1. 6

    This is more than just software, but I’d love a scanner on my fridge/pantry that I could scan all my food into.

    Then I could see what is in the fridge, and, more importantly, what’s about to go bad, without looking through it.

    It’d also make making a grocery list a snap, since a big chunk of my food is staples.

    1. 2
      1. 1

        Oooh, thanks!

      2. 2

        Does this mean a check-in/check-out system? I guess for the scanning part nobody can help you with physical setup… But you can attach an Android smartphone with Binary Eye or something, scan everything incoming, and enable «forward all scan data to URL» with whatever you have around to receive and collect the data.

        I guess you could scan receipt before and after each batch of bought things to show these are incoming, and have a different marker to scan with things running out.

        Sounds like the receiver might be a reasonably simple script pushing everything into an SQL database — or doing nothing, if you prefer parsing the logs. Maybe having webserver logs with data would make getting around to actual processing easier…

        (of course, good luck with loose fruit here)

        1. 1

          Yes, check in check out. I wouldn’t mind doing the scanning, frankly. I guess I would have to scan things going out.

          Yes, loose fruit or cooked items would be problematic.

          1. 2

            Then maybe indeed install Binary Eye and start scanning? Once you have some data, the barrier of entry to actually processing it will become lower… (and even if unprocessed data doesn’t help you find expiring items, it will later help you estimate the range of consumption rates of various items)

            Cooked items are kind of less of a problem, as once you have a barcode for each rought type (which can be Data Matrix or something — yay multiformat scanning), the overhead of check-in/check-out is not large compared to cooking. I guess for fruit you could check-in each batch…

      1. 5

        I am writing regularly on a blog aimed at helping new developers: https://letterstoanewdeveloper.com/

        I write/edit for the FusionAuth blog: https://fusionauth.io/blog/ and elsewhere on that site. (By the way, we’re looking for guest bloggers, contact me for more info.)

        I write less regularly at my personal blog: http://www.mooreds.com/wordpress/ but am proud that it turns 16 this year.

        1. 1

          Re: WordPress vs SSGs from your blog, I just caught up with a programmer friend and we spent an hour discussing the state of the “market” for open source CMS options. He had recently re-done a site in Jekyll and we were marveling at how much Jekyll is a “Just Works” technology – an unfussy, usable, and fast SSG. I was comparing that to a static site generator I had built atop Flask in Python, which I wrote about earlier on this site. And then I was sharing what I learned ever since my team migrated away from that “home grown” SSG, very much inspired by Jekyll, and to GatsbyJS, which is a much more complex project. It makes the developer experience better for frontend-oriented developers/designers, but is also just so bizarrely complex at build-time.

          We were also lamenting the degree to which the market of open source WordPress alternatives is pretty gnarly and poor: that is, things like NetlifyCMS, Sanity Studio, Strapi, Ghost. And how much “total system” complexity is generated from wanting to use a static site generator together with services like Forestry, Forestry Instant Previews, Netlify Build, Netlify Large Media, Gatsby Preview, and the like.

          1. 2

            Great comments. I’m using Jekyll at $JOB and finding it quite enjoyable. It actually has echoes of rails for me. Lots of additional functionality able to be snapped right in. Seems like some of the community has moved on to things like Gatsby, but there’s a lot that just works.

            Totally agree that wordpress uses up most of the air in the room when it comes to the CMS experience. Even Drupal has been hurt by that, and I’m not sure what chance an open source CMS has. Probably similar to a open source office suite–MS Office is “good enough” and “known enough”, just like Wordpress.

        1. 8

          I’m not writing yet, but I was thinking about writing something longer on the question of whether or not computers can still be considered “liberating”, or if they have practically become means of control. Mozilla’s recent layoffs motivated me to re-think this subject again.

          I was thinking about looking into parts of Ted Nelsons Computer Lib and other writers from that strand, early texts on software freedom, as well as early commentary on the internet (Hackers Manifesto. I remember there being something on that topic in Curtis’ HyperNormalisation, so that might be worth re-watching.

          Does anyone have any other material, pro or contra that’s worth engaging with? I’m leaning towards answering my question with a “No”, but I wouldn’t want the conclusion to seem too easy.


          Meta: I think the thread title should be changed to something along the lines of “What are you currently writing”, to avoid that the thread misses it point. It shouldn’t be a “Share your blog”/self-promotion kind of thread, or just saying what you are writing, without any reference, and the title should make that clear.

