|
|
|
|
|
|
by PragmaticPulp
1102 days ago
|
|
|
> Not every decision has to be done with maximum research. I’ve been at a couple companies that wouldn’t take any proposal seriously unless you showed up with a list of citations to blog posts, books, or even podcasts. The root cause was a management structure that wanted to do everything with a maximum of evidence. It opened the door to a lot of terrible decisions winning for no reason other than someone found a blog post that Google does it this way, or Uber wrote a blog post about this, or Martin Fowler wrote a post about that. The most egregious abuse was when a team that had to deal with maybe 100 logins per day spent over 6 months researching how to build their auth system to match Big Tech. They could have picked any off the shelf solution and been done in a week, but instead it became an endless boondoggle of research, presentations, proposals, and committees. Several people were even planning conference talks around it, so it started to evolve into whatever would sound best for their talks. That was my cue that I was at the wrong type of company. |
|
|
> The most egregious abuse was when a team that had to deal with maybe 100 logins per day spent over 6 months researching how to build their auth system to match Big Tech. They could have picked any off the shelf solution and been done in a week, but instead it became an endless boondoggle of research, presentations, proposals, and committees. Several people were even planning conference talks around it, so it started to evolve into whatever would sound best for their talks.
To be entirely fair, after dealing with the reverse way of solving it ("just the simplest solution that works", which was just a bunch of static passwords per app) I'd say spending a bit extra to start with good solution for auth in your 50 man company will save a whole massive amount of pain when company grows both in internal service count, users, and compliance requirements.