If you consider the timing of this, there were supply chain attacks happened in other ecosystems and changing the root password seems to be the right approach and it feels justified to me.
RC seems to be incompetent and malicious, the original hostile take over is explained as a security measure. But in reality, you can simply just take away the ability to deploy and leave access to contribute to the repo untouched for people outside of the RC organization.
But claiming that you care about security while missing a basic step of rotating credentials once a member has moved away is pathetic. God help Rubygems.org and the users.
> The author does not understand what LLMs and coding tools are capable of today.
Not really, I would say they used it well and understood the limitations of LLM exactly. No matter how much polished the output or how good it is, LLMs can't build mental models of a codebase like a human does because they are just statistical machines.
I review PRs/commits, not files. Given the right cage to lock the agent inside, and guardrails built around, and conventions and guidelines, and agentic flows so it can pull in what's needed.. the need to look at every line and file during implementation is significantly lessened. So then I review the final output (which is a unit of work/task wrapped in a PR).
I'm flexible with the tech stack and open to learn anything I don't know and would like to work in end to end solutions and solving technical problems.
Illegal things are going to happen mostly in physical world regardless of where they plan it. The government can catch them while they're at it or after. The governments are fear-mongering and creating a public narrative to support mass surveillance.
There are only very few illegal things that can happen within the telegram app like fraud, or minor abuse. Those must be reported by end users and individual actions can be taken against them.
What the government is asking is a massive backdoor for surveillance in the name of preventing crime, but they decide what they can monitor. It is a pandora box and if you open it there is no going back. Even if the current government is asking it with purest intentions and manage it well, the same can not be said for any next elected governments.
reply