Don't Roll Your Own

I'd like to add:

* Don't roll your own standard controls

Seriously. Don't. You want a single-select box? Use a combo box or radio button group. Want an edit box? Use an edit box. Want a list that finds things as you type? That's in the standard too. Don't roll your own.

This "roll our own controls for everything" bothers me to no end as a screen reader user, because practically nobody properly follows ARIA best practices, and that leads to a less accessible internet.

I find that most datepickers are better than the browser's default. It's a shame that they can't be styled more

Totally agree. What do engineers or designers think they're trying to accomplish when they mess with the scroll bar? Or the password field? "We are so sophisticated, the built in behavior is simply not good enough for us!"

Congratulations, now your website is a shitty experience for your users. Well done.

I'm always an "It Depends" kind of guy.

I have a personal issue with having a 500KB page load, so a button press can be animated.

> Among software developers, and especially among those who work on security-sensitive systems, there is a well-known maxim: Don't roll your own crypto. This does not mean that nobody is allowed to write cryptographic code. Someone has to. It means that, for ordinary production software that protects sensitive data of users, we should not rely on a private, unreviewed implementation that has not been vetted by the wider software development community. We should use established, vetted software packages or tools wherever possible.

The great things about all these crypto libraries are:

- Minimal to no dependencies

- Coded by security conscious people

- Often externally audited

I wish more libs/deps are crafted like them. Until then the risk of rolling your own vs using a dep isn’t as different as it could be.

In the age of AI and npm supply chain attacks I feel like there are more reasons than ever to roll your own.

One other possible title of this article could just be, don’t break UI conventions. Which is not the same thing.

Instead of trying to download and configure a date time thing (for something app specific like domain specific date ranges) rather than having to rely on the configuration of a larger library, then having to manage all future major version upgrades (and some of these npm libraries have major versions every year!) why not just create your own smaller surface area component? It’ll be literally zero maintenance compared to managing an npm dependency in your app.

A strange issue I’ve found is careless use of AI at my job has lead to many people rolling their own incomplete mini parsers. Think YAML parsers of a frontmatter that expects either `key: value` exactly or treats `item1, item2, …` as a list.

It’s a litmus test I use to see if someone actually glanced over what the AI generated.

The problem with Don't Roll Your Own is that Other People's Code gets more and more grotesque with each passing year. More bloat, more random dependencies, more churn. Other People are a headache in any industry; with Other People's code you have Other People problems by proxy.

> Don't roll your own page scrolling.

browser should not even let the page see this action

> Don't roll your own link navigation.

browser should not even let the page see this action

> Don't roll your own text selection.

browser should not even let the page see this action

> Don't roll your own copy and paste.

browser should not even let the page see this action

I'm serious. WHY javascript code is even allowed to see all these actions of the user? We already loaded the page and rendered it - we users must already be free to do with the content as we please

Sometimes it makes sense to roll your own, sometimes it's a distraction. As always, judgment and taste matter to avoid mistakes and/or catastrophe.

If you don’t “roll your own,” you must choose from what other people have created. And in this space, there are a bewildering array of options, each of which carries some new pile of abstractions that make some things easy and other things hard.

Many eyes are supposed to make bugs shallow. In the webdev space, many eyes on something like React lead to numerous opinionated alternatives, each successful enough to warrant consideration. This doesn’t seem to be slowing down, either.

Meanwhile, vanilla HTML and DOM capabilities have never been stronger.

I'd like to add "don't roll your own image viewer"

twitter and google and google maps and so many have rolled their own and they completely suck compared to just letting the browser render an img tag. They inevitably fail on some bad multitouch interaction that affects the web page, and the image viewer container. Or they add some slow-as-molasses zooming effect.

UX standardizes as majorities begin to agree on patterns/interactions/concepts.

Unfortunately, it’s 1) difficult to reach consensus 2) difficult to broadcast and 3) difficult to enforce. For example, even when major browsers achieve 1) and (e.g. implement a standard component) 2) and 3) are still huge gaps.

https://news.ycombinator.com/item?id=48141474

agreed, that page decided they needed to write their own scrolling logic and it made the page horrible.

For most users, link navigation for single page apps is far better than making round trips to servers which the 'traditional' browser would do.

At the same time, ask yourself "do I really need something special for this?" because the browser adds native support for things all the time.

If one really wanted to ruffle feathers they could make a script that checks out the latest source code for OpenSSL, OpenSSH maybe a few other communication daemons, makes just a few very subtle changes to a few ciphers, shim in some random nonsensical padding, static compile or containerize and distribute to a private network of systems in minecraft.

Whatever you do don't teach AI how to do this or there could be a flood of VPN's speaking new but not really new ciphers that code breaking farms won't know what to do with and ciphers that are not known to exist and yet nobody ever really rolled their own.

This concept was conceived whilst interacting with Rubix cube players.

the split between documents and apps explains a lot of the pain here. if a page mostly presents content, hijacking selection, scroll, or copy should be treated as a regression

I'm going to go out on a limb and say there is never a valid reason to mess with page scrolling. It's just bad design and a terrible experience for the user.

Don't fuck with the scroll bar should have its own article.

He’s totally right. It’s obvious.

Nobody cares that a browser's navigation buttons, address bar, tabs, or window controls don't match the current website. Probably because these things are obviously outside the extents of the web page.

However, scrollbars, context menus, modal windows, and date pickers are rendered within the extents of the web page, and get replaced all the time.

It is my opinion that these controls don't need to be styled to match the website, because they're not part of the website. They're part of the browser. Non-diegetic. Outside the fourth wall.

I'd go even more basic than this: only use native everything. It's a travesty that web pages are to use use custom controls or have any kind of look and feel different from the native OS ones. The look and feel of everything (every app, every webpage) should be determined by the end user, via their OS settings, not by the author of the app or document. What we have is designers being able to get to "my app/webpage looks the same for everyone"; what we ought to have is users being able to get to "every app/webpage looks the same for me".

> "there is a well-known maxim: Don't roll your own crypto."

Fun fact, this was written shortly after one of the biggest linux vulnerabilities which was caused by a kernel crypto library, presumably to avoid userspaces rewriting their own crypto.

What an odd idea. You should always write your own code whenever possible, that's how we get better things. It's not my job to make the standard better or to force a bad standard, it's your job to make the standard the obviously correct choice.

> Don't roll your own page scrolling, link navigation, text selection, context menu, copy and paste, password field, or date picker.

Javascript in the browser was a mistake. And if we had to have it, the suitable scope of it was what we had around 2004.

Google invested tens of billions in it realizing they had a way of owning the browser space simply by making it insanely complex. Just hire all of the web standards people, tell them to go crazy and then also hire thousands of C++ browser developers for decades to implement everything. Boom, a moat!

"Don't roll your own" is perfectly sane advice...

For those not trying to implement the dark patterns that enshittify the web.

If you don't roll your own back button behavior, you've missed the opportunity to show a few more ads.

If you don't make your window full screen on my shitty old tablet browser (yes, I'm looking at you, BBC), then it's far too easy for me to close your window. (Joke's on you, though -- my old Samsung tablet has a physical back button.)

[dead]