sponsor their visa to avoid deportation
In my personal opinion, H1b visas are made this way so that the people on them are kept docile and will pretty much accept anything from employers who are then free to abuse them.
It was funny seeing people bikeshed the use of the word "master" in a code base while not realizing H1B workers are the next best thing to actual slaves.
Getting deported OR settling for first acceptance jobs within 60 days. OR going to Canada that has opportunistically opened their doors. OR going back home.
Obviously, the American voters don't want lots of immigration any more. They said so quite clearly when they voted for Trump. Even well before that, America's immigration system (namely the H1-B) was highly exploitative. Prospective immigrants should think a lot about why they want to go so badly to a country that clearly doesn't want them, and look for countries that treat immigrants better.
I feel like lately js (and more importantly typescript) frameworks have been more popular. If someone were to start a new project today, how does Django standup to the current offerings?
I just got into Django after working with Node/Java for years. It's honestly depressing once I realized I have spent so much time building CRUD stuff that would have taken 10x less time with Django.
Django's hidden powers are its highly customisable admin UI and ORM. Add to it Django REST framework and you have a solid backend for a wide category of web apps, from the old pre-XMLHttpRequest apps to SPAs. Flask or FastAPI get you going fast, but you quickly realise that you have to write a lot of the code that comes with Django for free.
Honestly, I think the generic and model views are way more impressive than the ORM or the admin. They take away all of the boilerplate usually associated with CRUD apps.
I've used them for quite a while but came back to the old function views. The Generic Views are a mess to understand, the hierarchy tree gets so complicated. See for example : https://ccbv.co.uk/projects/Django/4.1/django.views.generic.... there are 9 classes in the inheritance tree. For every slight change from the default behavior you need to research the documentation, find which method to override…
In the end I have to write a bit more of boilerplate each time (and with tools like copilot it's a non-issue) but it's 10x faster to understand what a view does and how when reading code.
> For every slight change from the default behavior you need to research the documentation, find which method to override…
I just use an IDE which allows me to Ctrl+Click into any symbol and see its implementation and underlying classes (and do so recursively if needed). That saves me from having to lookup the documentation all the time.
It is different. JS is popular because people who write SPAs also want to write backends in the same language.
What I really like about Django and Python ecosystem in general is the kind of stability that it doesn't move too fast and break things, which happens in JS land too often. And Python is a nicer language of the two, for me at least.
But at the end of the day, you can combine both. I work for Baserow now and we combine Nuxt + Django. You can also simplify it to Vue/React + Vite + serve it with Django, use cookies-base auth etc.
Personally I feel like I've unlocked a superpower with this one trick (using rails, but this applies equally to django and similar "old" page-load-based frameworks)
1. build your app in the normal, old way. just doing SSR for showing and editing boring content is so much faster than building it in react.
2. I have a tiny scrap of JS that digs through elements on the page, and if they have a class, creates a React root there and passes in some params. I then wrapped generating those replace-me-with-a-react-root elements in a Rails helper function.
(2 is my "fine I'll do it myself" after Rails 7's new js stuff broke react-rails for me.)
This might be colored by me being a backend dev and data engineer type of person and I have terrifically little patience for writing javascript. But pages where I've followed this "SSR + some React doodads for when you really need special sauce" pattern end up so much easier and faster to write than cramming it all into a huge SPA.
I'm sure if you're building something deeply fancy then doing it all in React makes sense, but I find there's really only a couple pages that actually do end up being 100% react and the rest end up fine just having a text field here or there or a little widget thingy being the React components and the rest just being SSR.
I'm sure this doesn't scale if you're google or something either but even on my most complicated pages this still loads visibly faster than many other sites I use.
I agree, although I really wish Django and sqlAlchemy would have evolved similar methods/APIs. My struggle is flipping between projects that use one or the other and tripping over the syntax.
I feel the opposite. Django is fine, but python ecosystem is the big problem. The lack of true multi threading means for even the simplest of apps you quickly need to have multiple deployments, celery workers etc to handle different kinds of workloads.
I don't do proper web dev work and tried Django ages ago. So, this is a very narrow opinion. I use mainly flask and firebase these days as a indiehacker.
I don't think currenlty there are any solid alternatives beyond Nestjs+Typescript, ruby on rails and laravel. The sentimemt of their community is that these frameworks are built for web development in mind.
While I think for Python based web framework like Django the sentiment is that you are using Python already and here is a web framework written in Python. If you look at some of the Rust based web frameworks you will understand what I am saying. The merit of the framework is the language it was written in. This makes hiring web developers difficult as most candidates will be Python Developer who knows Django and not web developers who knows Python. There are very few people who learned Python to use Django. But everyone learned javascript to use nodejs, or ruby to use ruby on rails.
If I am writing enterprise level where Python is used I will pick one of those 3 frameworks and use a Python based API framework like DRF or FastAPI for building internal APIs.
Python is literally the easiest language to learn. Any web dev can pick it up, and Django is much more productive than NestJS. Rails and Laravel are nice options too. No Rust or Java options come close.
The admin page, DB integration, robust feature set, and insanely good documentation make Django a slam dunk for me. I do understand your sentiment though and for any website that requires a lot of interactivity you need a JS oriented framework like NextJS.
If I need a database and interactivity I pair NextJS with Django Restapi.
I'm surprised how so many HN posts about graphql just slander it. If you go to the website and look at the use case of why it was made, it makes it pretty clear when it could be a good to use. My experience with it has been very straight forward and a joy