See the removed thread for details: https://news.ycombinator.com/item?id=47788857

It's offered as a HA a̵d̵d̵o̵n̵ app for ease of use (makes it a one-click install), but you can also just `pip install esphome` or use the provided Docker image and get the exact same UI, but with everything (including compilation) running on your much beefier laptop.

So your binaries get compiled quickly and you can still do the OTAs directly from your laptop. HA needn't be involved.

This is how I did it, instead of the container or HA OS in a VM.

If you want the simplicity of everything preconfigured, managed, and hands-off, go with HA OS, whether in a VM on a beefier machine, standalone, or the HA Green/Yellow dedicated hardware.

But if you already have a home server and want to add HA, I found just pip installing to be easier than dealing with the container.

Maybe I'm just the silly type that enjoys fiddling with Linux, but I'd argue that it actually makes more sense to install HA bare metal over a container. HA doesn't actually have any major dependencies outside of what pip installs, so setup wasn't any more annoying than via container. And then you never have to deal with container annoyances like passing hardware through to it or weird failures and misconfigurations.

Contrast this with https://frigate.video/, which has so many fragile native dependencies and a super complex stack that trying to install manually is an exercise in futility. I gave up and used the container.

…but there's a giant guaranteed-and-ordered-delivery-sized hole in that argument, which is my point. The article never addresses what you lose when going from TCP to UDP. You can't just swap out your app's TCP-based comms with this and call it a day; you're now entirely responsible for dealing with packet loss, order, and congestion if that's important to your application. Why DIY all that if you could just use QUIC?

Granted I haven't personally tried to run QUIC on embedded hardware, so I can't speak to its weight, but I do see someone did it¹ on an ESP32 (ngtcp2 + wolfSSL), so it can be done with < 300 kB of RAM.

I wonder how much RAM this WireGuard-based approach requires. The implementation here is in .NET, so not exactly appropriate for light hardware either.

Regarding browser support for UDP, you'll never get raw UDP for obvious reasons, but the WebTransport API² gives you lowish-level access to UDP-style (unreliable and unordered) datagrams with server connections, and I believe WebRTC can give you those semantics with peers.

¹ https://www.emqx.com/en/blog/can-esp32-run-mqtt-over-quic

² https://developer.mozilla.org/en-US/docs/Web/API/WebTranspor...

I'd bet that switching your VPN server port to 443 would solve the problem, since HTTP/3 runs on 443/udp.

However, it's definitely not a replacement for TCP in the way the article implies. WireGuard-the-VPN works because the TCP inside of it handles retransmission and flow control. Going raw WireGuard means that's now entirely up to you.

So this might be a good choice if you're doing something realtime where a small number of dropped packets don't particularly matter (such as the sensor updates the article illustrates).

But if you still need all your packets in order, this is probably a bad idea. Instead, I'd consider using QUIC (HTTP/3's UDP protocol), which brings many of the benefits here (including migration of connections across source IP address and no head-of-line-blocking between streams multiplexed inside the connection) without sacrificing TCP's reliability guarantees. And as the protocol powering 75% of web browsing¹, is a pretty safe choice of transport.

¹ https://blog.apnic.net/2025/06/17/a-quic-progress-report/

The Linux HFS+ driver is basically unmaintained, and cannot write to journaled disks. On Windows, the only choice a paid driver. I guess it's fine if you're strictly a Mac user, but it's a real problem if you need to access the disk on another machine. Even if you don't, I still wouldn't trust Apple for long-term support of anything.

Meanwhile exFAT has native support on Windows, Mac, and Linux, and there are drivers for BSDs and others.

So 20 years down the line, you'll certainly have something that can read an exFAT drive without much if any pain, regardless of which platform you're using at the time. HFS+? Who knows.

That said, I'd consider ZFS or btrfs for HDD archival. Granted broad (Mac/Windows) support is weaker than FAT, but at least the filesystems are completely open source. But what really makes them interesting is their automatic data checksumming to detect (and possibly repair) bitrot, which is particularly useful for archival.

Tape.

Obviously extreme prosumer, but for long-term archival of lots of data, LTO tape wins in several ways:

- Discs just aren't actually that high capacity relative to modern HDD capacities. BD XL maxes out at 128 GB, while there are now 30 TB HDDs readily available. That's 240 discs per HDD. Modern LTO tapes store 12-18 TB, or 2-3 tapes per HDD.

