Before we get into extreme server side rendering (XSSR), we have to talk about normal server side rendering (SSR). This comes in two flavours, which I'm calling old-school and new-school.
Old-school SSR involves having a server which uses some logic to create the HTML of the web page on-the-fly. For example, you might hit /users/39, and it might give you the details of user 39. These details might be from a database, or they might come from somewhere else. The important part is there's no corresponding 39.html on the disk. The HTML is created dynamically by the back-end server. On the front-end side, there's no JavaScript or other logic required to render the page. As a result, once the page is loaded, there's no ability for it to be dynamic.
New-school SSR is similar to old-school SSR, but it does involve a bit of front-end JavaScript logic.
I'm pretty sure they assumed if you bought their service, you have the competency to properly set it up.
And I proved them wrong.
Ah not to discount devops, I mean that in a good way.
Devops made me lazy in that for the past decade, I focus on just everything inside the code base.
I literally push code into a magic black box that then triggers a rube goldberg of events. Servers get instanced. Configs just get magically set up. It's beautiful. Just years of smart people who make it so easy that I never have to think about it.
Since I can't pay my devops team to come to my house, I get to figure it all out!
I shared it because, out there, there is a junior engineer experiencing severe imposter syndrome. And here I am, someone who has successfully delivered applications with millions of users and advanced to leadership roles within the tech industry, who overlook basic security principles.
We all make mistakes!
Haha I'm pretty sure my little server was just part of the "let's test our dumb script to see if it works. Oh wow it did what a moron!"
Lessons learned.
The latter. It was autogenerated by the VPS hosting service and I didn't think about it.
Now that you mentioned it, it didn't! I recall even docker Linux setups would yell at me.
I published it to the internet and the next day, I couldn't ssh into the server anymore with my user account and something was off.
Tried root + password, also failed.
Immediately facepalmed because the password was the generic 8 characters and there was no fail2ban to stop guessing.
I didn't know you were supposed to disable root user...
Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.
Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.
Rolled back to the backup before I made it public and now I have a security checklist.
Is there a counter like this but for Fediverse projects?
I was interested in building something like this.
Hey, I did the same thing recently! Set it up on my own server, and after a week, I'm starting to see new accounts being added to my explore feed. But there's no user count.
It's an annoying experience and I'm not fully sure how to resolve it yet, nor have I dung into it.
Probably overkill and I agree with you.
K8 is for scale. Like managing a whole fleet of servers. Even with my devops team, it's quite a lift to suggest it to someone who is getting their feet wet.
I did a double take at that $4000 budget as well! Glad I wasn't the only one.
Yeah. I talk about the product directly.
Lemmy. Or Pixelfed. Or Mastodon.
I talk about the activitypub and decentralization.
I'm trying to remove Fediverse from the conversation because that's the word that starts to make people confused.
Well to be fair, American companies did that too. They expand their services internationally "for free" and then get other countries hooked on it.
China is just taking a page from that playbook.
Explain how good trains will help our precious CEOs?
Unless you mean a private train line paid with government funds. Now we're talking!