๏ฃฟ engineer & manager at ///@adidas. Tinkering with many technologies on daily basis. I am a Hiker, Traveler, Coder and Coffee & Beer lover ๐บ | ๐Espaรฑa
@jamonholmgren My pick: .agents/ โ .agents/skills/ โ agents/agent-1.md. Product-specific config can stay under .codex/, .claude/, etc. .ai feels too generic to me.
@flaviocopes Agree. The chaos is ugly, but itโs the cost of shipping at AI speed. Early ecosystem, zero standards, lots of MVPs. Hopefully we converge on something shared soon โ Iโd love to see .agents/ become the standard.
Getting way too comfortable relying on Codex lately.
Letting go feels weirdโbut the results keep getting better the more itโs dialed in, with less back-and-forth.
@ShresthaPrajeet@steipete This tool uses codexโs binary locally to get that information, it does not communicate to codex by itself. Check the code/website privacy note for more info.
Loved organizing our internal #iOS ecosystem meetup at #adidas HQ in #amsterdam . It was exciting to discover new ideas and learn from everyone. Talks were full of each presenterโs personality and area of passion.
Great time at adidas iOS apps ecosystem internal meetup in Amsterdam this week! I presented talks on app architecture, SwiftUI navigation & TCA from @pointfreeco, and domain modeling over three days, along with many others from my colleagues. Kudos to all! #iOS#adidas#amsterdam
Great time at adidas iOS apps ecosystem internal meetup in Amsterdam this week! I presented talks on app architecture, SwiftUI navigation & TCA from @pointfreeco, and domain modeling over three days, along with many others from my colleagues. Kudos to all! #iOS#adidas#amsterdam
@AdamWhitcroft I really like it ๐, the level of details and work is apparent, congrats. I might also steal some ideas and implement them in my own app โบ๏ธ
@Astrodevil_ ๐ Hi @Astrodevil_ i recently released an app i have been working on for a while. It started it to help me take care of my little german shepherd ๐ puppy (now heโs 8years old!), and also as a tribute to a family dog we lost tragically at the age of 7.
https://t.co/qsYYtll4OD
How many of you knew that you could put apps in the finder toolbar? Just hold the command key and drag it on to the toolbar. Works with files and folders as well! ๐คฏ
๐ข๐ช๐๐ฆ๐ฃ ๐ง๐ผ๐ฝ ๐ญ๐ฌ ๐๐ฃ๐ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ฅ๐ถ๐๐ธ๐
Here is the list of the top 10 API security risks in 2023.
๐ญ. ๐๐ฟ๐ผ๐ธ๐ฒ๐ป ๐ข๐ฏ๐ท๐ฒ๐ฐ๐ ๐๐ฒ๐๐ฒ๐น ๐๐๐๐ต๐ผ๐ฟ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป - APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface of Object Level Access Control issues.
๐ฎ. ๐๐ฟ๐ผ๐ธ๐ฒ๐ป ๐๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป - Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or to exploit implementation flaws to assume other user's identities temporarily or permanently.
๐ฏ. ๐๐ฟ๐ผ๐ธ๐ฒ๐ป ๐ข๐ฏ๐ท๐ฒ๐ฐ๐ ๐ฃ๐ฟ๐ผ๐ฝ๐ฒ๐ฟ๐๐ ๐๐ฒ๐๐ฒ๐น ๐๐๐๐ต๐ผ๐ฟ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป - The lack of or improper authorization validation at the object property level.
๐ฐ. ๐จ๐ป๐ฟ๐ฒ๐๐๐ฟ๐ถ๐ฐ๐๐ฒ๐ฑ ๐ฅ๐ฒ๐๐ผ๐๐ฟ๐ฐ๐ฒ ๐๐ผ๐ป๐๐๐บ๐ฝ๐๐ถ๐ผ๐ป - Satisfying API requests requires resources such as network bandwidth, CPU, memory, and storage.
๐ฑ. ๐๐ฟ๐ผ๐ธ๐ฒ๐ป ๐๐๐ป๐ฐ๐๐ถ๐ผ๐ป ๐๐ฒ๐๐ฒ๐น ๐๐๐๐ต๐ผ๐ฟ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป - Complex access control policies with different hierarchies, groups, and roles, and an unclear separation between administrative and regular functions, tend to lead to authorization flaws.
๐ฒ. ๐จ๐ป๐ฟ๐ฒ๐๐๐ฟ๐ถ๐ฐ๐๐ฒ๐ฑ ๐๐ฐ๐ฐ๐ฒ๐๐ ๐๐ผ ๐ฆ๐ฒ๐ป๐๐ถ๐๐ถ๐๐ฒ ๐๐๐๐ถ๐ป๐ฒ๐๐ ๐๐น๐ผ๐๐ - APIs vulnerable to this risk expose a business flow - such as posting a comment - without compensating for how the functionality could harm the business if used excessively in an automated manner.
๐ณ. ๐ฆ๐ฒ๐ฟ๐๐ฒ๐ฟ ๐ฆ๐ถ๐ฑ๐ฒ ๐ฅ๐ฒ๐พ๐๐ฒ๐๐ ๐๐ผ๐ฟ๐ด๐ฒ๐ฟ๐ - Can occur when an API is fetching a remote resource without validating the user-supplied URI.
๐ด. ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ ๐ถ๐๐ฐ๐ผ๐ป๐ณ๐ถ๐ด๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป - APIs and the systems supporting them typically contain complex configurations, meant to make the APIs more customizable.
๐ต. ๐๐บ๐ฝ๐ฟ๐ผ๐ฝ๐ฒ๐ฟ ๐๐ป๐๐ฒ๐ป๐๐ผ๐ฟ๐ ๐ ๐ฎ๐ป๐ฎ๐ด๐ฒ๐บ๐ฒ๐ป๐ - APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important.
๐ญ๐ฌ. ๐จ๐ป๐๐ฎ๐ณ๐ฒ ๐๐ผ๐ป๐๐๐บ๐ฝ๐๐ถ๐ผ๐ป ๐ผ๐ณ ๐๐ฃ๐๐ - Developers tend to trust data received from third-party APIs more than user input, and so tend to adopt weaker security standards.
Check the details in the comments.
_______
If you like my posts, please follow me, @milan_milanovic, and hit the ๐ on my profile to get a notification for all my new posts.
Grow with me ๐!
#technology #softwareengineering #programming #techworldwithmilan #api
@official_JemAl Yes it is fine if you need persistency.
However it costs to access it, so you would also need memory caching for faster access between the services and the disk.
Steve Jobs, when he formed his first iPhone team of about a dozen people, told them "you are not allowed to hire anyone who has worked on a phone before."
I didn't really grok that until I saw this.
What "rules" are about to be broken due to AI?
All of them.
A NeRF has infinite camera positions, for instance.
What would Orson do with THAT?
I found a great trick for fixing cognitive diversity in my decision-making.
As a people manager, one of your key responsibilities is ensuring that you have succession planning firmly in place.
๐งต