Like - account is locked, you must use 2FA backup codes.

Else go to western union / 7-eleven / super-market, show ID proof, pay $10 for recovery service.

Wait 2 days (of someone not clicking on this-was-not-me)

If account is already hacked - pay $100 for expert support

My guess would be they get likelihood of getting paid when blackmailing 9,000 schools (at least a few would pay up) than blackmailing Canvas/Instructure.

I don't think any SLA/terms would change who gets to feel the pain.

Day 1: Carefully handles the creds, gives me a lecture (without asking) about why .env should be in .gitignore and why I should edit .env and not hand over the creds to it.

Day 2: I ask for a repeat, has lost track of that skill or setting, frantically searches my entire disk, reads .env including many other files, understands that it is holding a token, manually creates curl commands to test the token and then comes back with some result.

It is like it is a security expert on Day 1 and absolute mediocre intern on Day 2

please don't suggest this. The right way is to have the creds fetched from a vault, which is programmed to release the creds auth-free to your VM (with machine level identify managed by the parent platform)

This is how Google Secrets or AWS Vaults work.

For example `Claude code` used to set 2 specific beta headers with some version numbers for their Max subscription to be supported.

Oauth tokens for Max plan is different from how their API keys looked. They kind of look similar, but has specific prefix that these tool pre-validate.

It is barely working at this point even within a single provider

> Not a serious problem, but the weekdays are wrong. For example, 18-Apr-2127 is a Friday, not Sunday.

There is now many magical dates to remember - 2126 ( I think PR was updated after that comment) and 2177. There is also 2028 also somewhere.

> The compiler bootstraps through 3+ generations of self-compilation.

I guess it applies to any language compiler, but f you are self-hosting, you will naturally release binary packages. Please make sure you have enough support behind the project to setup secure build pipeline. As a user, we will never be able to see something even one nesting-level up.

Took me months to figure out it was running afterall and just hidden by the notch.

How hard is for apple to move the "least used icons" to a fold? (but still accessible)

"Don’t worry about people stealing your ideas. If your ideas are any good, you’ll have to ram them down people’s throats." -- Howard Aiken

...to mean that, usually, the good ideas are the crazy sounding ones...

People might genuinely want some other software to do the sandboxing. Something other than the fox.

Enabled - "You will have access to this feature" as help text. Disabled - "You will not have access to this feature".

WTF does that mean?