[shiftpgdn]

JAMStack isn't modern web development. 80% of the internet still runs on PHP on traditional servers. Netlify is needless complexity (nevermind the vendor lock-in) 99% of developers will never need.

You also don't address the OP's points where Netlify has suffered the same fate of "enshitification" where features slowly get stripped out and moved into pay to use buckets, likely at the behest of needing to payback 100+ million dollars in VC funding.

[blitz_skull]

Your comment doesn’t refute the idea that JAMStack isn’t modern web development. All you did was pull up the over-used statistic of “80% of the web is PHP” which I’ve heard for well over a decade. It may have been true at one point, but I highly doubt it is now. (Citation needed)

Netlify has done nothing but innovate and push the needle forward for front-end devs. I’ll be there until there’s a VERY strong reason not to be.

[shiftpgdn]

https://w3techs.com/technologies/details/pl-php 77.4% as of today.

[notatoad]

>of all the websites whose server-side programming language we know.

i'd be curious to know what portion of websites they scan they know this for.

[cies]

PHP is know for being very leaky about being PHP (and since PHP + ecosystem have a bad history of CVEs, being leaky about being PHP is not cool).

Java/Kotlin/Go/Rust/Ruby/Python/JS/TS are a lot less leaky about what language the server-side is written in. Usually the webserver used advertises itself name and in a server string, but it is considered bad practice and thus often switched off.

Reading "php" extensions in paths is a clear giveaway, so are "htm" extensions for microsoft products. Tools usually guess the language/framework based on some of these giveaways and the better the tools the less this is evident.

I jut checked some web apps I worked on, and only the one I last touched 10+ years ago is detected with buildwith.com; it's a Rails site.

All the Java/Kotlin/Rust/Hasura+Elm apps I worked on since are now shown as "Nginx" (the rev proxy in front of it).

[TylerE]

I just checked the day gig site... builtwith claims it's using Webflow and Apollo GraphQL (Neither of which it is) and doesn't mention at all the language it's actually implemented in (Python), although that's not surprising since it's an in house framework.

[tacker2000]

How is being “leaky” in any way bad or even good?

Every programming language has holes, its just that with PHP the attack surface is much larger, so i guess people find more holes, etc..

Are you advocating “security by obscurity”?

[ducharmdev]

> How is being “leaky” in any way bad or even good?

Information-gathering is a common early step in any attack against a system; knowing the language & libraries involved (especially their versions) allows you to search for any existing CVEs that apply.

> Are you advocating “security by obscurity”?

I don't think OP was implying that security by obscurity alone is sufficient, just that it's unwise to advertise information that's not relevant to end users, that could help would-be attackers.

[justinclift]

While it kind of is security by obscurity, it's a very basic piece of server hardening to stop telling potential attackers what software you're using (within reason).

Back in the day (!), server software used to honestly respond with things like the software name and exact version number it was running.

Naturally, that meant scanning for vulnerabilities was a lot easier than it needed to be.

[cies]

If you languages has "eval()" or something similar, it is a lot easier to attack. Same for when it allow you "upload a file in some place where it gets executed".

These things are not so easy, say, with a C++/Rust/Go app. Or even in most JVM configurations. JS has similar issues, that Deno is trying to mitigate to some extend.

[notatoad]

obviously being properly secure is better. but if you leave your unlocked, it's better to not also hang a sign above it saying "this door is unlocked".

obscurity is absolutely part of good security practice, as long as it's not all you're relying on.

[bdcravens]

If people are picking up non-JAMstack solutions for greenfield web development, then that means JAMstack is just one of many options for "modern web development". (Along with Laravel, Rails, Django, and even/especially Wordpress, depending on how we gatekeep what we mean by "web development")

[bobfunk]

Objectively speaking our free tier today have far more features, higher limits and more capabilities than it's ever had before.

We are also building a real, longterm sustainable enterprise business. We're not a non-profit and we're here to create a big lasting company that can keep investing into the future of the web.

[shiftpgdn]

https://www.netlify.com/pricing/#pricing-table-full-feature-...

