Old posts

bafe8810-c42c-44a6-8466-b875847089c4 2025-03-13 19:27:24.141922894 +0000 UTC m=+1531.073500770 2025-10-13 10:40:50.898921943 +0000 UTC m=+4238473.990229036 .NET_s_Blazor_is_a_nightmare .NET’s Blazor is a nightmare

Let me explain.

  1. I like C#
  2. I like Razor templates

For those uninitiated, Razor is slightly questionable mix of HTML and C#. Here is an example:

@using SomeApp.Models
@model FooPageModel
@inject ISomething Something

<div class="row">
  <div class="col-lg-4">
    <h3><i class="fa fa-user"></i> @Model.Foo</h3>
  <div>
<div>

It had some warts, but there was always a way to get Razor to work and be very productive with it. Even when you mixed it with something relatively unsuitable, e.g. AngularJS, it worked just fine.

Anyway, somebody at Microsoft decided to shove a whole Javascript framework into the Razor templating system and call the resulting mess Blazor. (Supposedly for being the opposite of blazing fast..?)

Actually, they called it many different things over the years. Thanks for screwing up my search results, and it makes their deeply mediocre docs even worse. Oh yeah, and it also resulted in the file extension for Blazor being, drumroll:
.razor
Yes, the name of the OTHER templating language, of which Blazor is a superset. Amazing!

Anyway, let's get to the good part. We want type saftety! We want a cool templating language! We want to compile a C# Backend into Webassembly and ship it in the client to run in tandem with the actual C# Backend!

If that last one seems like a bit of a stretch, then… yes. Nevertheless, it is the core concept behind Blazor. The .NET Core, if you will.

To make this happen, somebody decided to use compile time code generation to turn Blazor into a C# class with the “partial” keyword, then compile it into the backend.

Result:

Fatal flaw #1: Changing text on a website requires recompiling your entire app (and it takes way too long)
At this point, they should have trashed Blazor and moved on, because compiling a .NET Core app is not fast.
To mitigate this, there is a feature called hot reload in Visual Studio (and JetBrains Rider) that allows you to do a partial recompilation without actually restarting your app.
Or rather, it would in theory, if they had ever bothered to make that feature work properly with Blazor. Instead, 90% of the time I try to reload my changes, this operation fails. There is a gradient of bullshit on the reasons given. Here is some examples in order of ascending annoyance:
  1. Blazor code used an unsupported language feature under the hood (E.g. most of them, and also they spread like a pollution due to compilation dependencies)
  2. Runtime falsely assumes the reload works, but the app is broken afterwards.&nbsp;
  3. Complety bogus error that links you to a random file in the project. (?!)
  4. Visual Studio / Rider / .NET Runtime tries to hot reload but crashed in some way and needs to be killed (Cool)
I don’t really care that this feature is one big memory leak, or that it’s probably a nightmare to maintain. You made blazor work with compile-time HTML templates, you deal with it, Microsoft! Or I guess we can also sit in front of our apps all day, waiting seconds/minutes for them to recompile and reboot. That’s also great.

Fatal flaw #2: The world’s worst data binding / input events
You’d think they would ship a usable textbox sample in their stdlib or docs. You would be wrong. You would think they have a clean syntax for event handlers that corresponds to the native JS event names and event data types, but you would be wrong twice. You will find 5 different, contradictory syntaxes to bind to a fucking textbox onchange event, only 2 of which actually work.&nbsp;
So upon finally completing that, you will find the most disgusting bugs in your implemention, because every keystroke goes into an event queue that takes seconds to update your dom, resulting in the most user-hostile troll textbox that you ever saw, which will lag and partially remove inputs, queue up inputs, and much more fun stuff.&nbsp;

These bugs might not show up in local testing btw. And they should never have happened if the designers of blazor had done their job and&nbsp;
  1. actually built and shipped an app that works&nbsp;
  2. moved their utilities into the blazor stdlib&nbsp;
  3. documented them properly
None of this happened. Here is some cool search results
https://stackoverflow.com/questions/57533970/blazor-textfield-oninput-user-typing-delay
https://blog.jeremylikness.com/blog/an-easier-blazor-debounce/
It is very clear that they did not aim a proper modern web framework as the bar for their library. For example, data binding in child blazor components does not work two-way, and to make it&nbsp; work, you have to do absurd things instead.

The only documentation for some of this stuff that I found is inspecting the decompile source code of blazor. Which works fine but its nowhere close to state-of-the-art web frameworks which are designed for people who are actually productive and build websites quickly.


So in order to fix this mess, you will have to dig really deeply into how blazor works and&nbsp;


Related:
Anti-feature #2: Blazor Lexers are buggy and chokingly heavy, to a point where they don’t run properly on any machine
I’m guessing parsing Blazor is not easy for reasons that should be obvious&nbsp; if you look at it. They should have tightened up the razor language before making this, but instead, they extended it while maintaining full backwards compatibility.&nbsp;
As a bonus, they also left some cool obvious bugs in there, such as the parser exploding when you have razor comments inside an HTML element (when you comment out an attribute).
&nbsp;
Anti feature #5: Shitty JS Interop
We are using a&nbsp; library, in which somebody else haas nicely wrapped a JS library in a&nbsp; Blazor component.&nbsp; The problem is, when something goes wrong somewhere in its bowels, the error disapears somewhere in abstraction hell. Cool! If Blazor was created in a smart way, it would make it hard to use the JS interop without surfacing the JS error. Cool.

