This right on the heels of the GitLab 17.11 release announcement [0] which mentioned that they added OpenVSX support to their Web IDE. One of the biggest blockers for my team to use the Web IDE/GitLab's equivalent of "Codespaces" was the lack of extensions support.
As developers, we're spoiled for widespread (e.g.) vim keybindings support in just about any IDE via extensions. When unable to use it in something like Web IDE, it is very frustrating and makes it less useful as a product.
If I didn't hate GitLab's gitlab-org/gitlab issue tracker so much I'd go look to see if them offering OpenVSX registry was on the roadmap, because then an organization could mirror the .vsix into their GitLab instance and not suffer outages (in addition to the supply chain safety aspects)
Also, I wonder how hard it would be to teach VSCodium/Theia to pull extensions from OCI because it seems to work great as a distribution mechanism for Homebrew and allows shipping a .vsix from your own GitHub/GitLab account, since both of those offer no-cost OCI image registries scoped to the project
A Fire Department that I volunteered with in Rockville, MD was scammed out of a three-quarter-mil. vendor payment for a state-of-the-art Rescue Squad/Ambulance because of a hijacked email chain. I wonder if it was this crew.
So there's someone back and forth in an email chain with someone from Big Ambulance Inc negotiating price and agree to proceed with sale and then what?
When I was in IT our company would get emails from slight mis-spellings of our domain name claiming to be our CEO, CFO. Our vendors would also routinely get hacked and the hackers would send emails from the vendor's legit email clients/network requesting we change how we paid them.
This sounds like what happens with Hotels.com where the hotel you just booked with said there was an issue with the payment that was submitted, and you must pay with this alternate payment method instead -- it turns out the hotel's account had been compromised and the thief/scumbag/scammer does this to all the hotel's bookings. The one we got a message from, apparently the respective hotel keeps having this happen over and over. My guess is the outdated computer they use has a keylogger or trojan on it and their accounts will just be forever compromised. Fun times.
I did some contract work for a major hotel chain a few years ago (Windows 2012 server upgrades) and was horrified by their utter lack of security everywhere. Everything was out of date, no patching, super simple admin passwords everywhere. It was crazy. They did have corporate level IT, but from what I remember, it wasn't for any infra, just their hotel related software.
Don't connect to hotel wifi, or if you do, don't do anything important on it.
~10 years ago, the big hotel brands (IHG/Hilton/Marriott/Hyatt) required their franchisees to install professional networking equipment from vendors like Cisco Meraki or Aruba, to be managed externally by one of the brand's approved network managers (e.g. WorldVue).
Reminds me some years ago at a company retreat at one of those brands, where we wanted to checks the OpSec of the hotel we were staying at, so I went up to the hotel lobby desk, said I was $NAME_OF_CEO and I had lost my hotel room key and my wallet is in the room, and they straight up gave a new card to me, without any sort of verification at all.
I had the same experience as the other person that replied to you. At the front desk - "Hi, I'm here to do some IT work, is manager around?" "Oh the server room is around the corner, it's unlocked." Didn't need the root esxi password because the IP and password were stuck to the sever with a sticky note.
In my friend’s case, they monitored a compromised email account for months.
They then set up filters to hide a certain large incoming invoice via filters, and replaced it with the same thing but with a different routing number for the transaction.
A month later that vendor starts sending dunning notices, to everyone’s confusion. $90k gone.
And then somebody sends you an invoice, they aren’t who you think they are, and you wire their bank account to pay the invoice. They remove the money from their account, hide its origins through various laundering methods, and move on.
This is a very common event. Anglo American sent $17M to an email scammer years ago but it happens constantly in America too. We had to build a ton of detectors to eliminate this type of fraud for our customers at OpenEnvoy. Bank details, email metadata, character/symbol swap verification. All sorts of things to just keep this one very common thing from happening.
I tried to recreate the Xbox "Achievement Unlocked" snackbar notification, including the animated text (text slides in and notification expands to contain, then the reverse happens). The model produced a decent-looking notification layout but was unable to grasp the concept of the notif. container expanding/contracting as the text slid in/out. I am not a frontend developer, so perhaps what I was asking it for is not possible, but it seemed to me like it shouldn't have been that difficult to do.
One other unusual (but slightly entertaining) thing the model did was it used a different image for the notification "icon" every go-round. I have absolutely zero idea where it was getting the little icons (hallucinating?? maybe making a HTTP request??) but it was really interesting to see.
A neat tool, I will send it to my frontend guy at work and see what he thinks.
I'd say this highly depends on the fastidiousness of the ticket taker and the rules of the venue. I purchased Major League Baseball tix recently through my employer which uses a 3rd-party seller site that has restrictions like this (a moving graphic behind the barcode with the admonishment not to take a screenshot because it won't work).
I was unable to attend the event that night so I sent my wife a screenshot of the ticket. Two tickets, in fact. They were taken with zero issue.
Another big benefit of Atmosphere is that its audio can play while other apps are also playing audio, such as a music or video player. This opens up even more avenues for custom mixes for when your brain needs exactly the right ambient sound combo to fall asleep.
I did. The only time I end up there anymore is when the occasional post gets posted here or one turns up in my search results. Usually loaded up in my mobile browser, with super tiny text and ads blocked.
The funny thing is, before the brouhaha I wasn't even using a third party app to access the site or any 3rd-party platform (that I'm aware of) that used the API. I was using the native vanilla app and I found it just fine.
But, as a developer I could not in good conscience continue voting with my wallet by viewing ads for a company that clearly didn't care to play nice with the developers that were part of making the platform great.
