I don't like how modern web applications are built. Many of the web applications are too unstable, That you can't imagine having the system running without a team supporting it. The fact that we try to automate manual processes then the automation needs manual intervention defies the purpose. Some companies has an army of developers if they were to do the business by hand they would make a better job than the programmed system. There are many reasons for this situation. One of the reasons is the excessive use of third party dependencies.
Lets take a look on a basic modern web based system, There are several layers on software running on the machine, starting from firmware to your business logic.
I don't think this is very helpful to understand the gravity of the situation. There are many actors that are not considered in this picture. Layers are also missing because they are implicit in other layers. Lets expand these hidden layers and actors. It will help us understand better why that small Nodejs or RubyOnRails application we wrote isn't just one layer in this picture.
Here are the layers we added this time:
For each of these layers there is at least one team responsible for maintaining it.
Again, We missed other layers and people in this picture. Most of the applications are using external SAAS providers for logs or monitoring or bug reporting or provide parts of the system functionality that can take more time to build by the company team. lets add them to the picture along with their teams.
This picture is for one application, I won't expand it to a whole system with different services and programs that is the reality of all companies. Lets stick to one application for the sake of simplicity.
So here is the first point I want to make: With every service you use you're not just a user, This service is now part of your application, You are held responsible for it's behavior and misbehaving. You will inherit bugs in their system. When this service team is affected by COVID-19 and get reduced to the point where they can't fix issues you will be affected too. When They get slower your application will get slower too. When their service is down your application will experience malfunction too, Your system and theirs is now connected. So add external services integration cautiously. By adding an external system you're putting your trust in this service team and their ability in delivering what the service is promising now and in the future. This is not an easy decision and it should be treated as such.
Now lets move to the direct dependencies of your application. If you're using any modern programming language it'll have a way to package code into reusable format that could be reused by other applications. one package can use code from other packages, these packages can use other packages and so on like a tree.
With every package in this tree we depend on the code inside this package and the team that maintains it. A freshly generated rails project depends on 74 packages for ruby and
This is wrong for many reasons. I will list some of them here for the sake of clarity.
This is the second point I want to make: Using external library implies that you trust the maintainer and you also inherit his decisions about using other libraries and so forth. This decision should be weighed based on the benefit of the library and how many of it's features you're going to use and other factors like the maturity and how responsive is the maintainer, please don't use GitHub stars as a factor in your decision it's misleading. And if the part you use from the library isn't too big I recommend using the library to save some time and effort upfront but make sure you get rid of it and implement the part you need. An example of that is a pagination library like rails "Kaminari" if you're using it to save you some time then sure. But keep on your todo list a task to remove it and implement the feature yourself. An example of libraries that's hard to get rid of it "OpenCV" This is something that reimplementing the part you need probably will be a huge task so it can stay. You'll need to use your best judgment to decide between these 2 sides of the spectrum.
I like to think of what I do as building an automated system, I would like this system to run by itself, keep itself clean and healthy, doesn't need manual intervention. If the whole team disappeared out of existence I would like that system to work for a very long time without any supervision.
More code means more bugs for me to fix, by extension more code that I didn't write means more bugs that I probably can't solve. This is dangerous and shouldn't be taken lightly. Extending your code with external libraries or systems can cut down effort hence the cost of development. But when this is taken lightly it backfires badly.
HN comments: https://news.ycombinator.com/item?id=24493865