I absolutely HATE "web developers" who call you in to fix their FooBar'd mess, yet can't stop themselves from dictating what you should and shouldn't do, especially when they have no idea what they're doing.

So I get called in to a job improving the performance of a Magento site (and let's just say I have no love for Magento for a number of reasons) because this "developer" enabled Redis and expected everything to be lightning fast. Maybe he thought "Redis" was the name of a magical sorcerer living in the server. A master conjurer capable of weaving mystical time-altering spells to inexplicably improve the performance. Who knows?

This guy claims he spent "months" trying to figure out why the website couldn't load faster than 7 seconds at best, and his employer is demanding a resolution so he stops losing conversions. I usually try to avoid Magento because of all the headaches that come with it, but I figured "sure, why not?" I mean, he built the website less than a year ago, so how bad can it really be? Well...let's see how fast you all can facepalm:

1.) The website was built brand new on Magento 1.9.2.4...what? I mean, if this were built a few years back, that would be a different story, but building a fresh Magento website in 2017 in 1.x? I asked him why he did that...his answer absolutely floored me: "because PHP 5.5 was the best choice at the time for speed and performance..." What?!

2.) The ONLY optimization done on the website was Redis cache being enabled. No merged CSS/JS, no use of a CDN, no image optimization, no gzip, no expires rules. Just Redis...

3.) Now to say the website was poorly coded was an understatement. This wasn't the worst coding I've seen, but it was far from acceptable. There was no organization whatsoever. Templates and skin assets are being called from across 12 different locations on the server, making tracking down and finding a snippet to fix downright annoying.

But not only that, the home page itself had 83 custom database queries to load the products on the page. He said this was so he could load products from several different categories and custom tables to show on the page. I asked him why he didn't just call a few join queries, and he had no idea what I was talking about.

4.) Almost every image on the website was a .PNG file, 2000x2000 px and lossless. The home page alone was 22MB just from images.

There were several other issues, but those 4 should be enough to paint a good picture. The client wanted this all done in a week for less than $500. We laughed. But we agreed on the price only because of a long relationship and because they have some referrals they got us in the door with. But we told them it would get done on our time, not theirs. So I copied the website to our server as a test bed and got to work.

After numerous hours of bug fixes, recoding queries, disabling Redis and opting for higher innodb cache (more on that later), image optimization, js/css/html combining, render-unblocking and minification, lazyloading images tweaking Magento to work with PHP7, installing OpCache and setting up basic htaccess optimizations, we smash the loading time down to 1.2 seconds total, and most of that time was for external JavaScript plugins deemed "necessary". Time to First Byte went from a staggering 2.2 seconds to about 45ms. Needless to say, we kicked its ass.

So I show their developer the changes and he's stunned. He says he'll tell the hosting provider create a new server set up to migrate the optimized site over and cut over to, because taking the live website down for maintenance for even an hour or two in the middle of the night is "unacceptable".

So trying to be cool about it, I tell him I'd be happy to configure the server to the exact specifications needed. He says "we can't do that". I look at him confused. "What do you mean we 'can't'?" He tells me that even though this is a dedicated server, the provider doesn't allow any access other than a jailed shell account and cPanel access. What?! This is a company averaging 3 million+ per year in revenue. Why don't they have an IT manager overseeing everything? Apparently for them, they're too cheap for that, so they went with a "managed dedicated server", "managed" apparently meaning "you only get to use it like a shared host".

So after countless phone calls arguing with the hosting provider, they agree to make our changes. Then the client's developer starts getting nasty out of nowhere. He says my optimizations are not acceptable because I'm not using Redis cache, and now the client is threatening to walk away without paying us.

So I guess the overall message from this rant is not so much about the situation, but the developer and countless others like him that are clueless, but try to speak from a position of authority.

If we as developers don't stop challenging each other in a measuring contest and learn to let go when we need help, we can get a lot more done and prevent losing clients. </rant>

I have to let it out. It's been brewing for years now.

Why does MySQL still exist?

Really, WHY?!
It was lousy as hell 8 years ago, and since then it hasn't changed one bit. Why do people use it?

First off, it doesn't conform to standards, allowing you to aggregate without explicitly grouping, in which case you get god knows what type of shit in there, and then everybody asks why the numbers are so weird.

Second... it's $(CURRENT_YEAR) for fucks sake! This is the time of large data sets and complex requirements from those data sets. Just an hour through SO will show you dozens of poor people trying to do with MySQL what MySQL just can't do because it's stupid.

Recursion? 4 lines in any other large RDBMS, and tough luck in MySQL. So what next? Are you supposed to use Lemograph alongside MySQL just because you don't know that PostgreSQL is free and super fast?

