The Facebook Ads SDK in a mental health app isn’t normal. Or shouldn’t.
Even analytics SDKs is a bit weird to see. Are Amplitude or Sentry hosting data with a healthcare compliant infrastructure ? I won’t bet. Are those SDKs for sure not leaking health care data? It can be inadvertently, especially with Sentry. But I really wonder about why people feel the need to track so much. Do they **** in front of PowerPoint slides showing the tracking data or is it to sell user data?
They are normal. They generally want to know if the ad spend resulted in an install. Health care data is radioactive and they would be fucking up very hard if sending this to an analytics service.
I have seen studies where some apps were fucking up very hard and sending healthcare data to services that shouldn’t receive it. Sometimes in clear text.
My trust is very low. Having healthcare data in a Sentry payload by mistake happens to the best of us.
Health care companies are radioactively affected by mishandling healthcare data (give or take practical impact being very toothless, especially nowadays). The data itself is mostly not an issue though under any legal theories, and if Joe Schmo hedge fund digs up your colon photos that's not usually an issue.
I was loving Cursor for the agents and autocomplete which was amazing. When they started talking about the autocomplete being no longer a focus and looking towards these token blackholes I switched back to VSCode. At $10 a month it's even cheaper.
i had this issue, with an even more wild set of restrictions, so i used Caddy to "output its own access log" and i had a cron job on any server at home that would hit that caddy server with a pre-defined key, so like `http://caddyserver.example.com/q?iamwebserver2j` for one server and "q?iamVOIP" for another.
And now i have bi-directional IP exposure. it's cute because you can't tell if you just drive by, it doesn't look like it does anything. you have to refresh to see your IP, which is a little obfuscation.
if you care about security, not sure what to tell you. use port knocking.
Please note: this doesn't require installing anything on any remote, just a cron job to curl a specific URL (arbitrary URL). I used it to find the IP to ssh on remote radio servers (like allstar, d-star) for maintenance, for example.
I've been slowly degoogling because of how Google is treating Android. It's slow, but I've been setting up emails on other providers, stopped using Google search, stopped uploading photos etc.
No it’s not. You do it because you didn’t see the point in changing what you do. Don’t pretend that this is your “I told you so” moment.
The QOL improvement offered by uv over your approach is certainly substantial, but it’s also easy to get off of uv. Nobody here feels legitimately “trapped” in the uv “ecosystem”. For 99.999% of Python projects, if they need to get off of uv, it’s going to be a very quick thing to do.
The disappointment and anger is because we’ve had a nice QOL improvement which is now more directly threatened in a way that it was before, and it’s always hard to go backwards. A QOL improvement that you never had in the first place. So…congrats?
Unless your point is “this is why I deprive myself of nice things, because they can go away”…which is just silly.
Yes, I think we are mostly in agreement. I tried `uv` several times and never wanted to add it as a dependency because I wasn't convinced by the QOL. That being said, the biggest concern I always had was just that it was adding another layer of complexity and similar to Conda or pyenv it just wasn't something I was going to like.
I probably did come off a bit 'told you so' but I guess it was more that it felt like this was finally an answer to a question/curiosity I've had about `uv` where I didn't understand the dissonance between how others felt about it and how I did.
I've used mypy forever and never even tried these others. Looking at them though it looks like it's worth trying out Zuban or Pyright? Is there a noticeable benefit when switching between different checkers?
If you care about correctness, unless you pick pyright, don't bother at the moment. If you're creating a new project and looking for a promise for better faster typing, then pick one of Zuban, Pyrefly, or ty.
It is very disappointing that these new type checkers don't support plug-ins, so things like django-stubs aren't possible. That means you're stuck with whatever is delivered with these new type checkers. It must be really difficult since none of them support plug-ins. Some of these newer type checkers promise support for Django, but you're stuck with what they (will) have on offer. Also, you'll likely want typing for other libs you might use.
I still do this too for tough projects in languages I know. Too many times getting burned thinking 'wow it one shot that!' only to end up debugging later.
I let agents run wild on frontend JS because I don't know it well and trust them (and an output I can look at).
IMO, the front end results are REALLY hit and miss... I mostly use it to scaffold if I don't really care because the full UI is just there to test a component, or I do a fair amount of the work mixed. I wish it was better at working with some of the UI component libraries with mixed environments. Describing complex UX and having it work right are really not there yet.
Yes, I think what I left off my sentence was that I trust AI on frontend more than myself. Backend and data processing where I know more, I can't handle it's constant hallucinations. I also feel like hallucinations in data pipelines are way more problematic for me. They take a long time to "fix" and can be quite easy to miss, imagine a mean of a mean or something that is 'mostly' right (thus harder to catch) but factually incorrect.
https://appgoblin.info/apps/493145008/sdks
I see normal development and tracking SDKs. If anyone sees something interesting let me know.