DEV Community: Zacchaeus Bolaji

Performance Optimization: The Basics That Scale

Zacchaeus Bolaji — Tue, 11 Nov 2025 14:20:15 +0000

Most developers wait until performance becomes a problem before doing anything about it. By then, you're firefighting instead of building. Here are the optimizations you should implement from day one - they cost almost nothing upfront but save you from major headaches later.

Database & Queries

Add indexes on columns you query frequently. Your database has to scan every row without them, and that gets slower as your data grows.
Select only what you need. SELECT * pulls data you don't use, wastes bandwidth, and makes your queries slower.
Avoid N+1 queries. If you're fetching data in a loop, you're probably making one database call per iteration when you could make just one.
Paginate early. Don't wait until you have thousands of records to add pagination. Implement it when you have ten.

Caching Strategy

Cache what's unavoidably complex. If a query or request takes time and the result doesn't change often, cache it. Don't cache just because you can.
Use a CDN for static assets. Images, CSS, and JavaScript files should be served from edge locations close to your users, not from your application server.

Network & Infrastructure

Put your application close to users. Deploy to regions where your users are - latency matters more than most developers think.
Put services close to each other. If your API and database are in different regions, every request crosses continents unnecessarily.
Fail fast. Set appropriate timeouts so slow operations don't block everything else. If something's going to fail, let it fail quickly.

Application Architecture

Process heavy work asynchronously. Sending emails, generating reports, or processing uploads shouldn't happen in the request-response cycle—use queues.
Measure before you optimize. You can't fix what you don't measure. Track response times and error rates from day one.

These aren't premature optimization. They're sensible defaults that prevent problems before they start.

The time to implement them is now, when your application is small and changes are easy. Trying to retrofit them into a large codebase under production load is significantly harder.

Do it right from the start, and you won't have to do it again later.

Why Your Bank App Asks for PIN (And Why Some Online Shopping Gets Complicated)

Zacchaeus Bolaji — Mon, 18 Aug 2025 10:23:21 +0000

You've probably ever wondered why your bank app asks for a PIN when you want to send money even after you logged in. Or why buying something online sometimes brings you to a different page asking for a text message code? Let's break this down simply.

Why Your Bank App Has Two Different "Passwords"

Think of your bank account as your house. You possess a key to access your house (that's your login password), but you might also have a safe inside which has another combination (that's your transaction PIN).

Your login password is the first key to entering the banking app - you can view your balance, your transaction history, basically "browse around your house." But if you're going to do something serious like transfer money to someone, the bank insists that you must enter your transaction PIN. This is similar to cracking open that safe and removing your goodies.

Why This Double Protection Exists

Let's say your friend holds your phone when you're still connected to your bank app. They'll be aware of how much money you have, but they won't be able to transfer your money anywhere as they don't have your transaction PIN. Sharp, right?

This also protects you in case someone is able to obtain your login details. Maybe they overheard you entering your password, or maybe hackers gained entry into the database of the bank and got login details. Even then, they cannot steal your money without that extra transaction PIN. That transaction PIN cannot be changed without knowing the old one. Guess why.

Now, Let's Talk About Shopping Online

When you buy something online using debit/credit card, you typically have to enter:

Your card number (the long 16-digit one)
Expiry date
CVV (3-digit number in the back)
Your name

But for Nigerian cards, something else is done which will shock foreign visitors.

The Nigerian Way: Extra Security

After you've entered the card details of your Nigeria issued card, two extra things happen:

PIN Request: The page asks for your card PIN - the same 4-digit number that you use at cash machines
OTP (One-Time Password): You get a text message with a code that you must enter to complete the purchase

This means that in order to buy something online with your Nigerian, you need:

Your card number (which could be stolen from the internet)
Your PIN (which is only supposed to be known to you)
Your phone (to receive the text message)

Why Nigeria and some other countries do this

This is where it is interesting. If you have ever shopped on American or European websites, you would have known you just have to provide your card number - no PIN, no text message code. Card number, expiry date, CVV, and away you go. The risk here is that stolen card can be used for online payment easily. But that risk is mitigated with the ease of reporting stolen card and getting your money back,

The Problem Nigerian Merchants Face

Suppose a person in Nigeria has an online shop that sells clothing. A "customer" orders clothes using an Australian credit card, but the shipping address is in Nigeria. Something doesn't smell right - why would someone in Australia purchase from a little Nigerian shop and have it shipped to Nigeria?

