Olivia
Online
Jeremy π π³π±
@plotsklapps
I'm a Flutter & Dart enthusiast. No RGB keyboards or 42inch widescreens. Just me and my laptop at the dinner table (usually with a great whisky).
Alkmaar, Nederland
Joined April 2021
792 Following
1.2K Followers
3.6K Posts
Just did the refactor for signals 7.1.0. I'm so hoping I did this correctly π
Who to follow
Renan π
@reNotANumber
π§π·π΅πΉ Engineer β’ I like user interfaces, cinematography, pineapple pizza and math β’ @BluefireOSS β’ Google Developer Expert for Dart & Flutter
Gordon Hayes 
@gordonphayes
Head of Developer Relations @rive_app Β· Creator of Fun with Flutter Β· https://t.co/sE4nCAdtNY
Danielle Cox, The Flutterfly! π
@imafiguresk8r
@Flutterdev advocate and developer. #flutterista #flutterfly I am not associated with Google. Photographer. Learning Turkish.
@SEGVeenstra Is this the package you were working on? I'd love to try it, my appstore images are sooo random π₯²
LOL, one single refactor absolutely depleted my free tokens for Antigravity IDE π
Back to using my own API key in Android Studio π
@ASalvadorini @antigravity I like the IDE π still using Android Studio more, but keep coming back to see what Google has been cooking with Antigravity.
I particularly dislike the chat coding apps, I don't see myself ever getting used to them.
GYMPLY going strong on Google Play, about 10 downloads a day π Using it on a daily basis, still loving what I've cooked up π
Nostr feed only has me and a few users, that needs to pick up traction though, it's lonely π
https://t.co/Ncj6YlAk7r
Went on an 8hr ride with colleagues. Body still hurts, but it was sooo good. The Netherlands might be flat, but it's still pretty π
@RydMike Me going through flex_color_scheme docs
Must read. Please protect your keys and at least set a spending cap, now possible via Google AI Studio!
Thanks for the write-up @ulusoyapps π Hope they rip up the bill soon.
The GCP project of my @FlutterDev @Firebase app got suspended this weekend for abuse, after a single day of β¬3,167 in unauthorized Gemini API charges. The root cause turned out to be a #Firebase Hosting default that is hard to know about. Worth sharing what I learned.
I thought the Firebase and Google Cloud project was clean and safe. Client uses Firebase AI Logic (proxy, no on-device Gemini key) with App Check via Play Integrity / App Attest.
The suspension email said "key published on public sources." But: my GitHub repo is private and was never public. flutter build web was never run for this project. Where was the leak surface?
Google AI Studio showed three Gemini-callable keys. Two tight (server-side). One was a "Browser key (auto created by Firebase)" β Unrestricted, since Nov 2024. That was the web app in my generated firebase_options.dart, from when I configured Flutter web at project init.
Here's the part I didn't know about: Firebase Hosting auto-serves your web SDK config at a reserved URL β https://<project>.web.app/__/firebase/init.json β as plain JSON, unauthenticated, to anyone. It includes apiKey, appId, projectId, authDomain.
This endpoint is active whenever you have (a) a registered web app in Firebase Console + (b) any Hosting deploy. Contents of the deployed site are irrelevant. Mine was a simple CSS landing page that doesn't reference Firebase JS SDK at all. Endpoint leaked the key anyway.
Bots scrape *.web.app/__/firebase/init.json because the pattern is universal across every Firebase project. Mine got picked up, the key was Unrestricted (= usable for any enabled API), and someone burned β¬3K of Gemini inference in a few hours.
Project reinstated after appeal; outstanding balance still in review.
Lessons I missed:
- Auto-generated browser keys are Unrestricted by default (at least the time project was created). Always add HTTP referrer + API restrictions at creation.
- Don't register a web app unless you use the JS SDK.
- Set a Gemini spend cap + budget alert. β¬100/day cap. You can easily do this in Google AI Studio
What I would ask the Firebase team:
β Browser keys should default to restricted (HTTP referrer to project domains, API restriction to Firebase services) -> not sure this has changed after the date I created the project.
β Reserved __/firebase/init.json should be opt-in. Static websites hosted with Firebase Web hosting do not need the API key info.
β Firebase Console should warn when a key has been Unrestricted for >N days. Google AI Studio warns when you visit API keys page, but it should be visible on homepage.
β Default-on spend caps for Generative Language API.
TLDR; "Private repo" is not a meaningful security boundary when the key has another publicly-reachable surface. Audit not just your code, but every endpoint your project ID exposes including the ones the platform creates for you without telling you. Always manually verify API restrictions.
@HarveyAptx Hehe, it's in Dutch, just saying it works fine and that they're happy with the privacy part π
My very first review on Google Play π
https://t.co/ZBs6LEYv7I
@SEGVeenstra Was it read/write media? I even had to update some internal test track from last year to get approved π Had to remove it from manifest.
Apparently shared my google console link, but who cares, I'm happy π
With Geminiβs help, https://t.co/Ncj6YlAk7r now offers oneβtime and subscription donations.
Supporters can change the app icon as a small gesture of appreciation. Anything else I should definitely add for supporters?
@biz84 Still on Android Studio, with Gemini API key. Been trying out Antigravity as well, but it has not won me over (yet).
FUN! GYMPLY supporters now get to choose their appicon. A work in progress, but it works on my emulator π
@SEGVeenstra π LOL
Congrats on the decision, it looks like a wise one.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers