1stepVigil - a self-hosted dashboard that watches your Docker images
IncogCyberSpaceUserLooks like a cool project. Starred.
I’m no tech expert either, so I’ll keep an eye on how the community reacts to it, in terms of security.
Keep up the good work!
Keep up the good work!
Thanks brother, I appreciate it. Security is one of my main concerns too, that’s why I’ll rely on the experts around here to point out what could be improved.
Yikes. That doesn’t give me confidence for something that needs root access to the Docker UNIX socket. Was this vibe coded? This kind of application has no business being insecure.
Hi Thaurin, I appreciate your feedback, I understand that security must be a top priority. I’m glad your pointing it out. If you have any advice on how to improve it, it’ll be more than welcome.
If you want to learn to develop web applications, try to understand everything you do. Don’t let the entire thing be generated by AI. Do small changes and commit those one at a time. Understand the programming language, your application’s architecture, internet security, and so forth. Not understanding and then releasing it publicly and later asking for advice on how to improve it, isn’t the way. You’re still the maintainer of the project now, and will have to understand and approve any PR’s people may send your way.
I mean, it can be addictive to just let AI throw everything together in a week without learning anything consequentual. But I wouldn’t throw it on my server with root access to Docker. What’s your real interest here? Learning or telling AI to make stuff for you?
In this world of technology, applications there are too many areas of expertise required to make things “functional” I’m not sure if I can learn everything required to make applications at the level of the most popular ones. I’m more interested in general knowledge and putting ideas out there. I still think that getting this project to the public even if it’s not that great, is still better than have it just on my computer. So, the main purpose is to hear from people what they think of the project, maybe inspire others with more experience to put their projects out there too. My expectations were pretty low about this project, but it turned out to be a great experience to engage with many people from different background just like you.
You are potentially putting yourself at risk and others as well by making it public. I run a VPS in the cloud, so I would never, ever install this app on it, even though I firewall it to my own IP ranges. Your agent has access to the docker group and the tokens are sent and stored in plaintext, as per the SECURITY.md file. That means any leak of a token could lead to total hostile takeover of the server. Adding that you don’t understand the codebase yourself just pushes this further over the edge.
Sure, I get it. It’s fun to build things. But I’ve always found it more fun to actually build things myself. These days, everybody is building these huge, monolithic codebases that nobody understands anymore. I don’t believe that it’s impossible to learn the things required to make a full application. True, you can’t learn everything, but that’s because there are so many different things that do slightly different things, and each week something new comes along. So you specialize a bit. But it’s fun to learn, and just telling an AI to do it makes you lazy.
I don’t know, I don’t like it. I do use AI during development, but I throw smaller things at it, so I can actually look at the code and approve it every time something changes. Plus, I built the structure and original foundation myself, so I still have a firm grip on it. I enjoy creating the code more than I enjoy piling on features generated by the AI.
I don’t develop profesionally anymore, but I’ve read so many stories online about senior developers getting depressed and considering a career change, because their managers think it’s cool to let AI take over their old jobs, while they are left doing code reviews and undoing the fuckups that AI threw at them.
Every week I see several new iOS app on Reddit for tracking your fitness, habits, reminders, expenses, subscriptions, and they are always introduced in the same way: “I grew tired of how x apps do y, so I built my own” while stating that “this is my first app.” And there’s always a $15/month subscription on it! The internet is filling up with cheap Chinese replicas of applications, except that they are not sold cheaply.
People are writing their posts using AI, and then replying to everyone in the thread in Spanish, because why not? Let’s not even try anymore! Open source projects are in trouble, because the volunteer maintainers cannot get through the automatic AI slow pull requests on GitHub to get to the high-quality ones.
I just really don’t like how the current landscape looks, especially in the future. The ensloppification of everything.
End of rant. :)
haha that’s ok bro, have you rant. I’m a Mr. complainer myself. Although, I’ve been trying really hard lately to avoid “unnecessary or premature criticism” and this shit is one of the hardest things I’ve ever tried. Regarding the security concerns, I absolutely agree with you that this is top priority and mandatory. That’s why we set testing environments for this type of things, right? There’s a common feeling that I’ve noticed from the tech community regarding the usage of AI that to me is similar to “musicians vs DJs” or “classical musicians vs Jazz”, I’m sorry if this analogy isn’t the best one, but these are the communities that I’m more familiar with. Some are really opened, others are absolutely against and concerned (rightly so to some degree) and others fall in the middle. I think what we’re experiencing is more of a huge paradigm change, a clash of personalities and the natural fear of the unknown and changes. Maybe the most excited people are really the ones who knows very little and have no idea of the negative potential of these tools or perhaps the so skeptical ones are those who don’t know yet how to reconcile this shift and what to make out it. Who knows? I’ll end up with my rant too… I hate the “enshitification” of the internet content because of AI lol. I’ve read somewhere that the AI text have surpassed the human generate one in the web :,( Lots of people have claimed that my comments “look like AI”… as if they would be that good at identifying it anyways. I’m not a bot by the way. I just found that Lemmy feels more genuine than Reddit (let’s leave this rant to another time).
Peace bro!