ctrl is more useful

pls don’t spread my password around like that

You should probably turn off Dependabot

Nonsense, most of these supply chain attacks are detected and have their problematic versions pulled within a few hours. Just set a cooldown period for dependabot.

nope, opencode is better and actually open source

I can’t, my case has too many RGB LEDs

aaand they both had their source code removed

“Make no mistakes” wasn’t enough?? 😮

just stand there and wait until somebody comes in, like everyone does

actual open source option, fwiw

https://github.com/anomalyco/opencode

someone went through the leak and opened a proper pull request to open source it

https://github.com/anthropics/claude-code/pull/41518

the file tree looks less messy than in that screenshot, but damn, I didn’t think it would be 514k lines

1. How many grep-like ops per file?
2. Is it interactive or run by another process?
3. Do you know which files ahead of time?
4. Do you have any control over that file creation?
5. Is the JSONL append only? Is the grep running while the file is modified?
6. How large is very large? 100s of MB? Few GB? 100s of GB? Whether or not it fits in memory could change the approach.
7. You’re using files, plural, would parallelizing at the file level (e.g. one thread per file) be enough?
8. How many files and how often is that executed?

Share Tech Mono

https://www.codingfont.com/ShareTechMono

I thought it was a given that, if it’s a phone app, you’re likely to want to carry it with you, not leave it on a desk with your computer.

that would still require the OS or user to spoof a location to actually prevent tracking. I hope they’d do that, but I wouldn’t expect them to.

HEL

that assumes

1. the user does have access to a production db;
2. the agent has access to a terminal from which they can reach the production machine (not in a container, different network, or similar);
3. access does not require interaction (like entering password);
4. the agent deliberately decides to access a production database to solve a development problem, and that was not the user requesting it;
5. the agent manages to find the database credentials in production;
6. the agent is left unattended.

Possible? Sure. It’s also possible that I drink half a bottle of vodka on a Friday night and mess up with production.

fitting translation for “meta”

I’ve never worked on a codebase where using ORMs wasn’t better than rolling your own queries. What are people writing that they actually need the marginal performance gains? And even if that’s worth it, why not just use raw queries in your critical paths?

Every time I have to write or modify raw SQL it feels like I’m throwing away all my static checking features and increasing the chance of bugs, because I have no idea of the query matches my schema or if it’ll blow up at runtime.

I’ve done it quietly 4y ago, only told some closer relatives. It was kind of funny when relatives I wasn’t talking to told my closer ones that we were keeping in touch on WhatsApp, not even aware I wasn’t in the platform for over 6 months at that point.

Now after years and leaving 2 family groups, politics, and a whole lot of drama behind, I feel it was a great decision, and the only regret was not doing it earlier.