Window functions to mix rows and do neat stuff? Naaah, who the hell needs that, right? Who needs to find the products ordered by the customer with the biggest order anyway? Oh you need that actually? Well you should write 3-4 queries, nest them in an incredibly fucked up way, summon a demon and feed it the first menstrual blood of your virgin daughter.

There used to be some excuses in the past "but but but, shared hosting only has MySQL". Which was wrong by the way. This was true only for big hosting names, and for people who didn't bother searching for alternatives. And now it's even better, since VPS and PaaS solutions are now available at prices lower than shared hosting, which give you better speed, performance and stability than shared hosting ever did.

"But but but Wordpress uses MySQL" - well then kill it! There are other platforms out there, that aren't just outrageously horrible on the inside and outside. Wordpress is crap, and work on it pays crap. Learn Laravel, Symfony, Zend, or even Drupal. You'll be able to create much more value than those shitty Wordpress sites that nobody ever visits or pay money on.

"But but but my client wants some static pages presented beside their online shop" - so why use Wordpress then? Static pages are static pages. Whip up a basic MVC set-up in literally any framework out there, avoid MySQL, include a basic ACL package for that framework, create a controller where you add a CKEditor to edit page content, and stick a nice template from themeforest for that page and be done with that shit! Save the mock-up for later use if you do that stuff often. Or if you're lazy to even do that, then take up Drupal.

But sure, this is going a bit over the scope. I actually don't care where you insert content for your few pages. It can be a JSON file for all I care. But if I catch you doing an e-commerce solution, or anything else than just text storage, on MySQL, I'll literally start re-assessing your ability to think rationally.

[This makes me sound really bad at first, please read the whole thing]

Back when I first started freelancing I worked for a client who ran a game server hosting company. My job was to improve their system for updating game servers. This was one of my first clients and I didn't dare to question the fact that he was getting me to work on the production environment as they didn't have a development one setup. I came to regret that decision when out of no where during the first test, files just start deleting. I panicked as one would and tried to stop the webserver it was running on but oh no, he hasn't given me access to any of that. I thought well shit, I might as well see where I fucked up since it was midnight for him and I wasn't able to get a hold of him. I looked at every single line hundreds of times trying to see why it would have started deleting files. I found no cause. Exhausted, (This was 6am by this point) I pretty much passed out. I woke up around 5 hours later with my face on my keyboard (I know you've all done that) only to see a good 30 messages from the client screaming at me. It turns out that during that time every single client's game server had been deleted. Before responding and begging for forgiveness, I decided to take another crack at finding the root of the problem. It wasn't my fault. I had found the cause! It turns out a previous programmer had a script that would run "rm -rf" + (insert file name here) on the old server files, only he had fucked up the line and it would run "rm -rf /". I have never felt more relieved in my life. This script had been disabled by the original programmer but the client had set it to run again so that I could remake the system. Now, I was never told about this specific script as it was for a game they didn't host anymore.
I realise this is getting very long so I'll speed it up a bit.
He didn't want to take the blame and said I added the code and it was all my fault. He told me I could be on live chat support for 3 months at his company or pay $10,000. Out of all of this I had at least made sure to document what I was doing and backup every single file before I touched them which managed to save my ass when it came to him threatening legal action. I showed him my proof which resulted in him trying to guilt trip me to work for him for free as he had lost about 80% of his clients. By this point I had been abused constantly for 4 weeks by this son of a bitch. As I was underage he had said that if we went to court he'd take my parents house and make them live on the street. So how does one respond? A simple "Fuck off you cunt" and a block.

That was over 8 years ago and I haven't heard from him since.

If you've made it this far, congrats, you deserve a cookie!

Soms week ago a client came to me with the request to restructure the nameservers for his hosting company. Due to the requirements, I soon realised none of the existing DNS servers would be a perfect fit. Me, being a PHP programmer with some decent general linux/server skills decided to do what I do best: write a small nameservers which could execute the zone transfers... in PHP. I proposed the plan to the client and explained to him how this was going to solve all of his problems. He agreed and started worked.

After a few week of reading a dozen RFC documents on the DNS protocol I wrote a DNS library capable of reading/writing the master file format and reading/writing the binary wire format (we needed this anyway, we had some more projects where PHP did not provide is with enough control over the DNS queries). In short, I wrote a decent DNS resolver.

Another two weeks I was working on the actual DNS server which would handle the NOTIFY queries and execute the zone transfers (AXFR queries). I used the pthreads extension to make the server behave like an actual server which can handle multiple request at once. It took some time (in my opinion the pthreads extension is not extremely well documented and a lot of its behavior has to be detected through trail and error, or, reading the C source code. However, it still is a pretty decent extension.)

Yesterday, while debugging some last issues, the DNS server written in PHP received its first NOTIFY about a changed DNS zone. It executed the zone transfer and updated the real database of the actual primary DNS server. I was extremely euphoric and I began to realise what I wrote in the weeks before. I shared the good news the client and with some other people (a network engineer, a server administrator, a junior programmer, etc.). None of which really seemed to understand what I did. The most positive response was: "So, you can execute a zone transfer?", in a kind of condescending way.

