/reader

I love this idea of “growing down”, becoming more rooted and sturdy.

It got me thinking about the word “growth”.

Contemporary usage of the word in business often communicates human intervention and imposition against an otherwise natural outworking.

“Growth” in a forest is different than “growth” in business.

In business, we talk about “growth hacking” as if the natural cadence of growth isn’t sufficient. It requires modification because we deem it insufficiently slow.

We “engineer” growth instead of tending it.

Personally, when I say I want to grow, I mean like a tree. Not like a cancer.

Tree growth responds to its environment and integrates with its ecosystem. Growth is sustainable, balancing expansion and repair. It scales in harmony with its context.

Cancer growth is selfish, consuming resources at the expense of its host. Growth is uncontrolled until the system that supports it collapses. It scales through extraction until failure.

When we talk about the growth of technology in the 21st century, which kind of growth do you think best describes it?

“Hey, {social media | AI} grew so big, we all sat together under its canopy and enjoyed the shade.”

Said no one.

More likely: “Hey, {social media | AI} grew so big, it metastasized beyond what society could bear and now look at the mess we’re in.”

Reply via: Email · Mastodon · Bluesky

• /wp-login.php
• /wp-admin
• /news/wp-includes/wlwmanifest.xml
• /login/
• /wp-includes/wlwmanifest.xml
• /news/wp-includes/wlwmanifest.xml
• /website/wp-includes/wlwmanifest.xml
• /info.php

I don’t run WordPress, but as you can see I still get a lot of requests for wp-* resources.

All of my websites are basically just static files on disk, meaning only GET requests are handled (no POST, PUT, PATCH, etc.). And there’s no authentication anywhere.

So when I see these requests, I think: “Sure is nice to have a static site where I don’t have to worry about server maintenance and security patches for all those resources.”

Of course, that doesn’t mean running a static site protects me from being exploited by malicious, vulnerability-seeking traffic.

Here are a few more common requests I’m serving a 404 to:

• /.env
• /.env.production
• /.env.local
• /.env.dev
• /.git/config
• /data.sql
• /database.sql.gz
• /mysql.sql
• /db.sql.gz
• /backup.sql.gz
• /database.sql

With all the magic building and bundling we do as an industry, I can see how easy it would be to have some sensitive data in your source repo (like the ones above) end up in your build output. No wonder there are bots scanning the web for these common files!

So be careful out there. Just because you’ve got a static site doesn’t mean you’ve got no security concerns. Fewer, perhaps, but not none.

Reply via: Email · Mastodon · Bluesky