I have heard the same rhetoric about IDEs, autocomplete (Intellisense, Jedi, etc.), DevOps, and frameworks. The kernel of truth across all of them is the separation between a dev and good dev. It is getting easier and easier to have something built for you using AI in your IDE in a framework that abstracts all the things away dumped into a prebuilt pipeline that deploys your artifacts for you. A dev can do that. A good dev understands the tools and knows when to dig into things.

I have yet to see a decrease in the number of good devs I meet even though IDEs slowly replaced text editors (and editors became strong enough to become IDEs). Frameworks have enabled more good devs to focus on business logic. DevOps provides solid guard rails for everything.

I don’t know if there’s an increase in the number of superficial devs. I haven’t interviewed junior dev candidates in awhile. I do know the market is flooded right now so I’d argue there might be other factors.

Also overall I do agree with the idea that letting copilot do everything for you means you don’t understand anything. Shit was the same way when cookbooks were common.

Here is the original fabric because that apparently doesn’t get linked in an article about solving who is on said fabric

https://imgur.com/gallery/recognize-celebrities-ao0hWN3

$2/mo is pretty close to what Reddit premium was back before they turned the Reddit silver meme into a real thing! That’s a great amount to donate. Don’t sell yourself short.

You’ve turned this into a catch 22. If there were no female characters, you could argue that’s sexist. If the idiotic boss was female, you could argue all of the dumb characters are female so that’s sexist. If Jarod were the only female, that would be sexist.

How does this sketch get rewritten in such a way that it is not casually sexist?

Give me concrete examples. You don’t seem to know what you’re talking about so I want to discuss something specific; the agency you’re talking about is actually there and is centered around the core of the script.

Give me concrete examples. You don’t seem to know what you’re talking about so I want to discuss something specific; the agency you’re talking about is actually there and is centered around the core of the script.

In your hypothetical where you’ve now decided everyone is just following orders, I can still say the worker did a bad job. You gonna tell me the worker is gonna get fired for not following dumb instructions? Okay. Still did a bad job, orders or not.

I do not understand why you’re so dead set on telling people critical analysis is bad. Is it morally wrong to like something more than something else? Kinda seems like that way if I can’t ever judge anything because there are constraints outside the control of the thing. I’m not going to attack a straw man here. You should expand on what we can and can’t analyze.

There’s a difference between a bad script and bad rewrites. Ending of GoT? Bad script, rewrites don’t matter. 2016 Suicide Squad? Arguably a good script with shitty rewrites. Galaxy of Terror? No comment on the scripts but the rewrites fucked it. Justice League? Horrible script and horrible rewrites. I don’t blame the writers of Galaxy of Terror for Corman’s worm rape scene; I do excoriate Whedon for the pile of shit Snyder used to make a worse pile of shit.

You’re conflating moral standards with film standards. There are standards that people agree on that loosely dictate what we consider good and bad. They can change based on the viewer. The core of a script is what has the opportunity to be butchered and if it’s bad that’s not on the studio, that’s on the writer. Studios don’t hire someone and say “write us a piece of shit” they take something that exists and modify it (unless you’re Neil Breen in which case that’s your goal).

In your example, I can get frustrated with a grocery worker pushing all of the things to back of the shelf where I can’t reach. That is a fair criticism of their contribution to the inane reshuffling. I’m not saying they’re a bad person because they’re doing the thing they need to do to survive poorly; I’m saying they’re doing a thing poorly. It has no bearing on them as a person. It’s not morally wrong of them to make it impossible for me to get the item I need; it is a shit job though.

You’re talking about two different things. In general, you should never be disrespectful of anyone because there’s no need to be mean. However, I can definitely criticize a writer for working on something terrible because they wrote it. I can also criticize a studio for releasing it. “Just following orders” doesn’t remove culpability especially when the writing is really fucking bad.

Please note I’m not talking about this movie because it hasn’t been released yet. I’ve watched a plethora of movies over the last month that had really bad writing.

I do not actually understand the use case of —keep over the default —mixed, which I use regularly to restage patches or fuckups. I very frequently use —hard to test something out and blow it away without worrying about any changes. This whole conversation is fascinating because it highlights just how different everyone uses git and equally how bad sweeping generalizations like “—hard is something to avoid” are (without incredibly specific caveats).

It seems like —keep makes sense if you’re not using stash before trying to change history when you have local, uncommitted changes? That might be why it’s not clicking with me; any time I fuck with history I stash anything local I might want to keep.

A single character, per your definition, is not blatant malicious code. Stop moving the goalposts.

It’s clear you don’t understand the space and you don’t seem to have any interest in acting in good faith based on your other comments so good luck.

I mean anything is a good fit for future, science fiction AI if we imagine hard enough.

What you describe as “blatant malicious code” is probably only things like very specific C&C domains or instruction sets. We already have very efficient string matching tools for those, though, and they don’t burn power at an atrocious rate.

