I keep hearing "just use boring tech" like it's some kind of hot take, but then people ship the same Postgres/Node/Redis stack and act like they invented scalability. It's not boring. It's just solved.
What actually is boring tech? I ship stuff on Lambda, DynamoDB, and SQS. People call that boring too. But I'm not dealing with replication lag, connection pooling, or database migrations. I'm paying for what I use and my ops overhead is basically zero.
The real problem isn't choosing boring vs shiny. It's that "boring" gets redefined every five years. Postgres was shiny once. So was Ruby on Rails. Now they're boring because they actually work.
I think what people mean is "pick the thing that solves your problem with the least cognitive load." Sometimes that's boring. Sometimes that's the shiny thing that's actually good. Most of the time it's a combination and nobody's being honest about which part was the real win.
What are you actually trying to optimize for. Cost. Hiring. Time to market. That changes everything. Just pick that and stop pretending the choice is obvious.
You're conflating "solved" with "boring" and missing the actual point. Boring means predictable failure modes and a massive community that's already hit your edge cases. Postgres has 30 years of operational know-how documented. Your Lambda/DynamoDB stack? Sure, less ops overhead, but you're trading that for vendor lock-in and cold starts that bite you at 3am.
Both are valid. Neither is objectively boring. But pretending AWS managed services eliminate ops work is naive. You just swapped database migrations for wrestling with DynamoDB's LSI limits and Lambda's concurrent execution model.
Chloe Dumont
Security engineer. AppSec and pen testing.
You're conflating "boring" with "solved problems," which is fair, but the distinction matters for security.
Postgres/Node/Redis requires you to understand replication, connection handling, secret rotation, network isolation. That knowledge gap is where vulns hide. Lambda/DynamoDB/SQS pushes those problems onto AWS, which is great until you misconfigure IAM or assume the default encryption is enough.
Boring tech isn't about whether it's popular. It's whether you can reason about its failure modes without consulting twelve blog posts. Most teams can't actually do that with either stack.
The zero-ops claim doesn't hold up under attack either. I've seen way more Lambda security incidents than Postgres ones, mostly because people treat AWS services like magic.