Oh no. Not sure I want to look up what he did.

All the data gathered by Cambridge Analytica was gathered through the public API though, after users had consented to share it (by logging into a quiz app that requested the permissions). That’s why the API is very locked down now, and the approval process to get any sort of data access is very strict.

The main issue was that they gathered data from people whose profiles were set to be visible only to friends. If someone logged into the quiz and granted permissions, their friends’ data was also accessible via the API.

With your idea, you either have to list a local IP in your public DNS record, or highjack your local DNS to point to the local IP. Both feel inelegant

The DNS records for your internal servers don’t have to be public - they can be only on an internal DNS server if you want to do that. Only the _acme-challenge subdomain has to be public. Let’s Encrypt does follow CNAMEs.

And you have to give your NAS write access to your API key of your DNS registrar

You can use a separate DNS server just for Let’s Encrypt, as it follows CNAMEs. I use acme-dns for this. Let’s Encrypt supports IPv6-only DNS servers so I have my acme-dns instance listening on an IPv6 address in the /64 range on one of my VPSes.

Makes sense - thanks.

Debian is ready - as of Debian Trixie (released in August 2025), all software in the official repo is being compiled with 64-bit time. https://wiki.debian.org/ReleaseGoals/64bit-time

For your home NAS, I’d recommend using Let’s Encrypt with Certbot. You can use it for internal systems, as long as you have a real domain name. Use DNS verification instead of HTTP. Renewal isn’t an issue if it’s entirely automated.

Doesn’t the water evaporate and become part of the water cycle? Water can’t just disappear? Maybe I’m missing something.

It would be good to cut down water usage… Not just for data centers but also for things like lawns and golf courses.

aggressively guard

tbh it’s a hard balance for any social media company.

Guard content too little and you end up with Cambridge Analytica, which was literally because the public APIs allowed too much access (third-party apps could see any data through the API that you could see through your Facebook account, including friends profiles). You also end up with headlines talking about big data leaks which really just end up being compilations of public data (which has happened to both Facebook and LinkedIn).

Guard content too much and you restrict users’ freedom too much.

It’s not too bad if you use an outbound SMTP relay for sending. SMTP2Go is pretty good, and they have a free plan with 1000 emails per month. I use Mailcow and you can configure relays in their web UI, but it works just as well with the sender_dependent_relayhost_maps setting in Postfix.

Sure, it’s not fully self-hosted, but the interesting part to self-host is the storage of your emails, not the sending (which will just relay through other SMTP servers along the way anyways).

Yeah, there’s no risk of the mortgage falling through, and not as much dealing with banks. I don’t really know the specifics but it was something I had to be aware of when buying my house. Luckily I was buying while it was a buyers market a few years ago, so prices were lower, fewer people were looking, and there weren’t any competing all-cash offers.

It’s hard in nice/desirable areas because the rich people make all-cash offers, and sellers prefer that over people that will get a mortgage.

I’d make sure there’s an officially supported integration, or one that’s 100% local (no cloud needed).

It’d be frustrating to spend money and get everything set up only for Bryant/Carrier to decide that they don’t like Home Assistant any more and block an unofficial integration.

Maybe someone else has better advice for your particular setup.

For my house, it had central heating so I ended up replacing that with a central heat pump HVAC system that uses a regular thermostat (Gree Flexx with an Ecobee). I didn’t want to deal with anything proprietary. The Ecobee supports local control via HomeKit, which Home Assistant supports natively (no Apple device needed).

As someone who’s worked in Silicon Valley for 13 years… A lot of senior developers that work at big tech companies can earn over $500k total compensation (salary, bonus, and stock) per year. A higher level, like L7 at Google or E7 at Meta, can earn over a million per year. You can end up with $5-10 million net worth after 10-15 years.

Some people end up saving enough and having enough investments to retire early and mostly live off the returns. This strategy is often referred to as FIRE (Financial Independence, Retire Early).

Of course, people still want something to keep them busy, so they tend to end up doing something they always wanted to do but never had the time or money to do it. They don’t need the money, so can spend time just enjoying it rather than focusing so much on working. I know someone who retired in their 40s and started doing woodworking full time.

You don’t absolutely need a central repository for Git. It’s decentralized. You can learn the basics (committing, branching, rebasing, amending, merging, resolving merge conflicts) entirely on your computer.

My advice would be to get familiar with using Git locally first. Simulate things like merge conflicts - have two branches that both change the same line in a text file, then merge them together and resolve the conflict.

Once you’re more comfortable with using it locally, learn about code forges like Github or Forgejo.

It’s called a “merge request” in Gitlab, which is a much better name.

At least it’s open source so anyone can look at the code and figure out why it asks for the permissions.

It’s the same with public transit. Some people think the government shouldn’t invest in it because it won’t be profitable, but… it’s not supposed to be. It’s a public service, just like libraries, firefighters, parks, public schools, road maintenance, etc. That’s literally what taxes are for.

I didn’t realise that people still use Gogs. It was forked to Gitea, which was then forked to Forgejo. Forgejo has a much larger focus on security compared to its predecessors.

You’re thinking of apt full-upgrade. dist-upgrade is the old name for it.

The only difference between upgrade and full-upgrade is that full-upgrade will delete packages if necessary (like if you have a program installed that conflicts with a new version of another program), whereas upgrade will never do that. upgrade is safer for day-to-day updates.

If you do an upgrade and there’s packages that need you to run full-upgrade, you’ll see a message saying that some packages have been held back.

full-upgrade is mostly safe. You just need to read the output carefully before continuing.

Make sure you have the security repo enabled in /etc/apt/sources.list. It should be enabled by default. Just search that file for “security”

Then just run apt update, apt upgrade, and reboot.

Are there any actual issues in those commits though? I spot checked a few and they look pretty benign, and don’t really look vibe coded to me.

Just because someone uses an AI tool doesn’t mean their work is vibe-coded slop. An experienced developer that knows what they’re doing can use AI as a tool to take care of boring/mundane parts and write a rough plan for their work, while still paying attention to the business logic and system design, and still fully reviewing everything themselves.

A lot of the recent commits are in the test suite, and building test suites, fixtures and harnesses is something AI is fairly decent at if you give it a good prompt (give it the input, expected output, and expected side effects).