You’ve given us an example so PoC||GTFO. Major code AI tools like Copilot struggle to explain test files with a variety of styles, skips, and comments, so I think you have your work cut out for you.

That’s fair! I agree with that.

Neither wins here. I cannot tell you how many libraries I have had to replace because FOSS devs move on. It’s probably greater than the number of products I’ve had to abandon for lack of support but I’m not sure what that is at a percentage level. In the DevOps world everything burns constantly, paid and free.

That’s true! It also seems like you might not have experience dealing with attacks at scale? Defense in depth involves using everything. If I can reduce incoming junk traffic by 80% by masking returns, I have achieved quite a lot for very little. Don’t forget the A in the CIA triad.

There are competing interests here: normal consumers and script kiddies. If I build an API that follows good design, RFCs, pretty specs, all of that, my normal users have a very good time. Since script kiddies brute force off examples from those areas, so do they. If I return 200s for everything without a response body unless authenticated and doing something legit, I can defeat a huge majority of script kiddies (really leaving denial of service). When I worked in video games and healthcare, this was a very good idea to do because an educated API consumer and a sufficiently advanced attacker both have no trouble while the very small amount of gate keeping locks out a ton of annoying traffic. Outside of these high traffic domains, normal design is usually fine unless you catch someone’s attention.

It’s very misleading to say “paying for software is stupid” and not consider the total cost of ownership. TCO includes things like infrastructure and maintenance. As an exec, I am constantly faced with two choices: free software that might do what I want or paid software that sort of does what I want. At face value, you would immediately tell me to get the free stuff. That’s where you miss TCO.

(Read the last paragraph if you think the business lens is bullshit)

Every FOSS solution I run requires me to deploy and maintain it. I only have so many hours in the day so at some threshold I have to hire more and more people to deploy and maintain. Integrating? That’s on me too because I’m using free software so now I need a resource to glue things together. My “free” option actually costs a portion of my engineering resources. I’m also on the hook for failures. Running my own ERP? I need to have support staff on-call to handle outages.

Every paid solution I run costs can require some of those things. Let’s ignore paid licenses and just focus on things I can completely outsource. This means I’m no longer on the hook for deployment and maintenance, so if I can show the cost of the paid software is less than my TCO, it’s a better deal. If I have a good relationship with the vendor, I might be able to delegate my integration needs to their product pipeline. I might be able to purchase a support contract that’s cheaper than running my own.

At some point every company will outgrow certain software. It’s a constant reevaluation of the costs of paid vs TCO of free and when I need to spend resources making it do something it doesn’t. A managed telemetry stack like Sumo or New Relic allows me to scale quickly but cheaply until I have the revenue to build an in-house team to instrument fucking everything.

The exact same logic applies to my time. I could run free everything. That comes with a higher TCO (usually). I say this as someone who has rebuilt dot files repos on the dot every three years and been running Linux since you could get it in a book at B Dalton at the indoor shopping mall so my tolerance for personal TCO is very high. However, I don’t change my own oil. It’s free! I could do it myself! I don’t want to. I buy certain things, like software, in my personal life because the TCO of FOSS is higher than I want to pay. I have outgrown Windows and Mac so I have some level required cost in Linux. I pay for some things like storage and routing solutions even though I could build and deploy and maintain all of that myself. Sometimes I just want my shit to work and not have to do it myself.

Yeah! At scale that really falls apart. I have lots of conversations with lots of people across timezones so waiting for the intersection of everyone actively blocks work.

Asynchronous communication is exactly that. If you are not listening when your manager says “don’t Slack after work” that’s on you. I sure fucking don’t and I make that very clear.

I manage a workforce across time zones and, as someone with ADHD, it’s usually best for me to fire off messages as things arise. If I read the summary, I’m not allowed to Slack/email after hours, which creates a huge burden for a remote workforce. I think that summary is incorrect and it’s more that I can’t force people to respond or even read those messages outside their work hours. I completely support this and I regularly bother my team when they respond to stuff after their day has ended. I call this out every quarter as we update our team working agreement. I don’t have any notifications set up for work comms period and have made it very clear the only way to get in touch with me is a phone call.

Other answers have only called out rotating the secret which is how you fix this specific failure. After you’ve rotated, delete the key from the repo because secrets don’t belong in repos. Next look at something like git-secrets or gitleaks to use as a local pre-commit hook to help prevent future failures. You’re human and you’re going to make mistakes; plan for them.

Another good habit to be in is to only access secrets from environment variables. I personally use direnv whose configuration file is globally ignored via the core.excludesfile.

You can add other strategies for good defense-in-depth such as a pre-receive hook checking for secrets to ensure no one can push them (eg they didn’t install hooks).

Thanks for citing for me. This is exactly what I was referring to!