The little cherry on top:
Anti-feature #99: Somebody decided that “Template not imported” is a warning
I would not mind this so much if the warning level customization feature of .NET was not a clusterfuck. But it is. So I had a legacy codebase that generates a million warnings, was not able to suppress them, and somewhere in there, there was a single warning from a Blazor component was trying to tell me the very obvious reason why I does not show up. It’s almost as if you should enforce imports at compile time, in your compile time safe frontend thing whose whole point is to actually show up if it compiles (and doesnt nullref).
Ah yeah


I don’t even claim you can’t make cool stuff using blazor, but it’s just a huge pain and not even remotely worth learning. Never again.

2025-04-01 23:34:00 +0000 UTC 0 1

Let me explain.

  1. I like C#
  2. I like Razor templates

For those uninitiated, Razor is slightly questionable mix of HTML and C#. Here is an example:

@using SomeApp.Models
@model FooPageModel
@inject ISomething Something

<div class="row">
  <div class="col-lg-4">
    <h3><i class="fa fa-user"></i> @Model.Foo</h3>
  <div>
<div>

It had some warts, but there was always a way to get Razor to work and be very productive with it. Even when you mixed it with something relatively unsuitable, e.g. AngularJS, it worked just fine.

Anyway, somebody at Microsoft decided to shove a whole Javascript framework into the Razor templating system and call the resulting mess Blazor. (Supposedly for being the opposite of blazing fast..?)

Actually, they called it many different things over the years. Thanks for screwing up my search results, and it makes their deeply mediocre docs even worse. Oh yeah, and it also resulted in the file extension for Blazor being, drumroll:
.razor
Yes, the name of the OTHER templating language, of which Blazor is a superset. Amazing!

Anyway, let's get to the good part. We want type saftety! We want a cool templating language! We want to compile a C# Backend into Webassembly and ship it in the client to run in tandem with the actual C# Backend!

If that last one seems like a bit of a stretch, then… yes. Nevertheless, it is the core concept behind Blazor. The .NET Core, if you will.

To make this happen, somebody decided to use compile time code generation to turn Blazor into a C# class with the “partial” keyword, then compile it into the backend.

Result:

Fatal flaw #1: Changing text on a website requires recompiling your entire app (and it takes way too long)
At this point, they should have trashed Blazor and moved on, because compiling a .NET Core app is not fast.
To mitigate this, there is a feature called hot reload in Visual Studio (and JetBrains Rider) that allows you to do a partial recompilation without actually restarting your app.
Or rather, it would in theory, if they had ever bothered to make that feature work properly with Blazor. Instead, 90% of the time I try to reload my changes, this operation fails. There is a gradient of bullshit on the reasons given. Here is some examples in order of ascending annoyance:
  1. Blazor code used an unsupported language feature under the hood (E.g. most of them, and also they spread like a pollution due to compilation dependencies)
  2. Runtime falsely assumes the reload works, but the app is broken afterwards.&nbsp;
  3. Complety bogus error that links you to a random file in the project. (?!)
  4. Visual Studio / Rider / .NET Runtime tries to hot reload but crashed in some way and needs to be killed (Cool)
I don’t really care that this feature is one big memory leak, or that it’s probably a nightmare to maintain. You made blazor work with compile-time HTML templates, you deal with it, Microsoft! Or I guess we can also sit in front of our apps all day, waiting seconds/minutes for them to recompile and reboot. That’s also great.

Fatal flaw #2: The world’s worst data binding / input events
You’d think they would ship a usable textbox sample in their stdlib or docs. You would be wrong. You would think they have a clean syntax for event handlers that corresponds to the native JS event names and event data types, but you would be wrong twice. You will find 5 different, contradictory syntaxes to bind to a fucking textbox onchange event, only 2 of which actually work.&nbsp;
So upon finally completing that, you will find the most disgusting bugs in your implemention, because every keystroke goes into an event queue that takes seconds to update your dom, resulting in the most user-hostile troll textbox that you ever saw, which will lag and partially remove inputs, queue up inputs, and much more fun stuff.&nbsp;

These bugs might not show up in local testing btw. And they should never have happened if the designers of blazor had done their job and&nbsp;
  1. actually built and shipped an app that works&nbsp;
  2. moved their utilities into the blazor stdlib&nbsp;
  3. documented them properly
None of this happened. Here is some cool search results
https://stackoverflow.com/questions/57533970/blazor-textfield-oninput-user-typing-delay
https://blog.jeremylikness.com/blog/an-easier-blazor-debounce/
It is very clear that they did not aim a proper modern web framework as the bar for their library. For example, data binding in child blazor components does not work two-way, and to make it&nbsp; work, you have to do absurd things instead.

The only documentation for some of this stuff that I found is inspecting the decompile source code of blazor. Which works fine but its nowhere close to state-of-the-art web frameworks which are designed for people who are actually productive and build websites quickly.


So in order to fix this mess, you will have to dig really deeply into how blazor works and&nbsp;


Related:
Anti-feature #2: Blazor Lexers are buggy and chokingly heavy, to a point where they don’t run properly on any machine
I’m guessing parsing Blazor is not easy for reasons that should be obvious&nbsp; if you look at it. They should have tightened up the razor language before making this, but instead, they extended it while maintaining full backwards compatibility.&nbsp;
As a bonus, they also left some cool obvious bugs in there, such as the parser exploding when you have razor comments inside an HTML element (when you comment out an attribute).
&nbsp;
Anti feature #5: Shitty JS Interop
We are using a&nbsp; library, in which somebody else haas nicely wrapped a JS library in a&nbsp; Blazor component.&nbsp; The problem is, when something goes wrong somewhere in its bowels, the error disapears somewhere in abstraction hell. Cool! If Blazor was created in a smart way, it would make it hard to use the JS interop without surfacing the JS error. Cool.

