I don't use Google login any where and have a lot of accounts with many different websites? Youtube and other Goolag ecosystem being the exception, but, of course they are?
Not for me at least, 3DS requires approval in an app on my phone. I'd love if the banks just used TOTP instead but no, I have to use their app, some of which don't work with an unlocked bootloader, so I have to have stock android
Am I the only person who hasn't found the time, money, permission from work, resources, etc to be able to produce software like this? I'm still at my corporate 9-5 where they're still making the decision on whether we're allowed to use copilot yet.
They gave us copilot and honestly for me it's been a bit of a double-edged sword. I often use it with Claude 4 as model. What I noticed is that the tool is able and eager to make large sweeping modifications to the code base where I would be apprehensive and look for an easier way.
For example: changing the type signatures of all functions in a module to pass along some extra state, a huge amount of work. I ended up reverting the changes and replacing the functionality with thread local storage (well, dynamically scoped variables).
So, definitely not a panacea, but still well worth the money.
The local models I've tried can't write software of the kind and quality I require for work. When I'm programming recreationally I'm not really interested in automating it, since I do it for pleasure.
I have yet to meet someone in meatspace who is competent and isn't of the opinion that LLM SaaS are fine for querying out a bit of bash or Python here and there, but not much else. Sometimes people or corporations on the Internet are like 'wow, our entire repo is vibbed, so cool' and when I go look it's as if a bootcamped intern wrote it unsupervised but with a lot more Markdown I'm not going to look at, or a toy or a simple tool gluing some libraries.
No, lots of people are in that situation. Either due to IP or cost concerns. $200/month/developer is a non-trivial expensive for most companies, given that they aren't easily able to monitor developer productivity, and as people keep observing it's not clear that the $200/month price point is sustainable given how easy it is to ramp up usage what would cost $2000/month on the API.
I do stuff after work to keep up to date. Like scrolling hacker news and as my gf says “shitposting on LinkedIn”. But also I’ve been building some apps with Claude code. It’s fun actually. But I also do other stuff like gym and cycling and Russian language learning.
Wow, that's actually a great analogy: it's hailed as the 2nd coming to cure all of society's woes, it's trying to use a quick fix instead of making lifestyle changes, it may damage your organs, and if you stop using it you go back to where you were before or worse
i'm in the same boat more or less. I sometimes ask claude for a stand alone class or webcomponent and it does that job pretty well. The attack lawyers have told me they'd burn my house down if i ever give it any of our code.
What I've never understood is, how is this an issue with private repos? Aside from open source projects I can't see the problem with accidentally doing this, even though it is a smell.
In a large messaging app I worked for we self hosted a gitlab instance for this exact reason. I thought it was over the top but now I get it, you can never be too sure.
Different employees in the company have different permissions. If an employee with a lot of access commits a secret, then employees who shouldn't have that much access can take the secret and use it.
Anything that makes the repo less private later (deliberate public release, hack (not just if the repo bit of anything that can connect to it), etc) means the secret is now in the open.
Always cycle credentials after an accident like committing them to source control. Do it immediately, you will forget later. Even if you are 100% sure the repo will never be more public, it is a good habit to form.
It's called private but actually shared with a very large corporation you don't control, likely running on infrastructure they don't control. Due to the CLOUD Act it's also shared with the US government.
Exactly; you should fully expect the NSA to have a copy of these logs as well. It can be very valuable to have secret keys from companies in adversarial countries (including your own).
Example, there's an ICE reporting app now where people can anonymously report ICE sightings... but how anonymous is it really? Users report a location, that can be cross-referenced with location histories and quicky led back to an individual. There may be retaliation to users of this app if the spiral into authoritarianism in the US continues.
Right, so, some activists and freedom fighters have been doing stuff in environments they know to be hostile for a long time, while the US has just started growing some movements like that after a hiatus from sometime in the seventies and eighties until somewhat recently.
For now they're going to be making a lot of basic mistakes but eventually they'll grugq up and learn from people that are already used to dealing with the violence of their government.
> Your secrets are not safe from someone if someone needs them to run your code.
This is true. I don't disagree with that or you're assessment of repo secrets.
My comment was in the context of the grandparent committing secrets to a private repo which is a bad practice (regardless of visibility). You could do that for tests, sure (I would suggestion creating random secrets for each test when you can), but then you're creating a bad habit. If you can't use random secrets for tests repo secrets would be acceptable, but I wouldn't use them beyond that.
For CI and deploys I would opt for some kind of secret manager. CI can be run on your own infrastructure, secret managers can be run on your own infrastructure, etc...
But somewhere in the stack secret(s) will be exposed to _someone_.
I'm not telling you what you should or should not do, especially not in the abstract. I commented on the deceptive terminology employed by a very large corporation with deep connections to rather distasteful activities and organisations.
Many years ago at my first job after university, I accidentally committed a private key into our internal Git repository. We removed it, because we could not completely rule out the possibility that this repository would be made public to a customer, or to the world, in the future. I think we used filter-repo to get the key out of everywhere.
Technologies: Android and iOS, and cross-platform using Xamarin/.NET MAUI. Experience with platform camera stacks and machine learning. Jetpack Compose and SwiftUI also.
I'm looking for a native Android position with the possibility of doing iOS also or Kotlin Multi Platform.
I have a tonne of experience working on native Android projects of my own, and contributing to open source projects. My career has mostly been in the Microsoft mobile space - Xamarin and MAUI. Sometimes recruitment don't see that this has given me a huge exposure to native code with the native bindings for these platforms.
I'm hugely interested in security and privacy and I'm hoping my next role involves these areas.
Above all else, as the resume says, I'm looking for a company that is trying to build high quality software and putting the user first.
Can somebody help me, a CLI layman, out? How can I easily navigate printed directories like he does, in zsh, and paste them right into my prompt, e.g. for Git use? Is that where the tmux regex stuff comes in? Can I use that in iTerm 2?
If you’re on iTerm2, then perhaps the Cmd-; completion shows what you want. Otherwise, it sounds like he’s using `tmux-fingers`, but I can’t confirm as the video doesn’t play on iOS / Safari.
Last I checked he announced his departure only to rescind that announcement later. For example in the discussion about the shutdown of the Mozilla location service he was active and spoke for the project, completely derailing the issue with versions of the accusations the video depicts as well, which was afterwards.
I am always a bit sorry when I have to bring this up, that is why I only mentioned it when prompted. Mental health is a sensitive topic and hammering the problem won't help him, but it is just so relevant when users rely on the security of their system, even pick Graphene because of heightened security needs.
Micay did not fully leave the project [1]. AFAIK he is the only senior developer left, after their other senior developer was forcibly conscripted earlier this year [2].
