Language-agnostic concepts a Backend Engineer should know?

I think it's important to know about different data storage options and their trade-offs. Managing state is one of the hardest parts of backend development, particularly at scale, so an understanding of the trade-offs in databases/caches/blob-storage/queues, and when each is useful is important.

I'd pay close attention to speed and "correctness". What's the consistency model of a system? Can we lose data and if so how? What's the throughput? Latency?

These help choose good technology for backend systems, and helps answer questions like:

- Can we do this in-band while serving a user request?

- Can we do it 100 times to serve a request?

- If it completes successfully can we trust it or do we still need to handle failure?

- Can we trust it immediately or eventually?

There are lots of technologies and terms for all of this but I've specifically avoided them because the important bit is the mental model of how these things fit together and the things they allow/prevent.

I'm currently learning back-end coming from a front-end career, and I started reading "Designing Data-Intensive Applications" by Martin Kleppmann, seems to be a must-have for anyone who wants to get serious in this field.

Security mindset: read the book Security Engineering (it is online), less for specific technical info than for the many war stories etc. which will help you guard against vulnerabilities and unforeseen consequences.

Basics of cryptography: there are many dumb errors to avoid.

Antirez's general advice about "10x programmers" is good: http://antirez.com/news/112

Thorough (not just basic) knowledge of SQL, if you don't count that as a language. The sqlite.org "technical and design documents" about sqlite's virtual machine and its query planner are well worth reading, and apply to other databases as well. ORM's are less important than SQL, and are usually language specific as someone mentioned.

Reasonable clue about socket programming, even if you're doing everything with libraries that wrap the details.

Comfort using debugging and profiling tools.

Lots of other stuff, I'm sure.

IAM, who and what is authenticating, how and what permissions will it have.

What data is coming into your system and it’s variety, velocity and volume.

Do you really need NoSQL, probably not.

Do you really need that ORM and all the schema, migrations and ops to go with it, known the pros and cons.

Are your boundaries defined well? Networking, firewalls etc? Are or do they need to be identity aware?

Are you logging what you need to log, where you need to log it and do the right people have access to it? Maybe metrics are really what you need.

What’s the dev story like? Can I run things locally or easily without spending days recreating an environment? IAC is one thing, but debugging some Python locally vs deploying and print statements sucks. Have a good readme and leave the repo better than you found it.

Tackle the hard problems first, then create reproducible developer story, then hand it off to someone Jr. so they can do the grunt work and you can help them out in a jiff.

CI/CD, incrementally improve it over time and don’t spend time boiling the ocean here. A simple bash script to deploy may suffice for an SRE to take it to the next step as IAC or to drop it into some CI tool.

Apply the practice of least privilege from the very start.

KISS, if what you are building is too confusing, it’s because you need to spend more time writing about it vs actually writing it.

C and how to debug it.

If you understand the system a layer of abstraction or two below the layer you work in, you will be able to debug deeper. Learn system calls, Various ways how to examine processes.

I learnt a lot of this back in the day by completing war games on a site called digital evolution (dievo). Those are antiquated now but still a really fun way to learn it.

IME, it's the following considerations that make back-end development hard:

- Fault tolerance. - Backwards (or forwards) compatibility. - Scalability. - Testability. - Everything around state (backup/restore, migration strategies, data integrity, etc.)

Most other things are a one-time cost. These things are an ongoing burden to consider, but if you forget to consider them it can be devastating.

Also remember: any time you give a (internal or external) customer programmatic access to something, that is an API, and APIs have huge costs to maintain. That includes when you dump your database into "data lake" for internal reporting...

Some that spring to mind

- Database Migrations

- Kubernetes

- Basic RPC and code generation i.e. gRPC, OpenAPI and GraphQL.

- Realtime Concepts, i.e. Kafka, MQTT

- DevSecOps

- Builds. i.e. make files.

- Jobs, i.e. cron or batch and job workflows.

- Offsite incremental DB backups and restore.

- Infrastructure as Code i.e. Pulumi.

- How to write clean and concise documentation, including references to further reading material which helped you solve that particular problem.

- Basics of server/runtime environment security (RBAC, least privileges, common threats, etc.)

