- The company is smaller and/or already geo-distributed and doesn't have the ability (or awareness) to monitor employee locations or deal with the tax/compliance obligations and so turns a blind eye, intentionally or not. The employees are generally operating in a grey area - either on tourist visas or for a company that isn't registered to employee people in their locale.

- The company actively creates a remote-first environment, working with their employees to employ them (compliantly) in their locale, usually through a third-party employer of record. These are very few and far between, but they exist.

- Companies, like Airbnb, that allow for a certain amount of time outside of a "home locale" per year (IIRC, it's 90 days). This isn't truly "global remote" but employees can move around more freely than in-office or locale-only employers.

“Not fancy security tools. Not expensive antivirus software. Just asking my coding assistant…”

I actually feel like AI articles are becoming easier to spot. Maybe we’re all just collectively noticing the patterns.

Aikido says: > We were alerted to a large-scale attack against npm...

Socket says: > Socket.dev found compromised various CrowdStrike npm packages...

Ox says: > Attackers slipped malicious code into new releases...

Safety says: > The Safety research team has identified an attack on the NPM ecosystem...

Phoenix says: > Another supply chain and NPM maintainer compromised...

Semgrep says: > We are aware of a number of compromised npm packages

> Right now, Datafruit receives read-only access to your infrastructure

> "Grant @User write access to analytics S3 bucket for 24 hours" > -> Creates temporary IAM role, sends least-privilege credentials, auto-revokes tomorrow

These statements directly conflict with one another.

So it needs "iam:CreateRole," "iam:AttachPolicy," and other similar permissions. Those are not "read-only." And, they make it effectively admin in the account.

What safeguards are in place to make sure it doesn't delete other roles, or make production-impacting changes?

I keep hearing that X wants to be the "everything" app. WeChat is _already_ the everything app. It's DoorDash, Venmo, Facebook, Instagram, and about 500 other apps in one.

I will say that I disliked the pattern of every restaurant using a WeChat "mini app" where it basically loads an entirely new app within WeChat just to see the menu or order. It felt much clunkier than just using a web page.

Probably not worth it for low cost services, but if you’re paying GitHub $x millions per year, maybe it is.

I don't know if this style of... discussion is something the Cluely team made popular recently, or if it took off sooner, but I really hope it doesn't catch on further.

I got tired of using the AWS console for simple tasks, like looking up resource details, so I built a fast, privacy-focused, no-signup-required, read-only, multi-region, auto-paginating alternative using the client-side AWS JavaScript SDKs where every page has a consistent UI/UX and resources are displayed as a searchable, filterable table with one-click CSV exports. You can try a demo here[1]

[1] https://app.wut.dev/?service=acm&type=certificates&demo=true

I got tired of using the AWS console (the UI is inconsistent across services, resource-heavy, and loaded with things I don't need)

I've built a handful of features, mostly to scratch my own itch, including:

• Multi-region mode (select 2+ regions and see all your resources on the same page)

• Automated diagrams (tree-style resource relationships)

• Easy export to CSV

• Reference matrix of AWS service/region availability

The best way to explain it is with a demo, so I built a demo version: https://app.wut.dev/?service=acm&type=certificates&demo=true

Maybe a feature request for your extension: take a list and mute everyone on it, and periodically check for new additions and mute those too. That way I can have the list be the source of truth, rather than commenting on every person I mute individually.