WingNews logo WingNews GitHub [2]

sbehere's comments

sbehere | 2 years ago | on: Repurposing Hugo as a wiki

I use a bunch of Python scripts to publish interlinked notes written with Obsidian[1] and, more recently, SiYuan[2] with Hugo. For me, this presents the best of both worlds. Obsidian and SiYuan are very nice to write and review notes. Hugo is good for publishing to the web. Having script automation to bridge the two means you can use the strengths of each tool without having to bend it for a use case it wasn’t designed for.

[1]: https://sagar.se/notes/computers/hugo/digital-garden/publish...

[2]: https://sagar.se/notes/computers/hugo/digital-garden/publish...

sbehere | 2 years ago | on: Nothing's iMessage app was a security catastrophe, taken down in 24 hours

Replace 'Security' with 'Safety' and your comment still rings eerily true! One exception (? probably not an exception) is that sometimes organizations will still hire safety/security specialists (because the externally viewed perception of not having them is damaging), but these specialists are then (perhaps unintentionally) knee-capped to various extents in order to prioritize promises to leadership or other org. goals that must be hit. The net result is that good and capable folks who care deeply about the company's mission may watch in consternation as the org. slowly train wrecks itself if the roll of the dice doesn't land right. See, for example, the story of several autonomous driving organizations.

sbehere | 2 years ago | on: Help HN: Google has blocked our entire domain for harmful programs

I've seen this happen at $EMPLOYER and it actually went beyond the website. Any email you send that has the url/domain in the text (e.g. in the signature) gets flagged by gmail or any G workspace email server with a big red warning. So, all customers who use Google's email servers (directly or indirectly via G Workspace) will get the red warning banners on all emails sent from anyone in your organization. Now THAT gets annoying real quick.

sbehere | 2 years ago | on: Rivian software update bricks infotainment system, fix not obvious

> A car doesn't need data updates, and definitely not code updates

I don't think this is accurate. Many advanced driving assistance capabilities need access to updated map tiles, which is a data update. They may need code updates to fix errors or shortcomings that can be detected only after deployment on extensive fleets or in response to changes to the environment/infrastructure. This is just one example for why data and code updates are needed.

I think it is more accurate to say that a "dumb" car with mostly electro-mechanical systems doesn't need data updates and definitely not code updates. But that isn't true for vehicles built within the last few years and definitely untrue for vehicles that will be built in the coming years.

sbehere | 2 years ago | on: Ask HN: How do you organize your life?

The insight that worked for me is that it isn’t about the tools. Rather, it’s about having a solid plan, or methodology, that works for you, which can be implemented using whichever tools are convenient. Many folks, including me at one point, hop from one tool to another, looking for one that “feels right” and which will magically fix and organize your life.. or make you want to do that. Ain’t no such thing. But once you figure out the methodology, the rest slides into place.

Here[1] is the methodology that works for me. It enables long and short term planning and organization in accordance with my changing priorities and values.

[1]: https://sagar.se/blog/a-task-management-model/

sbehere | 2 years ago | on: Show HN: Paisa – Open-Source Personal Finance Manager

I think it helps if personal finance managers explicitly describe at least the following:

1. What automation, if any, exists for entering transactions? This is the most laborious/cumbersome part of personal finance. Some tools use financial data aggregators (plaid, yodlee etc.) that involves sharing login credentials with a third party, sometimes disabling 2FA, or other steps that are anti-security or anti-privacy. It sucks that in the USA at least, there is practically no way for customers to fetch their bank data via an open API. Until recently, many financial institutions supported OFX, but that is being phased out.

2. How is categorization of transactions accomplished? Ideally, I want autocategorization based on my own previously categorized transactions, since the bulk of my transactions are repeats at the same merchants.

3. What sort of reporting, dashboarding, and potentially sharing capabilities exist? Ideally, I want to share some reports with my partner

A while ago, I created my own homegrown system to automate my personal finances[1]. It is capable of doing all of the above, without sharing data with a 3rd party. Unfortunately, the automated transaction retrieval mostly does not work because financial institutions are dropping support for OFX.

[1]: https://sagar.se/blog/where-is-the-money/

sbehere | 2 years ago | on: A basic guide to using Asian names

This is fascinating. Thank you for commenting. As an Indian living in the West, I have always wondered why/how certain differences that are stark to my ears are subtle or barely perceptible to others.

The converse is also true. For example, the way native Swedish speakers pronounce seven (sju - example pronunciations at https://forvo.com/word/sju/ ) is 1) Hard for me to say and 2) No matter how I say it, the response from Swedes is, "You said <X>; it's actually <X1>" where both <X> and <X1> sound exactly the same to me, so I don't hear the distinction they are trying to point out. I assumed the same happens to Western folks when Indians/Hindi speakers try to explain the difference between the various T sounds.

> The bigger issue is English lacks a retroflex plosive (tongue curls), and aspiration is non-phonemic (does not carry a meaningful distinction)

But English words do seem to distinguish meaningfully between what you term 'voiceless' and 'aspirated voiceless' isn't it? For example, there is a difference between 'time' and 'thyme'. Ignoring the difference between 'y' and 'i' for a moment, wouldn't both words be the "same" to English speakers if what you are saying is true? Isn't 'th' just the aspirated version of 't'? (Not contesting what you are saying, just curious to understand.)

sbehere | 2 years ago | on: A basic guide to using Asian names

This "basic" guide is probably well-intentioned and useful. It does gloss over a whole range of nuances and diversity of protocols for India. Wonder if similar glossing over is happening for other countries in the list.

sbehere | 2 years ago | on: A basic guide to using Asian names

Hmm, I'm not quite sure what those terms mean, but a quick search seems to suggest to me that it is a "Dental" (not alveolar) vs retroflex.

