netgoat reverse proxy – "seriously messed up code"
from dont@lemmy.world to selfhosted@lemmy.world on 17 Mar 01:27
https://lemmy.world/post/44367069
from dont@lemmy.world to selfhosted@lemmy.world on 17 Mar 01:27
https://lemmy.world/post/44367069
🤣 sure, I’ll use a reverse proxy / waf that has a release change log “I don’t remember lol” (Yes, it’s in alpha, but still…)
Is anyone here using it? Are you scared?
threaded - newest
I avoid any software with emojis throughout the readme... Screams vibe coded! And for a reverse proxy?? 😂
Well, vibe coding should be roughly able to do a reverse proxy, there’s just so many out there for it to rip off.
Vibe coders love generating stuff that already exists for no reason, because it sometimes can kind of work.
After a few “Delete junk” commits, “Broken”, “PATCH: Hope this fixes it”, and “Basic Reverse-Proxy”, it’s now at version 1.0.1-alpha.1.
Don’t know what they did to Git. But their “minor commit” touches almost the entire code in their repo. Rest of it (and the general confusion and the edgy commit messages) look to me like something done by OpenClaw.
100% wouldn’t use it.
It was a “minor commit” because it was only a minor prompt.
Probably made my a minor too
Vibe coding, the crystal meth of software
More like bath salts
Is this an allegedly “high performance” reverse proxy written in NodeJS? Uh… Yeah, good luck with that.
Also, how do they intend to protect against DDos attacks in a self-hosted environment with (presumably) a limited number of devices?
To be fair, the proxy engine is supposedly written in go, not in nodejs, but yeah, the ddos defense most likely is wishful thinking…
Of course I also see that the go spawns python and does stuff with that…
And there’s lots of other dubious issues that look like an odd mismash of intro level programming stuff with unfortunate performance implications, and a very strong vibe code smell, though the commit interval is a bit larger than I would have presumed with vibe coding, but the volume of changes seem AI sloppy…
Well, broadly it looks like slop, probably AI slop, but either way I wouldn’t go anywhere near this project…
.
YouTube thumbnails, headlines and GitHub readmes are either Emoji free or to be avoided.
Almost every single deployment has failed lmao
github.com/netgoat-xyz/netgoat/deployments
Edit:
Oh my god they’re committing their .env with their “DiamondKey” (different from their API_STREAM_KEY) and they’ve committed TWO .exe files named
agent.exeandagent.exe~. They’re also looking for strategic partnerships who should reach out via Discord(???) and Gmail. Their quickstart includes only two things: a link to unpublished docs and the sentence “We recommend datalix for cheap and highly avaliable [sic] vps’ses [sic]” (no closing punctuation like a period, despite that being common throughout the readme). You can tell very obviously which parts were written by the person behind this project and which were generated by an LLM.Edit 2:
Their
1.0.1-alpha.1 - Syncronizing [sic] versioning - Minor Changescommit rewrites like the entire project??? Very obviously an ai slop project by some teenager who had an idea far beyond their skill level and decided to use ai instead of building up their skills over several years and changing the scope of their project to be a building block towards their idea that helps them develop the knowledge they would actually need to develop a project like this. They’ll realize at some point that they’re in over their head and that fancy code generators don’t magically fix that; I’d be surprised if this project is still being worked on by the end of the year.<img alt="" src="https://lemmy.blahaj.zone/pictrs/image/3db3e504-2f1b-48e6-b554-c13ea701bcd5.webp">
Thanks for the analysis; I had also seen the API keys, but I didn’t check the deployments.
I guess this answers my question then: No one is using it because not even the dev gets it deployed – highly “avaliable” 🤣