-
9 votes
-
Developers Aren't Nerds
14 votes -
The complex question of screen influence on youth
14 votes -
Why every city wants a Wrigley Field
10 votes -
How do you organize your Linux packages?
Hello everyone. I am planning to get back into Linux development after working with Mac only for almost a decade. On Mac, one of the most important lessons that I learned was to always use...
Hello everyone.
I am planning to get back into Linux development after working with Mac only for almost a decade. On Mac, one of the most important lessons that I learned was to always use Homebrew. Using various package managers (e.g. Homebrew, NPM, Yarn, Pip, etc.) creates situations in which you don't know how to uninstall or upgrade certain pieces of software. Also, it's hard to generate a complete overview.
How do you Linux folks handle this?
Bonus question: How do you manage your dotfiles securely? I use Bitwarden, and it's a bit clunky.
If that helps, I want to try Mint and always use Oh My ZSH!.
6 votes -
Game Development Career Advice
Hi, I'm curious if anyone in this group has achieved success in game development, whether that's carving out a career or earning any amount of income from it. I'm currently working as a software...
Hi,
I'm curious if anyone in this group has achieved success in game development, whether that's carving out a career or earning any amount of income from it.
I'm currently working as a software developer, but my passion lies in game development. I'm all too aware that achieving any measure of success in this field is next to impossible. Hence, I'm reaching out here, hoping to gather insights and advice from those who have walked this path in the past, or those who are currently walking alongside/behind me.
One of my specific questions is about the types of games I should focus on creating. Specifically, I've heard differing opinions on whether it's more advantageous to develop a series of small games with advertisements for mobile platforms or to invest in larger, premium games for platforms like Steam. Can anyone share their insights or experiences regarding this dilemma? Is there a clear advantage to one approach over the other?
Currently I am using godot to make a larger scale game, but I am considering switching to defold and making smaller scale games with ads.
I saw some folks here discuss making games for the playdate. How much should one consider targeting niche platforms like this? Some of the users I saw discuss this seem to have had good success.
Some general questions: How did you break into game dev? What were you doing before? Do you see game dev as a viable career, only as a source of side income, or is it just a hobby?
Any guidance or experiences you can share would be greatly appreciated.
17 votes -
The sins committed in the name of Agile development
16 votes -
How to make your website available over Tor: A complete guide to EOTK, the Enterprise Onion Toolkit
9 votes -
Egypt announces $35bn deal with UAE to buy premium Mediterranean area
11 votes -
Leasing like a state, or: public housing is development policy
7 votes -
The decline of username and password on the same page
Web devs: what's up with this trend? For enterprise apps, I get it…single sign-on needs to detect what your email domain is to send you to your identity provider. For consumers, I feel like it's...
Web devs: what's up with this trend? For enterprise apps, I get it…single sign-on needs to detect what your email domain is to send you to your identity provider. For consumers, I feel like it's gotta be one of these reasons:
- Users don't know about the tab key being able to move to other fields on a page
- Mobile users don't really have a tab key, despite there being "previous/next field" arrows on the stock iOS keyboard since its inception (Android users, help me out please)
- Users tend to hit Enter after typing in their username, leading to a form submission with a blank password
- Security, maybe? In the past I have sent a link and a password in separate emails or separate communication methods entirely. Are you hashing/salting these separately for better MITM mitigation?
Did your UX team make a decision? Are my password managers forever doomed to need a "keyboard combo" value for every entry from now on?
Non-devs: do you prefer one method over the other? If so, why?
Tildes maintainers: selfishly, thanks for keeping these together :)
71 votes -
Debug symbols for all!
16 votes -
Resources and help for setting up a Tildes dev environment
I've been trying to set up a dev enviornment for Tildes, mainly so that I can actually test my MR (!136), and I've been running into a few issues. However, since we also have a new influx of...
I've been trying to set up a dev enviornment for Tildes, mainly so that I can actually test my MR (!136), and I've been running into a few issues.
However, since we also have a new influx of people who might be interested in contributing to Tildes, it seems like a good time to collect resources on setting up the dev environment, as well as helping anyone running into issues.
So, if you have issues or advice, post them here! I'll be adding my questions in a comment shortly.
Relevant wiki pages:
Edit: A more recent post on setting up the dev environment on Apple Silicon / M1 Macs
36 votes -
Ford 'pausing' construction of Marshall EV battery plant
20 votes -
Just got an Nvidia 4090 GPU, looking for local LLM + general generative AI software recommendations
I was fortunate enough to grab a discounted 4090 while on my travels and just got everything installed. Already having a lot of fun pumping all my games to max settings, but I'm also interested in...