See 00:53 of this video: https://www.youtube.com/watch?v=rXFx3Ly_imY

In that table, त is the first column of the Dental row and थ in the second column of that same row (aspirated?). Similarly, ट is the first column of the Retroflex row and ठ is the second column of that row.

sbehere | 2 years ago | on: A basic guide to using Asian names

I think certain sounds are hard for Western speakers to pronounce, while others are easy. Specifically, Hindi (and many other Sanskrit-derived languages) distinguish between some sounds (which have correspondingly different characters in the written script) that are often indistinguishable to Western ears. And if you can't hear the difference, you are unlikely to be able to say it right.

These sounds typically come in groups of four. For example, there are 4 "T" sounds in Hindi: त थ ट ठ. If you pronounce each of these correctly, Indian ears will hear 4 distinct sounds. Western ears will typically hear the same sound 4 times. If they are listening attentively the second time around, they may be able to distinguish at most 2 different sounds, but not 4. Given this, Western speakers are unlikely to correctly pronounce a word containing one of these sounds. The good news is that even if a Western speaker has incorrect pronunciation, in the vast majority of cases native Hindi speakers would be able to understand what was meant.. so the communication still happens effectively. Furthermore, regardless of language, I like to believe that most native speakers will very much appreciate efforts to speak the language, no matter how mangled the pronunciation is.

sbehere | 2 years ago | on: Ask HN: How do you manage your personal finances?

I rolled my own solution[1] out of existing stuff that is mostly automated, does auto-categorization of transactions, has dashboards and sharing, and does not require sharing login credentials with third parties.

However, financial institutions in the USA are making it harder to pull transactions via an API without involving third parties. So I’ll soon need to resort to scraping via selenium to automatically fetch transaction data.

1: https://sagar.se/blog/where-is-the-money/

sbehere | 2 years ago | on: Digital Security Tips to Prevent the Cops from Ruining Your Trip Abroad

I don't understand the point of traveling with clean burner devices and keeping your data encrypted in the cloud. Yes, it protects for threats where the devices are stolen or compromised when out of sight, but not for cases where government authorities are targeting you, as described in the article. What happens when govt. goons tell you to write down a list of your cloud accounts (email, storage etc.) and their corresponding security credentials and threaten you to not leave any out? Or, when you are asked to log in to your cloud accounts with the threat actors hovering around you? How many of us would refuse and/or roll the dice on not revealing certain accounts and risk them being discovered later (along with implications of not having revealed them earlier when specifically told to do so)?

Wouldn't it be more rational and reasonable (for everyday folk, not journalists, activists, dissidents, etc.) to never travel with or keep on cloud storage any data that they would rather authorities never, ever see, if at all they have such data?I think the vast variety of business and personal data does not fall into this category.

Note that, in principle, I am all for privacy and resisting govt. intrusions into private lives by crafting appropriate legal frameworks and strong technical mechanisms. In practice, as an average Joe, I don't know how much I should resist if/when I am personally targeted and threatened with dire consequences while traveling in a foreign country. It is easy to think that in such a situation, my priority would be to get out of that situation asap and folding completely may be seen as the fastest way to achieve that.

sbehere | 3 years ago | on: Firefly III: A free and open-source finance manager

The data entry problem can be solved in some cases by fetching transaction data automatically using OFX from supporting institutions. Python’s OfxTools [1] works quite well for this. Quite a few large institutions in the USA support this (e.g. Amex, Chase) while some don’t (Bank of America). For the latter, transaction data can nevertheless be downloaded in ofx/qfx or csv format from the web interface, which can then be auto imported.

Once the transaction data is available, it is trivial to auto categorize it and create dashboards. I’ve blogged about my own process/tools for that here [2]

1: https://ofxtools.readthedocs.io/en/latest/client.html

2: https://sagar.se/blog/where-is-the-money/

sbehere | 3 years ago | on: Can a laptop from 2012 be a viable home server?

It depends on your use cases. For example,

- I have a scanner that saves scans to a network share. Having a linux-based SMB server on the local network is convenient and privacy-friendly, especially when the disks are encrypted. Doubt you can get privacy like that with a cloud service to which your printer can connect.

- If you follow the 3-2-1 style of backups, having a fileserver at home is convenient for a solid backup regime across all devices.

- You can use a server for serving local media to watch on the TV or any other device

- In some cases, you can use the same server for advanced security, privacy, ad-blocking, and combining multiple internet connections in order to gain fail-over redundancy and increased bandwidth.

I am able to do all of the above with a really simple home server setup [1].

[1]: https://sagar.se/blog/diy-multi-wan-linux-router/diy-multi-w...

sbehere | 3 years ago | on: Actual is going open-source

I use a home-grown system[1] that does not require sharing credentials with a third party, has partial/fully automated (depending on financial institution) fetching of transactions, auto-categorization learned from your previously categorized transactions, and the possibility to create pretty dashboards that can be shared with others.

It's surprisingly simple (just a few lines of code) for personal use.

[1]: https://sagar.se/blog/where-is-the-money/

sbehere | 4 years ago | on: Ask HN: Have you created programs for only your personal use?

I have created a personal finance tool that Works-For-Me and requires no sharing of login credentials with third parties.

Something that scrapes financial transactions from bank and credit-card accounts in a fully automated way where possible, and semi-automated way where necessary, dumps those transactions into a database, automatically categorizes them, and creates dashboards for commonly used views and analyses.

I've blogged a bit about it here: https://sagar.se/blog/where-is-the-money/

page 1
more