“Java/Cobol is dead like Latin”

I love that. I’m going to steal it.

Edit: And I acknowledge that when I say that about Java, I’m just trying to wind people up. Java is losing popularity fast, but is still a pretty common first language.

Cobol is dead.

And I think it’s about time to start telling people Java and Perl are dead, so they can marvel at how much Cobol and Java and Perl are still doing in production after death.

This is delicious. I hope they hurry up, and I hope they do it in a really large really public context.

I’ve had this conversation, but today’s generation of AI won’t:

“No, I can’t just do a one for one translation. Some of the core operating principles of the language are different, and the original intent needs to be well understood to make the appropriate translation choice. If I just translate it one to one, with no understanding of the business context. you’re going to suffer from years off debugging subtle but impactful bugs.”

Get on with it IBM. Let’s light this dumpster fire so we can all bask together in it’s glow (and smell).

There may be a day coming in the next 100-1000 years when a learning algorithm is a suitable replacement for an expert engineer, but that day has not arrived (and the early evidence of that impending arrival hasn’t arrived, either. I haven’t seen evidence of AGI experiments with even toddler reasoning levels, so far. Toddler level reasoning wil come before AGI with infrastructure deployment skills, which itself is probably coming before AGI with expert business logic diagnostic skills. This could all be 20 years or 1000 years away. But we will probably see LLMs running deeply insightful life changing management workshops sometime roughly next week, since a trained parrot could do that. If we have an AGI that can meaningfully reason with small numbers in the next 20 years, we will be making great progress and on track for the rest to arrive - someday. If not, then we’re probably waiting on a missing computational breakthrough.)

Right. At least 70%. I’ve heard it estimated as high as 97%.

And it’s losing popularity with new development, (and with new developers) while WordPress, Drupal and WikiMedia are everywhere.

Perfect recipe to be the next Cobol.

Hang in there. CORS is a huge pain in the ass on the best day.

That said, if the issue is CORS, there should be a pretty specific message in the browser debug menu. Note that, if I’ve read that page correctly, the error won’t be available to JavaScript runtime, as an intentional security “feature”.

deleted by creator

Yeah. There’s always at least one mission critical Prel script that no one can read.

My money is on PHP.

CORS is just an ask for browsers specifically to stop cross domain communication, it protects the users not you.

A minor point of clarification to this point.

CORS also provides substantial protection to the server admin against innocent users being manipulated into taking malicious actions.

So there is some value to the server admin as well.

Sure, any malicious actor can assault the back end directly, but often they have no ability to attack from a context of authenticated trust.

A CORS misconfiguration makes the system more vulnerable to attacks that manipulate legitimate users into taking malicious actions.

So a CORS misconfiguration can lead to malicious actions coming in through highly trusted contexts, which can sometimes be substantially more harmful that random unauthenticated attack spam.

I have never done this before and I’m wondering if it’s secure enough to host the backend on some server and allow a CORS header to let the Frontend generate requests?

As long as you can get it working without putting any wildcards (asterix *) in your CORS headers, you’re using CORS as intended, and should be fine.

The alternative would be to host Frontend and backend on a VPS and then route my domain that I bought on Cloudflare there, but then I’m thinking that in case my Frontend is insecure somehow the whole instance would be compromised, no?

Back in my day we almost always hosted the front end and the back end on the same host. Of course, we also did a lot of stupid shit back then.

It’s not a disaster to host them the same place, but it’s certainly not a best practice. It’s better to get the CORS headers working, if you can. But just hosting them the same place isn’t, by itself, a security issue. It enables a shit ton of other security mistakes to be cause a lot more harm. But it’s not, itself, a problem.

Edit: Bonus tip. You probably know this, but lots of newbies miss it. Every piece of code and config in your front end app is optional to me and to all bad actors. So take care you don’t put any important secrets or critical defensive decision logic there.

So older architecture books, refined by several editions, are still best.

Yeah. It’s hard to do better than the classicsl books. The language structures have changed, but the core principles endure.

there’s no-one who will tell you “this is the correct answer”,

That’s a great point. The metric that really matters is “good enough for today”, which can be very subjective.

Yeah. It was pretty awful early in my career. The good news is that “The person with an opinion has no power over the person with an experience.”

As I’ve built up years of my own work experiences, I don’t spend as much energy on each new idea I encounter.

Now I’m just proud that I still, once in awhile, significantly change the way I work, thanks to new information.

But, since what my team is doing works well already, I have to encounter the same advice from several trusted sources. And then we put it through a test sprint with a thoughtful team retrospective, after.

It’s possible to find a happy balance, but it takes experience to get there.

Edit: So to answer the obvious question - what advice stuck with me?

1. Host team retrospectives. The rest of Agile is optional. Effective retrospectives are mandatory, because they’re what tunes everything else correctly for my team and my organization.

2. Cherish plain text under version control. I’ve slept soundly many nights when others were up and working late, thanks to the simplicity and clarity of the process of reviewing what changed in plain text files. Any time a tool supports being setup with plain text files under version control, I advocate for that option.

3. Pick one thing that matters for today. It helps me focus, and forces me to really decide what matters, today. It helps me say “no” to requests that need to wait. And it helps me choose to give myself a break after I get that one thing done. One important thing per day adds up to awestriking levels of annual productivity, given reasonable opportunities.

That’s a great point. A nice Debian LTS release could be just the thing.

Yeah. I think you can’t go wrong with either Debian or Fedora with Gnome. I would pick whichever I’m most comfortable with. The grandparents will probably never notice.

I love to give Gnome crap for being a large install, but I’ve lost count of the number of machines that I’ve put Gnome on and had it just work. And I’ve lost count of the number of times that I’ve searched for a fancy command line way to fix an annoyance in Gnome, and discovered there’s just a simple toggle in settings for what I want.

Windows 11

Uh…“from scratch”? No thanks. I’m a big fan of GCC, and don’t intend to learn to code without it.

Your token might be used by someone else, though

Yeah. I feel like that cool bad influence not-actually-my-uncle is gonna publish their porn access token everywhere.

If I really had to, I would require everyone to whip out whatever assets of sexual maturity they happen to have, and let the computer analyze it and decide a maturity level.

I would also keep copies for blackmail purposes, because the world is a better place if we all mistrust this solution and anything remotely like it. It’ll be in the legal fine print, which I’m confident no one will read.

Every answer (other than “trust the user to self identify”) is at least remotely like mine, but I’m proposing we cut out the half-measures on the way.

To avoid personal consequences, the system I architect will probably wait on a dead-man-switch for me to die or be incarcerated.

Then it will publish everything it has ever seen, along with AI generated commentary. I’m confident that some of it will be hilarious, and I am hopeful that it will piss everyone off enough that we stop doing this kind of thing.

Focus steal prevention is the feature I miss desperately when I’m forced to interact with a non-Linux window manager.

I feel the rage of Walter from the Big Kebowski each time an app randomly pulls focus because it fucking feels like it.

It’s just bassic civilized behavior to leave my cursor where I put it.