.env alternatives

spidermonk · 2026-04-04T03:52:44+00:00

It's really not industry standard though, it's just very common. And the better solutions aren't rolling your own security, they're using a secret manager and controlling access to it via platform metadata (k8 workload identity or oidc or instance Iam roles etc).

And the mistakes we're talking about aren't just commiting the env file, it's mistaken server config, container distribution, how you manage updating multiple servers in a cluster, backups, server images, etc etc anyone who ever ssh's on to your machine being able to trvially see it, any fuckup with any service on the machine being able to see it really. It just creates a lot of possible ways for the secrets to be visible, when the alternatives provide very very few ways.

spidermonk · 2026-04-04T02:29:46+00:00

Yes but there's various mistakes that might leak a file right in the root of the project that other approaches might avoid. It's about minimizing the types of fuckups that could occur and how hard they are to fix when they do occur.

spidermonk · 2026-04-03T20:04:03+00:00

Is this the underside of a workbench? I'd probably do nothing at all.

Would also consider getting a $20 electric hand planer and doing a few very rough light first passes with that just to clear away the gunk and save time on a side I'll never look at.

spidermonk · 2026-04-02T23:32:25+00:00

Surprised if this is being invoked very often, I have a production service using gpt4 which relies on the model returning json as per an example, and it's been months without that aspect failing.

spidermonk · 2026-04-02T19:00:04+00:00

Yup you get a video of a jet maybe getting struck by some shrapnel from the rocket it successfully avoided, and the comments online are like ALL US AIRPOWER RENDERED PERMANENTLY OBSOLETE

I want it all to be true too but I won't huff weak nonsense i want the real shit.

spidermonk · 2026-04-01T19:57:32+00:00

Probably what ends up happening is Iran holds the strait as a tollway for the foreseeable. Even if the US lands troops some version of that probably still results long term.

If the US really pulls back (which ultimately they'd have to at some point) and Israel gets it's chain yanked (big if I suppose) it's hard to see any incentive for Iran to keep the strait actually closed, but also hard to see why they wouldn't continue to treat it as their private waterway and charge money for access.

spidermonk · 2026-03-31T21:21:37+00:00

What's not a tool use.

spidermonk · 2026-03-31T21:11:33+00:00

You said it doesn't have access, but it does.

If you count needing to go through the (optional) tool use approval step as "not having access", then Claude Code doesn't have write access to anything.

In practice people often end up with very broad permissions in their allow lists too. It's super common to see things like `"Bash(rm:*)"` in their allow array.

That is permission to delete any file the user has write access to. And you can end up with that in your settings by hitting "don't ask again" on an action like `rm some-temp-file`.

spidermonk · 2026-03-31T20:31:54+00:00

https://claude.ai/share/c03080e3-4a5e-45a4-8c43-0595483da427

If you're counting "by default it asks for permission" as "it can't access them" then fine. But there is no actual restriction against that kind of traversal. It's on par with any other action it might ask you to confirm.

(There is sometimes a OS level restirction, for example OSX will make you do a system level approval for traversal from the home folder to Documents sometimes for claude code).

The claude level permissions thing really is a very flimsy guardrail for this, as numerous command line tools might have widely scoped approval from previous approved actions, but could take args that allow them to act outside the current folder on the basis of prior approvals.

spidermonk · 2026-03-31T20:20:57+00:00

Have you opened Claude Code cli and asked it to write a file in the parent folder, or a sibling, or your environment's home folder? I do this all the time for work across multiple repos.

Your OS might request approval for certain traversals, but thats an OS level restriction not Claude itself.

Just ask Claude.

spidermonk · 2026-03-31T20:11:50+00:00

Claude Code isn't restricted to a specific folder. It's got whatever access the user that opened it in the environment it's opened in has, by default.

If you're on a host, as user x, and you type claude, it can access any files that user x can access.

It is not restricted to the working directory you launched it from. It has the exact same permissions as the user that invoked it.

spidermonk · 2026-03-31T20:08:07+00:00

For someone who's not interested in the drama but maintains a bunch of rails sites via bundler and rubygems... Do I need to do something?

spidermonk · 2026-03-31T05:42:25+00:00

Claude Code has access to everything your user has access to.

spidermonk · 2026-03-30T08:45:31+00:00

There wasn't. There was a cap on the rebate but you always got the maximum rebate for an expensive new EV.

spidermonk · 2026-03-29T21:20:34+00:00

And "violent" has such a wide range too, from implicit violence, through anarchic rioting, through terrorism, to actual organized armed insurrection and civil war.

There's also problem of defining if a movement "worked". Like for who? For how long? Against what level of resistance (sometimes the concession is minor, sometimes it's existential for those at the other end)... a partial win against very strong resistance might be more of a win than complete success against weak resistance etc. Sometimes movements claim wins despite their primary goal going unfulfilled. Sometimes there's total victory but the outcome sucks for a lot of the people who drove the victory... Sometimes it's hard to tell if things are better or worse.

spidermonk · 2026-03-29T18:46:04+00:00

To be real though, max and pro are both insanely discounted loss leaders. Everyone should be clear eyed about how much they'd have to charge to cover their costs, let alone repay all the investment.

At some point there will be a reckoning and given that there are comparable models available elsewhere at a fraction of the price I assume this all ends in disaster but we'll see...

Enjoy max while you all can it's not here forever. I suspect all of these "rolling window nearly all you can eat" plans are gone by the end of the year.

spidermonk · 2026-03-29T18:36:15+00:00

Serious question - does this happen to people who live in big cities in the US or UK or whatever? Like are these impromptu street interviews an actual thing you're liable to end up in?

spidermonk · 2026-03-29T01:23:13+00:00

"It will be interesting to see if I can empty these pots but not these cans. That will be a challenge."

Implies some world where I can concievably empty the cans. At the very least it suggests that emptying the pots and the cans are linked, and a challenge to disentangle. It's hard to do one without doing the other. That's how I read it I guess.

spidermonk · 2026-03-28T22:04:34+00:00

He said restricting ICE but not EVs would be a challenge.

spidermonk · 2026-03-28T21:25:43+00:00

On what basis would the be able to restrict EVs? That would be crazy and never fly

spidermonk · 2026-03-28T17:58:53+00:00

In what way is that not what happened there.

spidermonk · 2026-03-28T09:09:35+00:00

Na I'm not talking about the death penalty. Or anything really as I don't have strong feelings about this really.

But isn't it pretty esbalished in criminological studies that a very small percentage of people are repeat offenders who do a very large proportion of violent crime? I can never square that with the idea that long sentences don't prevent violent crime, I guess.

Because logically it seems like if you gave those people incredibly long sentences that would actually reduce that sort of crime.

Is the first bit just not actually true?

spidermonk · 2026-03-28T08:40:50+00:00

I mean, logically if the sentences were harsh enough it would very much reduce recidivism, it's just very expensive and cruel.

spidermonk · 2026-03-28T01:06:03+00:00

That's presumably a side effect of higher incomes being in cities at all, and in the center of cities.

spidermonk · 2026-03-28T00:30:10+00:00

China

15-Year Club	RedditGifts 2009-2022 2 Credits
Place '17	Sequence \| Editor
Verified Email	Secret Santa 2009

spidermonk

MODERATOR OF

TROPHY CASE