The little cherry on top:
Anti-feature #99: Somebody decided that “Template not imported” is a warning
I would not mind this so much if the warning level customization feature of .NET was not a clusterfuck. But it is. So I had a legacy codebase that generates a million warnings, was not able to suppress them, and somewhere in there, there was a single warning from a Blazor component was trying to tell me the very obvious reason why I does not show up. It’s almost as if you should enforce imports at compile time, in your compile time safe frontend thing whose whole point is to actually show up if it compiles (and doesnt nullref).
Ah yeah


I don’t even claim you can’t make cool stuff using blazor, but it’s just a huge pain and not even remotely worth learning. Never again.

1c628a2f-036a-4513-97f5-a16d7760bde6 2025-03-14 13:43:02.929113725 +0000 UTC m=+1880.966895158 2025-08-21 07:49:47.645130997 +0000 UTC m=+137138.785508902 meta_meta_starterkit_collection meta meta starterkit collection

better-t-stack sucks

0 0 projects

better-t-stack sucks 18dc56e9-7af1-4415-a8d8-d179ac800395 2025-04-02 09:11:39.840480525 +0000 UTC m=+48.238678300 2025-05-07 19:09:58.612090891 +0000 UTC m=+4173.772256599 Email_Friends Email Friends

Try it out now!

2024-12-27 12:14:00 +0000 UTC 1 0 projects /uploads/18dc56e9-7af1-4415-a8d8-d179ac800395/email-friends.png

Quarantine incoming emails from unknown contacts

Quarantine incoming emails from unknown contacts

Try it out now!

9d3e7920-1916-45c8-95de-adca5456b171 2025-05-06 14:56:07.296908231 +0000 UTC m=+7417.525726182 2025-05-06 14:56:14.774305566 +0000 UTC m=+7425.003123488 Trying_to_define__Good_developers_ Trying to define “Good developers”

0 0

5140a426-3229-42f3-a3b2-221b6f6f4732 2025-05-07 12:28:25.700085059 +0000 UTC m=+84955.928903010 2025-05-15 08:28:30.243465124 +0000 UTC m=+403519.718106230 Why_move_to_RSS Why move to RSS

move to rss

I will make it easy for you by making a better dev.to subscription service with no ads etc, as a rest API

0 0

move to rss

I will make it easy for you by making a better dev.to subscription service with no ads etc, as a rest API 72beaac8-2914-49de-80d0-f738e434fe5a 2025-05-08 18:29:33.964756794 +0000 UTC m=+6091.402019893 2025-05-08 18:53:38.532451365 +0000 UTC m=+7535.969714434 Email_Friends_Privacy_Policy Email Friends Privacy Policy

Overview

Email Friends (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we handle your data when you use our email management service.

Data We Process

  • A key to access your account on gmail.com.
    (You cancel access for this app in google settings)
  • Email metadata: sender, recipient, mail server, date.
  • The email addresses of your gmail contacts: To check for which emails to filter)

Note: We do not read, store, or process the content of your emails.

How We Use Your Data

  • To provide the services as described in our product offerings
  • To edit your list of your contacts on gmail.com
  • To generate daily digests of new contacts

Data Storage and Security

  • All data is stored securely in the European Union
  • We use industry-standard encryption for data in transit and at rest
  • We only keep your data for as long as necessary to provide our service
  • We never give your data to anyone

Your Rights

You have the right to:

  • Access your personal data
  • Correct your personal data
  • Delete your personal data
  • Export your personal data
  • Withdraw consent at any time

Cookies

We only use essential cookies necessary for the functioning of our service. We do not use any tracking or advertising cookies.

Contact Us

If you have any questions or requests, please contact us at:

2025-05-07 20:51:00 +0000 UTC 0 1 email friends

Overview

Email Friends (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we handle your data when you use our email management service.

Data We Process

  • A key to access your account on gmail.com.
    (You cancel access for this app in google settings)
  • Email metadata: sender, recipient, mail server, date.
  • The email addresses of your gmail contacts: To check for which emails to filter)

Note: We do not read, store, or process the content of your emails.

How We Use Your Data

  • To provide the services as described in our product offerings
  • To edit your list of your contacts on gmail.com
  • To generate daily digests of new contacts

Data Storage and Security

  • All data is stored securely in the European Union
  • We use industry-standard encryption for data in transit and at rest
  • We only keep your data for as long as necessary to provide our service
  • We never give your data to anyone

Your Rights

You have the right to:

  • Access your personal data
  • Correct your personal data
  • Delete your personal data
  • Export your personal data
  • Withdraw consent at any time

Cookies

We only use essential cookies necessary for the functioning of our service. We do not use any tracking or advertising cookies.

Contact Us

If you have any questions or requests, please contact us at:

1. Agreement to Terms

By using Email Friends (“the Service”), you agree to these Terms of Service. If you disagree with any part of these terms, please do not use the Service.

