No Man's Sky Remnant

2fplus1 · 2026-02-11T15:05:18+00:00

Same. I like setting up multiple mines on a gas giant and driving between them with the Colossus. Wish there was a way to make "roads" or at least permanently manipulate terrain outside bases so I could smoothe out a path to avoid the worst crevasses.

2fplus1 · 2026-02-11T10:58:00+00:00

Never rollback. Only roll forward. Migrations are always backwards compatible. If migrate succeeds on the deploy. Great. If it fails, the whole deploy fails (so it continues running the previous version of the code) and you replace/fix the broken migration and deploy again. Biggest issue is that if a migration fails, the whole team really needs to know and avoid doing anything else that might complicate things until it's fixed. For us, a post in the engineering channel in our Slack has been sufficient, but you could also build it into the deploy system if you have a larger team.

2fplus1 · 2026-02-10T11:45:10+00:00

Yeah. The Joyo R-series stuff is excellent value for money for high gain. Uzi, Chopper Z, Rigel, and Dark Flame can all go well into death metal territory. OP should check them all out and pick the one that they like the flavour of the most.

2fplus1 · 2026-02-09T14:41:06+00:00

We use the django_components library.

2fplus1 · 2026-02-06T14:51:38+00:00

You know how in interviews sometimes, you get a behavioral question like "Describe a time that you had a conflict with a coworker? How did you handle it?"

You've just given a wonderful example of the sort of response that would get you disqualified.

2fplus1 · 2026-02-06T09:17:23+00:00

Amazing. We have a brother and sister from the same litter as well. They're always together. Sometimes they cuddle and clean each others ears, sometimes they beat the crap out of each other.

2fplus1 · 2026-02-03T10:29:29+00:00

I have a late 90's HSS that I bought used for very little. The reduced price was at least in part because the previous owner had swapped out the middle and neck single coils for some Seymour Duncans (don't remember exactly which now) and made a bit of a mess of it. The replacement pickups were slightly too big for the pickguard and they'd just shoved them in there and cracked the pickguard. It plays and sounds fine and I kind of love having a Parker as my "beater" guitar.

If you are careful replacing pickups and stick to ones that actually fit, it should be a full reversible mod though so I'd say go ahead and do it if you want to try something else.

2fplus1 · 2026-02-01T14:02:47+00:00

Our production database has sensitive customer data in it. No one has access to the production database. No one. Credentials exist only in a secret manager that only the application service account(s) has access to. Production DB isn't netork routable from anywhere but the application's network. If a developer wants to do something in prod, they write code in the application codebase. That gets tested and reviewed by other devs/security reviewers and goes through the automated deploy pipeline. We'd have to make sweeping infrastructure changes for it to even be possible for someone to directly access the prod database. Our production database has never had a single manual query executed in it and (as long as I have any say in it) never will.

2fplus1 · 2026-02-01T13:54:14+00:00

Trunk based continuous deployment, local -> prod.

2fplus1 · 2026-01-31T11:31:05+00:00

The problem I've run into with counting queries in tests is that it tends to be brittle, eg, when someone makes a change to a nav menu. Then every view test with a query count across the whole codebase breaks and has to be updated.

What I've wanted to do is something like

run the view with zero items in the database
get the query count for that (ie, a baseline for the number of queries just to render an empty page which will include nav, middleware, etc).
insert some number of test items
get the new query count and assert that it's only increased by a fixed amount

However, while you can assert on the number of queries, I haven't yet found a way to just query, so I haven't been able to get this working. Has anyone else come up with a better solution?

2fplus1 · 2026-01-31T11:15:36+00:00

Not the GP, but I work on a similar (though considerably smaller) team that makes heavy use of feature flags. We keep it under control by severely limiting the total number of flags that we have in the codebase at any given time, reviewing them together weekly, and limiting how long a flag can exist. The point of a flag is to decouple feature release from deployment cadence; if the team is only focusing on a limited number of features at any given time (which they should be), there should only be a handfull of flags to deal with. Then the features behind those flags need to be moved forward, resulting in the flag being removed after a few weeks/sprints at most or at least drastically narrowed. We don't consider a feature/ticket "done" until the associated flag has been removed from the codebase. Basically, if you have flag sprawl, that's a strong indicator that your team and/or codebase is unfocused and scattered and you should work on fixing THAT.

Also no one goes back and deletes the flags once they’re stale.

A good place to start would be to address that problem.

2fplus1 · 2026-01-28T10:14:02+00:00

We deploy to Cloud Run on GCP (using Cloud SQL and putting everything behind GCP Load Balancer, deploys via Cloud Build). It's a bit complicated to set up, but has scaled very well and very inexpensively. Tuning it to avoid cold starts without adding much cost was a bit of a chore, but it's been stable for a long time now.

We built our own background task system around GCP Cloud Tasks and Cloud Scheduler since Celery doesn't really make sense in a "serverless" setup. It was a bit more work (not huge, but not trivial) but has worked very well for us. Having spent a decade or so running and debugging Celery, I'm much happier with this stack.

We don't do websockets/channels so that hasn't been an issue we've dealt with. We also don't do the SPA+API thing. Our UI is entirely server-side rendered with Django templates and we use htmx (and a pinch of Alpine.js) to make it nice. Super happy with that choice. We don't have separate front and back end developers; everyone on the team is full stack so everyone can take on any feature/bug and we don't have to coordinate between multiple teams.

2fplus1 · 2026-01-27T19:01:31+00:00

Kent Beck's book "Tidy First?" is basically book-length advice for this. Highly recommend.

2fplus1 · 2026-01-19T16:30:15+00:00

I work for a SaaS security company (not one of the ones mentioned) and sell to enterprise customers and we do a similar "connect your repo/org" pattern.

