Mastodawn

[email protected]Mar 29, 2024

Lessons learned while building a green field React App Starting from new. Tech includes @prisma , IMAP, @tailwindcss (@reactjs of course) and @nextauthjs , and more. https://peterkellner.net/2024/03/28/lessons-learned-building-react-app-with-help-of-chatgpt/

Lessons Learned Using ChatGPT for React Programming | Peter Kellner's Blog

Using ChatGPT for React programming offers valuable insights but requires careful management of component size, adherence to code optimizations, clear instructions, and regular review. It's crucial to balance AI assistance with manual oversight to ensure performance and maintain coding standards.

[email protected]Feb 15, 2024

So, when ChatGPT first started getting popular, I took to heart @Migueldeicaza comment that "when learning a new tech, it's like a friend sitting next to you giving tips". I've learned that's far from the reality. My experience is that if you don't know the tech well, ChatGPT will give you seemingly good advice that is often completely wrong and misleading.

I'm learning @astro today and will not be using ChatGPT at all.

I love ChatGPT for things that I know how to do but are tedious. Learning new tech, ... for me, no ChatGPT.

[email protected]Feb 15, 2024

@astro building my first astro project today. Hoping to convert my blog (https://peterkellner.net) to Astro. High hopes!

Peter Kellner

Problem solver author teacher

Show thread

[email protected]Jan 10, 2024

@vcsjones Nice!

[email protected]Jan 10, 2024

Thank you @davidfowl for moving off of that other platform.

Show thread

[email protected]Jan 7, 2024

@vcsjones you? Or you and chatgpt?

Show thread

[email protected]Oct 30, 2023

@shanselman My understanding is the Next.js framework is responsible for that. It does something similar, but instead of using the server key like asp.net, it uses the Build Id to create a private key for each Server Action (builds are the responsibility of the framework, not the React library). That encrypts all the data being passed. Also, CSRF is added to forms but of course, that depends on the trusted browser.

What other concerns do you have? SOC an issue for you? Besides security, that is getting the most discussion/complaints I'm seeing.

https://nextjs.org/blog/security-nextjs-server-components-actions

How to Think About Security in Next.js

Learn about what security protections are built-in Next.js and view a guide for auditing applications.

Show thread

[email protected]Oct 30, 2023

@shanselman You could just as easily expose an ssh prompt to a REST POST and allow rm -r, but who would do that? Same for Server actions, they can, and should be protected in the same way.

Show thread

[email protected]Oct 30, 2023

@shanselman https://x.com/scastiel/status/1718288367735964081?s=46 is like saying "OMG, a REST Endpoint can be accessed by anyone". I've used Server Actions and React RSC's a lot and IMHO, React (not Vercel) has taken many learnings from past mistakes and improved. Still, in general the web sucks as a programming target but it's what we have. I suppose one could say all exposure is good exposure, but so much of the latest fear mongering going around is just wrong.

Sebastien Castiel on X

⚠️ Using Server Actions with @nextjs? Don’t forget that they can be called by anyone via an API route, with any parameters! Even when using TypeScript, you must validate the input! 💡 Tip: define the parameters as unknown, then use Zod to validate and parse them 😉

X (formerly Twitter)

[email protected]Oct 30, 2023

@shanselman I believe NextJS 14 actions are NOT like runat=server (or spill secrets in candy). Your words carry a lot of weight. List your top 3 concerns and give the #Vercel #nextjs14 folks a chance to respond constructively, and hopefully leading to a more meaningful discussion. (cross posting from X) 🤔

blog	https://peterkellner.net
github	https://github.com/pkellner
linkedIn	https://www.linkedin.com/in/peterkellner99/