2. Service Description

Email Friends is an email management service that:

  • Connects to your Gmail account
  • Filters emails from unknown contacts
  • Provides daily digests of new contacts
  • Manages your email contact list

3. User Responsibilities

You agree to:

  • Maintain the security of your account credentials
  • Use the Service in compliance with applicable laws

4. Service Limitations

  • The Service is provided “as is” without warranties
  • We may experience occasional downtime for maintenance

5. Modifications to Service

We reserve the right to:

  • Modify or discontinue the Service
  • Update these terms with reasonable notice
  • Change features or functionality (as long as they don’t conflict with the privacy statement)

6. Limitation of Liability

The Service is not liable for:

  • Indirect or consequential damages
  • Loss of data
  • Service interruptions
  • Third-party actions

8. Contact

For questions about these terms:

2025-05-07 21:02:00 +0000 UTC 0 1

1. Agreement to Terms

By using Email Friends (“the Service”), you agree to these Terms of Service. If you disagree with any part of these terms, please do not use the Service.

2. Service Description

Email Friends is an email management service that:

  • Connects to your Gmail account
  • Filters emails from unknown contacts
  • Provides daily digests of new contacts
  • Manages your email contact list

3. User Responsibilities

You agree to:

  • Maintain the security of your account credentials
  • Use the Service in compliance with applicable laws

4. Service Limitations

  • The Service is provided “as is” without warranties
  • We may experience occasional downtime for maintenance

5. Modifications to Service

We reserve the right to:

  • Modify or discontinue the Service
  • Update these terms with reasonable notice
  • Change features or functionality (as long as they don’t conflict with the privacy statement)

6. Limitation of Liability

The Service is not liable for:

  • Indirect or consequential damages
  • Loss of data
  • Service interruptions
  • Third-party actions

8. Contact

For questions about these terms:

tags: [“convex”, “security”, “development”, “lessons-learned”]

Security Issues with Ease of Development Tools

Remember Firebase from a few years back? Cool tool, but it had this nasty habit of exposing all your data over the API by default if you didn’t click the right buttons in their UI. I recently used Supabase, a Firebase clone, and had the same issue - you had to be super careful to configure the project properly to avoid accidentally exposing your entire database to the world.

It also makes me uncomfortable that many extremely popular dev tools, such as vercel,

Convex

First off, read a bit about what convex.dev is, if you do not know. I am not covering this here and this post assumes familiarity with their platform.

I’m often working with Convex for my side projects. Here is what I have come up with:

The security rule for Convex backend functions

For every backend API function that does something non-public or user-specific:

  1. Get the user
  2. Do an ownership check

Getting the user happens automatically via their auth system in a well-defined way - not having to build my own auth system is a huge benefit of their framework. Then doing the ownership check is just a single line of business logic with a throw if it fails.

A Real Oopsie

I was building a calendar sync solution for my Nextcloud instance. I configured a crontjob to sync everything I ever had in my calendar every 2 minutes so that my remote dev environment would stay up to the date.

This was significantly more data than I thought it would be, and as a result, I got a $50 bill from Convex for 50GB of high-speed database traffic. The lesson: always test data-heavy operations with small datasets first.

0 1

tags: [“convex”, “security”, “development”, “lessons-learned”]

Security Issues with Ease of Development Tools

Remember Firebase from a few years back? Cool tool, but it had this nasty habit of exposing all your data over the API by default if you didn’t click the right buttons in their UI. I recently used Supabase, a Firebase clone, and had the same issue - you had to be super careful to configure the project properly to avoid accidentally exposing your entire database to the world.

It also makes me uncomfortable that many extremely popular dev tools, such as vercel,

Convex

First off, read a bit about what convex.dev is, if you do not know. I am not covering this here and this post assumes familiarity with their platform.

I’m often working with Convex for my side projects. Here is what I have come up with:

The security rule for Convex backend functions

For every backend API function that does something non-public or user-specific:

  1. Get the user
  2. Do an ownership check

Getting the user happens automatically via their auth system in a well-defined way - not having to build my own auth system is a huge benefit of their framework. Then doing the ownership check is just a single line of business logic with a throw if it fails.

A Real Oopsie

I was building a calendar sync solution for my Nextcloud instance. I configured a crontjob to sync everything I ever had in my calendar every 2 minutes so that my remote dev environment would stay up to the date.

This was significantly more data than I thought it would be, and as a result, I got a $50 bill from Convex for 50GB of high-speed database traffic. The lesson: always test data-heavy operations with small datasets first.

b71a7a83-56b8-43da-8e76-8ec59545dcec 2025-07-10 08:32:11.691289345 +0000 UTC m=+135964.726314145 2025-07-10 08:32:11.691289395 +0000 UTC m=+135964.726314195 How_to_hack_convex How_to_hack_convex

1

55749ed0-540e-4bad-afca-55a7320efcd5 2025-07-31 10:01:48.764851129 +0000 UTC m=+1955741.799875929 2025-07-31 10:01:59.496069235 +0000 UTC m=+1955752.531094075 Our_planet_will_not_survive_lazy_developers_adopting_LLMs Our planet will not survive lazy developers adopting LLMs

0 0

6cf47eca-009a-4d67-a2e1-716d0fc97bd4 2025-08-01 22:16:48.249339615 +0000 UTC m=+18.397590745 2025-08-01 22:16:48.249339745 +0000 UTC m=+18.397590875 correct-frontends correct-frontends

The correct way to do

When building frontends for most projects, simplicity and maintainability should be your top priorities. Start with a clear structure: separate your components, styles, and logic.

Use a modern framework like React or Vue only if your project truly needs it; otherwise, plain HTML, CSS, and minimal JavaScript can be more efficient.

Focus on accessibility and responsive design from the beginning. Avoid overengineering—choose tools that solve your actual problems, not hypothetical ones. Document your code and keep dependencies to a minimum. This approach ensures your frontend remains easy to understand, update, and scale as your project grows.

