Hacker Newsnew | past | comments | ask | show | jobs | submit | silversmith's commentslogin

I also have a "homelab" with minimal maintenance requirements. I'd wager it works out to much less than 15 minutes a month over a year. The strategy is as follows: pin all services to known good versions, deny access from outside LAN, and don't touch it unless there's a new service release with new features I want. Not something I would do at work, but perfectly fine for home setting.

Same. Been using this approach since 2012 and it works very well. I do have TailScale to make access a bit easier, and my AI box has proven to be a bit touchy as I do OS/kernel upgrade that match my ROCm drivers. This got a little bit easier with the 7.x kernels, but even that transition hasn't been super smooth. Will probably spend a feelw hours tonight getting it back in shape, but all my other machines are as you describe: almost fire-and-forget!

Hang on, can you actually do something nefarious with just the bank account number?

If someone has your bank account and bank’s routing number (which is also not secret), they can make fraudulent ACH transfers and payments from your account. Of course it will most likely be caught as fraud some time after the fact, but just those two bits of not-secret info are enough to grief someone.

Knuth had to stop sending real checks for errors spotted in his books because they would post pics of the check and thieves abused the account https://www-cs-faculty.stanford.edu/~knuth/news08.html

And both numbers, plus your name and address and a convenient sample of your signature, are on every check you’ve ever written.

I suddenly feel very clever for signing everything with “Shamu T. Whale”

AFAIK that's US thing. In normal countries bank account numbers are not a secret. The worst thing that can happen is someone sending you money.

Yes and no. Yes, theoretically you can initiate ACH transfer with just the account number. But practically, you will need to have a bank that would allow you to do that and agree to be on the hook if the transfer is going to be reversed. Which means if you are a criminal who wants to do it systematically at scale, you have to be big enough to have your own licensed pocket bank. Which is not a service available to a random criminal. Of course, a random criminal could forge a check with your numbers and cash it, but the account owner would rarely be on the hook for the funds, it's whoever agreed to cash the check. It can cause significant annoyance and inconvenience to the real owner of the account (including having to change account number and all accompanied legwork) but rarely results in funds actually being removed from the rightful owner. The banks prefer this system to the alternatives even with the risk of fraud.

Yes but there are steep penalties for bank fraud so it is not especially common

I usually don't like the "read the article" replies, but in this case it's warranted - the second section explains how multiple transactions interact there, and the "deleted" record still needs to actually exist for older transactions.


Hang on, so you are arguing that responsibility for your product is just a phase you grow out of as a company?


Keepassxc is local first and has password history. Check it out before building.


It didn't have a good sync story when I checked last.


Still does not. My approach is to keep the file in OneDrive. On windows / mac it's just a file, on android it's via custom onedrive protocol handler but also seamless.


For the biggest languages, Spanish, French, maybe.

For smaller ones like my native Latvian, the output could be confused for good translation from across the room, the words do look like Latvian words. But the quality is Google translate circa 20 years ago, tops.

It could probably do a decent enough translation to English, if all you need is to get the gist of text. But for smaller European language outputs, nothing comes close to Gemini.


So the correct strategy is a global CLAUDE.md with couple lines of colourful "you best behave or else" texts, so all your prompts get routed via the frustrated path?


That will not work - you end up with Claude being ADHD and not following any guidelines.

Skills do work, as they ground the agent with constrained context for the task it's performing


Can you explain how you’d use skills to address the situation that anonzzzies was describing…?


