this post was submitted on 17 Mar 2026
80 points (97.6% liked)

Selfhosted

56957 readers
387 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
80
netgoat reverse proxy – "seriously messed up code" (lemmy.world)
submitted 3 days ago by dont@lemmy.world to c/selfhosted@lemmy.world
11 comments fedilink hide all child comments
 

🤣 sure, I'll use a reverse proxy / waf that has a release change log "I don't remember lol" (Yes, it's in alpha, but still...)

Is anyone here using it? Are you scared?

all 12 comments
sorted by: hot top controversial new old
[–] paris@lemmy.blahaj.zone 10 points 2 days ago* (last edited 2 days ago) (1 children)

Almost every single deployment has failed lmao

https://github.com/netgoat-xyz/netgoat/deployments

Edit:

Oh my god they're committing their .env with their "DiamondKey" (different from their API_STREAM_KEY) and they've committed TWO .exe files named agent.exe and agent.exe~. They're also looking for strategic partnerships who should reach out via Discord(???) and Gmail. Their quickstart includes only two things: a link to unpublished docs and the sentence "We recommend datalix for cheap and highly avaliable [sic] vps'ses [sic]" (no closing punctuation like a period, despite that being common throughout the readme). You can tell very obviously which parts were written by the person behind this project and which were generated by an LLM.

Edit 2:

Their 1.0.1-alpha.1 - Syncronizing [sic] versioning - Minor Changes commit rewrites like the entire project???? Very obviously an ai slop project by some teenager who had an idea far beyond their skill level and decided to use ai instead of building up their skills over several years and changing the scope of their project to be a building block towards their idea that helps them develop the knowledge they would actually need to develop a project like this. They'll realize at some point that they're in over their head and that fancy code generators don't magically fix that; I'd be surprised if this project is still being worked on by the end of the year.

[–] dont@lemmy.world 1 points 1 day ago* (last edited 1 day ago)

Thanks for the analysis; I had also seen the API keys, but I didn't check the deployments.

I guess this answers my question then: No one is using it because not even the dev gets it deployed – highly "avaliable" 🤣

[–] AllNewTypeFace@leminal.space 61 points 3 days ago (1 children)

Vibe coding, the crystal meth of software

[–] warmaster@lemmy.world 29 points 3 days ago

More like bath salts

[–] hendrik@palaver.p3x.de 52 points 3 days ago* (last edited 3 days ago) (1 children)

After a few "Delete junk" commits, "Broken", "PATCH: Hope this fixes it", and "Basic Reverse-Proxy", it's now at version 1.0.1-alpha.1.
Don't know what they did to Git. But their "minor commit" touches almost the entire code in their repo. Rest of it (and the general confusion and the edgy commit messages) look to me like something done by OpenClaw.

100% wouldn't use it.

[–] x00z@lemmy.world 21 points 3 days ago (1 children)

It was a "minor commit" because it was only a minor prompt.

[–] Smash@lemmy.self-hosted.site 1 points 3 days ago

Probably made my a minor too

[–] prenatal_confusion@feddit.org 3 points 2 days ago

YouTube thumbnails, headlines and GitHub readmes are either Emoji free or to be avoided.

[–] savvywolf@pawb.social 28 points 3 days ago (1 children)

Is this an allegedly "high performance" reverse proxy written in NodeJS? Uh... Yeah, good luck with that.

Also, how do they intend to protect against DDos attacks in a self-hosted environment with (presumably) a limited number of devices?

[–] dont@lemmy.world 4 points 3 days ago (2 children)

To be fair, the proxy engine is supposedly written in go, not in nodejs, but yeah, the ddos defense most likely is wishful thinking...

[–] jj4211@lemmy.world 3 points 3 days ago

Of course I also see that the go spawns python and does stuff with that...

And there's lots of other dubious issues that look like an odd mismash of intro level programming stuff with unfortunate performance implications, and a very strong vibe code smell, though the commit interval is a bit larger than I would have presumed with vibe coding, but the volume of changes seem AI sloppy...

Well, broadly it looks like slop, probably AI slop, but either way I wouldn't go anywhere near this project...