Fredrik's Homepage

Welcome! I'm Fredrik — a software engineer who enjoys tinkering with infrastructure, programming languages, and whatever else catches my curiosity. Have a look around and feel free to leave a note in the guestbook.

Blog posts

Tailscale is great

After reporting over 32 000 IP addresses for trying to hack my box, I decided to finally just shut off port 22, and migrate to Tailscale.

Published 2 months ago

My take on AI is changing

Less than half a year ago I was not only skeptical towards AI in my field, software development, but also not very impressed by the results it produced at the time. Now, however, I rarely write code myself anymore, and I'm not really observing the problems I envisioned would arise by the increased use. But. Some concerns I had, I still have.

Published 2 months ago

I want to love you, Orion by Kagi. I really do

As a fan, and user, of Kagi, I decided to give their browser Orion a try as my daily driver, only to want to tear my hair out after under two days of use.

Published 5 months ago

Where did all the humans go?

I'd love to read more tech blogs, interesting tweets/mastodon-posts, or other programming content, but the massive influx of AI slop and AI hype content takes the joy out of it.

Published 5 months ago

Follow up to post about invalid fallback values

Discussing how you can use the type system to your advantage to avoid passing around values that don't make sense. How types alone aren't enough to ensure your value is "valid", and response to my previous post's feedback on Reddit.

Published 5 months ago

Invalid values and the nullish coalescing operator in JavaScript

After working as a JS/TS developer for quite some years I've grown quite used to seeing || "" or ?? "" strewn around codebases as a quick fix to "remove" nullability, usually due to some value which you assume is set, but can't "prove" type-wise. I think this is a code smell, and I generally think it's not the right solution. In this post I try to explain why I don't think so, and provide some patterns that could help combat the downsides introduced by this pattern.

Published 5 months ago

Zed, AI in editors, and where did all the feature development go?

My experience using the Zed editor, why I'm struggling to adopt it as my full-time editor, and what I love about it.

Published 5 months ago

My very own homepage

An introduction to my new website. Quick explanation of the different technologies used, and my goals for the site. How I've used (and more importantly, not used) AI.

Published 5 months ago

Janne T15 days ago

Another blog to subscribe to 🫡

Erik30 days ago

I like your thoughts!

Fredrik August2 months ago

Finally updated my website. Simplified the architecture and made it a lot easier to maintain. Now realising the selling point of Vercel for Next.js. It’s a real hassle to host this Payload CMS project to be honest, compared to a “normal” MPA like RoR.

Jade5 months ago

I agree!! Greetings from Brussels

Casey5 months ago

I like your writing, please keep it up! You've earned yourself an RSS subscriber

undefined5 months ago

undefined

C & M5 months ago

Totally agree with if (process.env.MY_ENV_VAR === undefined) { throw new Error("MY_ENV_VAR is not set") } The other was is lazy and annoying!

Fredrik5 months ago

What I thought would be an article that most agreed on turned out to be anything but, and it's currently first place in controversial posts on /r/programming. Very exciting to see that people are reading it though:)

A5 months ago

MALMÖÖÖÖ

Fredrik5 months ago

Instagram has started automatically dubbing my reels, and changing the mouth to match the dub. Crazy. It also, of course, is seemingly impossible to turn off, just like YouTube, and ruins the experience of anyone who watches content in more than one language.

Fredrik5 months ago

Finally made an effort to rework the content here:) The photos are now uploaded and managed using Payload CMS self-hosted on my VPS, and I plan to add a blog section soon!

Fan5 months ago

crazy website

Fredrik5 months ago

I wish Cloudflare Connectors would let me connect my Hetzner Cloud S3-compatible endpoint, and not just the official s3 from AWS. I would like to serve my S3(-compatible) content from behind their proxy to benefit from their caching, but that requires a) using AWS s3, or b) paying for Enterprise which seems a bit overkill for my personal website.

Fredrik6 months ago

Why does the Auth0 login page email field auto-fill my full name and not my email?

Fredrik6 months ago

I got hacked! Turns out, at 11 PM last night, a Chinese botnet gained access to my box on Hetzner by brute forcing the password of my cluster account. It happened because I used an insecure password on the account, not knowing that SSH password authentication was turned on. Hetzner let me know this morning that my box was found to be performing netscans outwards. I managed to stop the scripts running and clean out the malware which consisted of a bitcoin miner, a network scanner and some other bits and bobs. Remember to use strong password, and to only use SSH key access on your boxes.

Claire6 months ago

GREAT HOMEPAGE!

Fredrik6 months ago

As I've been running my session store for authentication in memory, every time I've restarted my dev server I've had to log in again. It became a little tiring so I decided to switch over to using redis for sessions so I can stay logged in across restarts and upgrades in prod. Inspired by [this article by Mitchell Hashimoto](https://mitchellh.com/writing/building-large-technical-projects).

Jonathan (SEO bot)6 months ago

How can I get to this website from google?

Fredrik6 months ago

Okay it doesn't really take ~88 ms. I forgot to check the HTTP response so it's actually closer to 300 ms.

Fredrik6 months ago

It works by generating a key before you submit the form, which is then sent back to Cloudflare from the backend to be verified. It all just takes ~88 ms. Also turns out I forgot to spawn the email notifier in a background `context.Context` so now it should be a lot quicker. Not that you'll really notice, but it looks better in my graphs.

Fredrik6 months ago

After getting spammed by some SEO marketing bots, I decided to implement Cloudflare Turnstile which is the little black box under the message input that you may or may not see. It should in theory prevent bots from posting more comments 👽 Have a great Wednesday

Henrik6 months ago

Hei! :D

Fredrik6 months ago

Got observability in place as well using the Go OpenTelemetry SDK and Dash0. A little hard to get Chi to play nice with the open telemetry instrumentation but got there in the end.

Fredrik6 months ago

I've used Resend to set up email notifications on new comments. Worked like a charm, and their SDK and setup process for DNS settings was very straightforward.

Fredrik6 months ago

Finally took the time to implement authentication, so I can now log in and remove those pesky SEO bot spam comments. Tried going old-school and not using Clerk/BetterAuth/Auth0. Feel free to try to hack my website, but please don't delete anything if you manage to get access. If you find any vulnerabilities I can be reached on contact@fredrikmalmo.com

Kanskje Picker6 months ago

Anders er søt 🫶

Hvem vet? 6 months ago

Anders er søt 🫶

Anårs6 months ago

Er det realtime da?

owner7 months ago

thank you, claire!

!7 months ago

wow, the title sparkles

Fredrik7 months ago

sjekk nå Picker!!

picker7 months ago

nice photos!

Claire7 months ago

Wow, impressive work! Way to Go #Gomponents #writteninGo

Fredrik7 months ago

Hello guestbook