I am using KVM from Cloudcone (their virtualization software was hacked about a week ago) and I am using RPI4.

Then I need to set up my old website again, which is a pain in the butt. I hard-coded cron and a git-based auto-deployment feature (I think).

You mention rsync which can be fine. But there are tons of other solutions, many that will have snapshot features. I use borg backup, for instance. https://www.borgbackup.org/

Also, look into scriping your server setup with tools like Ansible or PyInfra. There is always the risk that bad things happen to servers, and when you want a new server it's great to be able to spin things up in a matter of minutes. Tools like these are profesional best practices these days.

In fact, if you have a scripted server setup and a server that doesn't collect data itself you may not even need backups. What is there to backup? Just spin up a new server with your scripts and carry on.

I primarily worked on PoC/MVP development where I worked to bring ideas to something barely tangible. And Heroku's free tier decisions meant it was a barrier for developers to develop on their platform. Pay first, develop later. It was like the rest of the industry.

After that, I just exited containerized platform-based application development entirely because convenience and having that weird developer philosophy "I must not pay because I can find a way" was less of a reason than sustainability. For me, containerized application platforms was about POC and MVP. If there was growth then me or the client can pay for the convenience. But if there was nothing, pretty easy to delete the project.

Then I committed to replicating the Heroku experience with a small VPS, backing up via rsync, and moving from PostgreSQL to SQLite. I can even charge clients for hosting (+ maintenance) on my VPS.

I do not know, to me containerized application platforms are limited by commercial challenges rather than technical ones. I see tons of containerised application platforms, but the trust has eroded because of a single company.

I have changed my development facility and laid the groundwork to not commit to these platforms. Sustainability over convenience.

Sure, I understand and respect folks at fly.io, render, railway, and even the open source variants of these companies (Caddy etc.). But there is no sustainability guarantee for these platforms. It was not just about the "free tier", to me it transcends to a philosophical point about building applications in general. Sure, there could be a new era with AI making MVP/PoC development easy through hosting in containerised applications, but that is a tangent point.

If Heroku were doing everything right, there would not be a dozen application platforms out there, but they made mistakes and, in my opinion, made the entire containerised application platform model untrustworthy.

There are only 46 countries listed there. I am not intending to be critical of the idea, but having contact information of government institutions is not an effective way to get things done, in my opinion. And most government websites and contact details are quite accessible because they are centrally built through national IT system and a unified software service (usually). In third and second world country the contact details is usually quite useless. You have to find the right person and sit in front of their office.

The issue with the government contact repository is that it does not connect 'I have this problem' and 'who do I reach out to'. From my experience, you have to invest time in doing research and finding out who to reach out to.

  - Afrikaans
  - Albanian
  - Arabic
  - Armenian
  - Azerbaijani
  - Basque
  - Bengali
  - Bulgarian
  - Burmese (Myanmar)
  - Catalan
  - Cebuano
  - Chinese (Simplified)
  - Chinese (Traditional)
  - Croatian
  - Czech
  - Danish
  - Dutch
  - English
  - Estonian
  - Filipino
  - Finnish
  - French (Canada)
  - French (European)
  - Galician
  - Georgian
  - German
  - Greek
  - Gujarati
  - Haitian Creole
  - Hebrew
  - Hindi
  - Hungarian
  - Icelandic
  - Indonesian
  - Italian
  - Japanese
  - Javanese
  - Kannada
  - Konkani
  - Korean
  - Latin
  - Latvian
  - Lithuanian
  - Macedonian
  - Maithili
  - Malay
  - Malayalam
  - Marathi
  - Nepali
  - Norwegian (Bokmål)
  - Norwegian (Nynorsk)
  - Oriya
  - Pashto
  - Persian
  - Polish
  - Portuguese (Brazil)
  - Portuguese (Portugal)
  - Punjabi
  - Romanian
  - Russian
  - Serbian (Cyrillic)
  - Sindhi
  - Sinhala
  - Slovak
  - Slovenian
  - Spanish (European)
  - Spanish (Latin America)
  - Spanish (Mexico)
  - Swahili
  - Swedish
  - Tamil
  - Telugu
  - Thai
  - Turkish
  - Ukrainian
  - Urdu
  - Vietnamese

I'm glad the name of my native language is written correctly. In many cases, people say "Farsi", which is offensive to many Iranians because it's the Arabic version of the word "Parsi" (unlike Persian, Arabic doesn't have "p", "g", "ch", "zh").

It's like someone calling English "Anglaise" because that's how the French say it.

PS: Contrary to common belief, Persian and Arabic are totally different languages, though they have borrowed words from one another (think English and French). Persian is an Indo-European language whereas Arabic is Aramaic (same roots as Hebrew).

That is the case for some other languages, though. We call the language German rather than Deutsch because Germani was the Latin name for tribes in the area, for example.

Or native names get modified too -- in English we don't call it Espanish, just Spanish, even though it comes from español.

The names of languages in other languages tend to get modified in tons of different and random ways for lots of reasons. Is there really a reason to take offense at it?