I was fortunate enough to grab a discounted 4090 while on my travels and just got everything installed. Already having a lot of fun pumping all my games to max settings, but I'm also interested in running generative AI stuff locally to really take advantage of all that VRAM.
Do you have any newbie-friendly Windows 11 software to recommend for getting started? Thanks!
20 votes -
Premature optimization: Universally misunderstood
14 votes -
Make the web your sketchbook
24 votes -
Before you try to do something, make sure you can do nothing
29 votes -
Ditching Docker for Local Development
34 votes -
From prototypes to future tech: How PS VR2 was built. New insight into the multi-year development process behind the PlayStation VR2 hardware.
5 votes -
Tildes fundraiser June 2023: Encourage an app developer (me) to work on a Tildes app faster, by donating to Tildes (not me)!
Hey Tildes, with the renewed interest in the site, it got me thinking that we should hold a fundraiser for the not-for-profit company—which currently consists of just one person—that runs Tildes....
Hey Tildes, with the renewed interest in the site, it got me thinking that we should hold a fundraiser for the not-for-profit company—which currently consists of just one person—that runs Tildes. It's overdue.
Disclaimer: These are my words as a member of the community. I haven't run this message by the admin before posting. I may have gotten some details wrong.
Where to donate
- GitHub Sponsors: https://github.com/sponsors/Deimos
- Patreon: https://www.patreon.com/tildes
History
A bit of history: The site admin, @Deimos ran the first three years of the site working full-time on it, paid only by donations, plus a $5000 GitHub sponsor match one year, which I'm not even sure was fully achieved, or only just barely.
For that time period 2018-2020, a lowball salary as a software engineer with his experience would have been $100,000 USD per year not including benefits.
If he received $5000 in donations per year (almost certainly an overestimate for more recent years) plus the $5000 GitHub match for the first year—for the 5 years of Tildes' life, that's about $30,000.
The remaining opportunity cost of $270,000 was essentially paid out of pocket by himself, as a donation to the community. Plus remember there are server expenses, legal incorporation expenses, etc. And, y'know, rent.
In recent years he had to take a full-time job because the situation was, of course, unsustainable.
App?
I announced in April that a mobile app is under development. Originally, I was planning to take my time and release a first alpha by the end of 2023.
How about if we struck a deal: get the donation numbers up and I will devote more time to the app, as opposed to splitting my time between it and contract work and other projects.
What's the deal?
- 150 active donors combined on GitHub Sponsors and Patreon—I'll release an alpha by November.
GOAL REACHED - 300 active donors—I'll release an alpha by October.
GOAL REACHED - 500 active donors—I'll release an alpha by September.
The dollar amounts don't matter.
As of writing, we are at 46 active donors.
What's in it for you, though?
Feeling like I did a good deed, I guess? I'm not looking for a "slice of the pie," to be clear. In some sense I'd be matching your donations with my time, aka opportunity cost.
If I donate, can I bother the admin to work more on the site?
No.
Again, I haven't run this fundraiser by the admin. He will certainly keep his full-time employment for the foreseeable future, and will not magically have more hours in the day to devote to Tildes.
With a sustainable budget, though, a lot can happen in the future. Contracting out work to others, for example.
But the point of this fundraiser is more to make a small dent in the past debt we owe the admin, not making any promises whatsoever on the future of the site and how it's run.
Let's go, my fellow Tilderinos!
- GitHub Sponsors: https://github.com/sponsors/Deimos
- Patreon: https://www.patreon.com/tildes
313 votes -
The manufacturing backlash: No factory in my backyard
15 votes -
Any Bevy (the rust game engine) users here?
Bevy just released their version 0.11, so I figured it would be a nice opportunity to ask the Tildes gamedevs if they were using it :) Bevy is a rust game engine - more like a set of libraries...
Bevy just released their version 0.11, so I figured it would be a nice opportunity to ask the Tildes gamedevs if they were using it :)
Bevy is a rust game engine - more like a set of libraries actually - that's been gaining popularity the last few years. It has become the de facto toolset if you want to make a game in rust. It is very opinionated towards Entity-Component-System (ECS), and uses the pattern to facilitate parallelism and multi-threading.
Personally, I'm using the
bevy-ecs
lib (not the whole engine) to write a roguelike and hone my skills in rust. I enjoy it but it's not really beginner-friendly. The official docs are lacking, and you'll have to dig in the auto-generated api docs to make the most out of it. However, I appreciate that each release not only brings new features, but also refines existing ones. The engine is getting better - not only bigger - release after release.16 votes -
Tech debt metaphor maximalism
12 votes -
Godot 4.1 is here, smoother, more reliable, and with plenty of new features
16 votes -
How to contribute a theme to Tildes
Want to contribute a theme to Tildes but don't know where to start? Let's fix that. Before we start, get yourself a development environment setup and do a quick read through of the general...
