Ah not to discount devops, I mean that in a good way.
Devops made me lazy in that for the past decade, I focus on just everything inside the code base.
I literally push code into a magic black box that then triggers a rube goldberg of events. Servers get instanced. Configs just get magically set up. It's beautiful. Just years of smart people who make it so easy that I never have to think about it.
Since I can't pay my devops team to come to my house, I get to figure it all out!
I shared it because, out there, there is a junior engineer experiencing severe imposter syndrome. And here I am, someone who has successfully delivered applications with millions of users and advanced to leadership roles within the tech industry, who overlook basic security principles.
We all make mistakes!
Haha I'm pretty sure my little server was just part of the "let's test our dumb script to see if it works. Oh wow it did what a moron!"
Lessons learned.
The latter. It was autogenerated by the VPS hosting service and I didn't think about it.
You're not wrong! Devops made me lazy
Now that you mentioned it, it didn't! I recall even docker Linux setups would yell at me.
I published it to the internet and the next day, I couldn't ssh into the server anymore with my user account and something was off.
Tried root + password, also failed.
Immediately facepalmed because the password was the generic 8 characters and there was no fail2ban to stop guessing.
Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.
Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.
Rolled back to the backup before I made it public and now I have a security checklist.
I was interested in building something like this.
Hey, I did the same thing recently! Set it up on my own server, and after a week, I'm starting to see new accounts being added to my explore feed. But there's no user count.
It's an annoying experience and I'm not fully sure how to resolve it yet, nor have I dung into it.
Probably overkill and I agree with you.
K8 is for scale. Like managing a whole fleet of servers. Even with my devops team, it's quite a lift to suggest it to someone who is getting their feet wet.
I did a double take at that $4000 budget as well! Glad I wasn't the only one.
Yeah. I talk about the product directly.
Lemmy. Or Pixelfed. Or Mastodon.
I talk about the activitypub and decentralization.
I'm trying to remove Fediverse from the conversation because that's the word that starts to make people confused.
I'm pretty sure they assumed if you bought their service, you have the competency to properly set it up.
And I proved them wrong.