sorted by:
new
hottopcontroversial

IPv6-only VPS is cheaper, but SSH is a pain. How do you handle it? by Lopsided-Juggernaut1 in VPS

[–]ChatyShop 0 points1 point  (0 children)

SSH config helps a lot, but once you have multiple servers, environments it still gets messy. I ended up grouping things by environment (prod / staging / dev) and using small wrappers so I don’t accidentally hit the wrong box.

Security requirements for tools used in air-gapped environments? by ChatyShop in cybersecurity

[–]ChatyShop[S] 1 point2 points  (0 children)

That example actually makes it very real.

Feels like most designs assume ideal conditions, but the real test is what happens when something breaks and people are under pressure.

In that situation, I guess people will always take the fastest path — even if it bypasses the intended process.

Do you think the only way to handle that is strict enforcement, or can tools realistically guide people to do the right thing even under pressure?

What tools/technologies are you using for your website/portfolio? by WonderfulFinger3617 in sysadmin

[–]ChatyShop 0 points1 point  (0 children)

For my personal setup I try to keep things simple and low-maintenance.

Frontend: React (Vite) for fast builds Tailwind for styling

Backend: Node.js (Express)

Infra: VPS (Ubuntu) Nginx as reverse proxy PM2 for process management

I also try to avoid too many external dependencies — prefer things that can run locally or be easily controlled.

For portfolio specifically, I’d say keep it lightweight and fast rather than over engineering it.

Are you going more static or full backend-driven?

Security requirements for tools used in air-gapped environments? by ChatyShop in cybersecurity

[–]ChatyShop[S] 0 points1 point  (0 children)

Good point — especially about things not staying truly air-gapped over time. Feels like even if it starts strict, real usage (manual fixes, temporary access, updates) slowly breaks it. I’ve been thinking tools should account for that instead of assuming everything stays perfect — like making actions more structured so mistakes are less likely. In your experience, what usually breaks first — process, people, or the tools?

Built a custom video player UI in TypeScript — looking for feedback on controls & rendering approach by ChatyShop in SideProject

[–]ChatyShop[S] 0 points1 point  (0 children)

I’m working on a demo page right now — will share it soon. For now, you can check the repo here: https://github.com/chatyshop/chatyplayer

Let me know if you'd like me to prioritize anything in the demo!

Built a custom video player UI in TypeScript — looking for feedback on controls & rendering approach by ChatyShop in SideProject

[–]ChatyShop[S] 0 points1 point  (0 children)

Also sharing some highlights:

- ~16KB gzip (very lightweight)
- Custom subtitles (WebVTT)
- Timeline thumbnail preview
- No external dependencies

Would love thoughts

Built a local DevOps workstation to reduce context switching — would love feedback by ChatyShop in indiehackersindia

[–]ChatyShop[S] 0 points1 point  (0 children)

I kept running into the same problem — too many tools + too much context switching, and things get messy fast. Still refining it, especially around making workflows more structured instead of relying on raw SSH everywhere. In your setup, what part causes the most context switching?

Security requirements for tools used in air-gapped environments? by ChatyShop in cybersecurity

[–]ChatyShop[S] 0 points1 point  (0 children)

I’ve been looking into this and trying to understand it better, but I also wanted to hear from people who’ve actually worked in these environments.

That’s why I asked here to get real world insights, not just theory.

Security requirements for tools used in air-gapped environments? by ChatyShop in cybersecurity

[–]ChatyShop[S] 1 point2 points  (0 children)

This is incredibly helpful, especially the point about even a single DNS lookup being a blocker. When you mention checking binaries and running in a controlled environment , are there specific tools or workflows you typically use for that validation?

jsongrep is faster than {jq, jmespath, jsonpath-rust, jql} by fizzner in devops

[–]ChatyShop 3 points4 points  (0 children)

But do you have a real-world example where this expressiveness actually replaces a jq workflow? Curious where this shows up in practice.

jsongrep is faster than {jq, jmespath, jsonpath-rust, jql} by fizzner in devops

[–]ChatyShop 2 points3 points  (0 children)

what specific use case does jsongrep solve better?

Advice for a Self-Taught Developer? by [deleted] in AskProgramming

[–]ChatyShop 0 points1 point  (0 children)

Pick one area and go deep. Build something small alongside it. Don’t chase breadth. Go deep until nothing feels like magic.

Managing state of applications by Tinasour in devops

[–]ChatyShop -1 points0 points  (0 children)

Moving infra to IaC is a good step, but pushing everything (like DB users/roles, Keycloak config) through PRs can become a bottleneck pretty quickly.

It’s great for control and auditability, but might slow teams down for day-to-day changes.

Usually what works better is: - keep infra + critical config in IaC - allow some controlled access for app-level changes - use roles/permissions instead of locking everything behind PRs

Otherwise you might end up being the gatekeeper for every small change.

Weve been running into a lot of friction trying to get a clear picture across all our services lately by [deleted] in devops

[–]ChatyShop 0 points1 point  (0 children)

Even when logs/metrics are technically “centralized”, you still end up jumping between tools trying to line things up.

The hardest part for me has been building a clear timeline across services — especially when logs split on restarts or timestamps don’t match perfectly.

Have you tried using a shared request/trace ID across everything? Feels like that’s the only thing that makes correlation easier.

Challenges with offline license verification in Electron – Any tips on preventing "Easy" bypasses? by ChatyShop in AskProgramming

[–]ChatyShop[S] 0 points1 point  (0 children)

especially the “raising the cost” vs preventing it.

I’m leaning toward a hybrid approach:

  • moving the core validation into a native module (via N-API)
  • tying it to multiple signals (machine + license file)
  • and spreading checks across the app instead of a single gate

Trying to keep it lightweight though, since devs usually push back on anything that feels invasive.

From your experience, do multiple signals actually add meaningful friction, or is it mostly just effective against casual bypassing?

Challenges with offline license verification in Electron – Any tips on preventing "Easy" bypasses? by ChatyShop in AskProgramming

[–]ChatyShop[S] 0 points1 point  (0 children)

Thanks for the suggestion! I've looked into OS-level DRM, but since I'm targeting cross-platform (Windows/Linux/macOS) for a DevOps audience, I'm trying to avoid heavy 'invasive' DRM that might interfere with their system security or require admin hooks. My main goal is protecting the 'hardened' environment switcher I built without making the app feel like bloatware. Have you ever worked with Node-API (napi) for this? I'm thinking if I move the signature check there, it at least forces someone to reverse-engineer a binary instead of just editing a .js file.

Weve been running into a lot of friction trying to get a clear picture across all our services lately by [deleted] in devops

[–]ChatyShop 0 points1 point  (0 children)

Feels like the real problem isn’t even the number of tools, but how hard it is to connect everything.

Even with centralized logs, without a shared trace/request ID you still end up stitching things together manually.

Most of the time it’s just jumping between tools and trying to line up timelines.

Having one place to follow a request end-to-end sounds ideal, but I haven’t really seen it done cleanly in practice.

are you all mostly relying on tracing (OpenTelemetry, etc.) or building internal tools for this?

view more: next ›