So what??!

1

The correct way to do

When building frontends for most projects, simplicity and maintainability should be your top priorities. Start with a clear structure: separate your components, styles, and logic.

![](/uploads/3c8bbb55-646b-4595-84c8-c039b6325de9/image (5).png)

Use a modern framework like React or Vue only if your project truly needs it; otherwise, plain HTML, CSS, and minimal JavaScript can be more efficient.

Focus on accessibility and responsive design from the beginning. Avoid overengineering—choose tools that solve your actual problems, not hypothetical ones. Document your code and keep dependencies to a minimum. This approach ensures your frontend remains easy to understand, update, and scale as your project grows.

So what??! 870d5b8c-2846-4114-a64c-97c12a54b647 2025-08-01 22:27:25.265061441 +0000 UTC m=+655.413312531 2025-08-03 14:37:28.240937272 +0000 UTC m=+97196.844933878 Infrastructure_vibe_coding_for_side_projects Infrastructure vibe coding for side projects

Rationale: I have some side projects. Let me figure out some infrastructure as code patterns with the help of an LLM in --yolo mode and test how practical it is to use an IAC framework for a single confused person such as me. Maybe it is not even worth the complexity and I should just keep clicking things by hand.

Plan:

  1. Use claude model
  2. Get some keys for existing infra providers
  3. Have claude figure out our existing infra, either via the IAC tool of our choice (e.g. terraform) or random scripts it can make
  4. Shove everything, including the credentials, into claude and tell it to replicate the existing infra as IAC, e.g. terraform variables file.
  5. Tell it to run and debug it as well. Check if maybe all data in your project was lost because something decided to recreate the prod DB. This is why the title says “side projects”.
  6. Audit and understand how our IAC works, request refactorings and changes from claude as needed. Make sure your changes to the IAC code files are actually applied.
  7. Move our API keys into their own IAC config file. Ignore that file in git.
  8. Rotate our API keys and stop using claude on your IAC. Are we happy?

Vibe Refactoring my IAC

Restructuring an IAC when you have no clue what you are doing is more annoying than building it from scratch.

TODO

I excluded credentials files from all my LLM tools, and then begged them (especially claude) in the global instructions not to read the credential files anyway by doing funny bash tricks instead of their regular ways of grepping files. That way I might not leak your credentials to the ai companies every time. In my experience, it works to tell them to assume the creds are always correct. Otherwise they will always feel the need to read them to debug stupid mistakes it made.

This is not a good good system, I need to start using a secrets store. Will edit this post in-place when I figure that out.

A simple example

I have my domains on namecheap for whatever reason. Their website for managing the DNS record is slow and sucks in other ways. So I did the steps above and migrated to three terraform scripts to manage them. Works great!

1 0

Rationale: I have some side projects. Let me figure out some infrastructure as code patterns with the help of an LLM in --yolo mode and test how practical it is to use an IAC framework for a single confused person such as me. Maybe it is not even worth the complexity and I should just keep clicking things by hand.

Plan:

  1. Use claude model
  2. Get some keys for existing infra providers
  3. Have claude figure out our existing infra, either via the IAC tool of our choice (e.g. terraform) or random scripts it can make
  4. Shove everything, including the credentials, into claude and tell it to replicate the existing infra as IAC, e.g. terraform variables file.
  5. Tell it to run and debug it as well. Check if maybe all data in your project was lost because something decided to recreate the prod DB. This is why the title says “side projects”.
  6. Audit and understand how our IAC works, request refactorings and changes from claude as needed. Make sure your changes to the IAC code files are actually applied.
  7. Move our API keys into their own IAC config file. Ignore that file in git.
  8. Rotate our API keys and stop using claude on your IAC. Are we happy?

Vibe Refactoring my IAC

Restructuring an IAC when you have no clue what you are doing is more annoying than building it from scratch.

TODO

I excluded credentials files from all my LLM tools, and then begged them (especially claude) in the global instructions not to read the credential files anyway by doing funny bash tricks instead of their regular ways of grepping files. That way I might not leak your credentials to the ai companies every time. In my experience, it works to tell them to assume the creds are always correct. Otherwise they will always feel the need to read them to debug stupid mistakes it made.

This is not a good good system, I need to start using a secrets store. Will edit this post in-place when I figure that out.

A simple example

I have my domains on namecheap for whatever reason. Their website for managing the DNS record is slow and sucks in other ways. So I did the steps above and migrated to three terraform scripts to manage them. Works great!

17527970-33b8-4f26-88c1-79a76e259f59 2025-08-01 23:12:17.986962899 +0000 UTC m=+3348.135214059 0001-01-01 00:00:00 +0000 UTC More_thoughts_on_C__to_golang More thoughts on C# to golang

0

5a42732e-f16b-4fe2-b705-ae35750e20cc 2025-08-02 08:50:14.681854388 +0000 UTC m=+38024.830105517 2025-08-02 08:51:36.14121634 +0000 UTC m=+38106.289467481 Convex_Drive Convex Drive

I built this in 4 days to give convex.dev a real-world spin.

Try it out here!

https://github.com/domi-ninja/convex-drive

2025-06-24 02:00:00 +0000 UTC 1 1 projects /uploads/5a42732e-f16b-4fe2-b705-ae35750e20cc/Screenshot 2025-06-05 102150.png

I built this in 4 days to give convex.dev a real-world spin.

