“Dockerizing” Your Side Projects aka Moving all your side projects off of Heroku

Now that Heroku has discontinued its free plan I had the pleasure of taking 9 years of side projects and trying to figure out where to host it. A couple weekends later I ended up with a solution that I am really happy with:

Everything uses the same docker-compose (for the most part):

1. Web server with Flask
2. Database with Postgres
3. Backups of database with prodrigestivill/postgres-backup-local

Using a logdna docker container all the output goes to LogDNA (now mezmo) (costs only dollars a month). Everything runs on a 10$ month DO server. Memory usage has increased in a significant but manageable way (excluding the one time memory leak).

I use certbot (no cost) for https if needed.

I’m still paying ~50-60$/month on heroku for production projects that I don’t feel comfortable taking off yet. I anticipate moving the smaller paid projects over the next year.

The only thing I wish I could find was some sort of monitoring tool to tell me when a docker container is ‘not working’ anymore.

Ethereum Merge Hot Takes

Ethereum Merge Hot takes:

1. If you are mining, now is the time to sell your hardware. Look at whattomine.com. Look at the volume done by ethereum. Now scroll down and see how little volume you find with every other coin. All that hardware is going to collapse every other shitcoin.

2. If you are building a new computer wait until after the merge to buy parts.

3. Is the merge priced in? Who knows. I would argue that its most likely ether price will be flat until the merge with a small possibility of going higher. Taking a long position now and selling right before the merge seems like a safe play.

4. Why not hold until after the merge? Despite extensive testing the potential for a long tail bug or massive catastrophe will keep me away. On the other hand if eth price crashes it will present a rare and good opportunity to accumulate more eth.

5. Staking is expensive. You need the 32 eth for staking, plus a decent rig with 1-2 TB of storage, plus additional eth for transaction fees, plus you can’t withdraw eth until withdraws are enabled? Maybe using rocketpool is a better idea? Need to look into it more.

Stuck on ‘Waiting For Image’ on Anydesk

As teamviewer has incessentaly complained that I am using their product for commercial usage I have now been forced to switch to another VNC application. Anydesk has been great except for connecting to a computer that does not have a monitor. When you do so you’ll find that after you try to connect you will be stuck on a screen that says ‘Waiting For Image’. The way around this is to click on the keyboard button -> ‘Ctrl + Alt + Delete’. Then once that shows up click cancel. The screen will be frozen again. Now click on the ‘Adapt Resolution’ button under the button that looks like a monitor. Everything should start working again.

To avoid this un-necessary clicking you can buy a dummy plug on amazon.

Subdomain Enumeration For Profit

I was inspired by this post: https://www.reddit.com/r/wallstreetbets/comments/p50n5p/amzn_is_up_to_something_with_afrm_obsessive_dd/

The TLDR was that people on the internet noticed that Amazon was going to implement Affirm, a pay later company, into their platform. The interesting part is that they figured it out before it was publicly announced.

Realizing that large companies have a large digital footprint it was likely that something like this will happen again. One avenue that I had not seen other people investigae was subdomains. The thought process is that companies will put developer functionatly or potential announcements on a subdomain.

Subdomain enumeration is the process of finding subdomains for a website. Unfortunaly most subdomains are not publicly availabe (unless the DNS server exposes a full DNS zone). Some would suggest using brute force, others say you can try to crawl links or searh engines to find new subdomains. I went with Anubis https://github.com/jonluca/Anubis. Anubis basically combines a whole bunch of methods.

Using bash and zapier I built something that would send me a text message whenever a new subdomain was found.