- Anything flash-based is a bad choice for long-term storage. SSDs are very fast, but also (relatively) expensive at 15-20¢/GB. Reputable SD cards are in the same neighborhood. Despite the OP redditor's results here, flash is only expected to retain data for 5-10 years.

- Tape is the absolute lowest cost-per-GB you can find of any storage medium. At the moment, LTO 8/9 tape can be had on Amazon for ½¢/GB. Compare with BD-R at 2¢/GB, or BR-R XL M-disc at 15¢/GB. HDDs (spinning rust) are 2-3¢/GB.

- Consider also write speed. LTO can write 300+ MB/s. BD 16x maxes out around 68 MB/s.

- Manufacturers rate tapes for 30 years sitting on a shelf, and it wouldn't be surprising if they still read after 50 years¹. Plain BD-R lasts 5-20 years. M-disc is the interesting outlier, rated 100-1000 years.

Of course, the biggest problem with tape is the drives. While the media is dirt cheap, the drives are crazy expensive. It looks like you can pick up a used LTO-6 drive (2.5 TB tapes) on ebay for around $500. A brand new LTO-9 drive (18 TB tapes) will be $4000-5000.

In terms of breakeven points, a used LTO-6 drive + tapes beats plain BD after about 25 TB. Because of the cost of M-discs, they stop making sense after 1-2 TB. Purely on cost, a brand new LTO-9 drive + tapes doesn't beat used LTO-6 + tapes until about 800 TB (LTO-9 tape is ½¢/GB while LTO-6 tape is 1¢/GB), but there's definitely a point in there where the larger capacity of LTO-9 makes dealing with the physical media a whole lot easier.

So if you're looking for long-term storage for your photo album, a M-disc BD XL is probably a good choice. If you only have a few hundred GB of data, a couple discs + burner can be had for $300 or so, and you can be pretty sure your mom could manage to read the disc if necessary.

But if you're looking to back up your 100 TB homelab NAS, discs are not really feasible. You'll have to spend the next month swapping discs every 25 minutes², and then deal with your new thousand disc collection. Here's where a used LTO-6 drive makes a lot of sense. This is a real sweet spot if you can find a decent drive; all-in you'd spend about $1500 to back up your 100 TB.

This is what I do to backup my NAS — found an old LTO-6 drive and got a bunch of tapes. The drive plugs in to a SAS port (you might need a HBA PCI card, $50), and that's pretty much it. Linux has the drivers built in; it will show up as /dev/st0 and you can just point tar³ at it.

Finally, just to compare with cloud options, storing that 100 TB in AWS Glacier Deep Archive would run you slightly over $100/mo, so you're ahead with your own tapes after little over a year. Oh and don't forget to set aside an extra $8000 for data transfer fees should you ever actually want to retrieve your data lol.

---

¹ eg the Unix v4 tape that was recently found and successfully read after 52 years — https://news.ycombinator.com/item?id=45840321

² Or get a disc-swapping robot, but those run $4000-5000, at which point… you're better off with a brand new tape drive.

³ Thus using the Tape ARchiver program for its original purpose. Use -M to span tapes, tar will prompt you to swap.

Yes, it was called the PC Speaker, and that's pretty much exactly what it was used for. https://en.wikipedia.org/wiki/PC_speaker

It was standard equipment through the (mid?) 90s, and completely independent of the (optional) PCM sound card.

Now PCM sound is built in to motherboards and the PC Speaker long ago faded into irrelevance. Modern motherboards don't even have headers to connect a PC Speaker. Some motherboards will emulate the PC Speaker over the built in sound output, but of course you need speakers plugged in and on to hear those beeps.

CA/B Forum policy requires every CA to publish every issued certificate in the CT logs.

So if you want a TLS certificate that's trusted by browsers, the domain name has to be published to the world, and it doesn't matter where you got your certificate, you are going to start getting requests from automated vulnerability scanners looking to exploit poorly configured or un-updated software.

Wildcards are used to work around this, since what gets published is *.example.com instead of nas.example.com, super-secret-docs.example.com, etc — but as this article shows, there are other ways that your domain name can leak.

