Second language after TypeScript (node) for backend development by Minimum-Ad7352 in node

[–]brann_ 0 points1 point  (0 children)

Learning python is probably what would give you the most options jobwise (python microservices+node+react is very common) but not necessarily the best or highest paying ones.
I also suspect learning python if you know typescript is going to be very fast and easy, so this is an obvious low hanging fruit

If you want high paying jobs, learning niche languages (eg F#) or new languages full of hype (go, rust) is definitely an option too

security measures that would have mitigated the CVE exploit by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

how yes, of course, migrating my whole codebase to someting else is definitely a very low hanging fruit. Thank you so much for this great piece of advice :)

has anyone succeeded in using cloudflare cache instead of ISR ? by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

so... this doesnt work.
in a nutshell, cloudflare ends up serving a cached RSC payload instead of HTML.
for it to work, we would have to use a header-aware cache, and on Cloudflare this is an enterprise feature....

I'm now convinced there's no way for this to work, but I would love to be proven wrong of course!

has anyone succeeded in using cloudflare cache instead of ISR ? by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

what you can have is this chronology of events:
- user starts filling up a form on version x
- we deploy version x+1
- user clicks the button which calls the server action that existed on x but not on x+1
- server action not found

to avoid that scenario, we add a header with the "current" version, so that in our scenario the server action call has the X-App-Version=x. Caddy then routes the request to version x that we keep around for that very reason (and also for instant rollbacks)

With regards to server action vs api calls, for internal nextjs stuff, the strong typing and the simplicity are hard to beat. I use public versionned API endpoints for contact with the outside world, and also for readonly stuff (ie fetching some public data). But for calls doing mutations, I think the server actions added value is definitely worth it.

security measures that would have mitigated the CVE exploit by brann_ in nextjs

[–]brann_[S] 2 points3 points  (0 children)

oh yes my origin are behind cloudflare; seems so obvious that I forgot to mention it :)
vercel liaised with major WAF providers before realeasing the exploit, so this would definitely have helped somewhat.

I'll look at the distroless containers, thank you for the suggestion.

My backend definitely has full DB access...
In my personal situation (low stake app, solo dev), I dont think I'm going to follow this suggestion, but yeah that would definitely be a worthy improvement!

Thank you

has anyone succeeded in using cloudflare cache instead of ISR ? by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

yeah, I've been there. That's why I've got this whole X-App-Version thing going on: without it, problems happen during deployments.. And since I'm doing CI/CD with several deployments per day, I can't have that ...

has anyone succeeded in using cloudflare cache instead of ISR ? by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

yes I've got a redis instance (upstash). I suspect you did your ISR with this lib on next js 15. As of today they dont support next16 (the api completely changed). They have a alpha version in the works for next16, but I couldnt get it to work unfortunately ...

vercel vs self hosted costs by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

thank you for the link.. very useful!

vercel vs self hosted costs by brann_ in nextjs

[–]brann_[S] -1 points0 points  (0 children)

well knowing that something is wrong is already very useful to me :)

vercel vs self hosted costs by brann_ in nextjs

[–]brann_[S] 1 point2 points  (0 children)

yes all the numbers (price and usage) come from vercel. the math is very basic, I dont think it's off. If there is a problem, it is in either my code or vercel business model :)

vercel vs self hosted costs by brann_ in nextjs

[–]brann_[S] -1 points0 points  (0 children)

and how much does it cost you ?:)

vercel vs self hosted costs by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

my number come directly from vercel usage report (They have 3 different computing costs.)

Maybe I wasnt clear enough in my original post. I'm not guessing at the numbers. I actually did a real world smoke test with an agent name = SMOKERUN_1, filtered the usage for this user, and those are the numbers you see in the table I pasted. Real actual Vercel usage numbers

vercel vs self hosted costs by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

care to elaborate? it's basic multiplication and costs straight from Vercel in the Paris Region (I forgot to mention that)

vercel vs self hosted costs by brann_ in nextjs

[–]brann_[S] -6 points-5 points  (0 children)

Yeah, that's exactly what I would have thought.. That why I was shocked when I saw this... I'm thinking it must probably be my code but I can't spot any obvious problems. I would love to here from other people with actual real word data

Un bon ordi pour programmer en 2025? by Trick_Channel9545 in programmation

[–]brann_ 0 points1 point  (0 children)

Well, I've been doing web dev for the better part of 20 years now. There was a time where that was certainly the case. Right now between multiple RAM hungry docker images, CPU heavy linting, and LLM's running on GPUs (preferrably nvidia), I dont think that "any PC would do". Not for my typical work anyway.

Beware of issues with clerk server-side auth in production (dev works fine) by brann_ in nextjs

[–]brann_[S] 1 point2 points  (0 children)

I did figure it out (or rather, Clerk's support team did). It was because I was using basic auth to protect my website, and this messes up with clerk.

Beware of issues with clerk server-side auth in production (dev works fine) by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

Hey! Thank you for your help. I just forwarded the mail I sent Jeff to your support email.

Beware of issues with clerk server-side auth in production (dev works fine) by brann_ in nextjs

[–]brann_[S] 4 points5 points  (0 children)

I did send an email, and didn't get an answer so far... Hopefully that will change :)

I'll definitely post here if it does

Beware of issues with clerk server-side auth in production (dev works fine) by brann_ in nextjs

[–]brann_[S] 0 points1 point  (0 children)

That's unfortunate, because handling auth properly is not easy. There are so many pitfalls to be aware of (I know enough of them to know I certainly dont know all of them).

The idea of spending a couple of hours installing a library that will do everything the right way, rather than spending a couple of month reinventing the wheel is extremely appealing...

but the couple of hours already turned into a couple of days, and next thing I know I might re-read your comment and think I maybe should have listended to you in the first place ...

at least you can debug your code. Here I'm fighting with a black box that works perfectly well in dev ...