• 0 Posts
  • 19 Comments
Joined 2 years ago
cake
Cake day: June 7th, 2023

help-circle
  • Overall, love it. We had a hybrid RAV 4 and wanted to move to a larger vehicle. When we discovered that Toyota was releasing a hybrid Sienna for 2021, we jumped at it. We get ~35mpg on average. And we’ve put just a bit over 55k miles on it since we got it. Maintenance has mostly been routine, though we did have an odd issue with one of the sliding doors filling up with water. According to the tech at the service center, there is a drain which was clogged and needed to be cleared. This was likely exacerbated by the fact that it’s parked outside, in a wooded area. So, it sees a lot of leaf litter. And that is one down side, the back hatch can accumulate leaves and crap in the space between the top of the door and the body of the vehicle. Annoying, but you just have to clean it out on the regular. The adjustment rails for the rear seats are also hard to clean, if anything gets in them. So, that can be annoying.

    As for performance, it moves well enough. It’s a mini-van, so you’re not going to beat a small car off the line, but you do get up to speed at a good clip. The turning radius is surprisingly narrow for such a large vehicle. At speed, the vehicle feels stable and handles ok. I’ll also say that the adaptive cruise control is insanely addictive. I’ve been driving in traffic this week and I can go a long time without touching the pedals. I’d also recommend getting to the trim level where you get the backup camera with the false overview of the vehicle, makes parking super simple.

    We mostly use it for routine tasks like getting groceries or taking the kids places. We also go camping regularly and we can pack all our stuff into the back and put the kayaks on top. Its not a vehicle I’d take off road on anything challenging, but it handles unpaved roads ok.

    So ya, we’ve been happy with it and I’d give it a recommendation.



  • Theoretically, browsers could even stop from the JS engine from being started for the site in the first place.

    The NoScript extension is basically this. Most of the client side stuff is off by default and you can enable it per-domain. It breaks a whole lot of websites, but often in ways where the main content of a website is still readable. Over time, you can build up a list of “allow by default” domains and most of the web you care about works. Though, you may have to spend a moment or two sorting out permissions when you visit a new site.


  • That actually sounds like a reasonable response. Driving assist means that a human is supposed to be attentive to take control. If the system detects a situation where it’s unable to make a good decision, dumping that decision on the human in control seems like the closest they have to a “fail safe” option. Of course, there should probably also be an understanding that people are stupid and will almost certainly have stopped paying attention a long time ago. So, maybe a “human take the wheel” followed by a “slam the brakes” if no input is detected in 2-3 seconds. While an emergency stop isn’t always the right choice, it probably beats leaving a several ton metal object hurtling along uncontrolled in nearly every circumstance.


  • do any of you hate how self-hosting services like photo- or document-management systems, or even a simple rss tool, forces you to sort your stuff out, and put your decades old files in order?!

    What is this “sort” thing you speak of? I don’t sort anything, I have NextCloud syncing my entire photos, videos and documents folders and they are just as messy as ever. Granted, I do go through my photos and videos once a year and dump them in a folder named for the year they were taken. Occasionally, I’ll go hog wild and try to sort some of a year’s photos/videos into folders named after events. Though, that hasn’t happened in a number of years. I setup NextCloud so I could have everything synced to my own server and just forget, not have to deal with labeling my data.

    As for bookmarks. I already keep those in folders; but, I don’t sync those. I use my desktop far more than I use my phone for web browsing. And the types of things I use my phone for (mostly recipes), I just keep bookmarked there.








  • My personal preference is to use FOSS whenever it’s practical. For home use, I’ve switched to FOSS for the vast majority of my computing needs. I run Linux on both my server and desktop. Most of the software on my server is FOSS, with the one exception being a container using the Splunk free license. My desktop is running Linux, and I use LibreOffice for documents and the like. I do run Visual Studio Code, which is technically Open Source, though I would not put it past Microsoft to do a rug-pull on that eventually. And I have an extensive library of games with Steam, basically nothing of which is Open Source.

    I have reached a point, financially, that piracy is not morally defensible. And I’m not willing to get into the mire of if, or where such a line would be. I believe that creators should be rewarded for their work. Though, I also agree that the limits on copyright are way out of whack with the changes Disney has purchased through the years. So, piracy as a moral question is a murky subject, with no clear answers to me. But, the end result is that I buy games, movies or TV shows. For other software, I usually look to FOSS projects (e.g. Gimp vs Photoshop, FreeCAD/OpenSCAD vs Autodesk), free licenses (e.g. Splunk) or just do without. For TV Shows/Movies, if it’s not on one of the streaming services I subscribe to, I may buy it via a digital service; or, I do without.


  • While an interesting idea, this sounds like an organization designed to separate some doofus investment manager with a lot of capital before inevitably folding because companies won’t give a damn. Sure, if we were to pass laws allowing us to hunt down anyone responsible for using blue LEDs on devices which did not specifically need blue light, and burn their eyes out with a hot poker. Then, such a certification might make sense. But, so long as there are no repercussions for companies making horrible design decisions, why would any company pay for a certification like this.