This was one of those moments I realised again, most of the people, even those who are fairly technical, will never understand what we programmers do. My euphoric moment soon became a moment of loneliness...

So before today, I'd never used GoDaddy before. Not even once. My supervisor walks in and happily informs me that I'm going to be adding photos to a website that she does editing for. Okay, fine, that's stupidly easy. What I did not realize, however, is that this entire website had been built using GoDaddy's site builder, and if you're not familiar with it, thank whatever gods you worship that you've dodged that bullet. I hardly want to go wandering around somebody else's web hosting, so I search about for a bit praying that there's SOME semblance of a normal text editor someplace, because text editors make me happy and all, and find very little on the regular site. Already not thrilled. So I figure, how bad is this site editor? Really, how bad can it possibly be?
Oh, you poor misguided son of a -
Anyway, I go in and look at the site. Slideshows everywhere, nothing is aligned correctly, it's a web designer's nightmare. Thankfully, I'm not a web designer, so I press on and reorganize a little bit. I try slapping a new slideshow on their, and discover that unlike the way it SHOULD work, elements do not move to allow for other elements, they just sit there and let you throw things on top of them. I stare at my neatly-stacked slideshows for a second in utter disbelief, knowing but not really accepting that I'm going to need to take every last one of those slideshow elements and slide those little so-and-so's down by hand. ....why? Who designed this? Who decided that was a good idea? I do some Googling to see if there's anything out there to make this less horrid, and lo and behold I find a GoDaddy page about their FTP file manager! It's under web/classic hosting, which apparently means it's deprecated because I spent the next ten minutes hunting around for the "web hosting" link those chicken-lickers were so proud of and it's nowhere to be found.
Alright, so they want to do this the hard way.
At this point I'm screaming internally and PRAYING that I'm just being stupid and not seeing anything to make it easi-
No, not even easier. Just less stupid. This website builder makes no sense. It's like hiring a contractor to build a bridge and handing him a box of Legos and a banana.
So I do more googling and find instructions on getting to the file manager. FINALLY. The first step is find "Hosting" under "My Products." I rush over to My Products joyfully, hoping I can get this stupid website up and running reasonably quickly, and...!
There's no hosting tab.
No button.
Not even a little hard-to-see link. At this point my brain is screaming. WHY would you give me a website builder but absolutely no way to actually write the website? Do people actually use this thing? I mean, I get it if they want to make it nice and accessible for people to make websites without overwhelming them with HTML but if they know how to edit the website and they don't want your help, why would you force me in to this? Why? Then it occurred to me that maybe the organization just hasn't ever had a web developer in it, ever, or at least not one who was willing to help out with the website, so they purposefully signed up for hosting that deprived them of any kind of HTML editor. Then on top of all of that, I noticed that on the home page, which had been edited by someone else long before I ever looked at it, ALSO had one of these stupid slideshows that I had to reorganize by hand, and some sad, angry little man had put in one of the photos sideways. It was SIDEWAYS. Just sitting there on its side, the photo's occupants staring at me with sad eyes begging me to turn them facing up again. I sat there and stared at a badly-designed website in a questionably-designed editor. And I wondered. I wondered who put this all together, and I wondered why *I* was the one doing it, when I work for a university and the website was for some beach homeowner's association. And I wondered if this job was a task that my supervisor had agreed to do and just passed off onto an office monkey. And I wept bitter tears at the realization that I am that office monkey.

Hello there, just couple of words about PHP. I've been develop on PHP more than 10 years, I've seen it all 3,4,5,{6},7. Yes PHP was not good in terms of engineering and patterns, but it was simple, it was the most simple language for web to start those days. It was simple as you put code into file, upload it via FTP and it works. No java servlets, no unix consoles, no nothing, just shared hosting account was enough to host site, or even application with database. As database everybody used to have mysql, again because its simple to start and easy to maintain. So PHP+MySQL became industry standard on Web during 00-2012, and continues in some way.
You can write HTML and logic inside single file, within php code, even more single file may content few pages, or even kind of framework. That simplicity and agility sticks everybody who wants to develop sites with PHP.
This is pretty much about why it is so popular.

Each good or wannabe PHP developer in an early days write its own framework or library (like in javascript this days because of nodejs)

Imagine that PHP has hadn't have package manager, developers used to have host packages on their own sites, then various packages catalog sites created, and then finally composer. A gazillions of php code had spread over internet, without any kind of dependency control. To include libraries to your projects you have to just write include, or require. Some developers do it better than others.

So what we have ? A lots of code, no repositories, zip archives with libraries, no dependency control.
Project that uses that kind of code are still alive even today, they are solid hose of cards, and unmaintainable of course.