My company just invested in Stack Overflow for Teams and we've found it fairly useful for maintaining a bank of institutional knowledge in the form of Q&A. I have noticed a significant slow down in contributions since the initial corpus of knowledge was added / new tool excitement wore off. But it is still useful reference for occasional lookups and it also excels in documenting very slim edge cases and their solutions in a way that a reference manual wouldn't IMO.
Many on HN (and elsewhere) will lament the fact that there is no way to read about or test-drive your project without signing up (aside from going to GitHub). Many of us guard our emails/logins quite jealously, myself included. Please consider adding some of what you included in the description of this post on your site. Right now, it looks no different to me than a random login form I encountered on the Internet.
That being said, I caved and set up an account with a temp email and the password 'password' (might wanna check on those password security rules) just to play with it so I could give some constructive feedback. Unfortunately, generating a story isn't working (the spinner is spinning infinitely) and I see a few errors and warnings in the Developer Console. I'm not sure what the Short Stories page is supposed to show, either, but it also appears to be malfunctioning.
I don't mean to eviscerate your project - it is always exciting and scary to share something with the world. This needs a little more work before it's ready for show-and-tell, though, IMO. I'm not even sure what I would use this for. Best of luck.
Eviscerate it all you like, thats the point of me doing this so no hard feelings. As for the email bit, all it is used for is to store the email and make it feel safe since google auth seemed like a rather secure option in my limited experience. The short stories and chapter pages are meant to show short stories and chapters generated on the prompt endpoint. I was thinking about adding some help page to describe it in more detail since I know its much easier for me to know what does what as I have all the context for the project in my head
I think even just some screenshots and a blurb about what it is would be helpful on the home page. Your logged out UI should operate as the pitch for the product normally.
Like jamisonbryant said, people want some assurance about what they’re getting in exchange for their personal info and a direct line to their email.
Either-or of course, but a HN post is pretty short lived. You’ll get lots of mileage out of a good demo/pitch on your app’s page from people just coming across it.
Took a quick peek at your repo’s README, under features you have “Next.js”, cutting your teeth on some marketing is worth it! Think about what makes you want to use a tool, It’s probably not the framework it was built with.
Yeah I'm definitely trying to take advantage of that and adding it to my resume, since I obviously wont make something perfect, hell probably not even great, on my first go, but it was a learning experience and a way to make myself more appealing for future employers
You can be less formal if you want here! :) it’s not a job interview, we’re all excited you’re making something!
The bent for this space tends to be towards start ups, so expect some advice towards how to market/best feature something you made, vs what would look best on a resume.
Makes sense lol, it's all great advice so far though so I'm pretty happy with the responses and everything. Plus there were some things I hadn't thought much of, like trying to reassure users that I'm not doing anything nefarious with their email when they log in with google.
But that's what the nefarious people would also say...
It should be possible to show the editor without the login-wall, but with the text input being disabled and be replaced by a pre-defined input like "Write me a story about bunny rabbits" (I don't know what your app is supposed to do so this is my understanding after reading the scant descriptions), and tell the user to hit "Generate story!" - but when they click it, the mock-up won't be talking to ChatGPT, instead it will just get a response (or one of several bunny rabbit stories) you've stored as text.
That way you don't need a login-wall, and no one will abuse the project and eat up your ChatGPT tokens (is that the reason for needing a login?).
One of the reasons is that yes, although not the main reason. It was just easier to add a login so I can more easily save the stories they create and show those same stories to the user when they want to
With all due respect (big GitLab fan here) there are at least two features that are missing that for me makes this product unusable:
1. Inability to switch branches in the editor [0]
2. Full project search "to be enabled at a later date"
So I can't switch branches off of the default branch and I can't search the entire project. To me, this undermines your claim that the new web IDE "will provide users access to more features" and in fact I don't find it useful for hardly anything in its current state.
I get that it's a beta, but it seems a very incomplete one, at best.
A link to the Epic for full project search[0] was shared in an earlier comment[1] by Eric, the Product Manager who is leading this effort. You can follow along there to track our progress.
In the meantime, you can disable the beta and continue to use the old Web IDE until all of the features you require are available[2].
As a work-around, if you know the name of the existing branch you want to switch to, you can change the URL in your browser's location bar for the IDE. Here's the URL format:
This will re-load the IDE on the different branch.
You can also switch branches in the GitLab UI's Files view, before launching the Web IDE with the "Web IDE" button (or the `.` shortcut).
Also pressing "Web IDE" from an MR in GitLab will open that MR's branch in the Web IDE.
So it depends upon your workflow currently, but I agree it will be nice to be able to swap within the IDE itself later (also when the GitLab Flow extension is added).
The built-in git support in Code is already an improvement over the old Web IDE's Stage/Commit workflow, IMHO, and after the first load, the new Web IDE also loads faster than the old one, for me at least.
I do some IaC at work... I'm not an expert, I'm just a user of it.
At first I thought Terraform was the only way to do it, but now that I've used some CFT in AWS, I think they both have their strengths. They don't really overlap each other perfectly. Maybe like 90% overlap but the good stuff is on the periphery. Azure Resource Templates are not bad. Google Cloud Platform seems to be a Terraform shop. So is OpenStack. They all kind of bleed together.
We want to use the kubernetes control plane for a lot of stuff in the near future. If I had time to learn some golang, I think I could break free of writing IaC stuff, and start working on provisioner code that automates IaC.
As developers, we're spoiled for widespread (e.g.) vim keybindings support in just about any IDE via extensions. When unable to use it in something like Web IDE, it is very frustrating and makes it less useful as a product.
[0]: https://about.gitlab.com/releases/2025/04/17/gitlab-17-11-re...