  • sylver_dragon@lemmy.worldtoTechnology@lemmy.worldStack overflow is almost dead
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    2 months ago

    Not terribly surprising, Google would often direct me to StackOverflow threads as I was googling for an answer to a question. And as often as not, either the question was closed; or, instead of anyone providing an answer, the commenters would spiral off into questioning everything about the original question asker’s life choices. While I do get the whole XY Problem, this sort of thing seemed to be over-used on SO.

    Granted, I don’t know if AI answers are any better. Sure, they can answer a lot of the simple questions, but I’ve not seen them be useful on hard, more obscure questions. Probably because those questions don’t have ready answers on SO.


  • ServiceNow is very much aimed at the managers. It’s good at reporting metrics like SLAs, ticket counts and anything else management dreams up to track metrics on. The interface for analysts putting data into it is slimy shit on toast. I swear, one of the questions I plan to ask, the next time I’m interviewing for a job is, “what do you use for security case management”. If the answer is “ServiceNow” or “ServiceNow Security Incident Response (SIR)”, that’s going to be a mark against that company. The only thing worse than ServiceNow ITSM is ServiceNow SIR. It’s all the terrible design of ITSM, but with basic security case management features implemented by clueless idiots.




  • My list of items I look for:

    • A docker image is available. Not some sort of make or build script which make gods know what changes to my system, even if the end result is a docker image. Just have a docker image out on Dockerhub or a Dockerfile as part of the project. A docker-compose.yaml file is a nice bonus.
    • Two factor auth. I understand this is hard, but if you are actually building something you want people to seriously use, it needs to be seriously secured. Bonus points for working with my YubiKey.
    • Good authentication logging. I may be an outlier on this one, but I actually look at the audit logs for my services. Having a log of authentication activity (successes and failures) is important to me. I use both fail2ban to block off IPs which get up to any fuckery and I manually blackhole entire ASNs when it seems they are sourcing a lot of attacks. Give me timestamps (in ISO8601 format, all other formats are wrong), IP address, username, success or failure (as a independent field, not buried in a message or other string) and any client information you can (e.g. User-Agent strings).
    • Good error logging. Look, I kinda suck, I’m gonna break stuff. When I do, it’s nice to have solid logging giving me an idea of what I broke and to provide a standardized error code to search on. It also means that, when I give up and post it as an issue to your github page, I can provide you with some useful context.

    As for that hackernews response, I’d categorically disagree with most of it.

    An app, self-contained, (essentially) a single file with minimal dependencies.

    Ya…no. Complex stuff is complex. And a lot of good stuff is complex. My main, self-hosted app is NextCloud. Trying to run that as some monolithic app would be brain-dead stupid. Just for the sake of maintainability, it is going to need to be a fairly sprawling list of files and folders. And it’s going to be dependent on some sort of web server software. And that is a very good place to NOT roll your own. Good web server software is hard, secure web server software is damn near impossible. Let the large projects (Apache/Nginx) handle that bit for you.

    Not something so complex that it requires docker.

    “Requires docker” may be a bit much. But, there is a reason people like to containerize stuff, it avoids a lot of problems. And supporting whatever random setup people have just sucks. I can understand just putting a project out as a container and telling people to fuck off with their magical snowflake setup. There is a reason flatpak is gaining popularity.
    Honestly, I see docker as a way to reduce complexity in my setup. I don’t have to worry about dependencies or having the right version of some library on my OS. I don’t worry about different apps needing different versions of the same library. I don’t need to maintain different virtual python environments for different apps. The containers “just work”. Hell, I regularly dockerize dedicated game servers just for my wife and I to play on.

    Not something that requires you to install a separate database.

    Oh goodie, let’s all create our own database formats and re-learn the lessons of the '90s about how hard databases actually are! No really, fuck off with that noise. If your app needs a small database backend, maybe try SQLite. But, some things just need a real database. And as with web servers, rolling your own is usually a bad plan.

    Not something that depends on redis and other external services.

    Again, sometimes you just need to have certain functionality and there is no point re-inventing the wheel every time. Breaking those discrete things out into other microservices can make sense. Sure, this means you are now beholden to everything that other service does; but, your app will never be an island. You are always going to be using libraries that other people wrote. Just try to avoid too much sprawl. Every dependency you spin up means your users are now maintaining an extra application. And you should probably build a bit of checking into your app to ensure that those dependencies are in sync. It really sucks to upgrade a service and have it fail, only to discover that one of it’s dependencies needed to be upgraded manually first, and now the whole thing is corrupt and needs to be restored from backup. Yes, users should read the release notes, they never do.
    The corollary here is to be careful about setting your users up for a supply chain attack. Every dependency or external library you add is one more place for your application to be attacked. And just because the actual vulnerability is in SomeCoolLib.js, it’s still your app getting hacked. You chose that library, you’re now beholden to everything it gets wrong.

    At the end of it all, I’d say the best app to write is the one you are interested in writing. The internet is littered with lots of good intentions and interesting starts. There is a lot less software which is actually feature complete and useful. If you lose interest, because you are so busy trying to please a whole bunch of idiots on the other side of the internet, you will never actually release anything. You do you, and fuck all the haters. If what you put out is interesting and useful, us users will show up and figure out how to use it. We’ll also bitch and moan, no matter how great your app is. It’s what users do. Do listen, feedback is useful. But, also remember that opinions are like assholes: everyone has one, and most of them stink.