          1. 2

            You may want to try out Ursula Franklin’s book “Real World of Technology” which discusses prescriptive tech and control. Changed how I think about technology generally, not just computers.

            There’s a summary of her views on the topic at https://fampeople.com/cat-ursula-franklin_3

            1. 1

              Looks interesting, thanks!

            2. 1

              Fair point, I wasn’t sure what level of detail was expected. So this thread is about “what specifically are you writing right now”?

              1. 3

                It’s about getting help/helping others write, or that was at least the idea. Perhaps a template for top-level comments could help?

              2. 1

                It’s a fascinating topic. I wrote a post about this a few years ago, in the context of the rise of cloud services and decline in importance of F/OSS desktop software: Cloud GNU: where are you?

                “HyperNormalisation” is a very thought-provoking film. You should also note that he really expanded on the “techno-utopia” strain of history of the early web (which, if I recall, was only briefly covered in “HyperNormalisation”) in his earlier TV series, “All Watched Over by Machines of Loving Grace”.

              1. 4

                Automate with a linter/formatter or GTFO.

                Every junior developer should be demanding this and it should be their first pull request if they know how to set it up when they encounter a code base that does not have it.

                1. 12

                  I would encourage junior developers to consider not making a bombastic splash as their first commit. There is value in appreciating the culture you’re entering before trying to take charge, and you get exactly one chance to make a first impression.

                  1. 5

                    I was just talking to someone who said you should treat the people showing you a codebase just like you would a tour guide of a new city you are exploring.

                    Questions? Kind comments? Fine.

                    “You should do it this way, because that’s how we do it in New York City”? Probably not going to be received well, or even heard.

                    (I pick on New York City because of a childhood watching salsa commercials: https://www.youtube.com/watch?v=vbp9UrwC-mI )

                1. 10

                  I appreciate the sentiment of not trying to change a code base’s well-established and consistent style. However as a manager, the deference to more “senior” developers/managers/Apple/Microsoft in this essay is not a desirable trait in a new teammate.

                  Good junior engineers ask good questions that reveal blind spots that “senior” engineers and managers have long had. Thoughtfully and tactfully press issues and ask questions, junior folks. Everyone more senior than you have more blind spots than you can imagine. But also know that senior folks will often hide behind the shield of their seniority, and you should know when they’re putting it up. If possible, avoid those people. If it’s not possible, hone your tact and use a different angle to make your case. These skills that some people call “soft skills” will get you very far in your career.

                  1. 11

                    Good junior engineers ask good questions that reveal blind spots that “senior” engineers and managers have long had. Thoughtfully and tactfully press issues and ask questions, junior folks.

                    Good point. It’s a line to walk. You have to choose what battles to fight, however. I think, for example, questioning which data store is a good fit for a greenfield application is a better way to spend your effort (as a new dev) than tabs/spaces.

                    1. 1

                      Indeed!

                  1. 7

                    I’m not even convinced that inconsistent style warrants discussion. Is there any evidence that mixed-style code is significantly harder to read? I think compared to things like good documentation and naming whether it’s

                    void frobnicate(foo* bar) {
                    ...
                    

                    or

                    void frobnicate(foo* bar) 
                    {
                    ...
                    

                    isn’t going to slow me down at all.

                    Either way, automatic reformatting is indeed probably be a good solution.

                    1. 20

                      I personally disagree — inconsistently formatted code causes me significant distraction. Yes, even braces on the “wrong” line.

                      I mostly wish that weren’t the case, of course. OTOH, though, if that part of my brain were “fixed”, it seems likely it’d reduce my ability to be the “details person” on my team that catches all the little typos/subtle logic bugs before they ship.

                      1. 4

                        I think it’s less in the example you give (which is pretty straightforward) and more calling out something like this:

                        void frobnicate(foo* bar)  {
                           if (abc) 
                           {
                               } else if (def) {
                           if (ghi) {
                               }  
                           }
                        

                        If you have enough indentation, I find it confusing.

                        1. 4

                          I agree. Ultimately it’s a non important detail. We all have preferences and different styles have their advantages and disadvantages. Hence the reason they exist. I’ve seen this taking 25-75% or the effort and time put into reviewing code. Often above 50%. Whatever importance this has, it is tiny when compared to what the code actually does, regardless whatever style it is written in.