Want to contribute a theme to Tildes but don't know where to start? Let's fix that.
Before we start, get yourself a development environment setup and do a quick read through of the general development info to get acquainted with how Tildes works (or at least the HTML and CSS section).
For this walkthrough I'll be using
tildexample
as the example name for the theme, but if you decide to contribute a theme for real, make sure it uses the proper name of your theme. :PStep 1: Sassy _Sass
Open the Tildes codebase using your text editor of choice and navigate to the themes directory at
tildes/scss/themes
. Then create a copy of_default.scss
at_tildexample.scss
. The default White theme is the canonical source of all colors used, so it's the best place to start from.Below is an annotated example of all the things you need to change in your new theme file.
Annotated example theme
// Add a small description of the theme here with maybe a link to its website. // Check the other themes for examples. https://example.org/tildexample // Change the theme variable to $theme-tildexample // ↓ ↓ ↓ ↓ ↓ ↓ $default-theme: ( // A whole bunch of color definitions, edit as your theme demands. // ... ); // Append ".theme-tildexample" to the body selector. // ↓ ↙ body { // Don't forget to update the theme variable here too. // ↓ ↓ ↓ ↓ ↓ ↓ ↓ @include use-theme($default-theme); } @include theme-preview-block( // Change the text to tildexample. // ↓ ↓ "white", // And again update the theme variable here. // ↓ ↓ ↓ ↓ ↓ ↓ ↓ map-get($default-theme, "foreground-primary"), map-get($default-theme, "background-primary") // ↑ ↑ ↑ ↑ ↑ ↑ ↑ );
Once that's done, head to
tildes/scss/styles.scss
and at the bottom of the file add your theme import:@import "themes/tildexample";
Step 2: Hardcoding a TheMe coLor
Boy that title is a stretch just to say, we need to add 2 lines to the HTML base template.
Inside the
tildes/tildes/templates/base.jinja2
file is a section of if/elif/elif/elif/... statements to set the theme color meta element. Add yourself anelif
block and add your theme color.For this you probably want to use the
background-primary
color you used in your theme definition. I've used#ff00dd
below because it spells food. I'm such a jokester.{% elif request.current_theme == "tildexample" %} <meta name="theme-color" content="#ff00dd"> {% endif %}
Step 3: Snakey Wakey
Finally the last step is to grab your trusty pungi and give it a blow.
Head to
tildes/tildes/views/settings.py
and find theTHEME_OPTIONS
constant. Here you want to add the theme class you used inbody.theme-<this part>
and a proper name that will be shown in the theme dropdown.THEME_OPTIONS = { "white": "White", # Many other themes... "tildexample": "Tildes Theme Example", }
Once that's all been done, check it out in your development site and see if it works.
Now git!
Commit. Push. Merge request. Have some water. Deimos reviews, merges and deploys your theme. Job's done.
26 votes -
Where to ask Tildes dev questions?
If I have a quick Tildes dev question, where should I ask it? For an example that is not actually just an example, but the actual question which drove me to post, where can I found logging output?...
If I have a quick Tildes dev question, where should I ask it?
For an example that is not actually just an example, but the actual question which drove me to post, where can I found logging output? Specifically, if I want to print out something every time a request comes in, how should I do so?18 votes -
Newbie here looking for advice on how to get into Programming/CS by building a project
Been lurking for a week on tildes now and I am really glad this place exists. The crow here is exactly what I have been missing on Reddit for a while now. Having said that, the whole Reddit...
Been lurking for a week on tildes now and I am really glad this place exists. The crow here is exactly what I have been missing on Reddit for a while now.
Having said that, the whole Reddit situation has some-what motivated me to get the balls rolling on an idea that I have had for a while and I am looking for advice on the same.
I have often heard this phrase "Learn programming by building" but whenever I dive in to the resources, I fall flat due to the information overload and the general abstractness that the field has (I appreciate abstractness but here it demotivates me) and I have never found a proper resource that I could follow to actually build something instead of just blindly following tutorials and playing with them.
So, my question is how do I translate "learn by building a project" into a practical framework.
I know of 100 days of swift and I really like that approach however I don't think I want to start with swift or build an iOS app right now.
24 votes -
Tildes dev environment on Apple Silicon // Apple M1
I'm having some trouble getting the local developer environment set up on Apple hardware, specifically it seems because Virtualbox, which is used as the provider, is not properly functioning on...
I'm having some trouble getting the local developer environment set up on Apple hardware, specifically it seems because Virtualbox, which is used as the provider, is not properly functioning on Apple hardware.
