I work in Java, Golang, Python, with Helm, CircleCI, bash scripts, Makefiles, Terraform, and Terragrunt for testing and deployment. There are other teams handling the C++ and SQL (plus whatever dark magic QA uses).

Why should we keep leap seconds? Let noon drift by 1 minute per century (or whatever).

It looks like it targets JavaScript, the language that least needs it. What is the job security advantage of this tool over a minifier?

• Encrypt the data at rest
• Encrypt the data in transit

Did you remember to plan for a zero downtime encryption key rotation?

• No shared accounts at any level of access

Did you know when account passwords expire? Have you thought about password rotation?

• Full logging of access and activity.

That sounds like a good practice until you have 20 (or even 2000) backend server requests per end user operation.

All of those are taken from my experience.

Security is like an invasive medical procedure: it is very painful in the short term but prevents dire complications in the long term.

Not at all in my org, as far as I know. We are a team of senior engineers somewhat set in our ways and I am not sure how good Copilot plugin for Emacs is.

We are part of a large company and we had a mandate from up top to come up with ways to incorporate AI into our product. We prototyped a few, but could never get it batter than "almost good enough to be useful". Other teams have presented promising prototypes of inhouse AI assistants that we can incorporate into products.

My team pivoted to the inverse: seeing if we can make our product more useful to ML developers.

I have been an individual contributor at large corporations for more than 10 years. Every time I have had a colleague promoted to manager, they always planned to stay technical and keep coding. Every one of them, without fail, stopped coding because they were too busy.

Thinking back to my managers who left for other roles, only one quit to work in higher management, the rest all went back to working as developers.

I worked at giant, globally distributed companies (15-25k employees), so I imagine that my experience is not typical.

But a floating point issue is the exact type of issue a LLM would make (it does not understand what a floating point number is and why you should treat them differently). To be fair, a junior developer would make the same type of mistake.

A junior developer is, hopefully, being mentored by more senior coworkers who are extra careful with code reviews and would spot the bug for the dev. Machine generated code needs an even higher level of scrutiny.

It is relatively easy to teach a junior developer to write code that is easy to read and conforms to the teams style guide.

All the time. Causes include:

• Test depends on an external system (database, package manager)
• Race conditions
• Failing the test cleared bad state (test expects test data not to be in the system and clears it when it exits)
• Failing test set up unknown prerequisite (Build 2 tests depends on changes in Build 1 but build system built them out of order)
• External forces messing with the test runner (test machine going to sleep or running out of resources)

We call those "flaky tests" and only fail a build if a given test cannot pass after 2 retries. (We also flag the test runs for manual review)

I also like checked exceptions. I like having a compile time check that I thought through error scenarios.

Is it perfect? No, but it should be iterated upon, not discarded.

FYI, catching and rethrowing as an unchecked exception is a pretty bad anti-patern (and a foul code smell).

They forgot the Erlang approach: throw exceptions but never catch them. If you are throwing an exception either your code is wrong or your system is bad. In either case, you should crash violently and let another instance handle the retry.

I have tried GitHub project boards for hobby repos and was disappointed by how bare bones it was. For example, it did not have support for breaking a story into smaller component stories (like a Jira Epic or task with sub-tasks).

My favorite YOLO-Driven Development practice (from a former employer) was Customers as QA. We would write code, build the code, and ship it to the customer, then the customer would run the code, file bugs for what broke, and we would have a new build ready next week.

It provides many benefits:

• No need to hire QA engineers.
• Focuses developer debugging time on features actually used by customers instead of corner cases that no customer is hitting.
• Developers deliver features faster instead of wasting time writing automated tests.
• Builds are faster because "test" stages are no-op.

One time a developer was caught writing automated tests (was not sure in the correctness of his code, a sign of a poor developer). Our manager took 15 minutes out of his busy day to yell at him about wasting company resources and putting release timelines in jeopardy.