                          1. 3

                            Is there any evidence that mixed-style code is significantly harder to read?

                            Speaking as someone who actually has worked on code with inconsistent formatting … not really, no. Usually.

                            On one project I worked on, each developer largely kept to their own directories, so everyone just kept to their own preferred style. Later in the project, though, we all finished the main work and started venturing outside of our little fiefdoms to fix bugs and whatnot. I would painstakingly write in the formatting style of whatever file I was in, at first, but then I noticed that nobody else seemed to be doing that, and over time you would see more and more places where the formatting style would abruptly shift for five lines. I found this deeply ugly, but apparently it didn’t bother the others enough to stop doing it. (Indeed, one engineer joked that it provided an instant fingerprint of who touched the code last, without having to look at version control.) So, it was annoying to me, but it didn’t really slow down comprehension.

                            However, another project I worked on was run by a bunch of novice engineers with no consistent style. One day I wasted a bunch of time trying to debug a very long function before finally realizing that, through the course of modifying the code, the indentation had gotten out of sync with the braces depth, meaning that the end of an if block was actually dozens of lines off from where I had been reading. Only the lack of a consistent style (and primitive text editors) made such a glaring mistake possible.

                            So, I’m more inclined to say: it doesn’t matter, until it does.

                            1. 3

                              For me, it’s like reading a novel vs a variety of websites with different styles. I can surely get through either, but the former’s consistency reduces my effort significantly.

                              1. 3

                                Agreed. A sufficiently advanced code base will contain not only mixed formatting but mixed programming styles. Some parts will favor composition over inheritance, another might’ve been written in a semi-functional style.

                                Yet other parts of the code will have been written at a time when certain language features weren’t available, like Java Collections or unique_ptr. It’s your job to read and understand all of them.

                                If inconsistency is something you can’t tolerate, then you’ll have a long and unproductive career ahead of you. Maybe programming isn’t the right job for you?

                                1. 2

                                  I agree it’s a small thing, but it’s the principle that’s important.

                                  Consistency only works if you’re consistent with it. :)

                                1. 3

                                  I am one of the authors of this - let me know if you have questions.

                                  1. 1

                                    This is a bit pedestrian, but did I tag this correctly? The domain is a bit outside of my expertise.

                                    1. 2

                                      I’d probably tag it unix, hardware, security, compilers, and maybe freebsd as well.

                                  1. 1

                                    Unfortunately the latter example uses the password grant, but still a nice explanation of OAuth and what libraries can do to help make things clearer.

                                    1. -1

                                      What is even a select? This is a pretty overloaded term. For me, someone not living in the webdev bubble it is most likely SQL, and what makes it custom? Custom select doesn’t make sense at all… after all every query is custom. So I click (tap actually), to feed my curiosity, to let me know what a custom select is. I don’t know it from the page, but a ranting kid tells me I don’t want it, it is a bad idea. Colors, no way to scroll on my phone. Maybe the grail of knowledge is somply offcreen, but I’ll never reach it. Guess it has to do with Fortnite… based on the colors. So I press back, and see the web tag on Lobsters, and it finally clicks. A webshit talking about HTML, without giving context on the page, but styling it to terrible colors. Typical.

                                      1. 6

                                        Please refrain from using pejorative terms like “webshit” for other developers.

                                        1. 3

                                          Sure, I should have hidden this piece right away, instead of documenting my impressions.

                                          1. 3

                                            It’s possible to express opinions without being a jerk, you know.

                                        2. 1

                                          Ah, sorry, I should have added a bit more context in the post description. Fish in water syndrome strikes again. My bad.

                                        1. 2

                                          Why should I use this instead of Pygments?

                                          1. 3

                                            Rouge appears to get the highlighting of #RetVal correct in their ArmAsm example - Pygments mislabels it a comment. And in the SQL example, Pygments labels the user selector a keyword - although this is semi-understandable because user is a reserved word but things like MySQL will (at least used to) absolutely let you create a table called user.

                                            1. 2

                                              If you are using ruby would be the main reason, I think.

                                            1. 2

                                              I’d add don’t use rails if you’re not developing a REST based API, rails graphql support is a Frankenstein.

                                              1. 1

                                                Aren’t REST and graphql mutually exclusive?

