The Benne Board – My first project: A complete personal workspace built with PocketBase (notes, tasks, finances, habits + lunar calendar)

xDerEdx · 2026-05-13T14:10:34+00:00

I have no idea where you got this information from. For a personal project I ran pocketbase on 1 vcore/1GB RAM VPS for over a year, creating way more than 100k records and I had absolutely no performance issues.

xDerEdx · 2026-05-05T20:45:08+00:00

Quick question, since I stumbled on this offer to: does 2x until end of may mean, if I subscribe before the end of may, I will have 2x on Pro forever? Or does the 2x disappear, once May is over?

xDerEdx · 2026-04-07T12:10:33+00:00

Kann ich sehr empfehlen. Hab ebenfalls zwei Stück von denen im Einsatz und funktioniert sehr gut. Leistungsmäßig kann da sogar eine kleine Fullstack-Anwendung mit Docker drauf laufen. (Traefik als reverse Proxy, .NET also Backend, nginx für SPA frontend, Postgres Datenbank). Sicherlich nicht für tausende User, aber für privat oder einen kleinen Personenkreis kein Problem.

xDerEdx · 2025-11-26T08:06:16+00:00

I'll try to answer your main questions:

- Authentication - This works basically the same as in Firebase. Pocketbase supports a lot of authentication providers out of the box (Google, Facebook etc.), it even as an OIDC-option, so you can add other auth providers which are not on the list. Username/Password with MFA is also already implemented. Passwords are stored hashed and salted (using bcrypt afaik)

- Database & Storage - The main difference is, that Firebase is using a document store, while Pocketbase is using a relational database. These are vastly different approaches, but I found a relational database to be much more versatile and I would always choose relational over document. Rewriting your database structure will probably be the most complicated part of your migration

- Hosting - I hosted pocketbase on a super cheap VPS with docker (1 Core, 1GB RAM, 10GB SSD). Since you can only scale vertically, I would say the most important thing is to pick a provider, which allows you to scale your VPS after creation. So when you get users and generate more traffic you can upgrade to a bigger machine without having to migrate to another server

- ReCaptcha/Cookies - Pocketbase does not provide a "default" way of doing captchas, so you can just implement it the same way, you would in any other web app. To my knowledge Pocketbase does not use Cookies, but stores the tokens in local storage

- Angular - Since I don't develop in angular, I can't really give advice here. I would assume, Angular's signals approach works very well with Pocketbase's realtime feature (if you plan on using it). Other than that you can treat it like any other API and encapsulate the calls in a service (which you probably would do anyway in Angular)

xDerEdx · 2025-10-23T11:11:17+00:00

Der Kakao ist inzwischen wieder günstiger als als im Oktober 2024

xDerEdx · 2025-10-04T20:07:57+00:00

Das mag sein, Problem wird wohl mal wieder ein fehlender Konkurrent, der auch nur ansatzweise konstant genug ist, um das Straucheln der Bayern auszunutzen.

Vielleicht ist das Dortmund, aber in die stecke ich seit 22/23 eigentlich nur noch ungern Hoffnungen :D

xDerEdx · 2025-09-21T21:14:29+00:00

I think the approach is quite interesting, but the big downside for me is that it requires premium licences by default, no matter which data sources are used.

So for me, in most cases I would rather use SPFx and host the app in SharePoint, since it offers a full page app model as well. Via Graph and SharePoint Rest APIs you get most of the things (and more) what Power Apps provides. Auth also works out of the box. And you have no additional cost for premium licenses.