And main question that I'm trying to answer is Why PHP is not good ?
- First is amount of legacy code which people copy and pasted into their project, spread it even more like a virus.
- Lack of industry standards at the beginning lead to a lots of bad practices among developers. PHP code usually smells.
open source php projects in early days was developed in same conditions so even in phpbb, phpnuke, wordpress, drupal used to have a lot of bad practices in their codebase. So php developers usually not study by another library, instead they write their own frameworks/libraries.
- "It works", - there are no strong business demands, on web development, again because lack of standards, and concerns.
This three things are basically same, they linked to each other and summarize of answer of why PHP have strong smells and everybody yelling against it.

Whats is with PHP nowadays ? Of course PHP today is more influenced by good practice of webdev. Composer, Zend, Laravel, Yii, Symphony and language it self became more adult so to say, but developers...

People who never tried anything except PHP are usually weaker in programming and ecosystem knowledge than people who tried something else, python, perl, ruby, c for instance.

Summary

PHP as any other programming language is a tool. Each tool has its own task. Consider this and your task requirements and PHP can be just good enough solution.
"PHP is shit" - usually you heard that from people who never write strong applications on PHP and haven't used any good tools like Symphony or Laravel.
Cheap developers, - the bigger community, the more chance to hire cheap developers, and more chance to get bad code. That can be applied on any other language.
PHP has professionals developers, usually they have not only php on scope.

That's all folks, this is very brief, I am not covering php usage early days in details, but this is good enough to understand the point.

Enjoy.

I hate Wordpress. I hate Wordpress. I hate Wordpress.

Wordpress can take a big shit on itself and crawl into a deep dark hole far away from all that is good.

Who even uses Wordpress? Bloggers? Come on, let’s be honest, they’re using more intuitive sites like weebly, wix, and square space. So WHAT is Wordpress for? I’ll tell you, it’s just to FUCKING TORTURE PEOPLE.

So, being the “techy guy” of the family, a relative contacts me asking for some help with their website because they need to install an SSL certificate but they don’t know how to. I tell them I’d gladly do it because, sure, they’re family and how long can it possibly take to install a certificate? I’ve done it before!

Well, I get to work and log into the sluggish Wordpress dashboard and try to use a plugin that would issue a LetsEncrypt certificate because they are free and just as good as any other SSL. But one plugin after the next I keep getting errors about how my hosting wouldn’t allow it.

So I contact GoDaddy (don’t get me fucking started) and ask them about the issue. The guy tells me it’s “policy” to only be able to use GoDaddy’s certificates. How much do they cost? Oh, how about $100 a year?! Fuck you.

I figured out the only way to escape this hell was to ask them to open an economy Linux hosting account with cPanel on GoDaddy (the site was formerly hosted on a “Managed Wordpress” account which is just bullshit for not wanting to give you any control over your own goddamn content). So now I have to deal with migrating the site.

GoDaddy representative tells me that it should only take 20 minutes for me to do this (I’ve already spent way too much time on this but whatever) so I go forward with the new account. I decide I should migrate the site by exporting a backup and manually placing everything on the new server. Doesn’t it end up taking an entire hour to back up a 200MB site because GoDaddy throttled the processing speed?!

So, it’s another hour later and I’ve installed all the databases and carried over all the files. At this point, I’m really at the end of my rope and can’t wait to install the certificate and be done with this fuckery.

I install the certificate and finally get ready to be on my way, but then I see it. A warning. A warning from my browser telling me the site is only partially secure. It turns out the certificate was properly installed but whoever initially made the site HARDCODED ALL THE LINKS to images, websites, and style sheets to be http instead of https.

I’m gonna explode.

I swear, I’m gonna fucking explode.

After a total of 5 hours of work, I finally get the site secure by using search and replace on every fucking file.

Wordpress can go suck a big one. Actually, Wordpress can go suck the largest fuckin one in existence and choke on it.

TL;DR I agree to install an SSL certificate but end up with much more work than I bargained.

Sent a corrupt .rar file to a client's nephew/cousin to upload on their server (he managed the hosting account) in a bid to buy myself some time to finish the project. It worked! I was given the login details to upload the work myself the next morning. They didn't understand Git.

Fucking fuck you STRATO. This cancer of a german hosting provider just should be shutdown for crimes against reason. Our website got infected by some shit (I'd like to not state why, there is only so much pressure my main arterie can handle) and now we are supposed to remove that file. Well they blocked all incoming and outgoing traffic to the server so we cannot connect via sftp, the only choice you got with STRATO. And they wont restore network access for the server unless we remove the file. No logical loop to see here citizen, please move on.

So probably about a decade ago at this point I was working for free for a friend's start-up hosting company. He had rented out a high-end server in some data center and sold out virtualized chunks to clients.