                                                1. 2

                                                  You can have Graphql as an endpoint in an application without using it for everything. on Rails you usually add graphql as another controller, that renders a Graphql Schema.

                                                  That said — I really don’t like how GraphQL works in Rails, so in a well designed system it probably should be mutually exclusive.

                                              1. 3

                                                What’s the point of posting this here? Why is this code of ethics worth me spending (at least….) several minutes to read through it?

                                                1. 1

                                                  Heya, I thought it was a useful thing to consider as a developer.

                                                  As mentioned here: https://lobste.rs/s/nrwvqc/code_i_m_still_ashamed_2016 we’re often the implementors of code that may or may not be morally appropriate (as defined by your own set of morals).

                                                1. 8

                                                  I am compelled to drop in Stephen Ball’s Deliberate Git video every time commit messages come up. It’s been 7 years since he presented that talk at Steel City Ruby 2013 and I still show that video to interns, early career folks, and new team members of every vintage at least once per year if not more often.

                                                  1. 4

                                                    I actually work with Stephen now, and the quality of our git commits has gone up tremendously!

                                                    1. 2

                                                      Yeah, that’s what I immediately thought of. It’s a great video and I probably need to rewatch it.

                                                      1. 1

                                                        Thanks, I’ll give it a watch.

                                                      1. 8

                                                        I am not sure I agree with a blanket „write good commit messages“ advice, which doesn’t precisely delineate the context when it is and is not applicable.

                                                        Empirically, for the code I’ve been writing during the past few years, good commit messages never really helped me. As a result, i rarely go past the summary line (representative sample of commits). The reason for that is that a rarely use fit history, and when I do, the changes are usually self explanatory.

                                                        What I do find useful for me is doing really tiny commits, and constantly cleaning up small things. And spending time thinking about commit messages in this context is somewhat counter productive.

                                                        1. 1

                                                          This is a good point; like any blanket advice it won’t apply in every situation. I have found it useful when on teams or when I revisit older code because I have been switching between projects. It’s really about communication, either in team or across time. But, as they say, ymmv.

                                                        1. 12

                                                          I’d be really hesitant to link a Slack thread in a commit message. Even permissions aside, Slack limits the history access on some plans so this link may soon become invalid.

                                                          1. 4

                                                            I prefer analysis and notes go in a bug tracker for a variety of reasons (e.g., you can amend it later if URLs change or to make it clear the analysis was somehow incorrect) – but, yes, whether in bug notes or in the commit message itself, it definitely feels better to paraphrase, summarise, or even just copy and paste the salient details rather than just link to a discussion in some other potentially ephemeral mechanism or something volatile like a gist.

                                                            1. 1

                                                              I mostly agree here. But I do think that links can belong in a commit message, like when referencing a design document. Since design docs are usually a snapshot of a design of a feature, that usually has context on motivations for some of the decisions that are too long to type out in a commit message, as well as discussions.

                                                              1. 1

                                                                Agreed, IMHO details and discussion should all be in the bug tracker - not in Slack or in commit messages. The commit message should have a short ”what does this change do” explanation and a reference to the bug tracker where more details can be found if needed. I don’t agree with the need to put an entire essay in the commit message that seems to be popular on the Internet.

                                                                1. 16

                                                                  My 12-year-old codebase is on it’s fourth bug tracker. None of the links in commit messages still work, but the repository kept history when it got converted to git, so 12-year-old commit messages still carry useful context.

                                                                  1. 2

                                                                    As other comments mention, commit history has a longer lifetime than bug trackers. Of course, you can port your tickets when you change trackers, but will you?

                                                                    1. 2

                                                                      Yes, of course. Not migrating your hard earned knowledge would be an incredible destruction of time and money, especially in a commercial setting.

                                                                      1. 2

                                                                        Commits are for non commercial settings as well, and sometimes migration can’t be done e.g. when you rehome but don’t move a GitHub repository (if for example original access controls were vested in single humans who then apparently vanished).

                                                                        Keeping content in an issue tracker is nice, but it’s always worth duplicating knowledge into the git commit.

                                                                        Catastrophic data loss can always happen, even in commercial settings.

                                                                2. 1

                                                                  Interesting point. It’s a trade-off between providing context easily and future proofing. I was assuming a paid plan, which has no historical limits. I don’t think free slack is a good fit for this, because of the memory hole.