So yes, you should use Let's Encrypt, since paying for a cert from some other CA does nothing useful.

Cookies might be useful, but I guess you could do

I'd love to see something to send content hashes (that browsers would actually verify), replacing the obsolete `Content-MD5`. Maybe `Integrity`, matching the `integrity` HTML attribute used in SRI? It could be a header (for static content) or trailer (for dynamic content).

Pretty much every HTTP middlebox (proxies, CDNs, etc) treats HTTP headers as a unit, buffering them up until complete (ie receiving `\r\n\r\n` in HTTP/1 and a HEADERS or CONTINUATION frame with the END_HEADERS flag set in HTTP/2). Once complete, the middlebox applies its logic based on the complete header set, and only then does it flush the headers to the client.

So if you slow-roll your headers, they'll just sit in your CDN's buffer until your time-consuming processing has finished, and only then will the browser see anything (along with the first chunk of HTML), making the whole exercise futile.

This is why the 103 is useful. A reasonable middlebox will pass the 103 along to the client as soon as the header block is complete.

The first paragraph is clear to me. There is a law that allows workers to sue employers. There's a group trying to repeal it. Presumably repeal benefits businesses at the expense of workers. A political compromise has stopped the repeal efforts.

To this native speaker, "headed off" is a perfectly cromulent term: https://books.google.com/ngrams/graph?content=headed+off Even if it's not something you might hear in everyday speech, I'd say it's commonly used in political journalism.

The article itself is written well enough, provides enough background and context to give you a general idea of what's happening without editorializing. In other words, it's decent journalism.

In California, Prop 13 makes real estate tax effectively de minimis (especially if you bought a long time ago), and the higher income tax rates make up for that.

Texas rates are higher and there's no limitation on their growth.

This difference is obscured if you're a renter.

I get it, money is no longer free and VCs want returns, so we've all gotta make a buck, but this is a breach of trust.

I really hate the idea that we're going to need adblock for our editors…

Comments URL: https://news.ycombinator.com/item?id=40378567

Points: 7

# Comments: 3

In this reporter's humble opinion, it's wild how dissonant the narrative about this city is with the reality on the ground. If you ask our relatives who watch too much cable news, they think we live in doom loop hellscape on the verge of total collapse. Yet when we go out and walk around different parts of the city… it's mostly nice. There's plenty of people out and about; it feels like things have recovered from pandemic-era decline.

Of course there are problem areas that do look like the Bell Riots might pop off at any moment, and I really do hope we find a way to address those problems. But the truth is, that makes up a small part of the city, and even in the sketchiest parts of SOMA, the homeless population et al will for the most part leave you alone; it's not particularly unsafe.

Pros: Lots to do. You can walk most places you'd want to go. Weather is always great. If you're in tech, it's the center of the universe, and the place you're most likely to maximize your career options. Plenty of meetups/events for every niche where you can meet people, network, etc.

Cons: Expensive, but that's why the salaries are higher. I'm told that if you're single, the dating scene is a nightmare. Not exactly an easy place for families either unless you've already won the startup lottery. I don't really see this discussed, and maybe it's a little uncomfortable to admit, but there is definitely a degree of having to be able to "make it", and not everyone can.

I'm on the board of my condo building's HOA. 5 or 6 years ago, we passed a rule that requires 50% of units building-wide to be owner-occupied. Once the limit is reached, there's a waiting list for anyone who wants to rent their unit. (Meaning you must wait until an owner moves back in or sells their unit.) There's also a hardship waiver at the board's discretion.

The PE/RE investment firms won't touch units with this rule in place; a unit they can't rent makes no revenue and is a waste of capital for them.

Note that this (or any kind of arrangement meant to discourage these kinds of buyers) gets contentious when someone is selling, especially if they're struggling to find a buyer. We recently had someone who needed to sell quickly, had interest from some kind of firm, but no offers from normal buyers (ie human people) due to the soft market. The firm made an offer contingent on the HOA rescinding the rental rule. We were very much not inclined to do so, so there was a lot of tension until the sellers finally got an offer from humans.

(This is not meant to insinuate that PE firms are run by non-humans. Evidence remains inconclusive.)

Of course, this rule can also spook human buyers, but IME once the details and reasoning for the rule is explained, it isn't usually a blocker.