- HTTP: REST/HATEOAS, headers, transport layer caching, rate limiting, load balancing

- Authentication: OAuth2 is probably the most widely used

- Authorization: RBAC

- Some rudimentary statistics: know how to read metrics, write metrics, etc

- Learn one RDBMS inside and out. Other database systems have their place but you’ll almost always encounter a Postgres, MySQL, MSSQL. Learn how to read EXPLAIN output, cursor based pagination, and indices.

Understand the importance of having good visibility of your system. Implement good logging and collect metrics, for example the four golden signals of throughput, latency, saturation and error rate. The Google SRE book gives a good introduction to some of these concepts. See for example https://sre.google/sre-book/monitoring-distributed-systems/.

Understand how to load test your system and to reason about its behaviour under load and its failure modes when you push it too hard. It's one thing to be able to build a system and functionally test it such that you're confident that it behaves correctly when you send one request at a time. It's another thing to let thousands or millions of real users hit it for real in production and to have confidence that you are giving them all a good experience.

Would totally recommend this book "Patterns of Enterprise Application Architecture" by Martin Fowler

https://martinfowler.com/books/eaa.html

I would add soft skills - how to sell your ideas; how to ask for help, how to offer help with offering offense; how to write docs, emails, or proposals; how to avoid taking offense when it feels like you're being ignored or slighted (usually not the case); how to keep stakeholders updated; creating realistic timelines. I'm sure I'm missing some. You can accomplish more than your technically astute colleagues and work on more interesting projects if people trust you, like you, and feel inspired and happy to work with you.

Privacy management.. Privacy laws are severely restricting who may see people’s PII

Are you using the PII data for purposes other than it was originally collected?

Can you synthesise a good enough set of test data so you don’t have to anonymise production data? Hint: you can’t sufficiently anonymise production data and still have it be useful

Slightly related, what are the most high-quality resources for learning backend engineering?

Having a good knowledge of HTTP is useful in many different contexts.

- The correct semantics for each HTTP method

- What different status codes indicate

- Common headers, particularly around caching

- HTTP 1.1 vs HTTP 2

- Common authentication protocols - OAuth 2.0, JWTs, etc.

Besides all of the excellent suggestions others have said, I would add:

- the OSI model, DNS, TCP/UDP, TLS, and networking in general

- CPU flame graphs and other low-level performance/debugging tools

- the Knightmare devops story

- anger management

Here are some of the concepts in no particular order. This is the quick list I came up based on my experience and usage.

1) RDBMS, NoSQL Concepts

2) Writing Queries and Joins

3) Connecting to Database native and ORM

4) HTTP Verbs like POST, GET, DELTE, PUT etc

5) Restful API and GraphQL Concepts

6) Session State, Application State, Caching and Safe Error Handling

7) Distributed Systems, SOA, Async Functions (i.e file handling)

8) Design Patterns, OOPs concepts (Abstraction, Interfaces etc)

9) Authentication, Authorization, Cryptography

10) Configuration, Minimum Privileges (e.g dbrole, server account etc)

How to set up a decently secure, monitored and backed up server.

Look into and learn as much as possible about penetration testing.

No better way to know how to secure your code than the mindset of "Ok how would I break into this" :)

I always thought the roadmap.sh Backend Developer Roadmap gives a nice overview of technologies and concepts. Even though it misses some things imo (identity management comes to mind)

https://roadmap.sh/backend

I have found that the most important bit as a backend engineer is modelling the application domain precisely. A taste for making good APIs helps and knowing how to measure performance.

These days most backend engineers also tend to manage data sources so understanding them is also a plus

Don’t hide the async nature of external requests. It seems like a magically good idea until it all falls apart. Timeouts and error propagation needs to flow from the request ingress all the way to the backend services.

Distributed systems, consensus & data consistency concepts

Any (almost) software engineering concept is language agnostic.

The sooner you get this attitude the more comfortable youll be with your skills development.

How to move your IO and side effects to the edge of your system

So that you can perform tests without firing the side effects

Almost everything is actually language agnostic or transferable. So it's a big question.

Domain Modeling (check out the book 'Domain Modeling Made Functional').

Isn't an ORM the perfect example of something that is not language agnostic?

Lazy loading

Dependency inversion/injection

Idempotence

REST