                                                                  1. 2

                                                                    I’m fine with linking to a fully fledged bugtracker we know we’ll keep using (yeah…) but something like Slack feels far to flimsy to me. It’s not clear where the context begins and where it ends as the discussion often evolves and drifts away to other related topics. A chat platform just isn’t a fit here in my opinion.

                                                                1. 1

                                                                  If they are vulnerable to plain, basic, well-known XSS like this, i wonder what are they using to render the web pages? Because every modern language/framework covers this by default.

                                                                  is this PHP and they are ignoring the security practices? CGI? nothing else even comes to my mind.

                                                                  1. 2

                                                                    Note that this was found and fixed a number of years ago.

                                                                    1. 1

                                                                      Every team has their own bit IIRC.

                                                                      Of course, that means that if any one team messes up, the whole thing is vulnerable.

                                                                    1. 5

                                                                      I have read for years about how evil is email enumeration… but guess what? I think the benefits of being able to tell a user that is using the wrong username instead of a wrong password, outweighs any theoretical danger of revealing that certain email is being used. Change my mind.

                                                                      1. 10

                                                                        I’ll take a stab at trying to change your mind. For some context I’m a Penetration Tester by trade and this specific topic is, in my opinion a great example of subtle risks with huge real world impacts.

                                                                        The issue of username/email enumeration has two attack patterns:

                                                                        • Password spraying - Guessing a weak password across tons of accounts, like bruteforcing but trying to find the email with the weak password not the weak password for the email.
                                                                        • Password “stuffing” - Taking a known compromised credential and trying to authenticate to tons of other services that the credential pair was re-used at

                                                                        For password spraying, there is only one thing I actually need: a username/email. In the real world I go from an External Network Penetration Test to internal network access ~80% of the time because of username enumeration and some strategically guessed passwords. Having the ability to get a list of known usernames to target greatly reduces the amount of guesses I have to make and ramps my accuracy up a ton.

                                                                        For a full example, say I am targeting your corporate mail server based off of Exchange or O365 to try and guess credentials that I can then re-use on the target VPN infrastructure. My very first step is to grab a list of known emails/usernames from previous password dumps, public information, or directories. Then I generate a list of potential name combinations from location specific birth information by year. Next comes the actual username enumeration where I try and identify the “valid” accounts (aka what you are asking). In my example, Microsoft agrees with you and doesn’t believe that username/email enumeration is a risk… Which is why I wrote a ton of tooling to automatically use NTLM/HTTP timing based responses to enumerate the valid users. Now armed with a list of what are guaranteed usernames/emails, I just start picking down the list of the seasons hottest passwords over the next few days; Summer2020!, Password1!, Companyname2020!. All I really need is one credential. It’s not about the single user, it’s about the bulk knowledge. If I was going in blind without the confirmed accounts then I would be generating tons and tons more traffic and would be even easier to flag on, having enumeration puts the statistics of getting automated guesses way way more on the attackers side.

                                                                        The other example is password stuffing. This is more straight forward, given that I have a compromised username/email and password for a user I can take a bot that knows how to authenticate to tons of different services (banks, social media, blah blah blah) and try those combinations. If username enumeration exists on these services it actually allows me to check to see if accounts are valid for the service before actually submitting my automated logins. If I am a bot herder my job is to try and stay undetected for as long as possible and the enumeration greatly assists in that.

                                                                        Hopefully that helps! It’s one of those strange things where people forget about the collective risk and focus more on the singular threat models, attackers rarely care about the individual irl.

                                                                        1. 4

                                                                          This is great advice. And it really reinforces for me why appsec people should be way more involved in the software development process as early as possible.

                                                                          At a previous job we were identified by nine digit numeric characters (no, not those nine digits!). I built a public facing API for internal use that returned public facing data created by employees. No problem, thinks me. But I left the SSO ID on the API because why not? Ship it!

                                                                          A few days later one of the blue team guys sends me an email with 2/3rd of my database, exfiltrated by walking the API with a dictionary file and explains what you just explained above. Oops.

                                                                          1. 2

                                                                            Not a pen-tester, but I would’ve assumed allowing Password1! as a valid password is a bigger issue than email enumeration. You can now check against lists of bad passwords from dumps.