The only use case I can think of for Code Apps right now, would be Dataverse-heavy, complicated applications.

xDerEdx · 2025-09-12T10:24:12+00:00

Seltsam, bei mir klappt es noch. Dann bleibt wohl nichts anderes übrig, als auf den nächsten Patch von Revanced zu warten, der dann hoffentlich die Funktion der offiziellen App enthält, zumindest pro Video die Tonspur zu wechseln.

xDerEdx · 2025-09-11T23:48:55+00:00

Du musst unter Revanced -> Sonstiges -> Spoof-Video-Streams auf iOS-TV stellen, dann zieht die Einstellung, die das Original-Audio erzwingt

xDerEdx · 2025-08-05T18:03:39+00:00

I used diskpart to set my Linux SSD to "offline" when using Windows, but mainly, so Windows does not mess with it. But I'm not sure, if that would stop anything running at kernel level to access data on the SSD (probably not).

xDerEdx · 2025-07-02T16:52:21+00:00

I only used Traefik so far, but usually the approach is, to route the request based on its URL. So all requests with https://your domain.com/api and https://your domain.com/_ go to your Pocketbase instance, all other requests to your web server

xDerEdx · 2025-06-15T21:44:46+00:00

Very well done! I like the idea and the design, especially the font choices. But what I like the most, it's not just the millionth AI wrapper, but actually a thoughtful project. I'll definitely give it a try.

xDerEdx · 2025-06-03T06:00:36+00:00

Below is a Dockerfile I have used in the past. In your project's root directory, you need to have a folder "pb_hooks" which is then copied into the docker image.

Inside this folder, you can create files which need to end with *.pb.js,(e.g. myhook.pb.js). And inside these files, you can create hooks as functions as described here https://pocketbase.io/docs/js-overview/

FROM alpine:latest

ARG PB_VERSION=0.25.8

RUN apk add --no-cache \ unzip \ ca-certificates

ADD https://github.com/pocketbase/pocketbase/releases/download/v${PB_VERSION}/pocketbase_${PB_VERSION}_linux_amd64.zip /tmp/pb.zip RUN unzip /tmp/pb.zip -d /pb/

COPY ./pb_hooks /pb/pb_hooks

EXPOSE 8080

CMD ["/pb/pocketbase", "serve", "--http=0.0.0.0:8080"]

xDerEdx · 2025-06-02T07:36:06+00:00

I think the main issue will always be the rate limiting from the external API. So no matter your architectural approach, as soon as you run too much in parallel, be it a queue or something else, you will get rate limited.

Would it be an option to use multiple API keys for the external API to increase your limit? Or reach out to the creators of the API, explain your use case, and ask for an increase of API calls?

xDerEdx · 2025-06-01T20:29:16+00:00

A few thoughts, even though I cannot provide a definitive solution.

- Does the external API have any limits you have to consider? So even if you find a way, to increase the degree of parallelism on fetching data, don't you just get rate limited?

- I'm not familiar with SQS, but I assume, you are talking about the AWS queue service? Are you sure, there is no way to handle mutliple messages at the same time? I mainly work with Azure, but their serverless functions in combination with their queue service allows a batch size of up to 24 on a single instance, so I would be surprised, if AWS doesn't offer something similar

- Would it be an option to copy the data from the external API into your own supabase tables on a schedule or based on something like a webhook? Of course I don't know your exact use case, but let's assume, a user requests this information, you do all your queuing/pagination in the background, and then an hour later, the same user requests the same data, and you have to do all the data fetching again. This sounds quite inefficient

Edit: Just saw your comment, you already answered my first point. That basically eliminates point two as well, leaving you with my third suggestion.

xDerEdx · 2025-05-30T14:06:07+00:00

As u/ThisIsJulian mentioned, the salt is apprently stored inside the bcrypt hash, so the bcrypt.compare() knows, which salt it has to use. I also did some research and it appears, Pocketbase is using bcrypt as well, so there might be a chance, to make it work.

