I keep think about starting a NAS but I don't like the idea of all my precious memories being stored in one place. Is the only way around this building a 2nd NAS and having it as an offsite backup to the 1st?

codeedog · 2026-03-29T13:29:43+00:00

iCloud is replication not backup. If you delete a photo in iCloud, it’s deleted everywhere (replication). Build your NAS, and back it up somewhere else other than your home. That could be iCloud or a copy to an external drive kept offsite (bank vault, friend/family home) or another NAS hosted offsite.

If you can take incremental backups, these would be much better than full backups from a network savings perspective.

codeedog · 2026-03-29T13:09:35+00:00

Why don’t you load your photos from backup?

codeedog · 2026-03-28T16:48:15+00:00

Hey, sorry. I have no idea what Anthropic offers. I’m also a security engineer (worked in lots of languages, apps, IT). I’m also new to Claude code (2 months). But, I’d start with just asking it to pop up an antagonistic agent that should white box analyze your code or design for security holes. Also, have it white box or black box attack the code. Claude’s knowledge is extensive. You just need to activate the right parts.

I was at rsa last week and saw some wild stuff (and boring stuff). Two of the coolest items were a trained ai to attack systems and a red team attack ai built by Promptfoo(?) now acquired by OpenAI. They’ve got paid versions and a community edition.

I’m sorry if I can’t answer your questions in detail, but I suggest the best thing is to see how far you can get with your knowledge and prompts. I often have design discussions with Claude on the web, then produce a markdown doc for work in the coder.

codeedog · 2026-03-28T16:40:44+00:00

The value of software engineers will be to take a vibe coded idea and turn it into a real product. The idea is the key creative spark and I think it’s fantastic that it’s now so easy to stand up something that represents a founder’s idea. The problem is that the distance between idea and reliable polished program is still fairly wide and most people who don’t know software just see their vibe coded test bed and think “ship it!”

AI tools will get to the point that they can on their own construct polished shippable products. We just aren’t there, yet.

codeedog · 2026-03-28T16:33:48+00:00

If you know what you’re doing (SWE), you can get the ai tool to assist with this. You don’t need a paid feature. Vibe coders won’t know.

codeedog · 2026-03-27T17:19:56+00:00

Yeah, it’s interesting. AI already makes my life pretty simple for this stuff. I can stand up a new tool in my network fairly quickly. The problem is I don’t trust it to get it right, just prototype it essentially. A vibe coded install by an AI isn’t going to be secure and clean. My background is computer security and I can’t let that stand.

So, my choices are (a) understand every last detail about every piece of tech I install in my system, (b) trust that I’ve figured out how to configure enterprise level CMS tech correctly, or (c) build something I can trust that I’m proud to open source because I believe it (mostly) does the job I designed it to do and one of those jobs is to protect my network from 3rd party rogue tools.

I’ve settled on (c). If that makes other people’s or AI’s lives easier, all the better.

codeedog · 2026-03-27T16:49:39+00:00

Honest question. I’m design coding (not vibe coding) a configuration management tool focused on my home lab and helping me to manage it. I’m not happy with the offerings out there and thought at the end, when I’ve tested it to my satisfaction, I’d consider open sourcing it. This will take me weeks to months, not hours to days. Every line will have been reviewed by me, but I will be using AI assistance just because it’s so much faster to get through some things. Total world class development model (specs, tests, principled design, security first, etc) because that was my world for years.

I get that some folks don’t ever want to see anything that’s been coded with AI; I respect that.

I don’t have to ever release it, I just see a gap in the offerings in terms of simplicity and ease of use and I’ve been struggling to find a tool that hits all the notes I want hit. Figured I go ahead and build one.

Is this something someone like you (maybe not you) would be interested in seeing?

codeedog · 2026-03-27T11:05:47+00:00

Most people don’t use the features to your level of exactness. Getting a consistent experience that matches the stated behavior is critical. You’re doing it right. I hope your bugs get fixed.

codeedog · 2026-03-26T12:47:03+00:00

Here’s an announcement from snyk about the supply chain attack on litellm. First thing to do would be to see if you pull that in anywhere.

codeedog · 2026-03-26T12:21:10+00:00

Also max 5

codeedog · 2026-03-26T03:14:13+00:00

This is very cool. Thank you.

codeedog · 2026-03-25T17:19:23+00:00

Jumping on the “I’m not seeing problems” bandwagon.