What probably transpired: A thief has stolen the credit card information of an Australian and is shopping with it. Because some Australian cards do not use PINs or text messages as codes to verify purchases on the internet, the thief can shop freely.

Worst of all: If the actual Australian card owner sees the purchase and reports it as not authorized, or if the thief themselves contacts the bank reporting that the purchase was unauthorized, the Nigerian store owner loses thrice:

They forfeit the money from the sale
They forfeit the shipped clothes they had already sent
The bank charges them a "chargeback" (dispute) fee

What's a Chargeback?

A chargeback is like a refund, but the bank forces you to do it. When you see that there's some charge on your card for which you didn't spend any money, you can call your bank and say "I didn't buy this." The bank will get the money back from the merchant and refund it to you. This is quite easy to do in most countries - sometimes you just need to press a button on your banking app.

The system exists to protect customers, and that's a positive. But it also makes it easy to abuse by fraudsters.

Why Nigerian Banks Make It Hard to Process Chargebacks

Unlike other countries where you can simply dispute charges with clicks of a button, most Nigerian banks prefer for you to physically go to the bank in order to process a chargeback. That makes it harder for honest customers as well as scammers to dispute charges.

This may be a hassle, but it keeps Nigerian businesses safe from fraudulent chargeback claims.

The Solution: Why Those Extra Steps Matter

Recall the extra steps when making online purchases in Nigeria - the PIN and text message code? They eliminate the fraud issue entirely.

Even if a thief obtains your card information, they won't be able to make a purchase because:

They don't know your PIN
They don't possess your phone to get the text message code

This is why it's common among most Nigerian payment processors (like Paystack) to have the "disable international payments" feature. They're essentially allowing the merchant to decide whether to accept payment from international non-nigerian cards with added risk, or refuse to accept those kind of payments.

What This Means for You

You are actually safer when you shop online with your Nigerian debit card than consumers in most other countries. Yes, entering your PIN and waiting for a text message is annoying, but it means:

Your funds are so much safer should an intruder steal your card details
Nigerian online stores can buy and sell with confidence
You're less likely to fall victim to card fraud

The next time your banking app asks for that transaction PIN, or an online store asks for a text message code, remember: it's not red tape - it's a highly sophisticated security system protecting your funds.

The Global Picture

Other nations tip the balance between convenience and security in different directions. Some prefer speedy, easy purchases and accept that fraud will inevitably happen. Others, like Nigeria, prefer security even if it makes transactions take longer.

Neither is wrong - it's all about what each culture desires most. But being aware of these differences helps to explain why online shopping is viewed differently in different countries, and why Nigerian sellers sometimes don't want to have foreign buyers.

Finance is more complex than it appears, but once you have the correct information, you will learn to comprehend it and protect yourself from it.

The AI Illusion: Why It's Not Scaling, Not Helping, and Not Worth the Hype (Yet)

Zacchaeus Bolaji — Wed, 30 Jul 2025 07:24:08 +0000

For the past three years, AI has promised a revolution. Autonomous agents. Superhuman copilots. Instant content and code generation. But as the dust settles, we're seeing a different story:

AI isn't scaling.
It's not solving meaningful problems at scale.
And the cost — in money, compute, carbon, and credibility — is often far too high.

1. AI Is Too Expensive to Scale

Running large language models (LLMs) isn't cheap — not even for small workloads. Even with tiny models like LLaMA 3 8B or Mistral 7B, the infrastructure cost to serve just 10 users concurrently can exceed 3GB of RAM, plus expensive GPUs or quantization tricks. Once you move to high-end models like GPT-4 or Claude Opus, you're talking 30–60 GB per instance, per batch of users.

$0.10 per query isn't sustainable when users burn through 1000+ queries/month doing things like writing, debugging, or content generation. That's $100/month per user. Who's paying that?

2. AI Agents Are a Dead End (For Now)

The hype around AI agents — self-running, goal-seeking LLMs that plan and act autonomously — has mostly fizzled out. Tools like AutoGPT, BabyAGI, Devin, and LangChain agents make for flashy demos but collapse in production.

Why?

They hallucinate tools and API calls
They can't reason about real-world constraints
They loop endlessly or freeze on edge cases
They misinterpret vague goals like "book a trip under $2,000"

Giving AI agency doesn't make it smart. It just makes it faster at making mistakes.

Trying to build reliable autonomous agents on top of a stochastic text predictor is like training cats to code — amusing, chaotic, and entirely unproductive.