This is back when you had only a few options for running virtual servers, but the market was taking off like a bat out of hell. In our case, we used User-Mode Linux (UML).

UML is essentially a kernel hack that lets you run the kernel in user space. That alone helps keep things separate or jailed. I'm pretty sure some of you can shed more light on it, but that's as I understood it at the time and I wasn't too shabby at hacking the kernel when we'd have driver issues.

Anyway, one of the ways my friend would on-board someone was to generate a new disk image file, mount it, and then chroot to that mount path. He'd basically use a stock image to do this and then wipe it out before putting it live.

I'm not sure exactly what he was doing at the time, but I got a panicked message on New Years Day saying that he had deleted everything. By everything, he had done an rm -fr /home as root on what he had thought was the root of a drive image.

It wasn't an image. It was the host server.

In the stoke of a single command, all user data was lost. We were pretty much screwed, but I have a knack for not giving up - so I spent a ton of time investigating linux file recovery.

Fun fact about UML - since the kernel runs in user space as a regular ol' process, anything it opens is attached to that process. I had noticed that while the files were "gone", I could still see disk usage. I ended up finding the images attached to their file pointers associated with each running kernel - and thankfully all customers were running at the time.

The next part was crazy, and I still think is crazy. I don't remember the command, but I had to essentially copy the image from the referenced path into a new image file, then shutdown the kernel and power it back on from the new image. We had configs all set aside, so that was easy. When it finally worked I was floored.

Rinse and repeat, I managed to drag every last missing bit out of /proc - with the only side effect being that all MySQL databases needed to be cleaned up.

So my client wants to stick with their current hosting provider (Bell) because the company is "big" and "won't go anywhere anytime soon." I just said, well okay it can't be that bad. Bell charges about 10x more and gives you about 10x less compared to other options, but it's not my money so whatever. Well, Bell has the absolute worst customer service. They have an online support form where I can type in my questions and they will call me within a day to help me. They called me during work hours and I missed the call, so they sent me an email to let me know I missed the call and gave me a number to call. I called and I might as well have called my dog because the support didn't even know what a .htaccess file is. I emailed them back and asked if they could forward my email to someone in the hosting department that could help (because the phone support I got was shit). I got a reply saying they "can't"... yup, they used the word "can't", they can't forward the email and that I would have to call. Is everyone at Bell a fucking dick chugging brainless pile of moldy-ass shit biscuits!? YOU CAN"T SEND AN EMAIL? Turns out they do have a dedicated hosting support email, let's hope the email I send ends up in front of someone at Bell who at least has a slight clue how to use a keyboard.

devCraft {
Closing the minecraft server for a little while!
I'll be adding mods, writing up a perms file, and hosting the pack on git! I'll post a rant with the repo link.
One of our lovely ranters offered a VM to host the server on, so the ip is probably gonna change as well! (i also gotta make an arch bootable USB, and running the server would slow that down lol)
i'll notify you all once it's donevia a rant, like i said. until then, formulate plans, and suggest some developer-related mods for me to add in! (must be 1.7.10)
Currently planned mods are:
- ComputerCraft
- Applied Energistics
- Buildcraft
- Project Red
and a few from whatever you guys suggest. see you then!
}

Pro tip for job candidates:
If you push a code challenge to a live hosting service like github pages or S3, don’t give the reviewers a link to the repo!! Instead put the link into the home page and send the reviewer only a link to the live hosted page.

Why?

Because, if you host with github pages, you’re required to use the project path as the domain root. If the reviewer pulls your project and doesn’t bother to read your readme file with the link at the top, he’ll complain that he couldn’t figure out why your project isn’t hosted from the root domain, and he’ll pass on your application.

True story.

Hey there!

So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.

Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.

Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.

Thanks in advance for enduring my rant and infodump 😅

Today my fellow @EaZyCode found out a local Hosting Provider has a massive security breach.

He wrote an Plugin for Minecraft with an own file explorer and the ability to execute runtime commands over it.

We discovered that this specific hosting provider stores the ftp passwords one level above the FTP-Root. In FUCKING PLAIN TEXT! AND THE MYSQL PASSWORD TOO! And even more shit is stored there ready to be viewed by intelligent people...

It's one of the fucking biggest Hosting provider Germanys!

But, because EaZyCode has such a great mind and always find such bugs, I give him the title "Providers Endboss" today, he has earned it.

Loving you ❤️

Edit: we used SendMail with runtime commands and sended too many empty Spammails (regret noting)

"One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users," according to the report of Bleeping Computer.

Vulnerability hunter Vinoth Kumar reported and later Starbucks responded it as "significant information disclosure" and qualified for a bug bounty. Along with identifying the GitHub repository and specifying the file hosting the API key, Kumar also provided proof-of-concept (PoC) code demonstrating what an attacker could do with the key. Apart from listing systems and users, adversaries could also take control of the Amazon Web Services (AWS) account, execute commands on systems and add or remove users with access to the internal systems.

