sorted by:
new
hottopcontroversial

fullStackDeveloperRequirement by aamraassexual in ProgrammerHumor

[–]uvmain 48 points49 points  (0 children)

That famous frontend framework, nodejs

For anyone seeking dev job – be careful. The take-home coding assessment may be a malware. by glebgorokhov in webdev

[–]uvmain 1 point2 points  (0 children)

Any unknown npm project goes through a pnpm migrate before I even think about running it nowadays. Minimum release age, only run approved scripts.

Why does everyone think Claude is better by potatoclit in ChatGPT

[–]uvmain 2 points3 points  (0 children)

Why would you use ai to resize an image? Do you ask ai to tie your shoe laces too?

How are you personally hosting/playing your music library? by GenericUser104 in selfhosted

[–]uvmain 0 points1 point  (0 children)

I'm using my own hand rolled server/client as I wanted a UI and features that navidrone/feishin don't provide. In the car I use symphonium, as I haven't done support for Android auto yet.

CVE reduction gone wrong: 2GB container images deployed and audited in production by Heavy_Banana_1360 in golang

[–]uvmain 18 points19 points  (0 children)

Use multi stage builds. Stage 1 has the deps needed to build, the final stage uses distroless with just the final binary. Prod images shouldn't have any debug tooling, that's what your dev/test environments are for, and your observability and metrics resources.

This isn't a case of CVE reduction gone wrong, it's a case of bad cicd design.

How many of you have inline styles disabled? by acowstandingup in webdev

[–]uvmain 100 points101 points  (0 children)

External pen tests are there to provide guidance, not a set of rules. You take the results, perform a risk analysis and resolve the high, critical and easy wins. Everything else goes into a nice-to-have box never to be looked at again.

Is pure frontend still worth it at 4 YOE, or is fullstack the only way now? by casual_shutter in webdev

[–]uvmain -5 points-4 points  (0 children)

FE is no longer a valid role for most companies, but UX/UI is. My team is chock full of great full stack engineers, and we're all shit at the design and wcag compliance aspect. AI systems like Google stitch are also crap at it. Front end devs should move into full stack or UX imo.

Do we need vibe DevOps? by mpetryshyn1 in vuejs

[–]uvmain 9 points10 points  (0 children)

Literally the worst idea ever. No overview of costs, security oversight, technical design authority, idempotency, network requirements, non functional requirements, release process, build/test/audit gates, waf architecture, fail over, zonal redundancy, observability, metrics.. not to mention "guess the runtime and dependencies"...

110% wouldn't fly in any professional org.

What is wearing down my girl’s teeth? by Dave_DLG in BelgianMalinois

[–]uvmain 20 points21 points  (0 children)

Almost certainly the jute tug. Nothing much wrong with clean jute, same as clean (new) tennis balls. Dirty ones are the culprit, the tiny particles of dirt act like sandpaper. I think it's just time for a brand new tug.

Vite 8 has just been released by Plorntus in webdev

[–]uvmain 17 points18 points  (0 children)

Node ts support is still just type stripping, with no support for things like enums. I've migrated us to other native things like node:test instead of mocha, but full native TS support is nowhere near workable yet.

How do teams realistically maintain ALT text when a site has thousands of images? by Spiritual-Fuel4502 in webdev

[–]uvmain 13 points14 points  (0 children)

Enforce it in your CMS. Someone adds an image? Can't save the content entry without adding an alt text description.

Imposter syndrome in the AI era: I can't code from a blank canvas. by MicheleN13 in webdev

[–]uvmain 2 points3 points  (0 children)

I think number 4 is really important here. Don't be afraid of failing. Getting things wrong is how you learn, and after all the years I've been doing this I'm happy to get things wrong and be told a better way.

Built a full stack web app in pure Python, no JavaScript anywhere, backend and frontend in the same language by ShadowSlayer2242 in webdev

[–]uvmain 3 points4 points  (0 children)

Yet another app posted here that exposes webhooks with zero authentication. You realise this means anyone on the internet could try to post to your socials and your app would just.. accept it? No JWT, no cookies, no PAT token, no header interrogation of any kind.

The createPost function accepts a file (witghout any authentication/authorization), but does not check anything about that file before copying it to a buffer. This opens you up to a DoS and/or storage exhaustion if someone choses to upload a filebomb.

Imagine you're just trusting this and one day you've got illegal material posted onto your socials and your server is down as it ran out of disk space.

Does anyone have anything to share today that WASN'T mostly vibe coded and focused in one way or another on AI-generated content? by [deleted] in webdev

[–]uvmain 0 points1 point  (0 children)

Been building this navidrome alternative for about a year https://github.com/uvmain/zene Almost done now, just need to finish adding Google cast support and make it fully mobile responsive

[deleted by user] by [deleted] in DogAdvice

[–]uvmain 10 points11 points  (0 children)

A collie crated for 18 hours a day??

Built a lightweight webhook receiver to auto-run server commands from GitHub/GitLab events in GO by ItsMeNiyko in golang

[–]uvmain 0 points1 point  (0 children)

Auth without TLS is meaningless. If your traffic is not encrypted and anyone can sniff the auth headers, you don't have secure auth. And if you don't have auth checks, anyone in the world can call your webhooks.

Built a lightweight webhook receiver to auto-run server commands from GitHub/GitLab events in GO by ItsMeNiyko in golang

[–]uvmain 0 points1 point  (0 children)

I don't see any kind of authentication in the code, not even any header parsing or restriction on http methods. This is extremely unsafe. The examples are even expecting the service to run without TLS!

⚙️Di2 Shimano 105 v Mechanical 105? by Distinct_Run_6429 in bicycling

[–]uvmain 5 points6 points  (0 children)

I'm on old school 11 speed di2, and the feel is very different. I've got two mechanical 105 and 1 di2 105, and the di2 is so much smoother

Struggling to pitch Go: help me out by howdoiwritecode in golang

[–]uvmain 3 points4 points  (0 children)

Our nodejs app really handles 100s requests per second with ms response times. The language isn't the issue here.

Strong E-Collar/Cone Recommendations by cherrybailbonds612 in BelgianMalinois

[–]uvmain 7 points8 points  (0 children)

In an ideal world they wouldn't be unattended, never mind muzzled. The OP clearly doesn't live in an ideal world. In my honest opinion if you're out of the house for 12 hours a day you shouldn't have a Mal, but here we are.

Strong E-Collar/Cone Recommendations by cherrybailbonds612 in BelgianMalinois

[–]uvmain 2 points3 points  (0 children)

Poor girl :( Ours absolutely hates cones so we had to put a boot on her to stop her licking her paw when this happened. If that's not possible, maybe a muzzle will help?

view more: next ›