• 1 Post
  • 186 Comments
Joined 9 months ago
cake
Cake day: July 22nd, 2024

help-circle
  • Lucy :3@feddit.orgtoWeb Development@programming.devServerless is a Scam.
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    4 days ago

    Meanwhile my workflow of creating anything:

    • Develop locally in an IDE (JetBrains) or remotely in neovim
    • Init repo, push repo
    • Clone PKGBUILD template
    • Edit PKGBUILD, change remote, push repo

    And then I have a native thingy working on every Arch machine I have (a server, a workstation, two DNS/DHCP servers, a PC and a laptop). And as the servers are chilling at my dad’s place … it’s not even costing me much (excluding 1000/500 fiber for like 100€/month, which is technically mine)




  • Let’s acknowledge the good: AI-assisted coding can be a game-changer. It lowers barriers for new programmers and non-programmers, allowing them to produce working software by simply describing what they need.

    CW made a simple software in C# as MVC with ChatGPT. Let it change it once. HE DID ESSENTIALLY NOTHING FOR 7 WEEKS, EXCEPT ASKING ME TO FIX ANOTHER BUG EVERY WEEK. WE’RE SUPPOSED TO LEARN SOMETHING. GIVING JUNIORS AI TO “PROGRAM” IS LIKE GIVING A TODDLER THE TOP TEN DEADLIEST SUBSTANCES TO LEARN WHAT IS TOXIC AND WHAT ISN’T.




  • CW be like:
    Spend 7 weeks learning C# (we learned Java in Uni, it’s not that hard ffs) and implementing a proper base for a project: Nah
    Let ChatGPT generate fucky code and let $me fix it over the span of 7 weeks: Hell yeah

    Had I realized that it all was generated, and he didn’t have a single little clue how it works, I would’ve just rewritten it with django or something. Hell, technically the whole server part wasn’t needed, it could’ve been index.html, style.css and scripts.js and that’s it.







  • Tbh, I myself still have SSH on port 22. Firstly, because I’m lazy, and secondly … yeah that’s it. I’m honestly just lazy. But spam bots trying office/cookie123 are not a real threat, and anyone trying to actually target me will either have somehow acquired my key + password, use one of the probably many security issues that exist in the dozen services I selfhost, social engineer me into doing something (not saying I’ve given out my (old) KeePass password once, but it could be, as love makes blind (I still love her)), or just smash my kneecaps until I give out everything.


  • Move SSH to non-standard port, make endlessh use the default port. Only use SSH keys. Only allow correct users (so eg. your user and git/forgejo). Use fail2ban to aggressively ban (redirect to default port, so 22) and report to abuseipdb everything that fails to authenticate first try (wrong user, password instead of key), has non-compatible ciphers (generally, only allow TLS1.3 etc.), or fails in any other way. Just be sure that if you accidentally get banned yourself (eg. Ctrl+C-ing during authentication), you can use another IP (eg. force v4) for connecting.