3. Copilots Create as Many Problems as They Solve

GitHub Copilot, CodeWhisperer, and others were marketed as productivity boosters. But many developers are realizing they:

Suggest incorrect or outdated code
Distract from the actual thought process
Increase keystrokes as you constantly delete wrong completions
Burn massive compute resources per suggestion

Traditional autocomplete (IntelliSense, TabNine-classic, etc.):

Is more predictable
Runs locally
Has near-zero latency
Doesn't try to outguess your logic

For many developers, Copilot is just noisy autocomplete with worse UX and a bigger carbon footprint.

4. AI Customer Support Is Backfiring

Companies like Klarna, Air Canada, and Frontier Airlines rushed to replace human agents with AI chatbots. What followed?

Customer frustration
Lawsuits from AI hallucinations
PR disasters
Quiet reversals to bring humans back

AI might answer basic FAQs, but once a conversation requires empathy, context, or escalation, it fails — often spectacularly.

Saving a few cents per interaction isn't worth losing a customer's trust forever.

5. What Are We Actually Gaining?

We already had Stack Overflow for debugging. Grammarly for writing. Zapier for automation. Static analysis for code. What's new with AI?

It's faster — when it works.
But it's wrong — often.
And it's wasteful — always.

Many users spend more time correcting hallucinated code, rewriting clunky blog drafts, or debugging broken workflows than if they'd just done it manually.

AI promises to save time, but usually shifts the labor from creation to correction.

6. The Feedback Loop of Doom

If AI-generated content keeps flooding the internet:

Future models will be trained on synthetic, low-quality data
This leads to degradation in quality (known as model collapse)
Which further reduces trust in AI outputs

When AI learns from AI, the whole ecosystem begins to rot.

TL;DR: The AI Boom Is Hitting a Wall

AI isn't scaling because the compute cost and unreliability are too high
AI agents are glorified toys — not task solvers
Copilots distract more than they help
Customer support bots are making things worse
The content explosion is setting us up for self-sabotage

We're not against AI. But we're against pretending that it's already the solution.

It's not.

At least, not yet.

If you're looking for real productivity, sometimes a traditional tool — or a human — still wins.

What Traffic Lights Can Teach Us About Computer Deadlocks

Zacchaeus Bolaji — Fri, 25 Jul 2025 23:39:40 +0000

From red lights to frozen apps, the rules that keep traffic — and your computer — moving smoothly.

Ever been stuck at a red light forever? Your computer has the same issue with its programs!

The Problem: Everyone Wants the Same Thing

Picture this: You're at a busy intersection. Cars from all four directions want to go through at the same time. If everyone just floors it, you get a massive crash.

Now imagine your computer: Multiple programs all want to use the printer at the same time. If they all try to print simultaneously, you get a mess.

Same problem, different scale.

What is Deadlock?

Deadlock happens when everyone is waiting for everyone else, and nobody can move. It's like this classic scenario:

🚗 Traffic Version:

North-bound cars are waiting for East-bound cars to clear the intersection
East-bound cars are waiting for South-bound cars
South-bound cars are waiting for West-bound cars
West-bound cars are waiting for North-bound cars
Result: Nobody moves. Ever.

💻 Computer Version:

Program A has the printer, wants the scanner
Program B has the scanner, wants the hard drive
Program C has the hard drive, wants the printer
Result: All programs freeze. Forever.

The Four Rules of Deadlock

Computer scientists figured out that deadlock happens when these four things are all true:

Resources can't be shared (only one car can be in the intersection center)
Hold and wait (you keep what you have while waiting for more)
No takebacks (you can't force someone to give up what they have)
Circular waiting (everyone waits for someone else in a circle)

Break any one of these rules, and deadlock becomes impossible!

How Cities Solve Traffic Deadlock

Traffic Lights = Resource Schedulers

Traffic lights are basically schedulers that prevent deadlock by breaking rule #4 (circular waiting). They say "North-South, you go first. East-West, you wait your turn."

Smart Traffic Systems

Modern cities use crazy smart systems:

SCOOT (used in 350+ cities): Adjusts light timing in real-time
SCATS (used in 55,000+ intersections): Detects traffic and adapts instantly

These systems work like advanced computer schedulers, constantly analyzing traffic patterns and preventing gridlock before it happens.

"Don't Block the Box"

Ever see those yellow grid markings at intersections? That's deadlock prevention 101. The rule is simple: Don't enter the intersection unless you can completely exit it. This prevents the circular waiting that causes gridlock.

Fun fact: In NYC, blocking the box gets you a $90 ticket!
.