Try it out here!

https://github.com/domi-ninja/convex-drive

![](/uploads/6a667ee0-6efc-4b1a-809f-3b8fc5d72924/Screenshot 2025-06-05 102150.png)

![](/uploads/6a667ee0-6efc-4b1a-809f-3b8fc5d72924/Screenshot 2025-06-05 102213.png)

![](/uploads/6a667ee0-6efc-4b1a-809f-3b8fc5d72924/Screenshot 2025-06-05 102258.png)

b7ad8a60-ec13-4d62-8f93-d62ced6c0b7d 2025-08-03 09:25:49.038555669 +0000 UTC m=+78497.642552284 2025-08-03 09:33:35.77847765 +0000 UTC m=+78964.382474265 Google_sucks_too_hard_and_I_am_done_with_them Google sucks too hard and I am done with them

Apparently google is now rummaging through your documents and deleting them if some ai is flagging on them.

Now, hear me out: If some other company did this, I would expect them to make it right. But google, amazon, microsoft and apple are the special brand of sucky giant

via @pheonix@fosstodon.org

https://maerossi.com/ claims to be a romance writer.

I guess I will make a venture into pushing open source or self-developed cloud services.

0 0

Apparently google is now rummaging through your documents and deleting them if some ai is flagging on them.

Now, hear me out: If some other company did this, I would expect them to make it right. But google, amazon, microsoft and apple are the special brand of sucky giant

*via @pheonix@fosstodon.org*

https://maerossi.com/ claims to be a romance writer.

I guess I will make a venture into pushing open source or self-developed cloud services. b0f699cc-6872-47aa-a903-b39504e01d85 2025-08-03 14:33:47.448123855 +0000 UTC m=+96976.052120471 2025-08-03 14:33:50.542109201 +0000 UTC m=+96979.146105777 Better_Nextcloud_Task_Project Better Nextcloud Task Project

0 0 projects

a1b625de-dedc-4bf0-958f-84622012dde4 2025-08-04 12:16:44.388165094 +0000 UTC m=+175152.992161710 0001-01-01 00:00:00 +0000 UTC programming_sustainably programming sustainably

This is not to say that our ai coded, bloated, unoptimized, horrible node_modules mess of a code culture is correct – i can feel myself wanting rethink that stuff in the face of global warming and supply chain crisis. I see a distinct possibility that we will have to downgrade web servers to a raspi-pi like hardware in the future, and then run a lighter web stack on there.

But i have been

0

This is not to say that our ai coded, bloated, unoptimized, horrible node_modules mess of a code culture is correct — i can feel myself wanting rethink that stuff in the face of global warming and supply chain crisis. I see a distinct possibility that we will have to downgrade web servers to a raspi-pi like hardware in the future, and then run a lighter web stack on there.

But i have been 3118ce7f-3e23-4351-a19c-b076119472ee 2025-08-07 14:11:30.069232979 +0000 UTC m=+441238.673229596 2025-08-07 14:11:44.478148494 +0000 UTC m=+441253.082145070 hellpot hellpot

https://c.im/@domi/114987857541318959

0 0 projects

https://c.im/@domi/114987857541318959

70fea016-8e97-4da7-91a8-bd50699604d5 2025-08-18 13:04:23.138244873 +0000 UTC m=+340987.729334477 0001-01-01 00:00:00 +0000 UTC my_fav_way_to_work_with_ my fav way to work with

0

d7375899-57ec-411a-b128-5b7cb0d544c9 2025-08-21 07:49:27.909768358 +0000 UTC m=+137119.050146263 0001-01-01 00:00:00 +0000 UTC tooter_usability tooter usability

what even is the point? thoughts go here

0

what even is the point? thoughts go here cf9f56e2-0523-4b0d-bf4c-9202382d345a 2025-08-21 08:40:22.071265906 +0000 UTC m=+420.506223986 2025-08-21 08:40:33.549343956 +0000 UTC m=+431.984301996 websites.fail websites.fail

https://github.com/domi-ninja/websites.fail/

2025-08-21 10:40:00 +0000 UTC 1 0 projects

https://github.com/domi-ninja/websites.fail/ 542bd42a-66fe-4c8e-b231-33d400faa689 2025-08-22 15:39:53.798257805 +0000 UTC m=+111992.233215885 2025-08-25 07:01:13.290242947 +0000 UTC m=+340071.725201027 Low-code_will_always_suck__Reasoning Low-code will always suck: Reasoning

Low-code tool development is a high skill programmer job

  • A low-code tool is basically a debugger. Making debuggers, especially ones that don’t suck, is really hard [citation not needed]
  • High skill programmers don’t need (or dogfood) low-code tools.

Maybe low-code refactoring?

  • But your dont have search & replace

0 0

Low-code tool development is a high skill programmer job

  • A low-code tool is basically a debugger. Making debuggers, especially ones that don’t suck, is really hard [citation not needed]
  • High skill programmers don’t need (or dogfood) low-code tools.

Maybe low-code refactoring?

