Advice to business owners and managers, don't use the modern way of web development
Published on 2022-01-13. Modified on 2023-10-19.
I have previously written about some of the major problems with so-called modern web development in some of my articles, mainly So-called modern web developers are the culprits and Is the madness ever going to end? and I have addressed the issues to the developers themselves. However, in some cases the business owners and managers are the main driving force behind the bad decisions, so if you're a business owner or a manager looking for the quick fix regarding web development - or software development in general, I advice you to get a cup of your favorite hot beverage and read this article ;)
I am an entrepreneur myself and I am currently involved in a business venture with a company that burned their fingers badly just before we went into business together.
The thing I have heard over and over again from business owners and managers is this:
We need to get something up and running quickly! When we're making money, we can make it better, add security, and fix performance and/or issues.
Even though I fully understand the motivation for this thinking, when it comes to software development, it is a catastrophic approach and it will get you into trouble.
If you are going to build a house, you first need to build a solid foundation. If you mess the foundation up, then no matter how much money you have made, when you start to see cracks in the building, you cannot fix it by simply mending and bending.
Unless the software you're running is very simple and small (size of the code base) you will be facing the same problem.
Allow me to address some of the major issues I have had to clean up at a client more than once.
Serious security issues
Often security issues lies in the complex and heavy frameworks and content management systems. These solutions make you productive very quickly, but they are often extremely bloated, very slow, and filled with bugs.
Every single time you import or download code from "the wild" (e.g. GitHub) into your project and no one has reviewed it and firmly understood it, it must be flagged as a supply chain attack vector, and this is a serious issue.
I have seen business owners suffer greatly from this more than once. See Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack as an example.
The solution is to avoid complexity like the plague and build as much software in-house as possible. This is NOT famous advice, but unless your developers know and understand the software they are running, they cannot prevent problems and they cannot fix problems quickly. This doesn't mean that you have to build everything from the ground up, but don't be stingy or lazy. If you grab the easy way out, it will bite you!
Make sure that when you depend on software from the wild, you go for the simplest and most discrete solutions. Small reusable libraries rather than big frameworks! And make sure that your developers have the time to fully understand the code they are running.
Also, make sure you make solid documentation for everything you develop in-house, from day one.
Don't assume that because a framework or library is popular and open source, that many people will see the code and quickly discover security issues. It doesn't work like that at all. Very few people spend any time reading other peoples code!
Serious performance issues
This is almost a given with so-called modern web development. A framework uses abstraction layers to simplify and speed up the development process and it is therefor always going to be slower in performance. When you choose to run something that is slow, you will not only require more powerful machines, but you will also require more of them.
You can always try to throw more hardware at the problem, but this is also when you start to seriously regret your shortsightedness because now, instead of running on just 4 servers, you need 21. And cloud based solutions doesn't help you here as they are many times more expensive than running on simple "bare metal" servers.
Your quick fix framework get you up and running fast, but the long term consequence can be devastating to your business. And this is not only from a customer relation or financial perspective, you also have to take into account the impact your many machines have on the environment.
I believe that in the future, companies that don't account for the environment will end up loosing customers because nobody will want to deal with a company who acts careless with regard to the environment. We're not there yet, but we will eventually get there.
Getting locked in by a cloud based solution and facing up to 4 to 20 times the normal expenses
This is when you follow all the hype and trends and believe that because everyone else is doing it, it must be right.
"Let's go cloud! No wait, let's go serverless!". Woooo! We're so cool right!? Wrong!
Even though the words "cloud" and "serverless" actually have a specific technical meaning and are not just buzzwords, they are still buzzwords in a business sense because the cloud and serverless is basically just other people managing your servers.
It doesn't matter whether you choose Amazon or someone else. Depending on the plan you choose, you'll either get shell access and/or a nice GUI and then there follows the ease of deployment. One incredible nice feature is the automatic deployment of more servers if the need suddenly arises.
What you might fail to realize is that all of this is a trap. It's a trap to lock you in. Amazon (and all the others) know full well that once a customer depends heavily on their services, and once a customer has build his entire infrastructure on the cloud or serverless, he cannot easily get out of the situation when the wheels are rolling.
You don't want to find yourself in a situation in which you need to migrate everything from a heavy dependency on cloud or serverless back to self-managed servers - even though self-managed servers are much cheaper. It is always many time more difficult to migrate than it is to build for self-management from the beginning.
A single entrepreneur who is making all of his software himself may benefit from a cloud service because then he doesn't have to worry about server deployment, but as soon as you see any serious growth, you will start to see a serious bill.
- The price of managed cloud services
- Why Is Cloud Migration Reversing From Public To On-Premises Private Clouds?
- The cloud backlash has begun: Why big data is pulling compute back on premises
- Why are companies leaving the cloud?
Bad user experience
Too many "modern" websites perform absolutely horribly even when they only serve text and images. Not only are they painfully slow at loading they often don't even work correctly.
The bad user experience will not go unnoticed and you will loose customers. If your service is slow or annoying to use, users will go elsewhere. When did you ever stick around waiting for a slow or buggy website?
In 2010, Google announced that site speed would be factored into their search rankings.
Bad working environment
Listen to the advice you get from your developers and follow it!
No amount of social activities, free bars on Friday, and what not, can make up for all the lousy choices you have made when you forced your developers to work with crap and didn't listen to the advice you got.
Such a situation creates a bad working environment in which developers (and people in general) just stop caring.
And don't fall into the trap of "ease of work". In the past 20 years we have gone from a need to make software simple and performant, to an ease of development because hardware was cheaper than developers. Now we have reached the bottom of the pit where we find that what matters most is hiring cheap and low-skill programmers, or even just using AI.
All the bad choices you made in the beginning because you wanted to save time and money always comes back and bites you.