How Computers Solve Program Deadlock

The Banker's Algorithm

Computers use something called the Banker's Algorithm - imagine a banker who only loans money if they're sure everyone can pay it back. The computer only gives resources to programs if it can guarantee no deadlock will happen.

Resource Ordering

Just like traffic lights give green to one direction at a time, computers can require programs to request resources in a specific order. No cutting in line = no deadlock.

The Ostrich Algorithm

Sometimes the solution is... ignore it! If deadlock is super rare, some systems just restart when it happens. It's like how most intersections don't have traffic lights - crashes are rare enough that stop signs work fine.

See It in Action

Want to see this in action? Check out traffic intersections during rush hour, or look up videos of cities like London or Sydney where smart traffic systems prevent gridlock in real-time. It's basically watching a massive distributed computer system manage thousands of moving resources!

The Cool Connection

Next time you're at a red light, remember: you're experiencing the same fundamental computer science problem that happens inside your phone, laptop, and every computer system. The traffic light above you is running the same type of algorithms that prevent your apps from freezing.

Traffic engineers and computer scientists are solving the exact same puzzle - just with different pieces.

Want to learn more? Look up "dining philosophers problem" - it's another classic example of the same deadlock challenge, but with hungry philosophers and chopsticks!

DIARY OF THE TWITTER BOT TWEEPBLOCKER

Zacchaeus Bolaji — Sun, 12 Jan 2020 12:06:51 +0000

BACKGROUND

When I set out to create the twitter tweep blocker bot, I was open to using any stack. I learn by doing, so even if Perl is the most efficient solution, I’ll learn Perl for the purpose of the project.

After hours of googling and tweets from folks like @theshalvah, I understood that in order to be able to block on behalf of a user, the user has to grant the bot authentication and it’s a 3-legged process.

Challenge 1 - Getting a sample implementation

Some parts of Twitter API Docs were probably written for geniuses and I’m not one, so I needed an example implementation of the 3-legged authentication. That’s the hardest part of the bot I’m building (or so I thought).
I searched google and Github, including twitter-dev GitHub repositories until I eventually found a Python implementation on Github. I quickly cloned the repo for testing (I used keys generated from my personal account). After a few trials and errors (you know Python), it worked. Problem solved, isn’t it? No! I was faced with challenge 2

Challenge 2 - Impersonating User

I’ve used Python Tweepy before for tweeting (text and media), not so sure it covers blocking. So, I googled python package for blocking and I found python-twitter package. That means I’ll be using 2 twitter packages at once. I was able to easily impersonate after getting the package

Challenge 3 - Deploying streaming and app

I’d decided to deploy to Heroku. Heroku uses gunicorn to start a flask app and I need the streaming to start when the flask app starts too. The Procfile only allows one command as far as I know. After some head “cracking”, I decided to start the streaming as a thread when the flask app starts.

Challenge 4 - Getting twitter to approve bot

So, I created a new twitter account for the bot and applied for a developer account. While waiting for twitter to approve, I decided to go update the bot profile. Saw dob field and decided to indicate the dob of the bot December 2019 so users can know when it started.
Guess what. Twitter suspended the account immediately on grounds that they only allow users above the age of 13 (and I’m claiming to be few days old!).

I’ve had suspension issue with twitter before, and I know it’s almost never resolved. So after waiting a few hours and no response, I decided to go use a bot account I created some months back for an experiment.

INTERMISSION

So, all is set. The bot is ready and deployed to Heroku. I shared the new development on twitter and it was well-received. Suddenly, the bot began to reply itself and @theshalvah called my attention to the fact that since the bot is not listening for any keyword, it’ll keep getting triggered anytime it’s quoted/mentioned.

Challenge 5 - Getting bot to stop replying itself

@dara_tobi suggested a few fixes too. After trying different combinations, I realised it’s best the bot listens for a keyword (as do most twitter bots I’ve seen). I deployed this fix and it fixed that issue.

Challenge 6 - Twitter callback URL

Even though people were trying to use the bot, they couldn’t authenticate cos the app was breaking. @bigbrutha_ called my attention to the auth issue. Turns out I forgot to set the Heroku URL as a callback. So, I decided to the Heroku URL on the twitter app as well as my environment variable.
However, the problem persisted. Then I saw that I used HTTP in my environment variable, but https in the callback URL set on twitter app. I decided to leave both the HTTP and https version on twitter app.