The company paid Kumar a $4,000 bounty for the disclosure, which is the maximum reward for critical vulnerabilities.

PHP...
When I first learned to code - like everyone - I felt the need to try as many programming languages as possible. After the comforting syntax of myClass.MyProperty/myClass.MyFunction()/C#, the $ symbols everywhere made me want to vomit...
Fast forward 2 years later. I learned a bit and wanted to make a website backend. Checked my hosting - which was purely a frontend thing at the time - free PHP hosting or £15/month for ASP .NET hosting...
I begrudingly wrote my first .php file, hating my life.
But by the end of that night my relationship with PHP was already cemented.
And that's why I like PHP.

Beware: Here lies a cautionary tale about shared hosting, backups, and -goes without saying- WordPress.

1. Got a call from a client saying their site presented an issue with a third-party add-on. The vendor asked us to grant him access to our staging copy.

2. Their staging copy, apparently, never got duplicated correctly because, for security reasons, their in-house dev changed the name of the wp-content folder. That broke their staging algo. So no staging site.

3. In order to recreate the staging site, we had to reset everything back to WP defaults. Including, for some reason, absolute paths inside the database. A huge fucking database. Because WordPress.

4. Made the changes directly in a downloaded sql file. Shared hosting, obviously, had an upload limit smaller to the actual database.

5. Spent half an hour trying to upload table by table to no avail.

6. In-house uploads a new, fixed database with the help of the shared hosting provider.

7. Database has the wrong path. Again.

8. In-house performs massive Find and Replace through phpMyAdmin on the production server.

9. Obviously, MySQL crashes instantly and the site gets blocked for over 3 hours for exceeding shared hosting limits.

10. Hosting provider refuses to accept this was caused by such a stupid act and says site needs to be checked because queries are too slow.

11. We are gouging our eyeballs as we see an in-house vs. hosting fight unfold. So we decide to watch a whole Netflix documentary in between.

12. Finally, the hosting folds and enables access to the site, which is obvi not working because, you know, wrong paths.

13. Documentary finishes. We log in again, click restore from backup. Go to bed. Client phones to bless us. Client’s in-house dev probably looking for a cardboard box to pack his stuff first thing in the morning. \_(ツ)_/¯

When hostinger file manager decides it doesn't like you anymore:)))

Just found out that a big hosting provider saves a user's SQL and FTP password in a plain text file just at the parent folder of the normally accessible ftproot.
Using some linux commands you can
cat ../mysql_pw
cat ../ftp_password.txt
IT'S NOT EVEN ENCRYPTED OR HASHED
(This is tested on a minecraft server, would also work on other services)

File hosting like GitHub?

Basically.. I want to let my Patreons download major updates to my game before I upload them to Github. Now, I will get a GitHub Developer upgrade once I get $7+ per month from Patreon, and host the updates on a private repository for a few days before uploading it to my main dev repository, but I something until then. Some place I can host the loose files, or a .zip at a static link for free. (that can only be accessed by that link) ^~^

Node: The most passive aggressive language I've had the displeasure of programming in.

Reference an undefined variable in a module? Prepare to waste your time hunting for it, because the runtime won't tell you about it until you reference a property or method on the quietly undefined module object.

Think you know how promises work? As a hiring manager, I've found that less than 5% of otherwise well-experienced devs are out of the Dunning Kruger danger zone.

Async causes edge cases and extra dev effort that add to the effort required to make a quality product.

Got a bug in one of your modules? Prepare yourself for some downtime because a single misplaced parentheses can take out the entire Node process, killing unrelated pages and even static file hosting.

All this makes for a programming experience that demands much higher cognitive load, creates more categories of bugs, and leads to code bloat/smell much more quickly than other commonly substituted languages.

From a business perspective, the money you save on scaling (assuming your app is more compute efficient under Node) is wasted on salaries and opportunity costs stemming from longer dev time, more QA, and more frequent outages.

IMO, Node is an awesome experiment, a fun language, a great tool for specific use cases, and a terrible fucking choice for an entire website.

I'm thinking of self hosting all my small web projects,

I have this old laptop running ubuntu server heedlessly I used to store and stream pirated movies, after multiple embarrassing moments with free backend/platform as a service options and not finding a cheap VPS, this seems like the way to go. I don't get much traffic on these sites i just want them to be available when i need to present them.

then there's tons of other features that are locked behind a paywall,

I once had to store images in the database because heroku wont accept file uploads and the project hadn't been paid, in short, I was dead broke

I'd like to locally encrypt files before syncing it with the cloud; what's the "best" software available for this?

I'm currently switching to STACK as my cloud service (it's a file hosting service for Dutch people that offers 1TB of free storage).
But I don't feel fully comfortable with them having access to all my personal data.