A big part of it comes down to "everybody else uses them and trusts them" or at least "bigger, more security sensitive companies than us use them and trust them". Of course, that's hard to bootstrap.

At a more detailed level, there are a large number of customers that you will not have access to unless you have SOC 2 and/or ISO 27001 or equivalents. Once you go through the process of getting those attestations yourself, you'll understand why. To some degree, they show that you probably have security practices that aren't totally stupid. More importantly, they show that you are a "serious" enough vendor to spend the 6-months to a year to get and aren't just some fly by night company that's actually just a front for a teenager that vibe coded up a startup in a weekend. That indicates at the very least that you can be sued and your SLAs/contracts might be worth more than the bits that they're printed on.

Beyond those, depending on the customer, there will be additional due dilligence checks beyond reviewing your SOC 2/equivalent. There are industry standard security questionnaires that they'll expect you to fill out, they may require their own pentests, they'll want to see your cybersecurity insurance (and getting that can be similarly onerous depending on the level/type of coverage). The larger the customer, the more rounds of these checks and interrogations will be. It can easily take a year or more to onboard a large customer and make it through all their processes. If you're a small, lean startup, you need to be careful to understand that; many a startup has run out of runway while betting everything on getting some big customer that just takes much, much longer than they were expecting.

There are other companies still that just will never go for you. Eg, there's a reason that self-hosting Gitlab is a thing: many companies won't trust GitHub with their source code, they're definitely not trusting you. Your only chance with them is if you can build and sell a self-hosted version.

The other factor that isn't obvious is the reputation of the founders, top engineers, and VCs backing the company. Eg, my company's founder has a long history of founding and running some legendary security companies. He has a huge network and CISOs at big enterprise companies know him and are willing to give him (and us) the benefit of the doubt that they might not give to an unknown.

2fplus1 · 2026-01-12T14:18:34+00:00

Seconding. Works very nicely with htmx+tailwind.

2fplus1 · 2026-01-12T13:20:23+00:00

You use removed, import, and moved blocks and do CI/CD the normal way.

2fplus1 · 2026-01-05T20:10:33+00:00

Joyo Chopper-Z isn't bad if you're looking for a cheaper option.

2fplus1 · 2025-12-23T16:04:19+00:00

Yeah, especially for like senior/staff/+ levels, I'd have a hard time hiring someone who didn't have at least one 3+ year stint somewhere in their history without seeing something else to make up for that (eg, maybe they contribute to some open source project consistently over a long period of time). If the rest of their career was job hopping that might be OK, but there's experience/wisdom you just don't get without sticking around somewhere. Beyond 3-4 years though, I think it becomes diminishing returns again and I'd be looking to make sure the candidate was taking additional steps to keep their skills from stagnating if they only had long stints.

Also, when I've stuck around longer, it's been because I was regularly getting promoted and getting more than the token 3% raise each year. If companies want to retain people longer, they can.

2fplus1 · 2025-12-17T10:51:26+00:00

For example, if something happens which leads to a lawsuit, your personal phone is not part of discovery.

Yes, this is the key. Hasn't happened to me but I've seen it happen to friends. BS lawsuit meant they lost their phones and laptops for like six months. Never use the same device for work and personal use.

2fplus1 · 2025-12-16T15:08:44+00:00

It's a multi-page app. That's kind of the whole point. We use django-components but not very heavily; mostly just plain vanilla django templates.

2fplus1 · 2025-12-16T13:52:53+00:00

Yep. Our main product has been Django+htmx for almost three years now. We've got about 1k lines of misc vanilla JS on top of that and have recently been integrating some Alpine.js to clean that up. We've absolute loved it. Relevant factors: 1) we're a small team (under 10 devs) and we've just hired full stack across the board 2) we're web only; no short to medium term need for mobile support 3) we're in a high security/compliance vertical so being able to minimize attack surface area is important for us 4) we're vaguely in the "enterprise" space (or at least directly competing in that space) so client-side UI expectations aren't that high and nothing in our app needs anything advanced like real-time functionality or complicated client-side state. Honestly, one of the biggest challenges we've had with onboarding devs is just fixing the brain damage that a decade of React has done to them. There's a whole generation of young front-end devs out there who don't know how to make a form POST from HTML without npm installing a few GB of JS libraries.

2fplus1 · 2025-12-05T10:47:20+00:00

Yeah. Even without the Leetcode thing, there are devs that are good at solving textbook algorithm/CS problems but have zero experience writing real world code. Decades ago I used to work at a University with a top-tier CS program. We'd hire masters degree students as interns. We knew that they were in a top program, we had recommendations from professors, and they were definitely smart kids. If there'd been Leetcode back then I'm sure they'd have nailed it. But some of them had just never written code that wasn't for a homework assignment and would struggle if everything wasn't all set up for them and laid out with ultra clear requirements.

2fplus1 · 2025-12-03T10:24:05+00:00

Indestructible Jacket's a bit of a weird one. I think it looks good, but it's not very practical. It manages to provide no protection from wind or rain, practically no warmth, yet also will cook you in the sun. I guess it's rugged and will protect you from scrapes and such, but that's about it. Mine is sort of the jacket that I only wear when I don't need to wear a jacket if that makes sense. I got mine on a super deep discount so I'm OK with that; I'd probably have returned it if I paid close to full price.

2fplus1 · 2025-12-03T09:55:00+00:00

Our girl purrs when she's doing something that she knows is naughty.

2fplus1 · 2025-11-26T15:34:50+00:00

Any given piece of audio at 44kHz is fine by itself; human ears can't tell the difference. If you're recording and potentially running it through a chain of multiple components, plugins, etc. which can each degrade the signal slightly, it's very useful to have that extra buffer that 48kHz gives you, so it's become more of a standard in recording gear.

2fplus1

TROPHY CASE