Almost every feature you charge for is something you can achieve for free inside of a basic VPS. I understand you have the classic SV "Hotel California" model where you can check in but you can never leave. But frankly this makes the internet worse in every way possible and part of the point of the original article.

[doctor_eval]

I gotta say, this comment really comes across as being written by someone who has quite literally never tried Netlify, or doesn’t understand the value prop at all.

Seriously, it is orders of magnitude faster to deploy a static website on Netlify - simply drag and drop a folder from desktop - than it is to spin up just a single VPS on Vultr… and by the time you’ve configured that VPS, I could have done a dozen revisions to the website, and it would still be more difficult to deploy updates to the VPS than to Vultr. Don’t even get me started on the complexity of a global CDN.

Do I wish all of Netlify was free? Sure, yes I do. Does this mean it’s not valuable? Of course not.

The irony of this is that you seem to be saying that (a) Netlify locks the customer in with useless features, and (b) it can be trivially reimplemented in an entirely custom but otherwise “free” VPS.

The real question is, which “free” VPS are you going to use that will serve the same capacity as Netlify’s paid plans? AWS? Do you think you can avoid lock-in using AWS - of all things?!

[shiftpgdn]

Oracle's free ARM VM offering can easily serve the same degree (actually significantly more) than a Netlify deployment.

[doctor_eval]

You’re really going to have to provide some figures to substantiate this. Bandwidth, volume and global TTFB would be a good start.

Also, by your own standards this is a comparison between a paid Netlify account and a free VM. Right?

[shiftpgdn]

No, you asked for a free comparison. If you want to go to paid features netlify loses by a mile. You can search all of this yourself with all of one google query.

[prng2021]

You know you have to secure, patch, and monitor a VPS right? Why pay for a VPS at all? You can get more compute, memory, and storage with a dedicated server for the same price and even setup multiple VMs on that server, each with all the features of a VPS “for free”.

[shiftpgdn]

I un-ironically agree.

[klysm]

Then go ahead and use a VPS…

[shiftpgdn]

The difference is I'm not out touting using a VPS as "The next generation of web development" and having payola articles written that if you don't use a VPS then your career is going to get left behind.

[cpursley]

Setting up a VPS - yeah, sooooo easy.

I struggle with even Digital Ocean and just want my site to freaking run.

Downvote me all you want, but I'd rather ship features than fuddle with infrastructure.

[ovao]

Setting up a VPS is pretty easy. Ensuring your VPS is configured to restart your app when the server restarts, maintaining OS and library updates, maintaining security, updating the app itself with simple-enough conventions, and configuring monitoring is not so necessarily easy. That’s not including documenting (even if only for your own future reference) how things are configured.

Digital Ocean in particular has great guides to get you from the starting line to something that in most cases will work okay, but as a long-term solution to “I have an app I want to run on some infrastructure”, I agree that there’s a non-zero cost to managing a server that, like you, I’d much rather not deal with.

[bdcravens]

And Dropbox is little more than rsync, but that doesn't mean that it's not valuable for someone, even if it's not you.

[cpursley]

> vendor lock-in

How is it vendor lock-in when I can easily move my JS app to Render.com, AWS s3, Cloudflare, etc?

[gochi]

>80% of the internet still runs on PHP on traditional servers.

Do they? Or do they just use Wordpress? This is important to differentiate because people's idea of PHP on traditional servers ITT is a far cry from setting up wordpress.

[Justsignedup]

Netlify worked for me when all we did was basic static hosting for about $500 a year. Then they wanted to up us to about 10k a year and suddenly the cost was significantly worse. The only reason we didn't dump it is because we didn't have enough engineers to swap it to something else because we had projects that needed to be done, but it was our top optional priority.

Unfortunately netlify went from loved to hated overnight.

[httpsterio]

what vendor lock in? Netlify at its core is still quite simple: pull stuff in from GitHub/Lab, run the build commands in an Ubuntu VM and publish the results.

Sure, there are some plugins that you can use to transmute the result builds and there's Edge functions, but nothing is hard to move to another provider.