> this feels like it suggest you just fall in line with the upper management while providing lip service to the plebs. As an IC I’ve always despised managers who’d be a very sympathetic ear in 1:1s but always be “part of the system” when it mattered the most
You're "part of the system" the moment you sign the employment contract for a manager position, this is literally your job to fall in line with upper management. As middle manager you can and should raise concerns to higher management, but once they take a decision, you have to apply it. Being empathetic is not playing both sides, manager's job is to apply upper management decision even if you don't fully agree. And you don't have to pretend in private to agree on everything, no one will buy that.
> manager's job is to apply upper management decision even if you don't fully agree
That is not at all true. The manager’s job is to manage employees in a way that is in the best interests of the company. I’ve met plenty of leaders through my career who are successfully able to shield their employees from an incompetent management. That is part of the job.
It is a big thing in Asia to avoid sunlight to avoid premature aging and tanning.
It's an interesting parallel you can observe in parks: in my country in Europe, people will prefer to sit on the benches exposed to the sun first, in China and Korea, people will sit in the shade instead.
Lived in SE Asia fora few years and my understanding is that tan skin = outdoor labor = lower caste.
My spouse is asian and I'm N Euro - I would kill to have skin that just tans no matter how much sun you get. I think I've seen her get burns twice in over a decade and we do a lot of beach time.
I've always been puzzled that Starbucks drive through is a thing, and even has long queues. It's coffee, do people really drive there just to get a cup? I understand if it's along the highway but otherwise. You pay the premium of the brand without getting to see or enjoy the facilities. Just my feeling as european, maybe just a cultural thing.
Some people stop every day on the way in to work rather than make coffee at home in the morning. They’re often ordering some caffeine concoction rather than drip coffee. I have known people with $100+ per month Starbucks habits.
Yeah it’s this, Starbucks isn’t a coffee place; it’s a caffeinated drink place. Their brewed coffee (outside of their higher end tasting room stores) is deliberately undrinkable to push you to their espresso drinks or their sugary concoctions.
The US has very few coffee chains and StarBucks dominates. Not like the European cities that seem to have a bakery on every block!
A lot of people say StarBucks coffee is bad, but it’s far better than the burnt motor oil sold at fast food places, gas stations, and donut shops. The upscale coffee competitors are even more expensive and never have a drive-thru.
Worse, donuts shops and gas stations never have real milk creamer — only the extremely artificial powdered stuff (not made from milk). Or they’ll sell a bad cappuccino for $5.
(re: drive-thru) You're going to be waiting aorund in a really long queue for Starbucks regardless.
Might as well wait in line in a comfy/cosy car where a barista will hand you your drink, than walk inside into a hot, loud, crowded environment and stand around awkwardly in a tiny corner, listening for a mangled version of your name to be yelled.
Starbucks in 2025 isn't Starbucks of 2010. There is no 'premium brand facilities' anymore, just premium pricing.
The LLM/AI tech has clear use cases and benefits. However, no, I do not need a shoehorned, dedicated AI in every single product and service I use. That is where is the bubble is in my opinion, everywhere the AI is built or applied in cases where it does not work or does not make sense.
Am I understanding right the extension was free to download code from internet and execute with enough rights to scan the user's disk? That is wild. Does this mean every company is one bad extension install away from having its entire codebase stolen or worse?
I naively assumed the extensions were 'sandboxed' to some degree.
I also naively thought that IDE extensions where sandboxed until I worked myself on making extensions.
Well, it’s absolutely not and you can access the full filesystem. Which is handy if you are legit, but very permissive & much more a security threat than I imagined.
VSCode on MacOS asks me if it can access my Download/Documents/etc folder... and if I trust the files in directory X that I just opened. Yet, extensions can just bypass all those safeguards?
I believe extensions inherit the permissions that the editor has already - so if you've given Cursor or VS Code permission to access a folder any extensions they run later can access it too.
I agree, this seems bad! Sandboxing is still a very weakly implemented craft for most applications, especially those that run extensions or plugins.
(I build a lot of software that runs plugins and has no sandboxing at all, and it really frustrates me. I'm constantly looking out for cross-platform Python-friendly sandboxing tech that might help with this in the future.)
> Sandboxing is still a very weakly implemented craft for most applications
voice of decades past -- sandboxing is very well known and deeply implemented in many aspects of ordinary daily computing; sandboxing is endlessly difficult and can be mis-applied; people who want to break into things and steal and wreak havoc ruin software environments for everyone else.
I’m monitoring this area as well. You’ve probably run across these already but extism, a polyglot plugin framework, can be hosted in Python[1] and has evolving support for writing plugins in Python [2]. Another option is container2wasm[3].
I actually tried running clickhouse in container2wasm and it crashed because it only had one CPU core, so YMMV—although that shouldn’t be a problem for Python (or any code custom built for your plugin framework).
For me, I want to avoid separate processes. I definitely want to avoid separate VMs.
Definitely install something like little snitch and keep an eye out for the requests that come out of vscode.
I’ve become very paranoid with extensions as of late. It’s great that llms have gotten so good and banging out personal tools. I am using a few home grown extensions in my own setup.
These systems rely on downloading and executing much more untrusted software than you could ever imagine. Please dig deeper into this for yourself, I think that's the only way for anyone to truly appreciate the mess we are getting ourselves into.
Even with just internet access an extension could upload your entire codebase. Git extensions for example need this level of access by design. How else could you set a different remote and push all refs:)
This is the allure of shipping software with Electron; you get to use your familiar webdev platform, but with all those pesky security constraints gone. I mean, why else wouldn't you just have people use a web page? (OK, you also get easier access to the Start menu.)
Being a developer of an Electron application myself, it's probably accurate to say that Electron is a NodeJS application with APIs for interacting with instances of web renderers which themselves use a fork of Chromium to render HTML content.
In my opinion, sending an AI note taker to a meeting basically means that for the attendee, a recap email written by the meeting organizer would be enough - except that in my experience at least, most meeting organizers aren't writing these.
Best would be the meeting organizers to leverage their AI attendee to write a draft meeting recap and sending it out after review.
Alternatively it means the person will get 6 months down the line before they realise they missed something important. It's not easy for an attendee to accurately assess the expected value of a meeting beforehand in most cases.
One case would be a topic which is only mildly relevant to you.
I'd like to know if the company is doing well financially, but I don't really care about the specific deals they made in all departments.
I'd like to know if we're adding a new component to the product and what it is, but I don't care about the implementation details if I'm not implementing it or asked to give my opinion.
Very nice. For me, LLM fills that niche when I need to build something very small. Just built a dumb tiny flashcard webapp (literally a standalone index.html) because I was tired of apps either being either overly complex for my simple use case, or asking me to register/pay/see ads.
I rather think that LLMs help to write code faster, and also enables folks that would not program to do so in some capacity. In the end, you end up with more code in the world, and you end up needing more programmers to maintain/keep it running at scale.
LLMs don't care you have to maintain the code, they don't get any benefit or loss from their work and are unaccountable when they fuck up. They have no skin in the game.
They don't know the office politics, or go on coffee breaks with the team - humans still have more context and access. We still need people to manage the goals and risks, to constrain the AI in order to make it useful, and to navigate the physical and social world in their place.
You're "part of the system" the moment you sign the employment contract for a manager position, this is literally your job to fall in line with upper management. As middle manager you can and should raise concerns to higher management, but once they take a decision, you have to apply it. Being empathetic is not playing both sides, manager's job is to apply upper management decision even if you don't fully agree. And you don't have to pretend in private to agree on everything, no one will buy that.