  • But your dont have search & replace 1cd97581-6fca-4ce9-a128-04aa7102e161 2025-09-02 11:18:37.047155966 +0000 UTC m=+698344.012983142 2025-09-02 11:19:02.272716176 +0000 UTC m=+698369.238543353 cleaner_code cleaner code

https://c.im/@domi/115134408146745382

0 0

https://c.im/@domi/115134408146745382 944c0b42-8035-4388-b5f3-920f30e44e3c 2025-09-05 13:23:09.395111964 +0000 UTC m=+965016.360939151 2025-09-05 13:32:15.078026248 +0000 UTC m=+965562.043853434 my_current_projects my current projects

so uh

https://blog.domi.ninja/post/?id=6a667ee0-6efc-4b1a-809f-3b8fc5d72924 this works but i dont really know why i built it – maybe i will turn it into a cached frontend for my nextcloud instance sometime and wrap the webdav shit there so that tis faster and stops being annoyign on the android app (its supposed to auto upload my photos but making problems at the moment)

email-friends was my attempt to do what https://mail.superhuman.com/ does but it turns out thats a pain in the ass so nevermind that

google for me and spider are prototypes for what it turns out is already a big business, which is remote controlling puppeteer instances using ai.. pretty sure i will also leave this to the bigger fish

j-calendar is my vibe coded frontend prototype for my nextcloud caldav instead of webdav (calendar+contacts vs files) SO i guess i tried that twice or whatever

Anyhow

rss.domi.ninja will go on that subdomain sometime and be a little feed of cool stuff from mastodon and wherever i cross post it from

security-test-app was me thinking about convex + vibe code security, i want to go through a cool post they made and see if i agree

penumbra is me trying to start vibe coding an umbraco but i think fuck that

projects-mindmap is this thing its a vibe coded tree editor which im consdiering using instead of this

ai text adventure is a thing i started making because i was annoyed how shit the ai-enabled text adventures are, and it would be easy to do a better job, but im not motivated to make games unfortunately

typestone is this its a mostly vibecoded hearthstone clone with multiplayer via convex, where i want to experiment with a gameplay where the user types in the effect of a card, and then the ai goes and builds and compiles the code for the new card and puts it into the game

https://websites.fail is my most serious project, it is meant to become a better version of https://uptimerobot.com/ because that one loads slowly

0 0

![](/uploads/944c0b42-8035-4388-b5f3-920f30e44e3c/Screenshot 2025-09-05 151717.png) ![](/uploads/944c0b42-8035-4388-b5f3-920f30e44e3c/Screenshot 2025-09-05 151622.png) ![](/uploads/944c0b42-8035-4388-b5f3-920f30e44e3c/Screenshot 2025-09-05 150125.png) ![](/uploads/944c0b42-8035-4388-b5f3-920f30e44e3c/Screenshot 2025-09-05 150021.png) ![](/uploads/944c0b42-8035-4388-b5f3-920f30e44e3c/Screenshot 2025-09-05 145935.png) ![](/uploads/944c0b42-8035-4388-b5f3-920f30e44e3c/Screenshot 2025-09-05 145831.png) ![](/uploads/944c0b42-8035-4388-b5f3-920f30e44e3c/Screenshot 2025-09-05 145631.png)

so uh

https://blog.domi.ninja/post/?id=6a667ee0-6efc-4b1a-809f-3b8fc5d72924 this works but i dont really know why i built it — maybe i will turn it into a cached frontend for my nextcloud instance sometime and wrap the webdav shit there so that tis faster and stops being annoyign on the android app (its supposed to auto upload my photos but making problems at the moment)

email-friends was my attempt to do what https://mail.superhuman.com/ does but it turns out thats a pain in the ass so nevermind that

google for me and spider are prototypes for what it turns out is already a big business, which is remote controlling puppeteer instances using ai.. pretty sure i will also leave this to the bigger fish

j-calendar is my vibe coded frontend prototype for my nextcloud caldav instead of webdav (calendar+contacts vs files) SO i guess i tried that twice or whatever

Anyhow

rss.domi.ninja will go on that subdomain sometime and be a little feed of cool stuff from mastodon and wherever i cross post it from

security-test-app was me thinking about convex + vibe code security, i want to go through a cool post they made and see if i agree

penumbra is me trying to start vibe coding an umbraco but i think fuck that

projects-mindmap is this thing its a vibe coded tree editor which im consdiering using instead of this

ai text adventure is a thing i started making because i was annoyed how shit the ai-enabled text adventures are, and it would be easy to do a better job, but im not motivated to make games unfortunately

typestone is this its a mostly vibecoded hearthstone clone with multiplayer via convex, where i want to experiment with a gameplay where the user types in the effect of a card, and then the ai goes and builds and compiles the code for the new card and puts it into the game

https://websites.fail is my most serious project, it is meant to become a better version of https://uptimerobot.com/ because that one loads slowly ![](/uploads/944c0b42-8035-4388-b5f3-920f30e44e3c/Screenshot 2025-09-05 151622.png) 5f05bcf8-02b6-4ba6-a657-c17456f5ceb4 2025-09-09 11:52:21.832422884 +0000 UTC m=+1305168.798250030 2025-09-09 11:52:28.609375624 +0000 UTC m=+1305175.575202811 illustrating_software_dev illustrating software dev

0 0

01acf6ad-f169-42c9-bcc3-3e03a896490d 2025-09-18 12:28:07.181437799 +0000 UTC m=+2084914.147264986 2025-09-18 12:52:39.710686621 +0000 UTC m=+2086386.676513808 The_Internet_will_never_die__keep_writing_cool_posts The Internet will never die, keep writing cool posts

der vortrag gester war noch recht inspirierend weil einfach ein akademiker mich in meinen meinungen bestätigt hat und mir gleichzeitig einen coping mechanismus gegeben hat, der dazu führt, das es mir ein bisschen besser geht jetzt, was wiederum heisst das ich jetzt ein bisschen schlau über themen nachdenken kann, die mich beschäftigen 😄 zb habe ich den verdacht das wir irgendwann in den nächsten jahrzehnten einen kleinen technischen rückschritt machen werden müssen. Ich glaube wir zwei hatten auch mal so etwas diskutiert und du warst mehr auf der optimistischen seite, aber ich finde es ein spannendes feld Man kann da auch mit software und hardware herzige sachen machen bisschen vage ich weiss, aber muss ich mal in ruhe darüber nachdenken nächstes jahr 🧠 w_ayne — 2:49 PM vorträge die einem zum hirnen bringen findi no nice dominic — 2:50 PM jah sehr!