It doesn't bother me that Italians call me an americano instead of an American. It's just a letter change. So why is it so bothersome that it's called Farsi rather than Parsi? Can't the change from "p" to "f" be seen as an interesting historical quirk, due to the fascinating effect of Arabic on European languages in the Middle Ages? At the same time that we got Arabic words like "algebra" and "alcohol"?

Wikipedia says Farsi should be avoided in Western languages, but what about others? Persian is called Farsi in Indian subcontinent due to the deep historical connections we share. We have proverbs saying Farsi is the sign of a learned person etc.

And TIL I learned that Aramaic replaced Hebrew in Judea because the Persian Empire maintained Aramaic as the official administrative language, and Jews brought it back, coming back from the Babylonian captivity.

I’m also quite curious about the sounds of “ch” and “zh” which exist in Arabic as ش and ج, or did you mean something else?

"zh" is written as "ژ" in Persian (sounds like bourgeoisie in French).

In Arabic[1], there are two close phonemes: `/dʒ/` for `ج` and `/ʃ/` for `ش`

The difference in both phonemes is minimal and are practically affricates[2] of each other (where `d` or `t` can precede a `ʒ` or a `ʃ`), so it seems these sounds are present in both Arabic and Persian.

These variations are also within the dialectal distribution of either languages. For example `ج` is pronounced `/dʒ/` in Algeria and `/ʒ/` in Morocco.

0: https://en.wikipedia.org/wiki/Help:IPA/Persian

1: https://en.wikipedia.org/wiki/Help:IPA/Arabic

2: https://en.wikipedia.org/wiki/Affricate

You have to scroll down a couple pages' worth before you even realize this might be SO long you need to collapse it. So then you've got to scroll back UP a couple pages, find the teensy [-] link...

It's enough to just post the link to the list of languages. The list itself doesn't belong in a comment here, when it's that long.

In fact, they should have done that a decade a ago.

Mozilla has been around since the late '90s and should have evolved beyond just being a browser company. They launched a VPN service when VPNs were already everywhere, and they did the same with a bookmark manager when others were already offering similar solutions. Mozilla is always catching up, never leading, and that's a common issue with many big open-source and free software companies. They often pretend to be a business that isn't heavily propped up by big tech donations.

If I were leading a browser company, my focus would have been aggressively directed towards small business software. I’d create an internet and privacy-focused affordable minimal business software suite that lives within the browser — a combination of Proton and Zoho. And I’d strongly avoid building things that should be browser extensions.

I haven't worked on these types of projects for nearly two years now. Folks I know use Retool or Softr with an API connectivity platform like Portable, Pipedream, or Zapier. If you're staring at a spreadsheet on a daily basis, the next step should be looking into an app builder combined with an API connection platform.

It's so damn complicated in Google sheets. In MS Excel I could simply make a pivot chart, apply any aggregation on days/weeks and be done with it. But with Sheets I had to make a new aggregate column, filter data in another new column, and make a chart on that.

Your comment does explain that API is why they export to sheets and not excel but Google sheets is way behind in ease of use.

In excel I would not have to do any of that.

Things like drilling through, filtering/slicing, and then generating a graph, all in SaaS without having to run anything local.

That said I don’t see a huge risk here, unless combined with lots of other data. Would probably avoid though.

Most big tech companies very rarely/never let a human review private customer data. Therefore I'm fine handing all the data over to big tech companies.

I don't really understand any other point of view - if you're worried about a machine seeing your private stuff, why did you type it into a keyboard in the first place?

Who owns that machine is important though. I don't mind putting my card details in via my phone to buy something because there's a level of trust in the whole system (it's my phone, I have a level of trust that google is not going to steal my card details via android, and a level of trust that the shop is legit and will process my order.)

If some random person off the street asked me to type my card details into their phone that's a very different ball game as I don't inherently trust them.

This isn't true. Google and Apple and others turn over user data to human analysts at NSA and FBI and others without search warrants all of the time, on hundreds of thousands of user accounts per year.

To be fine handing all the data over to big tech companies, you have to be fine handing all of the data over to US federal cops and intelligence services, too, because that's what giving the data (in non-e2ee form) to big tech means.

(Mind you; this includes device location histories due to geoip logs, unique identifiers, iMessage histories, photos, documents, everything.)

The cases they are allowed to tell you about aren’t in this category. They aren’t even allowed to say exactly how many of the secret warrantless orders they received, or exactly how many users were affectee, only 500-count ranges.

For just Apple, for just January 2023 to June 2023 (six months):

National Security - FISA Non-Content Requests

Table for National Security - FISA Non-Content Requests Data

Requests Received 0 - 499

Users/Accounts 40,500 - 40,999

National Security - FISA Content Requests

Table displaying National Security - FISA Content Requests

Requests Received 500 - 999

Users/Accounts 50,500 - 50,999

National Security Letter Requests

Table for National Security Letter Requests data

Requests Received 0 - 499

Users/Accounts 1,000 - 1,499

National Security Letters where Non-disclosure Order Lifted

0

I encourage you to read it for yourself:

https://www.apple.com/legal/transparency/us.html

These are not equivalents, nor are they similar. FISA = Foreign Intelligence Surveillance Court / NSL = National Security Letter.

