Learning from Giants #69
Examples of great URL design, When and how to build second products, Fly.io's solution to hiding credentials from Rails, and a fantastic re-post: the importance of writing.
Hi! This is Mathias with your weekly drop of the 1% best, most actionable, and timeless resources to grow as an engineering or product leader. Handpicked from the best authors and companies. Guaranteed 100% GPT-free content.
Did a friend send this to you? Subscribe to get these weekly drops directly in your inbox. Read the archive for even more great content. Also, I share these articles daily on LinkedIn.
Examples of great URL design
URLs don't have to be boring or, worse, opaque data blobs.
Even though browsers tend to hide them more and more, URLs are an essential element of web applications. When done right, they can help your user navigate faster by typing in specific URLs, understand links without clicking, or even participate in your brand's storytelling. Let's look at cool examples:
StackOverflow appends an optional, human-readable slug to all their question URLs
Example: stackoverflow.com/questions/16245767/creating-a-blob-from-a-base64-string-in-javascript/
"The beauty is
:slug
is an optional parameter in the URL." It's only added for the human reading it! The computer only uses the preceding ID.
Slack uses clever URL design to promote their marketing campaign "Slack is ...".
"I've always found delight in URLs that try to form natural language sentences."
“The URL is the Product” in some technical products.
The URL is the Product in technical products like Github and NPM, which can be powerful when it neatly maps domain semantics.
Example: github.com/django/django/compare/4.2.7...main compares two refs like it would in git.
📗 Jim Nielsen's Examples of Great URL Design is a great reminder that URLs aren't just technical details. When crafted with care, they can make the user's experience delightful and sometimes even efficient!
When and How to Build Second Products
Building a Second Product can be a business-defining moment or a total miss.
Wild successes include Snapchat Stories and Uber Eats.
"Most companies struggle to understand when they need to start investing in adding new product value vs. just continuing to grow off the traction of their initial product/market fit."
When to build a second product?
"Companies can rarely ride one product into the IPO sunset anymore. [...] it is becoming necessary earlier and earlier in a company's lifecycle due to a confluence of factors."
There are multiple factors to explain it. Tech products are a lot easier to build nowadays, making every space more crowded and overall competition fiercer.
To answer the "When" question, you must analyze your growth and market dynamics. Can you grow 10x on your current product? Do your market size, retention, and acquisition metrics allow it?
For companies like Figma, the answer is Yes, and they can ride on a single product for a while. Others, like Canvas, had to keep moving to stay relevant and launch many new products. Adjacent spaces but widely different personas and market dynamics.
How to build a second product?
"The main vectors on which product expansion should be evaluated is whether the expansion changes the product, changes the target market, or changes the core competencies required to deliver the product's value."
But what matters is "how" success is defined for this new product and how it impacts the product-building model. And it's not the Product/Market fit!
"New products may only need to influence one of the three (retention, monetization, growth) to be successful. But the key is, they need to influence it for the overall company, not just the product itself."
That's why the internal startup or innovation department model rarely creates massively successful second products. They’re designed in silos and assess projects separately. Instead, new products must be large bets into which a company invests significant energy.
📗 Casey Winters' When and How to Build Second Products is a must-read for product leaders. It'll force you to reflect on your growth model and think analytically about new products. I did my best to summarize the main takeaways, but that’s really only 5% of the article. Go read it!
Hiding credentials from Rails at Fly.io
"At the stage we're at, all secrets are hazmat. [...] And Rails itself is the portion of our attack surface we're least confident about."
So the team at Fly.io developed a hardened solution to store and use secrets that never expose anything plaintext to Rails while still using Rails as their main app framework.
They call it Tokenizer.
"Tokenizer is a stateless HTTP proxy that holds the private key of a Curve25519 keypair. When we get a new 3rd party API secret, we encrypt it to Tokenizer's public key."
Tokenizer is written in Go, a strongly typed memory-safe language that makes it much safer than Rails.
Anytime the Rails app needs to make an HTTP request using these secrets, it does so through Tokenizer. It sends the original request with additional Proxy-Tokenizer headers containing the encrypted secrets and instructions to use them once decrypted.
"Each Proxy-Tokenizer header carries an encrypted secret and instructions for Tokenizer to rewrite the request in some way, usually by injecting the decrypted plaintext into a header."
Of course, these secrets can be locked down to specific hosts to prevent the most basic forms of extraction.
And there is more! While Tokenizer handles most forms of Bearer tokens and request signatures, the Fly team created its sister system, SSOkenizer, to secure multi-step OAuth2 flows without exposing any step to Rails.
📗 Ben Toews' Tokenized Tokens is an excellent write-up on securing secrets without impacting the developer experience. It's a fantastic system design and, even better, it’s fully open-source!
Top 0.1% re-post: The Importance of Writing
"Writing is a normalizing medium. No matter what you look like, how old you are, how you speak, or how confident you are, you can sit on your own and formulate your thoughts [...] An impactful message is an impactful message."
Writing helps in many ways, yet it takes effort to learn and improve.
Firstly, the best way to get better at writing is just to write as much as you possibly can."
📗 James Stanier's The importance of writing is a post about the impact of writing at work. It will convince you of its usefulness if you're not already, but the article's value is in the actionable advice it contains. If you only have 2 minutes, skip to the five ways to practice being more impactful at work through your writing.
The one that resonated with me most is "Think through problems by writing them out." This practice has worked remarkably well for me over the past years.
"Writing is so powerful. Wield that power for your benefit."