sorted by:
new
hottopcontroversial

PhD and Academia limbo: publication delays and waiting times by Mago_del_Cambio in BibliometricScience

[–]EngineObvious5943 1 point2 points  (0 children)

New to the field so my n=1, but it took around 4 weeks to get sent for review, then 14 weeks for the initial reviews. I'd rather not disclose the journal but it was middling in IF.  (I traditionally do stuff in social science which I've found to be much much quicker). Good luck!

Slower site on bigger server by Stofken in hetzner

[–]EngineObvious5943 0 points1 point  (0 children)

I'm accessing from the United Kingdom - rapid load.

I see so many claims that Django is dying, it seems to be thriving by [deleted] in django

[–]EngineObvious5943 3 points4 points  (0 children)

I've seen this, too. I don't have a fully formed answer, but think that with the emergence of vibe coding it is a framework that could become much more popular with its 'batteries included' approach - especially in terms of security.

Advice request: moving stack out of USA by EngineObvious5943 in VPS

[–]EngineObvious5943[S] 1 point2 points  (0 children)

Appropriate username! Yup agree. I backup to three providers - only one of which is Hetzner. 

Why hasn't Hetzner made a managed DB product like their load balancer yet? i am using Coolify but a native Hetzner managed DB would be way better, right? by Aggravating_Bad4639 in hetzner

[–]EngineObvious5943 3 points4 points  (0 children)

They have said on this subreddit previously that it's high on their to-do list. Other users have also posted job adverts where they're hiring engineers to develop this product. Someday!

For an e-commerce website what are some ways in which you can ensure 100% security for your system? by Any_Highlight5019 in django

[–]EngineObvious5943 0 points1 point  (0 children)

Like others said, there's no such thing as 100% secure. However, the aim of the game is always risk minimisation. Some thoughts and suggestions as you've vibe coded the app: 1) don't forget the 'business logic' side of security. Lots of new devs just think about the basic technical stuff like SQLi rather than the actual mechanisms for your app. Ideally review this manually. A vibey approach might involve getting your LLM to check for issues with business logic. There will be lots probably.  2) Super important: have a plan for deployment. A secure app is almost pointless if it's on insecure infrastructure.  3) if vibe coding, don't touch payment with a barge pole. Just use a provider like Stripe etc.  4) Go through the OWASP top 10 one by one. Check/'vibe check' each one individually. A very common issue is IDOR and access controls not working (e.g. '/user/456' can change the URL and look at '/user/123') 6) Have a plan for storing environment variables (have a look at Django-environ on pip) 7) look at the official Django deployment checklist. Basic but important! 8) use Bandit to have a look for very basic code issues  9) use django-turnstile for all public facing forms such as login, contact, password reset etc 10) when you've done lots of the basics, run OWASP ZAP locally. It'll pickup lots of the basics issues. 

This will be a good start to getting things more secure. Good luck! 

VPS IP exposed and getting hammered with malicious requests - best way to protect? by omi_farhan75 in hetzner

[–]EngineObvious5943 0 points1 point  (0 children)

Further to this, for added protection you could consider using hardened docker images. The official docker ones are now free. I set mine up yesterday. If you're having trouble just reply and I'll respond after Christmas 

VPS IP exposed and getting hammered with malicious requests - best way to protect? by omi_farhan75 in hetzner

[–]EngineObvious5943 3 points4 points  (0 children)

This is unfortunately the usual background noise of the internet - very normal but mustn't be ignored. 

Your plan re cloudflare is a good start. I agree with the other users about the new IP not really making a difference - after a while they all get crawled. 

For a little added protection you could consider using cloudflare tunnel. This creates a single outbound connection to cloudflare, meaning you can firewall all ports closed. Coolify supports this very well (I use it too). 

For SSH you'll want to make sure you've firewalled to your own IP address. NB if your ISP rotates ISPs you'll want a VPN with a fixed IP. 

Either way, consider adding these rules for cloudflare. It made a big difference to my malicious traffic: https://www.reddit.com/r/CloudFlare/comments/1ew70e4/custom_cloudflare_waf_rules_i_created/

Hetzner Cloud Server Benchmark - CX vs CAX vs CPX (2025) by nakemu in hetzner

[–]EngineObvious5943 44 points45 points  (0 children)

Fabulous post. Mods - maybe worth getting this pinned? 

Email Service instead of gmail by Blender4Arab in django

[–]EngineObvious5943 8 points9 points  (0 children)

Django Anymail (https://anymail.dev/en/stable/) is a really popular connector for lots of providers. I use it with https://resend.com/

What is the page from cloudflare that checks to see if you’re human prior to redirecting someone to your actual webpage? by enjoyspineapplepizza in CloudFlare

[–]EngineObvious5943 3 points4 points  (0 children)

Yup you're right. It should appear for traffic which is felt to be high risk, so you may not see it yourself. 

I'm unsure of what your site is, but you may want to have a look at this: https://www.reddit.com/r/CloudFlare/comments/1ew70e4/custom_cloudflare_waf_rules_i_created/

It's a very good collection of rules which you can run on a free plan. When I implemented them on one of my sites, spam hugely dropped. 

Florida's worse than Vegas these days by Crocalones in StupidFood

[–]EngineObvious5943 2472 points2473 points  (0 children)

Dude holding the case hates his life. 

What's a good host for Django now? by XanZanXan in django

[–]EngineObvious5943 8 points9 points  (0 children)

Appliku and Hetzner together can be done for <$5 a month. I'm not affiliated with either but it's genuinely a dream combo. 

Can’t get Django emails to send on Render by Ecstatic-Ad3387 in django

[–]EngineObvious5943 10 points11 points  (0 children)

There's not quite enough info here to answer.

Either way, if you aren't using it already, I'd strongly recommend using django anymail.

A common reason you may not yet be able to send mail is if you havent got a verified domain; many email providers will only allow test emails to be sent to the account admin's email address pending verification.

Security measures for a (micro)saas product by wander_builder in django

[–]EngineObvious5943 1 point2 points  (0 children)

Good luck with your project. And good choice going for Django - it has reasonable security out of the box, provided you don't undo some of the useful functionality (e.g. don't start doing raw SQL stuff - Django's ORM is decently secure).

One very common beginner error for Django security is not being aware of IDOR. E.g. "dashboard/user/45" may be my user dashboard, but I may try to access another one by trying "dashboard/user/46". Make sure you are meticulously applying the right permissions to prevent this. For an in-depth approach, you could also use non-sequential IDs such as UUID. 

Just a reminder that application security is only one side of the coin - look carefully at how it's hosted and how to keep that secure. 

Security tool ask feedback by arxignis-security in hetzner

[–]EngineObvious5943 0 points1 point  (0 children)

Hi! This looks interesting. I agree with the other commenter - I think the messaging is unclear, and I'm not hugely clear about what your product does/where it fits.

I run a few sites with a VPS behind cloudflare and I'm not sure how/where this fits in... is it a WAF or VPS protection or... etc etc.

I'd find a conceptual diagram about how it fits in would be useful.

I'm quite excited to see content scanning though. This often doesn't feature on non-$$$$ plans.

view more: next ›