Es ist ein Fakt das viele software so ein misthaufen von abstraktionen ist die aufeinander gekackt werden. Man müsste mal die ganze scheisse wegreissen und neu bauen. Das würde ausversehen dazu führen das es am ende 1000x schneller läuft und du auf jedem benutzten einweg-vape arbeiten könntest literal garbage computer Image hat so ein bisschen rim world vibes https://www.cnx-software.com/2025/09/16/converting-a-disposable-vape-into-a-web-server/ CNX Software - Embedded Systems News Converting a disposable vape into a web server - CNX Software BogdanTheGeek has managed to run a web server on a disposable vape powered by a cheap Puya PY32 Arm Cortex-M0+ microcontroller. Converting a disposable vape into a web server - CNX Software sorry das ist ein bisschen viel für hier, ich habe zuviel kaffe getrunken. Ich sollte das mal in meinen blog kopieren anstatt zu dir haha

All the current troubles for the open web are real, and it will probably get much worse.

But let’s look at something that

In the same way that

Slow Apocalypse Scenarios might herald a new dawn for real content inside a few decades

Let us be honest for a second: The future of humanity is troubled. The climate crisis is real. Entire countries might collapse in the future because some fungus ate all rubber plants, the next pandemic struck and NPM got hacked again. ;)

Given such a scenario, this would disrupt a lot of supply chains worldwide. What would happen to society if individuals could not afford to buy new computers anymore?

People would go back to listening to the AM/FM radio, because those are easily constructed in a garage from literal spare parts. They would go back to slower internet speeds. They would go back to sharing desktop PC machines and reading blog posts because those will actually load.

2025-12-09 11:58:00 +0000 UTC 0 1

der vortrag gester war noch recht inspirierend weil einfach ein akademiker mich in meinen meinungen bestätigt hat und mir gleichzeitig einen coping mechanismus gegeben hat, der dazu führt, das es mir ein bisschen besser geht jetzt, was wiederum heisst das ich jetzt ein bisschen schlau über themen nachdenken kann, die mich beschäftigen 😄 zb habe ich den verdacht das wir irgendwann in den nächsten jahrzehnten einen kleinen technischen rückschritt machen werden müssen. Ich glaube wir zwei hatten auch mal so etwas diskutiert und du warst mehr auf der optimistischen seite, aber ich finde es ein spannendes feld Man kann da auch mit software und hardware herzige sachen machen bisschen vage ich weiss, aber muss ich mal in ruhe darüber nachdenken nächstes jahr 🧠 w_ayne — 2:49 PM vorträge die einem zum hirnen bringen findi no nice dominic — 2:50 PM jah sehr!

Es ist ein Fakt das viele software so ein misthaufen von abstraktionen ist die aufeinander gekackt werden. Man müsste mal die ganze scheisse wegreissen und neu bauen. Das würde ausversehen dazu führen das es am ende 1000x schneller läuft und du auf jedem benutzten einweg-vape arbeiten könntest literal garbage computer Image hat so ein bisschen rim world vibes https://www.cnx-software.com/2025/09/16/converting-a-disposable-vape-into-a-web-server/ CNX Software - Embedded Systems News Converting a disposable vape into a web server - CNX Software BogdanTheGeek has managed to run a web server on a disposable vape powered by a cheap Puya PY32 Arm Cortex-M0+ microcontroller. Converting a disposable vape into a web server - CNX Software sorry das ist ein bisschen viel für hier, ich habe zuviel kaffe getrunken. Ich sollte das mal in meinen blog kopieren anstatt zu dir haha

All the current troubles for the open web are real, and it will probably get much worse.

But let’s look at something that

In the same way that

Slow Apocalypse Scenarios might herald a new dawn for real content inside a few decades

Let us be honest for a second: The future of humanity is troubled. The climate crisis is real. Entire countries might collapse in the future because some fungus ate all rubber plants, the next pandemic struck and NPM got hacked again. ;)

Given such a scenario, this would disrupt a lot of supply chains worldwide. What would happen to society if individuals could not afford to buy new computers anymore?

People would go back to listening to the AM/FM radio, because those are easily constructed in a garage from literal spare parts. They would go back to slower internet speeds. They would go back to sharing desktop PC machines and reading blog posts because those will actually load. df28ed85-ef5f-4758-a7a4-44ab41f6a066 2025-09-22 10:53:33.393589579 +0000 UTC m=+2424840.359416765 2025-09-22 11:09:11.452781972 +0000 UTC m=+2425778.418609148 github_is_fun_if_you_dont_touch_the_website github is fun if you dont touch the website

I also just vibe coded a script that cleans up my aspirational forks, projects that I thought I could contribute to but eventually realized it is not necessary.

0 0

I also just vibe coded a script that cleans up my aspirational forks, projects that I thought I could contribute to but eventually realized it is not necessary.

e229b10f-bc55-4e19-9e24-a05abf30e40b 2026-01-13 12:05:04.009670452 +0000 UTC m=+766123.010050441 2026-01-13 12:05:59.753855959 +0000 UTC m=+766178.754235938 lazygit_is_the_best_and__you__should_adopt_it lazygit is the best and you should adopt it

0 0