If a person is the target of the FISA system, there most certainly is probable cause.

National Security Letter is a gag order, given by the intelligence community, in order to protect national security.

Again, if you or your organization receives one of these, there most certainly is probable cause.

These systems may be detestable, but there's no need to make things up.

This has been well documented in the press following the Snowden disclosures. It’s called FAA702 or PRISM.

You put orders in quotes, but that’s what they are called, because it is illegal and inaccurate to call them warrants, because warrants per 4A are issued only upon probable cause. FISA orders are warrantless and do not require probable cause.

Snowden was very clear when he released the data on FAA702. No probable cause is required. They are not warrants. There is nobody in the room except a government petitioner and a government judge who rubber stamps them.

They are the #1 most used source in the US IC, and they make it possible for the FBI and DHS et al to read all of your gmail, all of your google docs, and all of your iMessages and phone photos without so much as a shred of criminal wrongdoing.

The idea that they are used only for foreign surveillance is patently false. There is ample hard documentation (again, thanks to Snowden) that they routinely use these to spy on americans. Their twisted logic is that if the data is replicated outside of the US (to say, a datacenter in Europe) then they are legally permitted to access it under the way the unconstitutional FISA Amendments Act (Section 702) is written.

Orders authorizing foreign intelligence surveillance purposes under FISA are warrants, and are often called warrants, and they, like all warrants, are issued only on probable cause. (It is not improper to call them “orders”, and they are often referred to that way, as well, it is just less specific; all warrants are [court] orders, but not all court orders, much less all orders more generally, are warrants.)

https://bja.ojp.gov/program/it/privacy-civil-liberties/autho...:

—quote—

Subchapter I of FISA established procedures for the conduct of foreign intelligence surveillance and created the Foreign Intelligence Surveillance Court (FISC). The Department of Justice must apply to the FISC to obtain a warrant authorizing electronic surveillance of foreign agents. For targets that are U.S. persons (U.S. citizens, permanent resident aliens, and U.S. corporations), FISA requires heightened requirements in some instances.

* Unlike domestic criminal surveillance warrants issued under Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the “Wiretap Act”) , agents need to demonstrate probable cause to believe that the “target of the surveillance is a foreign power or agent of a foreign power,” that “a significant purpose” of the surveillance is to obtain “foreign intelligence information,” and that appropriate “minimization procedures” are in place. 50 U.S.C. § 1804.

* Agents do not need to demonstrate that commission of a crime is imminent.

* For purposes of FISA, agents of foreign powers include agents of foreign political organizations and groups engaged in international terrorism, as well as agents of foreign nations. 50 U.S.C. § 1801

—end-of-quote—

Imagine there are whole countries out there where income is public and accessible to anyone ;)

I'm still trying to rewrite it as a self hosted web app this year because the aforementioned permissions glitches and the difficulty of doing versioned deployments has made me reluctant to continue relying on google, but overall sheets has been a huge boon and we have gotten years of use out of it.

Brilliant for knocking up very simple internal tooling off the back of a Google Sheet. Most importantly, there was zero fucking around with IT on it, as it was already included in our workspace package.

Supabase is free and checks all the boxes in addition to having auth, vector search, logs, security, and not being ... Google

Whenever I see articles like these and comments like yours, I can't stop thinking about that meeting.

Edit: to clarify, I am not accusing you of anything. But I do suspect the article to be part of a Google marketing campaign.

I have nothing against Google Sheets, I really haven't put much thought into it in this context, but I would need some convincing that it's a better and easier way to kick things off.

If you want others to interact with it, you need to expose it to the internet through some means and think through the security implications of doing so.

The Google Sheets approach doesn't need you to manage a process or web server. It is instantly shareable while letting Google worry about security, performance, availability, etc.

The specifics of the "what's better?" ratio can shift depending on comfort level / experience with either product, or what infrastructure you may already have available to deploy to. But building on top of GApps does mean you get a lot of useful aspects "free".

You can just query a database and work with the results directly . In a dynamic language like python there is little advantage to loading rows into classes. That Django query language is so painful and opaque.

these 2 tools is great for easy/fast prototype various project and honestly its kinda hard to replace

In small business accounting, I have a persistent need for a FileMaker Pro like solution for invoices. FMP was conscious of on-screen layout and print.

ReTool has been recommended as similar replacement for FMP but they don’t have the idea of creating print-ready documented receipts and invoices. You don’t even need to print it, you just need to keep it for the IRS.

I love the idea of using Google Sheets and turnkey app building apps. But I still need documentation.

You'd think. I don't know what Claris did last week, but when I last dived into this small pool about 12 months ago their license + hosting was something like 2k/year (looking now it might have gone down, or their pricing page is hiding the fees?). Add on top you need to develop, maintain, support your project. These costs are not insignificant for a "small business"--and by the SBA definition my clients are in the bottom 2-18% by employee (size) & revenue.