                                                                            1. 2

                                                                              You’d think right? But you are fighting human nature and historical IT theories. As it turns out making a comprehensive deny list is extremely difficult, and then you add the fact that hashing is in play the only time it gets checked is at the filter level when changing that credential. You can’t just look up your passwords in your ntds.dit and compare it with historical dumps (I try and do that for my clients because the reality is the offensive tools are actually better at it than the defensive). As for historical reasons, often times IT resets credentials to a weak or organizationally default credential and it never gets changed, support desk staff often don’t remember to check the “change after first login” checkbox.

                                                                              Like I said, it only takes one. Also password patterns follow human nature in more ways than one, I’ve been popping my American clients that have comprehensive blocklists left and right with Trump2020!. Passwords suck haha.

                                                                              EDIT: To add another thing think about Password1!, lots of orgs have an 8 character password with special and numerical requirement. Technically it fits lots of places. If there is organizational SSO if the filters are not forced everywhere it can also propagate to other authentication areas.

                                                                              1. 2

                                                                                To add another thing think about Password1!, lots of orgs have an 8 character password with special and numerical requirement.

                                                                                Even better is to have entropy requirements, including dictionary files. zxcvbn is a good example of a frontend library for this.

                                                                                You can also compare hashes with the HIBP Pwned Passwords dataset and reject new passwords that match.

                                                                                1. 1

                                                                                  Are there other databases than HIBP that are commonly used for this?

                                                                                  1. 2

                                                                                    I don’t know. Pwned Passwords has 573 million SHA1 hashes, so I’ve not felt the need to look further.

                                                                            2. 1

                                                                              This is great advice. Thank you for writing such a comprehensive answer.

                                                                            3. 1

                                                                              Aside from the technical side explored by other replies, depending on your location and/or the location of your users, you could face legal consequences. Under legislation such as the GDPR, an email address is considered personally identifying information. If someone realises that you are leaking such personal information and reports you, you could face a fine. In some cases, the user may also claim compensation from you. If the user suffers a loss due to your failure to safeguard their data, then it could a large amount of money. (e.g. Imagine you run a site which is legal, but not considered socially acceptable. A public figure signs up using their email address. Someone uses email enumeration to discover that said public figure has an account on your site, causing damage to their reputation and consequent loss of earnings)

                                                                            1. 3

                                                                              I remember at an Erlang conference, there was a question to Robert Virding and Mike Williams (co-creators of the lang) about how do they deal with `imposter syndrome.’ They were dumbfounded; they had no idea what that concept could even mean.

                                                                              1. 1

                                                                                I had that happen once with a co-founder. Had to explain the concept. In retrospect that explained a lot of things about them and our relationship (both the good and the bad).

                                                                                1. 1

                                                                                  I’ve never had impost syndrome, it’s a mystery to me. But then I got started in programming during the 80’s with 8 bit micros. In those days tech was hugely uncool (in my area), and there was more of a culture among enthusiast around sharing knowledge and knowhow. I have noticed there tends in todays coders there seems to be a lot more one upsmanship and showing off which I try to discourage any chance I get.

                                                                                1. 3

                                                                                  Interesting, though can’t say I’ve ever needed to use multiple -m flags.

                                                                                  I’ve generally used the shell’s built-in multiline string syntax for this. Lead the string with either a ' or ", and the shell will continue parsing new lines as a part of the string until it’s closed.

                                                                                  1. 2

                                                                                    Someone mentioned this feature on a slack a few months ago and I’ve been using it ever since.

                                                                                    It’s really nice because I can also use amend and move around the message using my vi keybindings without ever needing to drop into the editor. But at the same time I can do the summary/details split in my message.

                                                                                  1. 1

                                                                                    In general with static-site generators, content authors need to be developers, or at least be familiar with using a text editor, Markdown, and Git. However, web host Netlify has an open-source tool called Netlify CMS that allows non-developers to contribute using a WYSIWYG editor — the tool commits to a Git repository behind the scenes.

                                                                                    Does anyone have any experience using Netlify CMS or any of the other tools that add a nice UI to a static site generator? I love the premise, but the ability to empower someone who is only comfortable with Microsoft word to change a website is pretty powerful, and that’s what these SSGs seem to be missing.

                                                                                    1. 2

                                                                                      I’ve tried it once a couple of months ago, but found the experience unpleasant. The whole system is too finicky, the local development did not work without some serious googling (sorry, don’t remember the specifics, but the point is that following the official tutorial did not yield a successful setup).