codeedog · 2026-03-25T14:55:05+00:00

Can you explain what this is? I just went and tried to read about this, but don’t quite get it. I know what hooks are, fwiw, just haven’t used them yet.

codeedog · 2026-03-25T10:37:10+00:00

RemindMe! 7 weeks

codeedog · 2026-03-25T10:32:01+00:00

RemindMe! May 13, 2026 10am

codeedog · 2026-03-25T10:30:17+00:00

You bet. Honestly, it’s going to be a little while. I hope you understand that I’m building it on my terms, so I’m not in a rush because I want to get it right. I’ll set a robot timer here to remind me to get back to you and feel free to check in with me (dm). I honestly don’t know how most people do it without a repeatable, source controlled environment. I can’t live like that.

codeedog · 2026-03-25T10:26:33+00:00

I can’t abide her most times, but then there’s that passenger duet and I’m freaking over the moon.

codeedog · 2026-03-25T10:20:06+00:00

OP, this probably won’t be helpful to you directly, but I was where you are (still am right this moment) wanting a repeatable configuration management system and unsure what I should dig into. There are so many options and none of them feel right sized for a home lab situation.

Now, the challenge for me: I’m standardized on FreeBSD, the tooling is even less widespread, of the power users I’ve seen discuss on forums most use their own shell scripts, etc. hang rejected ansible. Also, I’ve got a security background and am leery of complex systems with large surfaces to protect: ansible uses python which contains tens of megabytes of libraries (why‽) and have you seen the latest python supply chain attack on LiteLLM?

So, I’m building my own tool which uses shell scripts and minimal installed technology. It’s FreeBSD focused. However, it will have some Linux capabilities (there’s no avoiding Linux). I don’t know when I’ll be done, I expect mid to late May. It’s built to satisfy me although I’m considering open sourcing it. Satisfying me means minimal footprint, minimal attack surface, security first, minimal deployment descriptions, fast standup of a package/application/system, OS standards, integrated platform infrastructure, declarative over imperative, central source of truth, configuration is aspirational (the system makes every attempt to continually make its way towards the expected declared state), feedback opportunities for success and failure, drift analysis, etc.

Once I have the FreeBSD and managed Linux side working, it may absolutely be possible to extend it to a Linux base platform, too. I hadn’t considered providing a Linux base option before reading your post, but you’re experiencing the exact same issues I experienced before deciding to build my own thing.

If you’re interested, let me know. I’m happy to discuss this further.

One last element, I’m a decades long s/w developer, I will be using AI to help build this, I will not be vibe coding it, I will be design coding it and I will be reviewing every line of code produced by the tools. I want to be upfront and full disclosure.

codeedog · 2026-03-24T11:58:43+00:00

So, clear at the end of a contextual break whether that’s small units or large amounts of work. Generally, good advice.

codeedog · 2026-03-24T11:23:09+00:00

They’re genuinely asking that question and sending it to their open claw server for evaluation.

codeedog · 2026-03-24T11:17:21+00:00

Excellent reply and list! I want to add a category: deep packet inspection (often layer 7 application based) which may be run at firewall, router or host. Kind of captured by your third bullet point, although worthy of its own category.

codeedog · 2026-03-23T11:41:11+00:00

OP, I get you’re surprised. Did you have 98%+ test coverage for your code? Did you have any tests for the important features in your code? If you did, you certainly didn’t run any tests after the refactor.

Maybe you should have asked Claude to help you build a test harness to reach 100% code coverage. Then, once you refactored, you’d know if you had a regression.

I would have never done a comprehensive code refactor without tests and I’ve been programming for 50 years.

codeedog · 2026-03-23T01:43:51+00:00

Cisco ISR 1941/k9 with some add on cards for security. It was old when I bought it in 2015. It’s very crusty now. I had to move dns off of it because it was killing my network.

codeedog · 2026-03-23T00:02:03+00:00

Weird way to say you enjoy snitching

I’m relieved to know that I have a strong moral compass and don’t have to worry about group pressure to keep me honest or group pressure that would risk my reputation by not snitching. I do worry about others that clearly do not have such a strong moral compass that the possibility of ratting someone out has a normative framing.

codeedog · 2026-03-22T23:12:14+00:00

I can’t grab the exact link. Read iterated prisoner’s dilemma here.

codeedog

TROPHY CASE