When installing IntelliJ IDEA extensions, I download the code and try to check it for malicious stuff using Claude Code... But not perfect since the code might not match what was released. We would need reproducible builds...
I was also toying with comparimg timestamps of git tags / GitHub releases / GitHub actions / plugin update timestamps as one indicator of potential tempering.
> They were snatching people from the streets and killing them.
Can you give more info on this? Tried googling it but couldn't find much. I remember there were very strict quarantines, but don't remember reading anything about "killing" people snatched from the street.
I think companies dream of increasing productivity using AI, so they want to encourage their devs to use AI more. Since it's notoriously very hard to measure software productivity, and they have no way to really measure how well engineers use AI, they measure number of tokens.
Which is dumb. Because a bad engineer might ask the AI to "convert this CSV to JSON" which would burn token, while a good engineer would ask the AI to "write a script to convert this CSV to JSON".
Of course, this example is not ideal, since a SOTA model would probably just write a script anyway in the first case... But you get the idea.
Thought this was interesting to see how AI token usage is exploding at multiple companies, and how they try to deal with it.
No mention anywhere of context engineering (starting a new session once a task is done, using sub-agents, reducing context for MCPs), and it seems some companies are actually rewarding developers for wasting token, instead of being smart.
This hardening is enabled by default with Gatekeeper. That includes Homebrew apps, unless you disable it.
When an app tries to access something outside of its sandbox, you get a notification asking to approve or deny. Full Disk Access I think needs to be explicitly given on System Settings (Privacy & Security -> Full Disk Access).
That's probably all the hardening the average person needs. BlockBlock because most malware tries to get persistence. Little Snitch or LuLu for fine-grained whitelisting of network requests for any apps that have plugins (e.g. you give Documents permissions to Obsidian, plugins inherit that, but they can't exfiltrate if you only allow requests to trusted domains).
The cool thing when using AI (e.g. Claude Code) is that the conversation with the agent is saved, and you can retrieve from that convo the way you did things in the past.
Not just the how, but also the why.
If you read Clean Code and other similar books, they don't necessarily advise moving the sub-functions to other files, or splitting them arbitrarily.
They simply have the top function delegate to sub-functions that are lower in the same file.
Even better if these sub-functions can be marked as private in your language (to avoid polluting the public API of your object).
And here the goal is to use function names to document what each block of code (sub-function) does.
More info: https://qz.com/india/889524/the-us-says-oracle-is-encouragin...
https://www.mercurynews.com/2019/09/09/h-1b-san-jose-tech-fi...
https://news.ycombinator.com/item?id=41785265
reply