So I came to the conclusion that it would be best to locally encrypt files before syncing it with STACK. I DuckDuckGo'd but there seems to be a lot of software available for this so I'm not sure which one to use.

Which one could you recommend me? I'd prefer a free software but I'm okay with paying as long as it isn't too expensive.

Aside from simple programs I wrote by hand-transcribing code from the "Basic Training" section of 3-2-1 Contact magazine when I was a kid in the '80s, I would say the first project I ever undertook on my own that had a meaningful impact on others was when I joined a code migration team when I was 25. It was 2003.

We had a simple migration log that we would need to fill out when we performed any work. It was a spreadsheet, and because Excel is a festering chunk of infected cat shit, the network-shared file would more often than not be locked by the last person to have the file open. One night after getting prompted to open the document read-only again, I decided I'd had it.

I went to a used computer store and paid $75 out of pocket for an old beater, brought it back to the office, hooked it to the network, installed Lunar Linux on it, and built a simple web-based logging application that used a bash-generated flat file backend. Two days later, I had it working well enough to show it to the team, and they unanimously agreed to switch to it, rather than continue to shove Excel's jagged metal dick up our asses.

My boss asked me where I was hosting it, as such an application in company space would have certainly required his approval to procure. I showed him the completely unauthorized Linux machine(remember, this was 2003, when fortune 500 corporations, such as my employer, believed Ballmer's FUD-spew about Linux being a "virus" was real and not nonsense at all), and he didn't even hesitate to back me up and promise to tell the network security gestapo to fuck off if they ever came knocking. They never did.

I was later informed that the team continued to use the application for about five years after I left.

Do not buy Hostinger... They are so aggressive with caching that I ran out of devices to test the features. They probably cache based on userAgent because changing other parameters (IP, local cache) doesn't resolve the issue. I talked to tech support whole day, and although they were helpful few times I just got three same answers for the three different questions. Seriously, the only thing I like about Hostinger is their user friendly UI.

The rant goes on. I can basically DoS my website by clicking fast on it. That shit doesn't happen with some free hosting plans... My site goes down for a few minutes before I can visit it again.

THE RANT GOES ON

Using the file manager is tedious work as you get randomly disconnected after less than few minutes of inactivity.

I might seriously switch to Google's Cloud Console. It is more expensive, you have to do all the hosting config yourself using a virtual machine, but I guess it's more reliable and it gives you a lot more control.

Godaddy. Do I need to say more? Theyre hosting >30k websites on one machine and one of them is the one of one of our customers. I can't upload a file >1mb and the site takes 2 minutes to load.

!rant

Anyone here experienced with Route53?

I have a small issue I'm trying to think through on how to achieve with minimum effort and maintenance, essentially set once and walk away and never care about it again solution.

Basically what I have is:

sub.domain.com

and I need to get it to redirect over to

otherdomain.com/folderToGetTo/

Using a 301 would be ideal but how for the life of me do I go about serving a 301 redirect over a dns entry - short answer is I can't unless I'm missing something!

Both domains are owned by the same company so no issue in hijacking a subdomain... well besides internal politics but that's just another day 😏

First thoughts include setting up a S3 bucket with hosting and forcing the dns to that and then, redirect out of the bucket... seems overkill but will work.

Hoping to find a smaller solution that I don't have to justify a S3 bucket being used for a single file - audits suck alright🤷‍♂️

Oh and setting up a redirect at the originating domain will take longer then it's worth to setup and get approvals for so not worth the effort internally.

Yes I will accept "fuck off @C0D4" as an answer.

personal projects, of course, but let's count the only one that could actually be considered finished and released.

which was a local social network site. i was making and running it for about three years as a replacement for a site that its original admin took down without warning because he got fed up with the community. i loved the community and missed it, so that was my motivation to learn web stack (html, css, php, mysql, js).

first version was done and up in a week, single flat php file, no oop, just ifs. was about 5k lines long and was missing 90% of features, but i got it out and by word of mouth/mail is started gathering the community back.

right as i put it up, i learned about include directive, so i started re-coding it from scratch, and "this time properly", separated into one file per page.

that took about a month, got to about 10k lines of code, with about 30% of planned functionality.

i put it up, and then i learned that php can do objects, so i started another rewrite from scratch. two or three months later, about 15k lines of code, and 60% of the intended functionality.

i put it up, and learned about ajax (which was a pretty new thing since this was 2006), so i started another rewrite, this time not completely from scratch i think.

three months later, final length about 30k lines of code, and 120% of originally intended functionality (since i got some new features ideas along the way).

put it up, was very happy with it, and since i gathered quite a lot of user-generated data already through all of that time, i started seeing patterns, and started to think about some crazy stuff like auto-tagging posts based on their content (tags like positive, negative, angry, sad, family issues, health issues, etc), rewarding users based on auto-detection whether their comments stirred more (and good) discussion, or stifled it, tracking user's mental health and life situation (scale of great to horrible, something like that) based on the analysis of the texts of their posts...

