Remember the old adage, embrace, extend, extinguish.

They will extinguish postgres?

They definitely tried that with MSSQL. Didn't worked so far. But M$ tactic is always the same. Copy, throw money, copy some more, throw more money. If doesn't work, change the CEO, throw more money until the rival is dead. So yeah, they are throwing money to try to suppress PGSQL from existence. They did that tactic with Delphi (bought the main guy from Borland and that's how we got C#), MSSQL is their answer to PostgreSQL, ASP is their answer to PHP and so on. Oh, and if you think "MS loves Linux" is anything but this tactic, think again - WSL/WSL2 is the proof they still trying to kill Linux.

In top down orgs, no product manager care would blink a the at wasting time on security.

This is why we need to remove incompetent product managers that have no clue and somehow are in the position to control what developers can work on.

This is a clone of Amezmo, which started in 2019.

I see they ripped off every feature that we innovated.

It’s actually quite flattering.

Why does a terminal need an SSH integration. Answer: it doesn’t and you shouldn’t use this because it is unsafe.

A terminal doesn't need SSH integration, but it's convenient if it does, to allow you to easily start and manage connections. Is there something inherently unsafe about such an integration?

There's something inherently unsafe with replacing an industry-standard security tool with anything.

I don't think it's inconvenient enough to type `ssh -i key_file name@host` that we need to be creating more security risk to skip typing it.

> I don't think it's inconvenient enough to type `ssh -i key_file name@host` that we need to be creating more security risk to skip typing it.

Also, you can easily configure that in your .ssh/config file, even with different options per host or group of hosts.

Nobody needs anything ever but sometimes things are useful.

Surely a few bash aliases for the same purpose are equally useful and more portable?

I mean that's literally what terminal integration is, right? A bunch of bash aliases that the terminal emulator knows about.

I bought AirPods Pro this year and it has been disappointing compared to the first gen non pro I had previously.

Somehow they fall out of my if i adjust my head down.

Battery life is good though

I’ve found that aftermarket memory foam eartips work much better than the stock ones for keeping them in my ears.

SednaEarFit Crystal work best for me - they're sticky and sound better than the foam ones.

Yep. I'm kind of shocked Apple doesn't offer these as they must be a huge moneymaker.

Finally. VScode is a landing zone for malicious extensions.

What makes this one different though, besides being controlled by a non-Microsoft entity? Do they have some policies/mechanisms in place to prevent supply chain attacks?

I would imagine this is due to a Product manager vetoing time spent on Security Considerations.

The revenue tunnel vision disease that PMs have, totally ignoring features and other important things that have not a direct impact on that number. Hopefully we'll get a vaccine soon!

On a more serious note, security breaches can happen to anyone. Might not be fair to assume it's the PMs negligence. In fact, I met some that really saw the value in security and cared to dedicate the resources on it even if that meant not shipping more features.

The political capital class protects their own. They have incentives to decrease power of IRS.

Someone needs to get fired over this. Probably an incompetent, non technical Product VP

I have several ideas in mind, but honestly I'd just go for the CEO and be done with it.

I would bet that a developer knew of the security issues, but was vetoed by Product.

The usual case for software development the last decade is developers who don't fully understand what they're doing, and are mostly focused on resume-driven-development (RDD) and looking good in Agile sprint standups.

Noteworthy exceptions: FAANG promotion bid orientation, and VC growth startup alignment towards shipping something to look like growth towards exit.

In a small minority of cases, you have developers who know what they are doing, and are thinking rigorously.

The norm isn't big-meanie Product making (forthright, courageous, photogenic) developers ship negligent security vulnerabilities, against developers' protests. Developers are at least as much responsible as Product.

Not getting time to do security because we need to ship v1 is a decision called by Product

If you know of a developer who would've done responsible security, but was pushed to ship instead, against their protest, I'd be happy to hear that.

In my experience, Product is always the first one to suggest cutting corners.

Part of the job of Product is triage on all sorts of things.

But I don't think there's hardly any developers who would've done something securely but didn't because Product said no.