Knocker, a knock based access control system for your homelab

I don't want to be a hater, but exposing access to your homelab through a "fully vibe coded" application (it's mentioned at the bottom of the README) is probably not a good idea.

The idea itself sounds fun though

I guess I have to implement the habit of checking such things, since I never assume such a possibility. I prefer this info to be at the top of the readme, though – much more information value than the logo that deceived me into thinking this is a mature project.

Regardless; what benefits this would have over Wireguard?

I guess at least they're being honest, but I would agree - there's a large delta between Al-assistance and Al-driven, and "vibe coding" is one step further (just accepting everything Al does without critique, so long as it "works").

Great for prototyping, really bad for exposing anything of any value to the internet.

(Not Anti-Al, just pro-sensible)

Github should have "LLM" as language for repos that self report to be vibe coded or at least this kind of disclosure should be at the top of the readme not after thought.

Also the "If you're Anti-AI please don't use this." is pretty funny :D I guess I must be "Anti-AI" when I think this kind of code is wild to rely on.

I fully support the AI self-disclosure, but what I wonder what it is about AI generated code that makes this a separate problem from any other code where you don't know the programmer's competence?

Is it because the AI can generate code that looks like it was made by a competent programmer, and is therefore deceiving you?

But whatever the reason, I think that if we use it as a way to shame the people who do tell us then we can be assured that willingness to disclose it going forward will be pretty abysmal.

I think it makes sense for stuff that is fully AI generated to the point where you commit the prompts to git. At that point, they become the real "source code" and the generated code is more of a build artifact. It makes sense to tag the language as "LLM" instead of e.g. "Python" because that's what contributors will be expected to touch when interacting with the codebase.

> Great for prototyping

I must be Doing It Wrong(TM), because my experience has been pretty negative overall. Is there like a FAQ or a HOWTO or hell even a MAKE.MONEY.FAST floating around that might clue me in?

> If you're Anti-AI please don't use this.

I'm pro security. The gall to put something out there, pretend it being vibe coded is not a big deal and possibly exposing hundreds of people to security issues. Jesus.

It's open source. Audit it like you would any other service that exposed your homelab to the Internet. How do you know XYZ repo isn't coded for some bootcampers capstone project? I bet those are even less secure.

Edit: should have mentioned I am a bootcamp grad, not just throwing random shade.

> How do you know XYZ repo isn't coded for some bootcampers capstone project?

I gate access to my homelab using Wireguard.

Wireguard is widely deployed across the world, and has been worked on for years.

No random new repo that was vibe coded can measure up in the slightest to that.

If I had to audit security services for exposing homelab to the internet, I wouldn't use those services in the first place. I'm fine trying things out, but this is a very important security boundary, and it's a solved problem. Why risk it with an auditor who does it for a hobby (me)?

Github should have a tag about it on projects

No. You have just missed the two last steps. Here is the full explanation, and it is the same as it has always been on HN:

1. Make prototype

2. Magic happens here

3. Make lots of $$$

Great for prototyping only makes it easier to get to step 2, but done correctly, it certainly does that.

As proven by the nice app I have running on my laptop, but probably won't make any money from.

It’s getting scary how many security related apps are being vibe coded by people with very little security experience (not a knock heh on op, they could very well be experienced).

Suggesting people don't shoot themselves with a loaded gun is not being a hater, it's being a good person.

Perhaps not requiring a wireguard client installed on the machine you are accessing from. There are several circumstances where installing a VPN client isn't possible or practical

there is a non-zero chance that the human programmer has an interest in producing correct, secure code. there is zero chance than an LLM has the same interest. maybe those two are closer together in some cases, but not in many others.

I mean it's just using firewalld. You can't inspect the rules. For me it's simple enough that it shouldn't be a big security issue, but I understand and that's why I wrote that in the readme.

I mean you are free to not use it, it's for personal use. I was annoyed by all the vpn based solutions and built knocker to have something that works without installing it on each and every device.