... never got around to that though, missed two months hosting payments and in that time the admin of the original site put it back up, so i just told people to move back there.

awesome experience, though. worth every second.

to this day probably the project i'm most proud of (which is sad, i suppose) - the final version had its own builtin forum section with proper topics, reply threads, wysiwyg post editor, personal diaries where people could set per-post visibility (everyone, only logged in users, only my friends), mental health questionnaires that tracked user's results in time and showed them in a cool flash charts, questionnaire editor where users could make their own tests/quizzes, article section, like/dislike voting on everything, page-global ajax chat of all users that would stay open in bottom right corner, hangouts-style, private messages, even a "pointer" system where sending special commands to the chat aimed at a specific user would cause page elements to highlight on their client, meaning if someone asked "how do i do this thing on the page?", i could send that command and the button to the subpage would get highlighted, after they clicked it and the subpage loaded, the next step in the process would get highlighted, with a custom explanation text, etc...

dammit, now i got seriously nostalgic. it was an awesome piece of work, if i may say so. and i wasn't the only one thinking that, since showing the page off landed me my first two or three programming jobs, right out of highschool. 10 minutes of smalltalk, then they asked about my knowledge, i whipped up that site and gave a short walkthrough talking a bit about how the most interesting pieces were implemented, done, hired XD

those were good times, when I still felt like the programmer whiz kid =D

as i said, worth every second, every drop of sweat, every torn hair, several times over, even though "actual net financial profit" was around minus two hundred euro paid for those two or three years of hosting.

God, these people...

Little backstory. I'm making an training application and we have a MySQL database set up where some elements of the training are configured. This is so learning experts can easily change some aspects of the training without programmer's help.

Meanwhile, I'm also in the middle of a server migration, because our current server is running a lot of deprecated software and is in dire need of replacement.
This is going pretty slowly, though, because of other, high-priority, work that keeps being shoved my way.

Now, someone accidentally deletes a bunch of data from one of the schemas. No big deal in my book, the training is still in development and we have nightly backups of the database.
So I shoot a support ticket to the hosting provider and ask them to restore a specific schema, telling them to restore the image to some other machine and dump the tables in an MySQL file so I can restore it that way.
I also told them to get the backup of the OLD server, not the NEW one we're still migrating to.

About an hour later, I get a message that they dumped the schema's files in a Temp folder on the D drive. So I RDP to the server to check and... The files aren't there. Just before writing a response asking where the file is, I remembered the server I was migrating to and checked that server, and there were the files.

I had already migrated part of our databases and was testing compatibility before I moved to something else.
The hosting provider just dumped the files of the wrong server, despite me telling them exactly which server to use.

This is not the first time this hosting provider has let me down...
I'm really considering jumping to another if they keep doing this...

Before get get source code for freelance job, the person who cantact me say the job is to continue the project for some update and tweak.

The UI from design is beautiful and he gave good explaination for the project and the update, continue to conversarion, negosiation and deal.

but he is not the IT guy and also the project is not his work or something that he do previosly. All the person who work on that project is already leave and not contactable.

And here that I get:
- source code
- domain cred.

And here what's missing:
- documentation
- .env file
- db backup / old db cred.
- server and hosting cred.

And after some hour of learning the code I find out that:
- latest commit was 2 year ago and different from production version.
- most of the branch is RnD.
- the code have many wtf/minute lol

And for now I still re-negotiate with the person who give me the project with 2 suggestion from me.
- continue with this code with condition, he need to search for the missing part at least backup db or documentation.
- recreate the project with more time

And here's one funny part of the code.
randomNumber(){
return 5 // this number was choose by dev team at random
}

I'm starting a project from scratch using Node MySQL Angular stack api based. Which hosting is best for handling file uploads? Vultr, Digital Ocean, Heroku or Linode? This is for a startup so AWS, Azure and GCP may not be an option for now. Maybe in the future but for now I want simple pricing.

What hosting can you recommend to me? Thanks!

A bit dishearted here!
I was working on an app idea and building its admin panel in angular, node and firebase for database.
I was at the end of developing admin panel and the only thing remaining was data storage for images.
I thought Firebase Storage is solution for that but now after 2 days of endless searching I realize Firebase Storage is a joke and its just Google Cloud Storage which is not Free :/
I am a student and a passionate Android developer. But this is a huge hurdle in my way.
If anyone has a better idea of how to get this done then please help.
I just need free file hosting to upload images from my admin panel and then download from Android app.

tldr: I am looking for recommendations for a basic website for my parents. GOTO question;

Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.

Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.

Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.

Thanks for reading :)