I'm right there with you, except at times I have thrown caution to the wind and made my sites available.
My current setup is to rent a cheap $5/month VPS running nginx. I then reverse ssh from my home to the vps, with each app on a different port. It works great until my electric goes out and comes back on the apps become unavailable. I haven't gotten the restart script to work 100% of the time.
But, I'd love to hear thoughts on security of reverse SSH from those that know.
I do something similar with my home server, but with a WireGuard split tunnel. Much easier to set up and keep active all the time (i.e., on my phone).
Nginx handles proxying and TLSing all HTTP traffic. It also enforces access rules: my services can only be reached from my home subnet or VPN subnet. Everywhere else gets a 403.
Why not just have nginx listen on the Wireguard interface itself? That way you drop all traffic coming inbound from sources not on your Wireguard network and you don't even have to send packets in response nor let external actors know you have a listener on that port.
Maybe try running your services in docker, I don't know how difficult that would be to implement for you, but if you run it in containers you can get it to start up after an outage pretty reliably.
If you need a middle ground between docker and k8s, you might have a look at nomad. Definitely a learning curve, and I find the docs lacking, but easier to set up and maintain than k8s.
Correct, there is no public IP address exposed to my home.
Right now my "servers" are Dell micro i5s. I've have used RPI 3 and 4 in the past. My initial foray into self-hosting were actual servers. Too hot, too noisy and too expensive to run continuously for my needs, but I did learn a lot. I still do even with the micros and pis.
What do you use for your remote server? Because even a VPS seems kinda overkill, if all it's doing is some redirecting. I guess you could do TLS termination there aswell...
At my org they are trying to move away from programmer/analyst to sowftware engineer. I told my manager call me what ever you want, just don't call me late to dinner.
As long as it never gets to "grokker" (I've never heard the term "grokker", just saying) . I can not stand the term "grok". I don't know why but it just grates on me
I switched into software dev full time at 50 and took a new software job at 52. I'll be 55 y/o this year and I highly doubt I will switch jobs again, I like the org and the work.
Prior to that, starting at 45 y/o I was a part time dev and full time firefighter-paramedic (14 years total). Covid scared me to becoming a FT dev.
I have a BS degree in Aerospace Engineering and from 1999 - 2006 I was job jumping quite a bit because I was miserable. All the jobs were boring.
I took a EMT Basic night class because my wife and I were getting into scuba diving and I wanted to be a dive master on boats during the weekend. I enjoyed EMT so much that I signed up for Paramedic class, not knowing what I was going to do with it, just did it. It was relatively cheap at the time and we were kid free at that time as well when I started. School was 15 months long.
As we were about ready to graduate PM school the county fire dept (FD) came in and said they would hire paramedics but you had to cross train to be a fire fighter as well. I was 36 y/o, we just had our 1st kid and I figured if I didn't do it then I'd never would and probably regret it so I got hired as a PM and then FD trained me for FF. This was 2006, hence the username FM2606 for fire-medic Feb 6, 2006 my hire date.
It didn't take long to see a bunch of firefighter's getting hurt, specifically back issues due to working and mainly from lifting stretchers with patients on them. I also have a chronic health issues and I figured if either or both of these issues became a problem and I couldn't work as a FF/PM we'd be screwed, so I decided to do an online master's degree in comp sci. Comp sci being my initial major out of highschool before I dropped out.
Fast foward to 2015, I finished my master's, had 2 kids and started working part time as a dev.
Fast forward again to 2020, I was about to turn 50 y/o, Covid hit and I was taken out of the field due to my health issues. I started applying for full time dev jobs. Landed one and then two years later switched to a bigger org.
No regrets on any of it. Becoming a FF/PM was one of the best career decisions of my life. I loved it (for the most part) but it was time to go.
I didn't have an "in". I think persistence paid off and plus I feel like I interview pretty good.
Not sure you will see this. Congrats on your journey into full time dev! I stumbled upon the podcast below a couple years ago, and I found it fascinating. It defines "Mission Critical" as teams that need to make decisions in a couple minutes that impact life-and-death situations. You might find it interesting given your background.
Mission Critical Team Institute (MCTI) Teamcast
Exploring the questions vexing the most elite teams in the world
Sounds like you just worked your ass off. Nice job!
You also have a different background that would perk up interview potential (at least to me). Diversity (aerospace eng, firefighter, emt, paramedic) can help bring different perspectives and ways of thinking through problems that will ultimately help an organization.
Organizations that mostly hire people with CS degrees from top universities that can fly through leet coding tests and ace system design problems I think end up with not much diversity in thought when it comes to problem solving.
Luckily for me my current manager didn't have a code test. I received a timed coding test for another position within the same org but a different manager and bombed the hell out of it.
Well done. That's a great career, and lots of brave and sensible decisions along the way. I don't have experience of firefighters much, but having worked with military folks a little bit, which I think is similar in terms of communication and team building training, I'm not surprised you interview well. Those intangibles really add up.
I did actually. I created a custom dashboard with basic stats of type of calls ran, how many calls were run by each station, how many were EMS and how many were fire calls.
Then I started doing some more automation stuff. Nothing super interesting and mostly bespoke stats gathering.
