The biggest footgun I encounter every time I set up a raspberry pi or other linux host for a side project is forgetting that Docker doesn't do log rotation for containers' logs by default, which results in the service going down and seeing a sweat inducing ENOSPC error when you ssh in to check it out.

You can configure this by creating /etc/docker/daemon.json and either setting up log rotation with log-opts or using the local logging driver (it defaults to json) if you're not shipping container logs anywhere and just read the logs locally. The local driver compresses the logs and automatically does log rotation:

{
  "log-driver": "local",
  "log-opts": {
     "max-size": "10m",
     "max-file": "3"
  }
}

A developer had force pushed changes to remove some secrets from the repo. Then another developer who had missed the part about the cleanup saw the errors during git push and proceeded to just merge the changes. Cue absolutely fucked commit history where you had all commits twice with individual change commits sprinkled between both.

Protip: you can configure the default host bind IP via /etc/docker/daemon.json. You could for example set:

{
  "ip": "127.0.0.1"
}

which would result in -p "8080:8080" being equivalent to -p "127.0.0.1:8080:8080"

I somehow feel like there's an allergy of sort towards classes in general in JavaScript/TypeScript. Many projects I've worked on gravitate towards more functional/plain-old-objects sort of paradigm and it feels like classes are avoided just because they don't feel like idiomatic JS.

Can't wait to use this in all browsers in like 5 years.

Thanks, good to know! I had no idea about the tags. Looks like there's a lot more variables available.

I just reread the docs on the log drivers - they mentioned that as of docker 20.x local logs now work with all drivers as it buffers the logs locally as well. I think this is probably why I hadn't explored the other drivers before - couldn't use docker-compose logs.

show EXPLAIN for the query, maybe also EXPLAIN (ANALYZE, BUFFERS) with say LIMIT 1000 so that it finishes some day

If lenny-ui is already using a JSX based library (InfernoJS), why not use it? I can't believe they construct HTML manually like that without a hint of escaping or stripping. Sure, many markdown renderers tell you to just slap it in __html or dangerouslySetInnerHtml but there are many that just parse the MD and let you render it with JSX!

I also can't believe there's no CSP that stopped this. Sure, it's a pain in the ass to configure with a nonce but this is literally the kind of thing it's made to block!

If the value is still passed as an environment variable in the end, it can be read via /proc/:pid/environ from another container or from the host if they are both using the same UID (or has --cap-add SYS_PTRACE)