I have a skill for exactly such case! Here's an excerpt :)

``` --- name: evidence-debugging description: > Use when debugging any failing test or bug, investigating unexpected behavior, or tracing the cause of a reported defect. ---

# Debugging Discipline

## When to Use

- A test is failing and you need to understand why - Behavior is unexpected and the cause is unknown - The user asks you to debug or investigate a defect - You need to verify what a value actually is at runtime

*When NOT to use:* proactive code exploration without a specific failure to investigate.

## STOP — Do This Before Anything Else

Before reading code, before forming a hypothesis, before typing anything — answer these:

1. *Do I have actual output from a running system?* - No → instrument, run, save to file, read. Do not proceed until you have real output. - Yes → read it. Do not re-run.

2. *Am I about to explain what the issue "probably is" or "must be"?* - Yes → stop. That is deduction without evidence. It is a violation. Instrument instead.

3. *Am I about to touch passing code?* - Yes → stop. Only instrument the failing scope.

If you find yourself already reasoning about likely causes — you are already violating Rule 1. Stop. Go back to step 1. ```


Thanks a lot! This is really helpful!


No worries! Here's the full prompt if you need it: https://sharetext.io/g6ibuxa5 (you'll probably need to update it, as there're specific things I wanted it to take into account)

Ultimately my point is to define small contexts grounding agents in tasks you expect them to do. Trying to define guidelines for everything will not work = telling it that it shouldn't delete prod AND that it's architect AND that it should review code using this and this principle AND milliard other things that you expect from yourself.


I find it routes more quickly for patches when in the frustrated path, so after planning sure :)


there already is a global claude using any cloud model is a high probability that theyre context stuffing trying to curate output for the normative use cases. see "dont talk about goblins"


That used to be the case. Less so now - the Chinese brands tend to work right out of the box.

I run an Elegoo Centauri Carbon ar home, and the building and managing process was unscrewing couple transport bolts and clicking "self calibrate" button. From what I've seen, Creality is the same way now too.

Yes, the old Ender 3 I used to have demanded attention every other print. But it's not the norm now.

I'm sure Prusa makes a better product, and it probably starts to make economic sense if you run a print farm. But for home use, a 300€ box that happily melts plastic into whatever shape I need is a sweet deal. It even has a 50€ multi material extension box now, however that's on months long backorder.


do these alternatives all share the same pattern of providing cloud services like BambuLabs?


As far as I know, Elegoo is offline. It has not asked me to log in anywhere, and while it encourages use of their own orcaslicer skin, it works with others too.


In Latvia we've had digital id for close to 20 years. Banks mostly use their own auth, some rely on digital id. No travel service has ever wanted me to use digital id, let alone any other kind of shopping. What we use it for is access to government resources, and signing digital documents. I trust this system WAY more than whatever some company comes up with.


> No travel service has ever wanted me to use digital id, let alone any other kind of shopping

Yup, until they are regulated to do so in case you buy booze, porn, metal detectors, crossbows or who knows what else. And until silversmith tries to dodge the draft but he accidentaly bought some booze woth his gov eID to party with friends.


What's stopping anyone from requiring a passport scan right now?


This is an interesting and hopeful datapoint.


No limitations during corona? Remember travelling through your neighbour during corona and was treated worse than a ww2 jew in germany due to not having the authoritarian corona passport.

This is what our every day will be like, when the state has internalized the enormous power of a 100% controlled digital ID. Bye, bye, freedom of thought.


>was treated worse than a ww2 jew in germany due to not having the authoritarian corona passport.

If you were to be treated worse than a jew in ww2 germany, you would not be writing about it here.


You are most likely referring to the EU covid certificate. It functioned as a proof of vaccination or recent negative test, and yeah, that was required for travel at one point. And even then the verification end was `(code: string) -> valid: boolean` function, no personal data was accessible at validation point. It used the digital ID as SSO for accessing your records, so you could save / print the verification code, usually in form of a qr code. I know all this, because I'm friends with people that worked on the Latvian part of the system, and we spent long chat sessions discussing how to best do it in the least privacy-intrusive way.

If you were from outside EU, I fully believe the experience was subpar. 99% or more of verifications went through the EU system, and if you showed up with different kind of documentation, the people tasked with verification "at the edge" might not even know if it was valid form of proof.

Overall, I struggle with being outraged by the concept of digital ID. It's just a digital form of "show me your passport please". We have had physical national ID (mandatory from certain age!) for as long as I can remember myself. The state knows I exist. If a madman gets put in charge, lack of unified digital ID is not going to prevent airport style passport gates being erected around the booze stand.


I think what is happening is a rather philosophical rejection of the mere idea that the government should affect ones life in any way for any reason. Somehow all the laws that existed before are below the baseline, so they kinda fine, but the new things -- those cause outrage.

Then comes this post-hoc rationalization about how it will inevitably be abused, Jews in Nazi Germany, apartheid and chips under the skin.


IP_7 means it's ok with water immersion for up to 30 minutes, down to 1m. You can go swimming with an IP_7 rated device.

IP_8 is "more than 1m, more than 30min water immersion" rating.

"outdoors in the rain" needs IP_5 rating if you want to be safe. You do not need a dive watch to go out in rain.

Even non-waterproof devices are not exactly made of sugar. My first iphone was a 3gs. I want running with the device in an armband. My rain precautions were plugging in 3.5mm earphones, and pointing the charge port downwards. Regularly got caught in rain with it, and the device was completely fine two years later when I sold it.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: