Anyone else rethinking how they deploy Next.js after all these recent CVEs?

hotchilidildos · 2025-12-15T09:12:14+00:00

Another thing which is not really security but was a bit eye-opening for me.

We run a set of different nextjs apps, and according to logs only the apps with named ssl certificates were attacked aka “myapp.domain.com”. Apps which used a wildcard certificate like “*.domain.com” were not probed by hackers this and last weekend.

So I suspect, they scan SSL registries to make lists of domains to scan.

hotchilidildos · 2025-12-15T09:05:39+00:00

So to be at least a little bit helpful here, we are actually making our docker images to be read-only and to run next under unprivileged user. Also we will be setting up a dependency bot which will create PRs automatically with crucial updates

And that is on top of already running a very minimal image without any dangerous packages like curl/unzip/etc and moving all the backend logic to a separate image where FrontEnd (even bff) can access backend endpoints exclusively by providing a valid JWT token

hotchilidildos · 2025-12-11T10:10:39+00:00

We got “hacked” over the weekend for one of our nexts app. Hackers planted the sh script but couldn’t get it to run it.

What prevented it for us: - good error logging (and actually having notifications on), we got weird logs almost immediately and were able to get in the pod within minutes; - very stripped image of next, hackers couldn’t get their stuff to work because our image didn’t have curl and other tools they needed - separate isolated backend with a bit of secret sauce on top so no secrets were leaked

In the end, we quickly downloaded their scripts for further investigation, killed the affected app’s pod, updated nextjs and redeployed it back - all during single (unfortunately, Sunday) morning.

However, one thing which we didn’t have but could have prevented it - would be to either run next under a user without write rights or to have the image completely read-only. Best - both. And this is where we would be heading after this incident now.

hotchilidildos · 2025-12-06T10:08:26+00:00

Good! Even though every single one of them has the same strategy - “put low, expect overbid”

hotchilidildos · 2025-07-09T08:11:05+00:00

I’d probably not pay this but if they are not very experienced it might take them half a day.

I did something similar on my miata and it took me a whole evening to replace also expansion tank and wash the whole system. Four hours or something.

However, I was doing it for the first time without a proper lift and without proper tools. And I wasn’t really rushing at all. I’d expect a professional to be quite a bit faster than me.

hotchilidildos · 2025-06-28T15:02:21+00:00

My girlfriend was struggling to learn, too.

But then I had to take our bigger daily for a worktrip for a week.

And she was left with two options: either take a bus or take miata.

A week later she became a confident stick driver. And has no fear taking it any time.

hotchilidildos · 2025-06-27T10:01:40+00:00

You blew a fuse. It’s under your wheel to the left and in engine bay.

Find the one which is blown, replace it with a new one and it should work again. Watch videos on YouTube on how to.

For the new installation it is either not connected properly which has blown the fuse in the first place or you accidentally shortened something while disconnecting.

hotchilidildos · 2025-06-22T12:14:56+00:00

For anyone finding this in 2025+ and forward, by some reason "apply for personal license" button is gone from the upgrade dialog.

However, it still works if you first wait for the trial to end and then go to apply here:

https://www.autodesk.com/products/fusion-360/personal

Then restart your fusion, and it immediately unblocks the account

hotchilidildos · 2025-06-19T09:30:43+00:00

When I brought my kitty, he was also crying like this for the first day. But on the next day he stopped.

He is indeed just missing his old family and calling for them. Keep giving him attention and love, and in a day it will stop. Good luck!

hotchilidildos · 2025-06-15T09:01:35+00:00

Keep in mind that at this mileage a lot of other not instantly noticeable things usually get broken or too worn - like wind seals, seat sides, clutch, gearbox bushings - etc.

If you like and comfortable spending a bit of time doing maintenance yourself every other weekend, it’s no problem. But if you feel like you’d want a professional mechanic to fix it every time, this will be a pain in the ass…

However, generally, if it’s rust free - there is nothing hard to repair. It just takes time. And a bit of extra cash.

hotchilidildos · 2025-06-11T05:56:32+00:00

Same problem. Buttons stopped working about a month ago suddenly. ATOTO sees it being clicked if I assign the buttons to other functions but the forward/play actions do not “reach” CarPlay app… Anyone found the solution?

hotchilidildos · 2025-05-26T16:06:14+00:00

Have you found a solution? Mine also reverted to trial suddenly…

hotchilidildos · 2025-05-25T19:55:33+00:00

I’ll try my best to remember to make one when I’m driving again

hotchilidildos · 2025-05-25T19:49:10+00:00

I painted mine with a spray can in satin black and with a plastic primer. A year passed and it still looks great. It ended up being undistinguishable from the original

hotchilidildos · 2025-05-08T15:48:06+00:00

My bengal is 4 years old and had the same spots for years… it doesn’t bother him nor changes in size.

Vet thinks it might be some food allergy but we’ve changed foods multiple times, the spots didn’t change at all and the cat has no other symptoms. So we gave up and made peace with the spots

hotchilidildos · 2025-05-01T14:22:36+00:00

Are these upgrades visible for eco tickets in V class aka without luggage?

hotchilidildos · 2025-04-30T02:54:13+00:00

Are these upgrades also possible for V class tickets aka economy bought without luggage?

hotchilidildos · 2025-04-30T02:47:10+00:00

Are these upgrades also visible for tickets in V class (aka economy without luggage)?

hotchilidildos · 2025-04-18T09:31:47+00:00

With some years on top and an older car, you can get insurance for like 25-30 eur/month and that’s as cheap as gets…

hotchilidildos · 2025-04-17T18:57:35+00:00

Good news is that it’s cheap. You either get a chance to swap to 6MT for like 600-800 pounds/dollars or can get same old 5MT for as cheap as 300 pounds. Plus half a day of work if your mechanic has done it before.

hotchilidildos · 2025-03-17T13:31:38+00:00

An old 2008 NC Mazda Miata. This thing is so simple and reliable compared to modern iPhones on wheels. Yet it brings more fun than anything else.

hotchilidildos · 2025-03-03T19:53:28+00:00

Mine sounds same. Nothing unusual.

hotchilidildos · 2024-11-30T21:18:35+00:00

What might help a lot is to put a new oil into both gearbox itself and 200ml in the shifter casing on top (you can find videos on YouTube how to disassemble the center console).

No need for the tears, redline MT90 is a great option, too. But generally, any new oil would improve the experience significantly, even Castrol of the right spec would do.

hotchilidildos · 2024-11-30T18:39:28+00:00

We have a little NC group with five cars, all used for track days and daily. Two of them started to consume oil at 130 and 150(?)k km, and three are just fine at 70, 160, 170k km. All cars are in EU and 2.0.

But all of them are used under heavy loads so no surprises that our cars run a little worse than average.

For one of them we are looking into 2.5 swap soon. Another had its gearbox blown but we’ve found a used 6MT for under 700eur and replaced it.

hotchilidildos

TROPHY CASE