Is there anyone here who has managed to get it up and running?
29 votes -
Tildes is still in alpha-testing. It’s an unfinished product. Set your expectations accordingly.
Someone mentioned elsewhere that they signed up for Tildes “years ago during the beta”. That reminded me: Tildes hasn’t reached beta-testing yet. Officially, Tildes is still in alpha-testing...
Someone mentioned elsewhere that they signed up for Tildes “years ago during the beta”. That reminded me: Tildes hasn’t reached beta-testing yet.
Officially, Tildes is still in alpha-testing phase.
The login page says “Tildes is currently in invite-only alpha...” And the Contact page says “To request an invite to the Tildes alpha...”
We’re still in alpha-testing. Alpha-testing of software usually happens on an incomplete product before it is released to the customer.
This is a very important point. Tildes is not feature-complete yet: there are literally hundreds of feature requests yet to work on before Tildes will be what people want it to be – and even that list is far from complete. In Agile software development terms, Tildes is a minimum viable product, or, in other words, “a version of a product with just enough features to be usable by early customers who can then provide feedback for future product development”.
Tildes works as it is, but it’s a bare-bones forum: you can post, and comment… and that’s about it. It’s a proof of concept. There are a few minor tweaks here and there, which give the impression that Tildes is more complex than it is, but they’re misleading. There are plans to make Tildes a more complex website but, right now, most of that complexity of Tildes exists only in people’s imaginations (and there have been some very imaginative people contributing to that list of future features!).
Most questions about “Why doesn’t Tildes do X?” or “Can Tildes do X?” can be answered simply by saying “Tildes is incomplete and X hasn’t been built yet.” There are some questions about missing features which can be answered by saying “Tildes was never intended to do X”, but those are far and away in the minority. Most flaws, drawbacks, and problems with Tildes exist because Tildes is still a proof of concept, rather than a finished product.
It’s also worth noting that Tildes’ current feature set is absolutely not up to the task if the user base and site activity increase too quickly. There’s too much manual tinkering required at the moment to make things work properly: for one thing, there are no significant moderation tools on Tildes (that’s almost all done manually at the moment). There are still a lot of features yet to be built - and we don’t even know what some of those features are yet!
To pre-empt the people who will rightly point out that Tildes is 5 years old: Tildes’ feature set was intended to grow gradually over time, in line with a gradual growth in users, activity, and the need for those features to exist. However, Tildes has not undergone much growth over the past few years, so the existing features were sufficient to manage the existing activity. Basically, the site didn’t need a lot of fancy features to handle the low traffic here.
This sudden surge of new users might change that. But it will take time to build more features. That was always the intention, and it hasn’t changed now.
Until then: Tildes is still in alpha-testing. It’s an unfinished product. Set your expectations accordingly.
EDIT:
If you're one of the many people who seem to be replying to this topic, saying "it's okay, I like this simple bare-bones site as it is"... then you're probably not part of my original intended audience for this topic. This topic was aimed at all the people who are arriving here, being taken aback at how simple Tildes is, and wondering where the advanced features are.
However, we can still take the "set your expectations accordingly" message and apply it to you: "Tildes is an unfinished product, so you can expect it to change in the future. It won't be like this forever."
Either way, "set your expectations accordingly" is the message here, whether you're expecting more features and not finding them, or whether you're expecting simplicity and enjoying what you see. Either way, you should know that things will change around here. Maybe slowly. Maybe quickly. Maybe they'll get better from your point of view. Maybe they'll get worse from your point of view. But, change they will.
151 votes -
This Week in KDE: For Developers
5 votes -
The marketing buzzwords that developers hate
5 votes -
Longitudinal study of kindergarteners suggests spanking is harmful for children’s social competence
7 votes -
Looking for smallish feature suggestions for an open source project
I'm thinking about increasing the level of my open source contributions a bit. Instead of searching blindly until I stumble upon an issue that: A) Piques my interest B) I feel somewhat qualified...
I'm thinking about increasing the level of my open source contributions a bit. Instead of searching blindly until I stumble upon an issue that:
A) Piques my interest
B) I feel somewhat qualified to implementI figured I'd check with the tildes community. Is there any Open Source software that you use that is missing a feature/capability? Can you give a brief description of it (bonus points for links to an issue tracker with an open ticket :))?
Can't of course promise anything will come of it, but if I do pick up your suggestion at least I'll give you a ping if I make any progress!
7 votes -
Megalopolis: How coastal west Africa will shape the coming century
8 votes -
Trying to become a junior developer in Brazil is an uphill battle
They ask for years of experience, skills that no Jr would know since, well, it is a Jr and the process to apply for jobs are surreal. Thousands of tests, interviews that goes nowhere and lots of...
