Yard work, gutter cleaning, power washing exterior, cleaning windows, bi-annual HVAC service, exterior paint (especially if the house has any wood) and trim upkeep.
And as the house ages, you get things like repainting interior rooms, more frequent plumbing issues, major HVAC repairs, roof replacement, repaving driveway, electrical upgrades, remodeling, etc.
We downsized to a townhome to avoid some of that (half the walls are shared, so no exterior upkeep for those; smaller yard; fewer rooms).
I have 2/3rd of an acre, but most of it is a 45 degree hill, so it's more like a full acre equivalent of flat ground (except drastically more of a pain). Pulling weeds up several hundred feet of steep hillside that grow back constantly is a punishment worthy of Sisyphus.
It hadn't been done for about 5 years when we moved in, so one of the neighbors spent 200 hours cleaning it up for us. Not joking, 200 hours of labor. Scotch Broom is a literal nightmare.
True. But on a large and very steep hillside - "2/3rd of an acre, but most of it is a 45 degree hill" - it can be extremely difficult to replace the plants holding onto the soil, without experiencing horrible erosion during the transition.
Yep. Depending on the property layout, and how close that slope is to the house, it might be something to contract out and have hardscaping and drainage done.
My last house didn't have anywhere near as much land, but there was a fairly steep hill on the back of the house. We ended up having part of the slope dug out and a "seat-height" retaining wall installed, with drainage installed as part of the build, and lots of low-maintenance plantings. Reduced the work from weekly mowing on a slope to occasional weeding and trimming. But, it wasn't cheap to do properly.
Weeds are pioneers, helping the soil, when nothing else can grow (or is allowed to). First of all why do you need to get rid of those weeds? Second of all, if you improve the soil and go through successive plantings of larger things, the weeds will be outcompeted.
You could just not do any of that stuff. Most people don't power wash their exterior or clean their windows. They don't call in hvac service, maybe just change the furnace or ac filter and probably plenty don't even know to do that. Exterior paint has become pretty rare in places that see weather but even then you can let it go to hell. Plenty do. Maybe some trim board will rot. Ehh. Priced in probably already when you bought it with that. Driveway you can also let go to hell, plenty of people use actual gravel or dirt. Roof replacement, plenty of people let that go too long. Repainting interiors, again something you don't have to ever do.
Is it good to do these maintenance items? Sure. But also, the house isn't going to come down if they aren't done. You go around your city right now you will find very few homes are actually upkept to this level. Most see the bare minimum to avoid the city fining you for the grass being too long, and many are sold in whatever state they are in.
It never ceases to surprise me how North American homes are just a source of time wasting for the owners. I grew up in Italy and we never had to do any of that (except repainting the rooms once every 20 years with my father).
How you you occupy yourself without spending four hours every other day mowing the lawn (gas, ride-on) and then blowing the clippings and dust back and forth with your leafblower (gas, backpack) and then spreading fertilizer and chemicals to make sure you can continue mowing the lawn so frequently? My neighbor would lose his mind!
To add to the list: Replacing bad wood, pest service, aging appliances, fence maintenance, septic emptying (depending on your location), flooring wear and replacement, grouting and caulking, pest control, exterior cleaning, etc.
It can occasionally feel like an endless stream of tasks.
There is an ever-expanding list of maintenance tasks depending on the age of the house and its systems, all with different periodicities. A roof will typically not need to be replaced very often (let's say once every 20 years), but cleaning gutters at least annually is a must because overflowing gutters can lead to foundation issues, rot, etc. Depending on the size of the yard and what vegetation it has, yardwork can be at least a couple of hours a week in the warmer months. Making sure drains are clear is good practice to avoid catastrophic failure. And there's always random things like a fence board that needs to get replaced, chipped door that could use repainting, trim that needs replacing, etc. Newer houses will have (hopefully) fewer of these menial tasks, but as houses age things inevitably need attention due to the fact that it has to weather the elements and daily use all the time.