Challenge 7 - Persist data with SQLite

I used SQLite for saving data on the app since it’s a file. But I noticed that each time I deploy the app, it asks me to authenticate again. Meaning the previous authentication is lost. Then @dara_tobi called my attention to a limitation of using SQLite on Heroku i.e DB gets flushed regularly. @theshalvah suggested I used PostgreSQL as there’s a free tier on Heroku. In my own search, I found that MySQL is supported and there’s a free tier too. So, MySQL it is! Had to modify the queries a little bit since there are slight differences in how you write SQLite queries and MySQL queries.

Challenge 8 - Persist DB Connection

So, MySQL is up and running. There shouldn’t be any data loss, isn’t it? I wish! I noticed the app keeps breaking on step 2 and it’s MySQL error. The error was saying MySQL is unavailable. After googling, realised it’s because the connection has been lost. I had created a single connection and use that connection throughout the app. Turns out, the connection is gone after it’s used the first time. This issue made me realise why I love frameworks (Laravel comes to mind).

After some trials and errors, I realised the working solution is to connect to the DB each time I need to interact with the database. So, I created a DB connection function and called it before any SQL query. There might be a more efficient fix, but my current fix works, so…

Challenge 9 - Duplicate post error

The bot was working fine but at a point, twitter started returning an error that the tweet I’m trying to post is duplicate. Then I remembered a time @theshalvah and someone was discussing using random texts when bot tweets. So, I googled “hello in various languages” to use randomize the texts. Ended up with 10 randomized texts to use each time the bot needs to post.

Challenge 10 - Tweet no reply error

I wanted the bot to reply to the tweet that mentioned it, without mentioning the user. Turns out it’s not possible (with tweepy at least). When I tried it the bot started posting tweets that are not replies to any tweet, so the user that mentioned the bot can’t see the reply (cos it’s a tweet, not a reply)

Challenge 11 - Double Posting

This issue frustrated me a lot. Every other thing on the app works fine, but when the bot will reply a tweet, it’ll post 2 replies instead of one. Checking the logs, I also saw that the server starts streaming twice.
I tried is to wrap the streaming call in a try, and when the exception is that streaming had already started, it should exit the script. This didn’t solve the problem.
Since I noticed that the server creates 2 processes whenever the flask app launches and googling informed me that the second process is for auto-refresh. I added a check to not start the streaming if it’s a reload. Didn’t work.
I added a sleep to the tweet function maybe it’ll prevent duplicate tweet. Didn’t work.
Tried finding all processes and deleting before creating a new one. Didn’t work.
Tried calling the script in Procfile, didn’t work (error)
Tried saving the process ID (PID) of the streaming in a file and check if that file exists before launching streaming.
What worked, for now, is creating a lock file that when streaming starts and refuse to start streaming if a file already exists.

Challenge 12 - Idling of Heroku Dyno

So, I noticed inactivity with the bot and realised that the dyno (server) sleeps after some minutes of inactivity. So, if the bot is mentioned during sleep, it doesn’t respond. The quick fix for this is to ping the website intermittently to keep the server alive. Heroku says free dynos sleep after 30 minutes of inactivity, so I set up an external cronjob to ping the server every 15 minutes.

Twitter Blocker Bot

Zacchaeus Bolaji — Fri, 03 Jan 2020 21:52:07 +0000

Recently, someone on twitter suggested a twitter bot that helps block a user. The idea is that most times we block users later, but may not be able to remember exactly why we blocked them later. The @TweepBlock is bot here to solve that tiny problem.

How It works
Comment on the user's post and mention @TweepBlocker. If you've authorized the bot before, it'll block the user for you and reply when it's done.

If you haven't authorized the bot before, it replies with a link for you to authenticate. Once authentication is done, it blocks the user.

You can view a list of users you've blocked with the bot by visiting https://twitter-please-block.herokuapp.com/user/ where should be replaced with your twitter username.

The source code can be found here https://github.com/djunehor/twitter-blocker in case you need to see the inner workings and maybe suggest an improvement.

As a side feature: the bot keeps a log of tweets that caused the block. So even if the user deletes the tweet, you can still dig it up

Eyowo-php: A PHP Wrapper for Eyowo API

Zacchaeus Bolaji — Mon, 09 Dec 2019 10:01:30 +0000

Over the weekend, I decided to go through eyowo API docs. I attempted to consume the APIs using PHP.

The API docs include sample codes for curl, javascript, kotlin, ruby and java. No sample codes for PHP yet.

So, I went ahead to create a PHP wrapper for the API, for those who might want to use the API in their PHP application. The package named eyowo-php is framework-agnostic, meaning it can work in any PHP framework or application.

Go ahead and check it out here https://github.com/djunehor/eyowo-php