They ask for years of experience, skills that no Jr would know since, well, it is a Jr and the process to apply for jobs are surreal. Thousands of tests, interviews that goes nowhere and lots of ghosting. And the pay is not that good. No wonder after 2 or 3 years of experience a lot of develpers starts working for companies outside of Brazil.
Last one to contact me sent me a test to do it in 1 week. I went above and beyond and learned a lot of things. Before this, i had some small projects in Go and Python. Now i needed to learn Docker, tests, github actions, Postgresql and other things. Not everything was mandatory, but i did my best and did it all. I finished in 5 days since i have a day job.
Here is the result: https://github.com/crdpa/conservice
Showing the data in the browser was not necessary, but i think it was a nice touch and well made. If this does not land me a job as a junior developer i don't know what else could.
I'm glad i already have a job in another area, but me and my SO are separated by a 4 hour drive and i'm tired. I want to work from home to be near her and our dog. Paying rent in two places is becoming a burden.
I would be happy if you guys could test the application i made. It only needs docker.
And do you guys have any tips from now on?
7 votes -
Where/how should I acquire a .com domain for three years in advance?
So I wanna purchase a domain for my personal website (just a WordPress thing), and I wanna pay for three years in advance (I have my reasons). Which domain sellers are reasonably priced,...
So I wanna purchase a domain for my personal website (just a WordPress thing), and I wanna pay for three years in advance (I have my reasons). Which domain sellers are reasonably priced, trustworthy, and more likely to assist a less technical, non-developer user like myself?
Thanks!
13 votes -
What’s something you’re trying to be better about?
Big or small, significant or insignificant, meaningful or mundane — what are you trying to be better about, and why?
11 votes -
A few easy linux commands, and a real-world example on how to use them in a pinch
This below is a summary of some real-world performance investigation I recently went through. The tools I used are installed on all linux systems, but I know some people don't know them and would...
This below is a summary of some real-world performance investigation I recently went through. The tools I used are installed on all linux systems, but I know some people don't know them and would straight up jump to heavyweight log analysis services and what not, or writing their own solution.
Let's say you have request log sampling in a bunch of log files that contain lines like these:
127.0.0.1 [2021-05-27 23:28:34.460] "GET /static/images/flags/2/54@3x.webp HTTP/2" 200 1806 TLSv1.3 HIT-CLUSTER SessionID:(null) Cache:max-age=31536000
127.0.0.1 [2021-05-27 23:51:22.019] "GET /pl/player/123456/changelog/ HTTP/1.1" 200 16524 TLSv1.2 MISS-CLUSTER SessionID:(null) Cache:
You might recognize Fastly logs there (IP anonymized). Now, there's a lot you might care about in this log file, but in my case, I wanted to get a breakdown of hits vs misses by URL.
So, first step, let's concatenate all the log files with
cat *.log > all.txt
, so we can work off a single file.Then, let's split the file in two: hits and misses. There are a few different values for them, the majority are covered by either
HIT-CLUSTER
orMISS-CLUSTER
. We can do this by just grepping for them like so:grep HIT-CLUSTER all.txt > hits.txt; grep MISS-CLUSTER all.txt > misses.txt
However, we only care about url and whether it's a hit or a miss. So let's clean up those hits and misses with
cut
. The way cut works, it takes a delimiter (-d
) and cuts the input based on that; you then give it a range of "fields" (-f
) that you want.In our case, if we cut based on spaces, we end up with for example:
127.0.0.1
[2021-05-27
23:28:34.460]
"GET
/static/images/flags/2/54@3x.webp
HTTP/2"
200
1806
TLSv1.3
HIT-CLUSTER
SessionID:(null)
Cache:max-age=31536000
.We care about the 5th value only. So let's do:
cut -d" " -f5
to get that. We will alsosort
the result, because future operations will require us to work on a sorted list of values.cut -d" " -f5 hits.txt | sort > hits-sorted.txt; cut -d" " -f5 misses.txt | sort > misses-sorted.txt
Now we can start doing some neat stuff.
wc
(wordcount) is an awesome utility, it lets you count characters, words or lines very easily.wc -l
counts lines in an input, since we're operating with one value per line we can easily count our hits and misses already:$ wc -l hits-sorted.txt misses-sorted.txt 132523 hits-sorted.txt 220779 misses-sorted.txt 353302 total
220779 / 132523 is a 1:1.66 ratio of hits to misses. That's not great…
Alright, now I'm also interested in how many unique URLs are hit versus missed.
