The leaked source code is fake? Or it's the real code that they leaked purposefully to generate buzz?

Either way I'm not sure I believe it's worth the effort. People have been talking about Claude Code plenty without having to resort to tricks.

Occam's Razor etc etc

tl;dr debug.ReadBuildInfo has basically everything you need

That is an interesting fact indeed!

https://macdailynews.com/2012/06/12/rush-limbaugh-okay-apple...

npm has a feed of package changes you can poll if you're interested.

GitHub has a firehose of events and there's a public BigQuery dataset built from that, with some lag.

It's unclear to me from this post, or Red Hat's announcement[0] what makes it an enterprise build, aside from offering some support SLA.

Are there any material differences between this and the free OSS Podman Desktop[1] released 4 years ago?

0: https://www.redhat.com/en/blog/introducing-red-hat-build-pod... 1: https://podman-desktop.io/

Isn't that what most enterprise software is? A number to call and some kind of contract on it?

Thanks for giving it a shot, and for the kind words.

I didn't focus much on the realism of the environment, and spent most of my tokens making the drone "feel" right -- responsive but a little sluggish, physical, controllable, etc.

If I spend more time on it I'd probably work on making the skier a little better, since that's what you end up spending the most time looking at. It's basically a placeholder now, and it shows.

But you're right, making the rest of the peripheral view more realistic would also probably have a big impact.

Maybe I'll set up a workflow to deploy PRs to preview environments and encourage folks to send PRs to work on these things. In the meantime, feel free to fork it and make whatever changes you think would make it more fun!

Both Claude Code and Codex use sandbox-exec with Seatbelt to sandbox execution:

- https://developers.openai.com/codex/security/#os-level-sandb...

- https://code.claude.com/docs/en/sandboxing

It weirds me out a bit that Claude is able to reach outside the sandbox during a session. According to the docs this is with user consent. I would feed better with a more rigid safety net, which is why I've been explicitly invoking claude with sandbox-exec.

Here's a Go mod proxy-proxy that lets you specify a cooldown, so you never get deps newer than N days/weeks/etc

https://github.com/imjasonh/go-cooldown

It's not running anymore but you get the idea. It should be very easy to deploy anywhere you want.

Govulncheck is one of the Go ecosystem's best features, and that's saying something!

I made a GitHub action that alerts if a PR adds a vulnerable call, which I think pairs nicely with the advice to only actually fix vulnerable calls.

https://github.com/imjasonh/govulncheck-action

You can also just run the stock tool in your GHA, but I liked being able to get annotations and comments in the PR.

Incidentally, the repo has dependabot enabled with auto-merge for those PRs, which is IMO the best you can do for JS codebases.

Govulncheck is good, but not without false-positives. Sometimes it raises "unfixable" vulnerabilities and there's still no way to exclude vulnerabilties by CVE number.

I haven't experienced that (that I know of), do you have an example handy?

Checkpoints sounds like an interesting idea, and one I think we'll benefit from if they can make it useful.

I tried a similar(-ish) thing last year at https://github.com/imjasonh/cnotes (a Claude hook to write conversations to git notes) but ended up not getting much out of it. Making it integrated into the experience would have helped, I had a chrome extension to display it in the GitHub UI but even then just stopped using it eventually.

Ah you were 7mo ahead of me doing the same and also coming to a similar conclusion. The idea holds value but in practice it isnt felt.

https://github.com/eqtylab/y

What are they actually “checkpointing”? Git already “checkpoints” your code and they can’t time travel your LLM conversation.