How much an individual homeowner cares about the minor cosmetic things vary, but skipping out on regularly checking the major stuff can lead to incredibly expensive problems like flooded basements, structural issues, major leaks, etc.
The IRS allows you to depreciate rental real estate on set terms and ages, and they’re not really giving you much of anything. Houses have a complete and complex list of maintenance items.
If they didn’t, living in a rental that the landlord doesn’t spend anything on maintaining would be fine.
Yeah it's the same thing. No shortage of uninformed opinions on each side (not like I know WTF is going to happen, but at least I don't go around presenting my uninformed beliefs as fact).
It's interesting that one of the lessons learned in Europe from the 1918-1945 era is that that the army, law enforcement and the judiciary body must be self-governing and the government must oversee their functioning bust must not be allowed to directly influence the membership of said forces except for the top national leadership.
This is to ensure that the country has centers of power strong enough to oppose an attempt to dictatorship.
For example, in Italy the judiciary has a governing body of its own whose members are partially elected by the parliament, but also partially by the judges themselves. Lower judges are exclusively appointed by the judiciary governing body or through a civil service exam, and neither the government nor the parliament have any say on it.
I fail to understand why "Try again later" is considered bad because "Generic", but "Please try connecting again" is good because it's "Help them fix it". Likewise, it says "You changes were saved" is good because it "provides reassurance", but is it true ? The next sentence is "but we could not connect to your account", which could very well mean that the request didn't go through and the changes weren't saved. There's no way of knowing.
* I thought at first they meant "later" was too vague, but omitting the word only makes the message more terse, not more specific. It's as if they decided ahead of time that the old message was bad and embodies certain qualities (which they highlighted) and the new was good and embodies certain other qualities (also highlighted), and they didn't bother to rethink the new one after seeing almost the same phrase used as examples of bad and good.
* "Your changes were saved": yeah, if the change is connecting your account to a third-party service, and they were unable to connect...did they save the intent to connect? How do you resume it? Or was this part of a greater set of changes? The reassurance works best if it's consistently true, but I'm doubtful.
I was so excited when I started the article: this person has thought hard about what makes a good error message and a bad error message. I was so excited to learn!
But it turns out they were completely full of it, and have absolutely no idea what separates a good/bad message. Quite disappointing.
We know because we could see the effects of the average rate of vulnerabilities discovery and exploitation, and it's definitely going up very fast. Until recently, vulnerabilities were relatively hard to find, and finding them was done by a very restricted group of people world-wide, which made them quite valuable. Not any more.
It could equally be argued that the AI slop that's being produced makes for a lot more vulnerabilities being shipped. The bigger target makes for the easier discovery.
Certainly, and some discoveries have been attributed to AI (I was reading that mozilla firefox were praising mythos recently)
But that's not accounting for all of the discoveries, not at all.
I've also seen the npm people talking about the surge in AI code overwhelming the ability to properly review what's being distributed, and a large number of vulnerabilities being attributed to that
It's likely varies enormously between projects. Linux remains extremely low in slop, and the vulnerabilities being fixed are quite old, so it's improving. Many vibe coded projects are very sloppy, and are adding a lot of vulnerabilities.
Total number of vulnerabilities likely goes up over time weighting all projects equally, but goes down over time weighting by usage.
Security researcher Dor Zvi and his team at the cybersecurity firm he cofounded, RedAccess, analyzed thousands of vibe-coded web applications created using the AI software development tools Lovable, Replit, Base44, and Netlify and found more than 5,000 of them that had virtually no security or authentication of any kind. Many of these web apps allowed anyone who merely finds their web URL to access the apps and their data. Others had only trivial barriers to that access, such as requiring that a visitor sign in with any email address. Around 40 percent of the apps exposed sensitive data, Zvi says, including medical information, financial data, corporate presentations, and strategy documents, as well as detailed logs of customer conversations with chatbots.
That’s quite different. Vibe coded apps are not normally even meant to be secure, it’s meant to be used by the creator only. Bad app security is not the same as a vulnerability. A vulnerability would be a library providing some functionality it claims is secure, but in reality it’s not.
