ag / rg don't work well in this particular scenario either. Because files are loaded on-demand, they end up trying to load the entire repo.
dan
joined 3 years ago
It makes sense... There's a LOT of examples of using CLI tools in the training data. At work we're moving away from MCP tools to instead using CLIs for everything.
Claude is very good at figuring out how to work around limitations (which is probably one reason why it's also good at finding security issues).
At work, the monorepo is enormous and files are loaded on-demand as needed. This isn't uncommon with huge repos - Microsoft have VFS for Git (although I hear that's deprecated now), Meta have EdenFS, and Google has some proprietary solution.
We have a hook that blocks find and grep because they can be extremely slow, and tells it to instead use some significantly faster MCP tools to search the codebase, powered by a search index with local changes overlaid.
GPT-5.5 has no problem with this. Claude Opus mostly does it, but sometimes it loves to find workarounds rather than following the instructions. Things like: Try alternative commands like egrep. Create a symlink to grep and run that to see if it bypasses the filtering. Run it with a different shell like zsh. Write a Python script that execs grep. Write a Python script to reimplement grep.
I'm trying Hermes Agent at home, but I have it in its own VM with restricted permissions.
Claude is very good at figuring out how to work around limitations (which is probably one reason why it's also good at finding security issues).
At work, the monorepo is enormous and files are loaded on-demand as needed. This isn't uncommon with huge repos - Microsoft have VFS for Git (although I hear that's deprecated now), Meta have EdenFS, and Google has some proprietary solution.
We have a hook that blocks find and grep because they can be extremely slow, and tells it to instead use some significantly faster MCP tools to search the codebase, powered by a search index with local changes overlaid.
GPT-5.5 has no problem with this. Claude Opus mostly does it, but sometimes it loves to find workarounds rather than following the instructions. Things like: Try alternative commands like egrep. Create a symlink to grep and run that to see if it bypasses the filtering. Run it with a different shell like zsh. Write a Python script that execs grep. Write a Python script to reimplement grep.
I'm trying Hermes Agent at home, but I have it in its own VM with restricted permissions.
Interesting... The file sharing is extremely quick for me at home.
I haven't figured out how to get it working at work though (between my work phone and my work PC, both on the same network). Might not be possible with their firewalls.
Have you tried KDE Connect? It's cross platform and works on Linux, Windows, MacOS, Android, and iOS. It's what I use for sharing files from my phone to my computer and vice versa. It supports a lot more than just file sharing though.
Open source is great, but these platforms prove that it is not the only acceptable solution.
Signal is open source, including all their client apps as well as their server. Proton's client apps are open source too (but not their server).
The brothers have different surnames due to an error made by their parents when registering Lin’s birth certificate
I wonder how long it took them to discover the error... And how long it took them to decide to just live with it instead of fixing it. Interesting.
They're based in the EU though, so we'll see how long that stays true.
Chat Control didn't pass, but we'll see what happens with Chat Control 2.0 given most member states are in favor of it.
Also, they don't currently support E2E encryption, so I'm not sure how focused on privacy they actually are. That should have been a blocker for launch if so.
What's the advantages of Osmium? In general I don't think it's a good idea to move from one closed-source system (Discord) to another (Osmium) since they'll eventually enshittify it too.
Since you're already using one Fediverse platform (Lemmy), have you considered using Matrix?
I never said anything about using the VPN as an ACL. All I said was to only expose the service over the VPN. That doesn't necessarily mean that the app doesn't have authentication or authorization.
I'm also only talking about residential use cases, where it's a common practice (when not using a VPN) to just expose everything via port forwarding. Businesses aren't setting up Jellyfin on their servers.
true, fun fact a VPN is also an application with an auth layer. dun dun dun!
Sure, but someone would have to first get on the VPN, and then find vulnerable apps once on the internal network, as opposed to just scanning the internet for public-facing vulnerable systems. Wireguard (and thus Tailscale) doesn't respond to port scans at all - it only responds to packets that are signed with a known key.
Admittedly, networking and network security isn't my specialty so I'm absolutely sure you've got more knowledge in this area.
Unfortunately the search tooling is specific to our internal systems. It's essentially just a cronjob that periodically indexes the entire repo and a backend service to do the search.