I agree with you. But, I have found the middle out effect in online discourse means we get articles (such as this one) polarising viewpoints for attention. Sadly, it works.
Despite people slating the author, I think this is a reasonable oversight.
On the surface, spinning up a Postgres instance in Docker seems secure because it’s contained. I know many articles claim “Docker= Secure”.
Whilst easy to point to common sense needed, perhaps we need to have better defaults. In this case, the Postgres images should only permit the cli, and nothing else.
Every guide out there says to link Postgres to the application (the one using Postgres). So the Postgres network is not reachable. Then, even if it were exposed, a firewall would need to be configured to allow access. Then, another thing every guide does is suggesting a reverse proxy, decreasing attack service. Then, such reverse proxy would need some kind of authentication. Instead, I simply run it behind Wireguard. There's still plenty to go wrong, such as backdoor in Postgres database image (you used docker pull), not upgrading it while it contains serious vulnerabilities, or a backdoor in some other image.
When docker first appeared, a lot of people explaining docker to others said something along the lines "It's like a fast VM you can create with a Dockerfile", leading a bunch of people to believe it's actually not just another process + some more stuff, but instead an actual barrier between host/guest like in a proper VM.
I remember talking about this a lot when explaining docker to people in the beginning, and how they shouldn't use it for isolation, but now after more than a decade with that misconception still being popular, I've lost energy about it...
Hey, remember me? We met randomly on a bus from Machu Picchu to Cusco a couple weeks ago! First "orange site" people I've met IRL lol.
Great work on this - very slick UX and super quick.
Be cool to expand it to support the UK or maybe develop some open standard for the way data can be reported. I'm sure businesses would pay for a consolidated data api.
Hey Josh! I was wondering whether you'd see this! Thanks for checking out the site - we'd love to expand to the UK and to add an API, thanks for the ideas.
It was great meeting you and chatting with you on that bus ride, hope you folks had a nice rest of your trip! And hope things are going well with LoginLlama and the other cloud storage related project you were talking about. Let me know if you ever need some beta testing done or something like that :)
Absolutely, design of cities dictates behaviour. The secondary effects of this are interesting too. For example, european kitchens can be smaller because they don’t need to store as much.
Great site and product! Congratulations on the launch.
I actually have a use case for this in my product Loginllama. I need to grab information about the IP addresses. I’m currently using a different API but don’t really like the product.
Is it rate limited or have any key authentication?
My email is me at joshghent.com if you want to chat about this more.
Go for it! There's no formal rate limiting or auth, but it does start to load shed at 2k concurrent requests. It's stateless, so it's very easy to scale horizontally after that.
LoginLlama looks super helpful, what else would you like to see from IP Guide to help? Would a boolean attribute on whether or not the IP is a known tor exit node be helpful?
But these arguments seem a little tired now. Does a customer actually care what technology you use - absolutely not. If react is easier for you, go for it. If that’s HTMX - fine.
What matters is speed of delivery of new features. And react has huge amounts of support (and a large developer base) that makes development quick and cheap.
I’ve never understood these html purist arguments. As if React/Vue/Angular are desecrating this pure text language.
There are other issues of far greater importance - accessibility, multi-language, browser consistency, sane defaults and easy tooling.
Hey! Thanks for checking out this product. I built this after implementing similar systems for other clients and couldn't find an API that allowed flexibility of implementation. Other solutions took control of your login process (which is often not practical with Cognito, Auth0 etc). Instead, I built this API that can fit into login system in 10 minutes or less. Hope you enjoy!