uniq
tool deduplicates immediate sequences, so the input has to be sorted in order to deduplicate our entire file. We already did that. We can now count our urls withuniq < hits-sorted.txt | wc -l; uniq < misses-sorted.txt | wc -l
. We get49778
and201178
, respectively. It's to be expected that most of our cache misses would be in "rarer" urls; this gives us a 1:4 ratio of cached to uncached URL.Let's say we want to dig down further into which URLs are most often hitting the cache, specifically. We can add
-c
touniq
in order to get a duplicate count in front of our URLs. To get the top ones at the top, we can then usesort
, in reverse sort mode (-r
), and it also needs to be numeric sort, not alphabetic (-n
).head
lets us get the top 10.$ uniq -c < hits-sorted.txt | sort -nr | head 815 /static/app/webfonts/fa-solid-900.woff2?d720146f1999 793 /static/app/images/1.png 786 /static/app/fonts/nunito-v9-latin-ext_latin-regular.woff2?d720146f1999 760 /static/CACHE/js/output.cee5c4089626.js 758 /static/images/crest/3/light/notfound.png 757 /static/CACHE/css/output.4f2b59394c83.css 756 /static/app/webfonts/fa-regular-400.woff2?d720146f1999 754 /static/app/css/images/loading.gif?d720146f1999 750 /static/app/css/images/prev.png?d720146f1999 745 /static/app/css/images/next.png?d720146f1999
And same for misses:
$ uniq -c < misses-sorted.txt | sort -nr | head 56 / 14 /player/237678/ 13 /players/ 12 /teams/ 11 /players/top/ <snip>
So far this tells us static files are most often hit, and for misses it also tells us… something, but we can't quite track it down yet (and we won't, not in this post). We're not adjusting for how often the page is hit as a whole, this is still just high-level analysis.
One last thing I want to show you! Let's take everything we learned and analyze those URLs by prefix instead. We can cut our URLs again by slash with
cut -d"/"
. If we want the first prefix, we can do-f1-2
, or-f1-3
for the first two prefixes. Let's look!cut -d'/' -f1-2 < hits-sorted.txt | uniq -c | sort -nr | head 100189 /static 5948 /es 3069 /player 2480 /fr 2476 /es-mx 2295 /pt-br 2094 /tr 1939 /it 1692 /ru 1626 /de
cut -d'/' -f1-2 < misses-sorted.txt | uniq -c | sort -nr | head 66132 /static 18578 /es 17448 /player 17064 /tr 11379 /fr 9624 /pt-br 8730 /es-mx 7993 /ru 7689 /zh-hant 7441 /it
This gives us hit-miss ratios by prefix. Neat, huh?
13 votes -
The SPACE of Developer Productivity
3 votes -
Audi abandons combustion engine development
19 votes -
Let's build a JPEG Decoder (4-part series)
5 votes -
How human activity threatens the world’s carbon-rich peatlands
2 votes -
In which a foolish developer tries DevOps: critique my VPS provisioning script!
I'm attempting to provision two mirror staging and production environments for a future SaaS application that we're close to launching as a company, and I'd like to get some feedback on the...
I'm attempting to provision two mirror staging and production environments for a future SaaS application that we're close to launching as a company, and I'd like to get some feedback on the provisioning script I've created that takes a default VPS from our hosting provider, DigitalOcean, and readies it for being a secure hosting environment for our application instance (which runs inside Docker, and persists data to an unrelated managed database).
I'm sticking with a simple infrastructure architecture at the moment: A single VPS which runs both nginx and the application instance inside a containerised docker service as mentioned earlier. There's no load balancers or server duplication at this point. @Emerald_Knight very kindly provided me in the Tildes Discord with some overall guidance about what to aim for when configuring a server (limit damage as best as possible, limit access when an attack occurs)—so I've tried to be thoughtful and integrate that paradigm where possible (disabling root login, etc).
I’m not a DevOps or sysadmin-oriented person by trade—I stick to programming most of the time—but this role falls to me as the technical person in this business; so the last few days has been a lot of reading and readying. I’ll run through the provisioning flow step by step. Oh, and for reference, Ubuntu 20.04 LTS.
First step is self-explanatory.