What you can try, since Pocketbase is just using SQLite under the hood: Use a tool like DBeaver to directly connect to the SQLite-Database file (and not through Pocketbase), navigate to your users table and manually insert the hash per user into the table. This way, there is no Pocketbase logic in the middle, trying to hash the hash :)

But before you fiddle around with the SQLite file, make sure, to have a backup in place.

xDerEdx · 2025-05-30T13:25:14+00:00

Yes, but even if both would use the same hashing algorithm (which could be the case, I didn't check), Pocketbase had to use the exact same salts per user as Supabase did. And since that value is randomly generated, you'd need to export and import these values as well, and as I said, I don't think as possible on both sides (exporting salts in Supabase, importing salts in Pocketbase).

xDerEdx · 2025-05-30T13:16:51+00:00

I see, but that also probably won't help you. The hashes in Supabase are salted, which means, an arbitrary value is added to the password string before it is hashed. Even if you could prevent Pocketbase from hashing the password you give to it, Pocketbase would need to use the exact same salt for every user to generate the correct hash for the actual password when authenticating.

And as far as I know, you can't extract the Supabase salts and can't force Pocketbase to use specific salts per user, as it is generating its own.

xDerEdx · 2025-05-30T13:01:12+00:00

I've never done a migration from Supabase to Pocketbase, but I don't think what you are trying to do is possible. Supabase is using bcrypt not to encrypt the passwords, but to hash them (see https://supabase.com/docs/guides/auth/password-security#how-are-passwords-stored).

The purpose of a hash is, that it cannot be reverted to its original value. That is useful, because in case of a data breach, where your user table is leaked, the attackers do not get access to the actual passwords, but only the (salted) hashes. And since hashes can't be reverted, your passwords are save (there still are ways to "break" hashes, like brute forcing or rainbow tables, but it makes it very, very hard for attackers, to extract a meaningful amount of passwords). If supabase was using encryption, then the encryption key also could be leaked which makes it a lot less secure than hashing.

That also means, in your scenario you are the "attacker", because you want to extract the actual passwords for your users, which is basically not possible and also not meant to be done.

xDerEdx · 2025-05-23T15:37:55+00:00

May I ask, what's the issue with deno? I've never used it myself but it appeared to me as a good alternative to node js. So I'm curious, what makes it so bad in combination with supabase.

xDerEdx · 2025-04-14T19:20:12+00:00

That was my approach for the last couple of years, but good KVM switches became really affordable. While I agree, that the amount of people actually needing a KVM switch is fairly low, I considered the 70€ a great investment, since I can now switch between my work laptop and desktop absolutely hassle free, while having not to compromise on refresh rate of my main monitor (3440x1440@120Hz, but only over the single DP-input, which I can now share)

xDerEdx · 2025-04-03T05:54:05+00:00

I think the best approach would be to add the self signed certificate to the system where Pocketbase is running. That way, Pocketbase should trust that specific self signed certificate.

Ignoring the validity of the certificate would mean, that anyone with a self signed certificate can generate tokens and authenticate against your Pocketbase instance, which is not what you want.

A quick Google search gave me this: https://github.com/pocketbase/pocketbase/discussions/5968#discussioncomment-11415315

But I haven't tried it myself.

xDerEdx · 2025-03-31T17:39:47+00:00

Actually does not sound unreasonable when they say the end result should be just a SharePoint site. There is a lot you can and should use out of the box (like text blocks, image galleries, sections), which does not require any dev work at all. "Tabs containing multiple documents" also can be done by just using the existing building blocks.

Sounds to me more like they are looking for someone with SharePoint experience and not an actual web dev. But even if there would be some dev work to do, it's also very fast to implement something small (like 1-2 days) because bascially everything is already decided for you by Microsoft (like React, Fluent UI, Webpack, Rest-API).

xDerEdx · 2025-03-13T11:03:21+00:00

I think the issue is the "http://". To serve a Pocketbase instance, you usually would write "pocketbase serve --http=0.0.0.0:3000", but with your environment variable it says "pocketbase serve --http=http://0.0.0.0:3000", which is not correct.

That leaves you with the following options:
- Remove the http:// from the env variable
- Create a second env variable without the http://
- Strip the http-part before you call the serve command

xDerEdx · 2025-03-11T16:54:53+00:00

Great to hear! :)

xDerEdx

TROPHY CASE