These are very clearly vulnerabilities in the normal sense of the word, and if a security bug means that an app that was supposed to be only accessible to the creator is open to the world that's still quite bad (though the blast radius is small).
I mean - you're spot on - which is why I'd be more inclined to ask for actual metrics rather than feels/vibes, and I'd be very clear that the information I was basing my thinking on has enormous pitfalls.
This is the basis for "correlation points to possibly fertile grounds for an investigation"
Pragmatically, correlation *is* evidence of causation in favour of the best explanation, until somebody finds a better explanation.
> It could equally be argued that the AI slop that's being produced makes for a lot more vulnerabilities being shipped.
This is also true, and does not exclude the other, because for the moment the vast majority of production software in the world (and therefore the bulk of enticing targets) was written before AI. If LLM software will become prevalent in commercial setups, then LLM-generated code will eventually become the majority of targets.
> Pragmatically, correlation is evidence of causation in favour of the best explanation, until somebody finds a better explanation.
Uh, no.
Correlation is only ever one thing - cause for investigation.
Everything based on correlation alone is speculation.
You can speculate all you like, I have zero issue with that, but that's best prefaced with "I guess"
edit: Science captures this perfectly, and people misunderstand this so fundamentally that there is a massive debate where people who think they are "pro science" argue this so badly with theists that they completely hoist themselves with their own petard.
Science uses the term "theory" because all of our understanding is based on "available data" - and science biggest contribution to humanity is that it accepts that the current/leading THEORY can and will be retracted if there is compelling data discovered that demonstrates a falsehood.
So - because I know this is coming - yes science is willing to accept some correlation - BUT it's labelled "theory" or "statistically significant" because science is clear that if other data arises then that idea will need to be revisited.
You have moved from "We know" to "We have an educated guess" which is the right way to couch things.
However I wanted to also point out that relying only on educated guesses can lead us into a position where we are "papering over the cracks" or "addressing the symptoms", not the "underlying cause"
Yes, sometimes that's all that can be done, but, also, sometimes it can be more damaging than the cause itself (thinking in terms of the cause continuing to fester away, whilst we think it's 'solved')
> You have moved from "We know" to "We have an educated guess"
No. You kept blabbering about "science" when most uses of knowledge are not about science. The original topic was also definitely not "science": it was about having a reasonable opinion about whether, empirically, the rate of discovery of vulnerabilities is increasing or not.
Trying to reframe this as 'not science' after being caught on a logical fallacy doesn't change the record. You started with a definitive claim ('We know') to shut down a question. When challenged on the lack of causation, you pivoted to 'educated guesses.'
My point remains: if we misattribute the cause of the rising vulnerability rate (discovery vs. creation), our 'educated guesses' will lead to solutions that address the symptoms while the underlying problem continues to fester. Calling precision 'blabbering' is exactly how we end up with the 'false sense of security' mentioned earlier.
Exhibit A:
ragall 2 hours ago | root | parent | prev | next [–]
> How do you know?
We know because we could see the effects of the average rate of vulnerabilities discovery and exploitation, and it's definitely going up very fast. Until recently, vulnerabilities were relatively hard to find, and finding them was done by a very restricted group of people world-wide, which made them quite valuable. Not any more.
Exhibit B:
ragall 2 hours ago | root | parent | next [–]
Very often you only have limited time for investigation and you have to act now. Action is almost always based on educated guesses.
reply
Telemetry only tells you what users do, not why and doesn't explain their mental models. Try asking directly: open a discussion board (for example Github's Discussions) and encourage them to post about aspects of the software they found puzzling/annoying/inefficient. Take 15 minutes a week to go through the posts to see if anything attracts your attention.
Normal users don't register on a discussion board to tell about what went well during a normal day.
People only bother when something has made them really angry about something and need to vent.
This is why default analytics is the correct option. It gets the average people who don't care about forums and usually won't even bother to change many of the settings. The crowd who doesn't open HN first thing in the morning.
reply