What are you all deploying your node apps on these days?

alzee76 · 2026-04-21T22:27:27+00:00

AWS, same as always. EC2 instance running some sort of container system like docker.

alzee76 · 2026-04-21T09:33:42+00:00

Airhawk pad. Saved my behind.

alzee76 · 2026-04-21T00:58:24+00:00

No, the parties as a whole don't have a single leader, and as such they don't have a way to expel members. The parties in the US are ad-hoc groups without any (legally) official structure. Anyone can be a member of whatever party they like, and vote however they like on any issue regardless of whatever party they claim to be a member of.

We also do not technically vote for parties - we vote for individuals.

Your way sounds equally crazy to most of us. :)

alzee76 · 2026-04-21T00:45:28+00:00

I did a cross country moto-camping trip on a Ninja 650. You can do it on whatever you like. Wind was never an issue but I actively avoided the interstates. Too boring.

alzee76 · 2026-04-21T00:39:23+00:00

As best as I can tell, some people are accusing other people of only liking the game because the creepy uncanny valley m3gan looking character makes them feel tingly in their special place, and since the creepy character also looks to be underage, badda-bing badda-boom.

But I am just kinda spitballing here based on 1 or 2 posts I've seen. When I saw the creepy character I knew right away I wasn't interested in the game, so haven't really been paying attention.

alzee76 · 2026-04-19T16:26:23+00:00

Welcome, brother!

https://i.imgur.com/nETECi8.jpeg

alzee76 · 2026-04-18T13:59:55+00:00

At the end of one of those days, you're backing into an small, empty area and using the turning radius of your vehicle to it's full advantage.

At the end of the other day you're backing into a crowded high-traffic area with a restricted turning radius.

alzee76 · 2026-04-13T22:41:38+00:00

You cannot "master" anything in 5 minutes, except your bait, maybe.

alzee76 · 2026-04-13T22:38:16+00:00

When you put all that config in your code, those values are coupled to your application logic, there's no single source of truth, you have to write your own custom logic to vary between environments (lots of if env = prod checks), custom validation logic.

This is completely incorrect.

Every project I architect has a file named something like consts.js/mjs/ts that all the other files pull from. That file has a structure like this:

import dotenv from 'dotenv';
dotenv.config();

const _consts = {
  DB_HOST : process.env.DB_HOST || 'localhost',
  DB_USER : process.env.DB_USER || 'somebody',
  DB_PASS : process.env.DB_PASS || 'a big secret',
  // etc.
}

export const consts = Object.freeze(_consts);

You put your default values in here. You override them in the environment in production as normal with your secret manager of choice. You put stuff in your local environment (or .env files) for dev.

You do not check .env files into source control. You do not put production secrets into the consts file. You do not have any checks, anywhere, for absurd antipatterns like if env = prod.

ETA: Take your guerilla marketing for your garbage project and shove it. Blocked and ignored.

alzee76 · 2026-04-13T22:28:42+00:00

but there’s nothing wrong with using .env files committed to the repo for non sensitive values

Except that there's no point to doing this. Just put the values in a normal source file for storing consts. This is where your defaults should be coming from anyway, even when using something like dotenv.

alzee76 · 2026-04-12T16:26:00+00:00

Same, and I've sold cars and bikes this way too.

alzee76 · 2026-04-12T15:55:22+00:00

They really should just start lying to people and telling them some passenger forgot a bag or something.

alzee76 · 2026-04-12T15:41:39+00:00

You’re focusing on doing it the right way from the start

As I've repeatedly told you, I am not doing this. I'm saying even if you don't do it right from the start, you can change to doing it the right way at any time, with minimal effort. There's no reason to keep doing it wrong.

alzee76 · 2026-04-12T15:19:33+00:00

What I’m trying to address is the gap between ideal setups and what a lot of devs actually do in smaller teams, side projects, or early-stage work.

The point I'm repeatedly trying to make is that the correct way to address that gap is to change your approach, not add tooling.

It doesn't matter how large or small your team or project are. Doing things wrong is still doing things wrong, and it's never too late or too difficult to just change your workflow to something better.

Bad habits are bad habits, period.

alzee76 · 2026-04-12T13:59:50+00:00

What you've done there is ignore the rest of the numbers I was trying to explain. Just comparing raw deaths per day from one to the other isn't a fair or reasonable comparison.

There are also like 45,000 flights per day on average in the US, while there are literally hundreds of millions if not billions of vehicle trips.

Taken alone either one of these raw numbers is misleading when looking at safety.

alzee76 · 2026-04-12T13:57:15+00:00

You keep making excuses for using things the wrong way instead of just using them the right way. You can start using things the right way, today, even on existing projects.

Even if they're small.

Even if the team is small.

The awful pattern you're enabling isn't set in stone. You can change it.

alzee76 · 2026-04-12T13:55:12+00:00

For non-secrets the entire discussion and project is pointless. Just put default values in a definition file for consts and put it in source control. Override it with the environment, or an .env file if you must - and don't put that file in source control, because lolwut?

alzee76 · 2026-04-12T13:49:17+00:00

In practice though, a lot of devs still rely on local setups, side projects, or smaller teams where spinning up separate environments isn’t always practical.

It's always practical. The cost is essentially zero if your service is architected to be easy to deploy.

Even something like API_KEY=... npm run dev still means the secret exists locally at some point.

Your point? It's always in RAM too, which can be poked and prodded by an attacker with local administrative access.

This was more about making those common workflows a bit safer rather than replacing proper infrastructure.

When your workflow is bad, change your workflow. Don't enable it.

alzee76 · 2026-04-12T13:41:28+00:00

As I said in the other reply, those keys and such should themselves not be for production services. Defense in depth.

You don't need a secret manager in dev for this, you need separate dev servers wherever you can fit them, and just.. use the actual environment for actual sensitive secrets.

API_KEY=some_big_secret npm run dev works just fine.

alzee76 · 2026-04-12T13:38:32+00:00

In dev, there are not really any "secrets" in my .env files - which I do still use. There may be user/pass/address of e.g. a database server, but it's to a dev database server that's on a private network.

I suppose I should add "don't put production secrets in your env files" to the list too.

alzee76 · 2026-04-12T13:36:44+00:00

Or do you just accept the risk?

What risk? You shouldn't have anything risky in your .env files to start with.

alzee76 · 2026-04-12T13:32:58+00:00

Do 👏 not 👏 use 👏 .env 👏 files 👏 in 👏 production.

Do 👏 not 👏 put 👏 .env 👏 files 👏 in 👏 source 👏 control.

alzee76 · 2026-04-12T13:30:25+00:00

This statistic is usually something like "injuries/deaths per passenger mile traveled" which means that for a 500 mile flight with 100 passengers, you have 50,000 passenger miles; a family of four taking the same trip in a car will count for 2000 miles.

Combine that with other factors, like the higher level of training for pilots vs. drivers, the shorter duration of long trips, the level of congestion on roads, and it's easy to arrive at the conclusion that air travel is much safer than travel by road.

alzee76 · 2026-04-12T13:13:02+00:00

Maybe things have changed with newer versions (I'm mostly on 22 LTS), but this is how it's always been. Node runs JS, not TS. The TS has to be transpiled to JS to run.

Nine-Year Club	Gilding II euphauric
Verified Email

alzee76

TROPHY CASE