The last several years have been monotonically busier for me, year over year, and I've been a principal contributor in this game for many years. Sure, I can push out 1000 PRs a year by riding 4 concurrent agent hoards, but at some point our heads will simply explode. There's a human limit here, at some point.
I got a new boiler installed recently. $20K. I looked up the _retail_ price for the components/fittings/consumables, ~$6K. Even with overhead, that plumber made a good take for 2 days work. I'm only half kidding when I suggest the kids of today should be destined for the trades.
I hate predictions, but when the dust settles, Copilot will take the lead. They are deep in the enterprise ecosystem, and they practically give it for free.
I don't think everyone will easily make the jump to coding at warp speed. Pushing 6 agentic sessions at once, while seeing a half dozen new features/fixes out to prod is more mental gymnastics. If you're the "add a button to a form" enterprise developer, this is going to feel like a dramatic shift in how you're used to working.
This is part of why we help defend Israel, to constrain wars to conventional means.
In the first Gulf War, we placed the Patriot batteries around Israel, as they said that if an Iraqi biological or chemical SCUD attack hit Tel Aviv, they would vitrify Baghdad.
Having nukes doesn't prevent _anyone_ from attacking you, but it does constrain those attacks to conventional means. And what if you pulled off a decapitation attack against Tel Aviv? Well their fleet of nuclear capable subs would make you pay.
> could the military use Anthropic’s Claude AI system to help shoot it down?
What a joke. I suggest folks read up on the very poor performance of US ICBM interceptor systems. They're barely a coin flip, in ideal conditions. How is Claude going to help with that? Push the launch interceptor button faster? Maybe Claude can help design a better system, but it's not turning our existing poor systems into super capable systems by simply adding AI.
In the age of Claude Code et al, my honest biggest bottleneck is GH downtime.
I've got a dozen PRs I'm working on, but it's all frozen up, daily, with GH outages.
Are the other providers offering much better uptime GitLab, CircleCI, Harness?
Saying this as someone that's been GH exclusive sicne 2010.
K8s absolutely reduced labor. I used to have a sysadmin who ensured all our AMI images were up to date and maintained, and who maintained a mountain of bespoke bash scripts to handle startup, teardown, and upgrade of our backeneds.
Enter K8s in 2017 and life became MUCH easier. I literally have clusters that have been running since then, with the underlying nodes patched and replaced automatically by the cloud vendor. Deployments also "JustWork", are no downtime, and nearly instant. How many sysadmins are needed (on my side) to achieve all of this, zero. Maybe you're thinking of more complex stateful cases like running DBs on K8s, but for the typical app server workload, it's a major win.
Fair point, but I think you’ve actually illustrated my argument perfectly: you didn’t eliminate the need for specialists, you outsourced them to your cloud vendor.
Those underlying nodes being “patched and replaced automatically” by AWS/GCP/Azure? That’s their SRE teams doing exactly the work your sysadmin used to do, just at massive scale. The control plane managing your deployments? Cloud vendor specialists built and maintain that.
And I’d wager you’ve still got people on staff doing operational work, they just don’t have “sysadmin” in their title anymore. Someone’s managing your K8s manifests, debugging why pods won’t schedule, fixing networking issues when services can’t communicate, handling secrets management, setting up monitoring and alerting. That work didn’t vanish, it just got rebranded. The “DevOps engineer” or “platform engineer” or “SRE” doing that is performing sysadmin work under a different job title.
Managed K8s can absolutely reduce operational overhead compared to hand-rolling everything. But that’s not democratisation, that’s a combination of outsourcing and rebranding. The expertise is still required, you’ve just shifted who pays for it and what you call the people doing it.
That one stumped me. Why not just encrypt with a hardcoded public key, then only the attacker can get the creds.
The simple B64 encoding didn't hide these creds from anyone, so every vendor out there's security team can collect them (e.g. thinking big clouds, GitHub, etc) and disable them.
If you did a simple encryption pass, no one but you would know what was stolen, or could abuse/sell it. My best guess is that calling node encryption libs might trigger code scanners, or EDRs, or maybe they just didn't care.
They surely seemed to be smart enough to choose encryption over encoding.
Hard to believe encryption would be the one thing that would trigger code scanners.
Also it’s not just every vendor, also every bad actor could’ve scraped the keys. I wonder if they’ve set up the infrastructure to handle all these thousands of keys…
Like what do you even do with most of it on scale?
Can you turn Cloud, AWS , AI api keys to money on a black market?
reply