I started off with the sites: robinhood.com, amazon.com, opensea.com, coinbase.com

Bash Script

#!/bin/bash

# run the command
SITE="amazon.com"
file1="amazon.txt"

sqlite3 amazon.db  "create table n (id INTEGER PRIMARY KEY,subdomain TEXT);"

while [  1  ]; do
        echo Scraping
        anubis -tS amazon.com -o "$file1" # S for silent

        # get rid of last line (says how long it took to complete)
        sed -i '$ d' "$file1"

        # get rid of top 24 line (boiler plate from anubis)
        sed -i 1,24d "$file1"

        sort -o "$file1"{,} # sort inline

        echo "-----"
        cat "$file1"
        echo "-----"

        while IFS= read -r line; do
                printf '%s\n' "$line"
                select_output=$(sqlite3 amazon.db "select * from n where subdomain='$line'")
                if [ -z "$select_output" ]
                then
                    curl -X POST -H 'http_location: amazon' --data $line https://hooks.zapier.com/hooks/catch/467498/b11111
                    sqlite3 amazon.db  "insert into n (subdomain) values ('$line');"
                else
                    echo "already existrs"
                fi
        done < "$file1"
done

How To Keep Your Project Secure When Hiring a New Remote Developer

As someone who has hired probably around 50 developers, I’d like to think that I have a good handle on the do’s and dont’s. Sometimes things go great and sometimes they don’t. There is a mountain of advice I could give like hire slow and fire fast or good communication is just as important as technical skill, etc. This post is more technical and for the people who are nervous about bringing someone onto an existing project.

For this post to make sense I am assuming that you know how to use Git or some other version control system.

My first piece of advice: Do not worry. Almost nobody is interested in stealing your precious project.

2. Have a contract. The cost of actually pursuing a broken contract against a person overseas is almost always greater than the benefit but sometimes it will make your RD (remote developer) think twice about their actions. Same with a NDA. Almost always not worth the headache unless they live in the same country as you.

3. Remove all secrets and hardcoded links. Anything that you need should be changed to an environment variable.

4. Reset your Git commits or create a new repo (Optional) - I have been guilty of hardcoding things when I start a new project so getting rid of all commits or just moving the project into a new one and starting a new git is an easy fix

5. Have staging. Ideally you should have a test staging environment and a production environment. RD should not have access to production environment and all their commits and pushes should go to the testing stage. Don’t have a staging environment? At the minimum you should make it so that RD can’t push to production.

6. Segregate your work if possible. I’ve started to use multiple Github repositories for different aspects of the same project. One for frontend and associated logic and one for backend. This works great for micro-service type architecture. Hiring a frontend RD? Only give them access to the frontend repository.

7. Define Permissions. You can both set permissions on a repository and on certain branches! Use this to your advantage.

How to come up with Good Ideas for a Business

Are you a first time entrepreneur? Never started a project before? Don’t bother reading the rest of this post. Spend 30-60 minutes thinking about something that bothers you and come up with a way to fix it. Congratulations, you came up with your first business. Is it a good business? Who knows. It doesn’t matter because the skills you learn are infinitely more valuable than whatever oyur idea was. whatever your idea was.

• Dedicate time: Coming up with good ideas is a skill. It takes time and practice. You should set aside, 1-2 hours, once a month and just think. Have a piece of paper, notepad, whatever in front of you, but no phone or distractions. At the end, copy whatever you have into a journal.

  Just came across this, which I wrote 2 years before the iPhone launched. This test would cause fatalities now. pic.twitter.com/c3E86wvBP0

  — Paul Graham (@paulg) January 25, 2022

• Set the Scope: What kind of idea are you trying to come up with? Are you trying to build passive income, 10k MRR or a billion dollar company? These are the questions you need to be asking yourself. If you are trying to build a billion dollar company then whatever you are thinking of should be 10x better than anything else that exists out there. If you are trying to build a 10k MRR project that is good too, but realize the scope of your idea. It helps to stay motivated when you have realistic expectations. Don’t be one of those people who thinks they are going to be a billionaire off their next online form builder.

• Inspiration: Should come from within. It is easy to be excited about an idea, but unless it is solving a daily pain or something you can connect deeply with, than its hard to keep the motivation. Having background knowledge about the domain of the idea is nice, but not a must have. I would argue that sometimes not having domain knowledge is an advantage.

• Validation: You can write an entire book on how to validate your ideas. I will definitely have a post or two about how to do that in the future.