#!/bin/sh # Name of the user to create and grant privileges to. USERNAME_OF_ACCOUNT= sudo apt-get -qq update sudo apt install -qq --yes nginx sudo systemctl restart nginx
Next, create my sudo user, add them to the groups needed, require a password change on first login, then copy across any provided authorised keys from the root user which you can configure to be seeded to the VPS in the DigitalOcean management console.
useradd --create-home --shell "/bin/bash" --groups sudo,www-data "${USERNAME_OF_ACCOUNT}" passwd --delete $USERNAME_OF_ACCOUNT chage --lastday 0 $USERNAME_OF_ACCOUNT HOME_DIR="$(eval echo ~${USERNAME_OF_ACCOUNT})" mkdir --parents "${HOME_DIR}/.ssh" cp /root/.ssh/authorized_keys "${HOME_DIR}/.ssh" chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys chown --recursive "${USERNAME_OF_ACCOUNT}":"${USERNAME_OF_ACCOUNT}" "${HOME_DIR}/.ssh" sudo chmod 775 -R /var/www sudo chown -R $USERNAME_OF_ACCOUNT /var/www rm -rf /var/www/html
Installation of docker, and run it as a service, ensure the created user is added to the docker group.
sudo apt-get install -qq --yes \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo apt-key fingerprint 0EBFCD88 sudo add-apt-repository --yes \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt-get -qq update sudo apt install -qq --yes docker-ce docker-ce-cli containerd.io # Only add a group if it does not exist sudo getent group docker || sudo groupadd docker sudo usermod -aG docker $USERNAME_OF_ACCOUNT # Enable docker sudo systemctl enable docker sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose docker-compose --version
Disable root logins and any form of password-based authentication by altering
sshd_config
.sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config sed -i '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config sed -i '/^ChallengeResponseAuthentication/s/yes/no/' /etc/ssh/sshd_config
Configure the firewall and fail2ban.
sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw reload sudo ufw --force enable && sudo ufw status verbose sudo apt-get -qq install --yes fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban
Swapfiles.
sudo fallocate -l 1G /swapfile && ls -lh /swapfile sudo chmod 0600 /swapfile && ls -lh /swapfile sudo mkswap /swapfile sudo swapon /swapfile && sudo swapon --show echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
Unattended updates, and restart the ssh daemon.
sudo apt install -qq unattended-upgrades sudo systemctl restart ssh
Some questions
You can assume these questions are cost-benefit focused, i.e. is it worth my time to investigate this, versus something else that may have better gains given my limited time.
- Obviously, any critiques of the above provisioning process are appreciated—both on the micro level of criticising particular lines, or zooming out and saying “well why don’t you do this instead…”. I can’t know what I don’t know.
- Is it worth investigating tools such as
ss
orlynis
(https://github.com/CISOfy/lynis) to perform server auditing? I don’t have to meet any compliance requirements at this point. - Do I get any meaningful increase in security by implementing 2FA on login here using google authenticator? As far as I can see, as long as I'm using best practices to actually
ssh
into our boxes, then the likeliest risk profile for unwanted access probably isn’t via the authentication mechanism I use personally to access my servers. - Am I missing anything here? Beyond the provisioning script itself, I adhere to best practices around storing and generating passwords and ssh keys.
Some notes and comments
- Eventually I'll use the hosting provider's API to spin up and spin down VPS's on the fly via a custom management application, which gives me an opportunity to programmatically execute the provisioning script above and run some over pre- and post-provisioning things, like deployment of the application and so forth.
- Usage alerts and monitoring is configured within DigitalOcean's console, and alerts are sent to our business' Slack for me to action as needed. Currently, I’m settling on the following alerts:
- Server CPU utilisation greater than 80% for 5 minutes.
- Server memory usage greater than 80% for 5 minutes.
- I’m also looking at setting up daily fail2ban status alerts if needed.
9 votes -
Apple app review process updates
6 votes -
Thermoelectric stoves: Ditch the solar panels?
9 votes -
Coding and Tracing Workflow Remix (feat. Dark)
3 votes -
Surviving Software Dependencies
4 votes -
My thoughts and ideas for Tildes
I have lots of thoughts about Tildes that I end up forgetting. This post is my attempt to put them to good use. Some of those were already stated elsewhere. Introduction Just to make it very...
I have lots of thoughts about Tildes that I end up forgetting. This post is my attempt to put them to good use. Some of those were already stated elsewhere.
Introduction
Just to make it very clear: I am extremely happy with the way things are going on Tildes. If that was not the case, instead of drawing criticism I would simply not be here. So, please, let's be civil and avoid taking things personally ;)
I'm also a regular user, so please be gentle with my ignorance regarding the technical reasons why some things are either impossible or unpractical.
1. An Answer To A Common Objection
Some of these suggestions may encounter the following answer: "this should be an extension, not a core feature". To which I might respond:
- Extensions impact performance and it's good practice to keep them at a minimum
- Not everyone uses the same browser.