Well, if you’re ever still interested in the intersection of the two, give me a buzz - my email is my HN handle at Gmail. I might have something for you.
For example, #3 too many concerns. The author states "the solution is to split up a busy diagram into multiple diagrams, each focused on one or two concerns at a time" . I understand that but is there a diagram that ties all the smaller diagrams together without re-creating the original diagram in the first place?
I always have both. It is VERY hard for people to understand how the system is actually working if you just include a bunch of diagrams separated by concerns without some kind of atlas/globe level diagram that shows how they fit into the overall puzzle.
If trying to solve a problem and errors keep occurring, how does one capture the errors (and inputs that caused the error) in order to blog about later without disrupting the flow of problem solving?
For example, I was writing a terraform script and I kept getting errors. I would change one thing, run plan and apply, get another error, rinse and repeat until I fixed it. I would like to keep a record of all these errors so that I can document it for my future self or colleagues, but I don't want to disrupt the process of trying to fix my problem.
Personally, I keep a text file as a "debugging journal" and just append a line every time I try a new step. For example, this is what I wrote down after recently trying out a local LLM:
llama.cpp
- idk why there's so many llama versions to install on yay
- i went with llama.cpp-bin, because it was built with libcurl and the first one i tried apparently was not
- but i had to remove llama.cpp-git-debug from a previous installation
- remember yay -Q | grep ... to check for installed packages
- the cli interface changes; i ended up with --hf-repo ggml-org/qwen2.5... --hf-file qwen25....
- the huggingface.com page probably has the most accurate and up-to-date instructions
- my goal: fast, offline, generalized/automatic autocomplete
- localhost:8080 to access web ui after running llama-server
They're quick notes, and they actually help me problem solve, not disrupt me. I'm casual about it, though. I'm not copying every input and output verbatim. I think the idea is to leave yourself enough breadcrumbs so that you can reproduce, grab screenshots, and copy error messages later when you're not in the zone. Hope this helps.
Also, note that I'm most likely to publish a blog post in the following days while the problem is still fresh in my mind. If I wait months or years, it's pretty much doomed to stay in /drafts forever.
> my day job, wherein we run scores of Spring Boot apps written in Java 8 that have pages of vulnerabilities from tens of dozens of dependencies, which are not easy to update because updating one library necessitates updating many other libraries, and oh my goodness, the transitive dependencies.
At my job we have a fairly strict static analysis policy and starting in April it is going to get even more strict.
I grew up in midwest small town USA, around 3500 people, in the 80s. I attended monthly C64 user group and it was pretty much nothing more than copying each others software.
We had an Apple II club in Southern California in the early 80s that did the same thing. Couple dozen of us meeting once a month and sharing floppies. Multiple systems with 10 disk drives and using Penulticopy to make nine duplicates at a time. We all ended up with far more programs (mostly games) than we could ever use in our lifetime.
I eventually started a small dial-up BBS to trade warez amongst friends and play some multiplayer games, but stopped when the number got out and strangers started dialing in. Completely freaked me out and for the next few months thought the FBI was going to be knocking on my door.
I spent more on blank floppies during that era than legal software.
Here in Southern California in the 80's and 90's we just called them "copy parties".
We'd even hold them at respectable places sometimes like a bank's conference room someone somehow managed to get access to. Everyone brought a little folding table, and their C64s, and later Amigas.
I was also part of some cracking groups, making intros for them - FBR, Agile, Intense, TSM, and some others. I was also involved in some warez BBSs, making customizations to the BBS code. We did all the phone phreaking stuff too.
And as a consequence of being too involved in some of these people's lives, I now have both an FBI and Secret Service file on me. I had no repercussions, but my friends sure did (for the phone related stuff). The stories I could tell...
Me too. My dad would go to "the computer club" and bring back some diskettes.
Best part was, most of the games were hobbyist efforts so I'd get a true floppy (5 1/2") that held maybe 320kb? And each side would have like 10 or 15 games each.
There was a later period on PCs in the 386/486 era where you would buy a magazine and it'd come with a CD loaded with games - back when shareware was a perfect vessel for marketing games that were easily stolen - good enough to sate a broke kid but also led to many Xmas gift wishlist items. iD had so much street cred in my circle.
Hmm. I never really knew where my dad got this mountain of Amiga disks. A mix of legit and not. As kids we would always find something new to play digging through them.
My neighbor in the early 90s was a 747 pilot on a regular route to Hong Kong. We’d give him a list of requests and a couple bucks and he’d come back with disks of whatever we wanted.
Yeah, same for an Aussie Amiga group in '88 - wholesale piracy, everyone running XCOPY - looking through each other's disk-boxes and copying. I remember seeing ads in the local paper for software at $2 per disk, send SAE for free calalogue. The pirate scene for the Amiga back in those days was huge. We even had a local group that traded on an international scale, hooking everyone up with the big groups in Europe. Fun times for sure!
My current setup is to rent a cheap $5/month VPS running nginx. I then reverse ssh from my home to the vps, with each app on a different port. It works great until my electric goes out and comes back on the apps become unavailable. I haven't gotten the restart script to work 100% of the time.
But, I'd love to hear thoughts on security of reverse SSH from those that know.