- Features implemented by the actual developers will probably be of a better quality
2. Golden Rule
Unless explicit or clearly unpractical, all suggestions should be interpreted as to be as optional (and preferably
opt-in
) as possible for the user. I'll also make frequent use of the imperative mood: please understand that those are still suggestions. The imperative mood is just more practical. Also, notice that this is not my first language.3. Suggestions
3.1 Keyboard Shortcuts
The majority of Tildes users would probably welcome a good set of keyboard shortcuts. I apologize if such keyboard shortcuts already exist: if they do, there should be a page listing them all.
3.1.1 Vim-like and Emacs-like keybindings
There should be Vim-like and Emacs-like (you could choose which one!) keys all around. Even with things like Vimium, not everyone uses them, and a well-thought-out set of keybindings would be extremely beneficial.
This also applies to text fields.
4. Open Calls For Moderators
Right now, I'm not sure what criteria are being used to give someone moderator powers. I think being a developer or contributor is the main criterion, which makes a lot of sense. But other participants might be up to the task, and giving them a chance could be beneficial.
5. Moderation Action Should Always Present Reason
This may seem obvious and even unfair, but I think when a moderator is in no condition to dedicate the time to justify their moderation action (such as locking threads, removing contents or banning users), then the moderator should wait until this condition is met in order to take action.
6. Heated Discussions Should Be Allowed in More Circumstances
I understand Tildes is, and should always be, a place for politeness, even affectionate discussion, but sometimes heated language, including irony and sarcasm, are necessary to stress a point and take the discussion forward. I understand that's a fine line, and that is usually better err on the side of caution, but I also feel the need to caution my fellow Tilders and Tildes administration against excessive moderation, which could stifle the discussion of sensitive subjects
7. There Should Be a Page Explaining How to Collaborate
This page should be short and to the point, with lots of links. I, for instance, wanna collaborate in the documentation, but the information telling how to do so was in a comment I cannot find anymore.
8. Table of Contents
Tildes markdown should support the automated creation of a simple table of contents, which would be very useful for longer posts. Preferably, there should be a limited set of options, such as:
- title of the table of contents ("TOC", "Table of Contents", "Contents" etc)
- numbered vs unnumbered
- depth of the numbering
9. Search own content
I find very hard to search my own content. Sometimes I must reference something I said earlier, or adapt a previous response to a question I already answered. On these occasions, I have to manually
Ctrl+f
page after page of my user page, which is tedious and inefficient.10. Sort my own content
I wish I could sort my own content in the same manner I can with other pages. This would help with item
9
, and also help answer faster to comments that were recently made.11. Notifications
I wish it was possible to
op-in
desktop notifications for Tildes to show me whenever I get an answer to a thread, a comment or a private message.Correction: I'm not referring to Email notifications, but desktop notifications. The ones that appear occasionally on your browser or screen.
12. There Should Be Space for Comedy
I'm not saying Tildes should become a place for lazy memes and endless puns, but comedy is valuable content and I don't like the idea of Tildes being a more conversational version of Stack Overflow. I fully agree with @deimos vision for a website for meaningful interactions with a focus on privacy. I just don't think comedy is necessarily a menace to this and all the other Tildes' stated goals. Right now, we're a very serious bunch of folks. There should be a place for humor in Tildes. How would that work? IDK. I leave this open for discussion.
13. Link to Excerpt
It would be awesome being able to link not just to a particular comment, but to a selection of that particular comment. After linking to the excerpt, I would go to the full comment, but the excerpt would be highlighted.
Conclusion
This is more of a collection of thoughts than an article, therefore I cannot offer a proper conclusion. But I'd like to kindly ask my fellow Tilders to give some considerations to my ideas. And please understand that they are not complaints. It's just may to contribute to this great community.
Cheers ;)
18 votes -
Why is Tildes not on Github?
Let me make a possibly unpleasant question: why is Tildes only on Gitlab? Do you self-host? Is it because of Microsoft? Or idealistic reasons (that I would totally 100% respect)? Github and...
Let me make a possibly unpleasant question: why is Tildes only on Gitlab? Do you self-host? Is it because of Microsoft? Or idealistic reasons (that I would totally 100% respect)?
Github and Microsoft may be "evil", but that's where everybody is. I'm 99% more prone to post an issue on Github than on Gitlab. I know it's "wrong", but that's also true and not just for me. Couldn't Tildes have at least some presence on Github? Is it possible for a mirror to get issues? (I really don't know, honest question). And why not just move to Github, mirror to Gitlab and have some super-reliable backup?
This would give Tildes more exposure (maybe Tildes doesn't want more exposure right now. That's entirely understandable). But Github is where things happen, and I really want Tildes to happen. And, even if Github ever turns evil (or already is), couldn't we just fork/transfer/whatever to someplace else? Or just use the backup? What's the downside?
9 votes