The best way to find out: just start. You’ll improve along the way. Questions like this (and anxiety) are best fixed by action.

When someone says “no one will interview me” this is a pretty unhelpful response.

You literally said they should do something.

I mean, I am. How else would I know nobody wants to interview me? :)

Fair enough :) wasn’t clear to me from your first comment. It’s definitely pretty tough out there right now.

Naively, one could assume that with AI it should be possible to create a long and broad list of test cases…

You’re talking about their intentions. OP is talking about how they don’t test continuously / densely enough for quality. I think both can be true.

Maybe he forgot?

OP is right. Status games take many shapes, distinct castes is one special shape.

Other industries and other countries. Until recently, other industries were struggling very hard to find developers for example.

I really like Notion's UI. I wish they would focus only on that and let me access my Notion DB as .md files with Claude.

Take a look at Outline! I use it almost exactly like a cloud based Obsidian vault. And they have been very responsive for MCP feature requests

I don't think they have added a Obsidian Bases / Notion Database like feature yet, right? Saw some discussion of adding a NocoDB integration, but also didn't see that happen yet.

I know this is probably out of scope, but I'd love it as well if Notion could slowly accrete the features of Airtable... at least expose some form of programmatic access to tables!

Yes, please. Their MCP suuuuuuuucks

How does it suck? I use it almost daily and love their Notion MCP

I was probably a bit harsh.

It works, but models seem to have these insane long traces to do the most basic things. I had to create a couple of skills so they know how to properly use the thing without breaking, so they don't always try to pass the wrong parameters to it.

It also doesn't let us change a couple of things (like icons). Or, if it does, not even Opus 4.6 can figure out how to do it.

Can't limit access easily. You can do per-workspace permissions and that's about it.

It’s a very fine line. How do you check if people adhere to policies and at the same time don’t monitor them permanently?

Endpoint Detection and Response?

Heck, not giving the person Admin privileges would have sufficed to prevent this. Or better hiring preventing people who install Roblox cheats on work devices...

There is no excuse and no fine line here. Even outside them boasting about SOC 2 Type II, this would be embarrassing for an SME not in the tech sector.

OP was talking about the security team. Not sure what you are proposing?

Do you want to let any applicant be screened by the security team?

Any security team that gives unrestricted admin privileges to random employees is not a security team. So doing the most basic parts of their job, that would be my proposal.

If specific to my hiring comment, was meant a bit facetious, though I will point out this line in their "compliance" report by "auditor" Delve:

> The organization carries out background and/or reference checks on all new employees and contractors prior to joining in accordance with relevant laws, regulations and ethics. Management utilizes a pre-hire checklist to ensure the hiring manager has assessed the qualification of candidates to confirm they can perform the necessary job requirements.

Maybe those pre-hire checklists should include a question like "Are you a massive idiot, who'd install a game on their work computer, then on top of that be the type of idiot who likes to cheat, then on top of that be the type of idiot to install cheats on your work computer?", maybe that'd prevent this in the future. Or again, just don't give everyone Admin privileges...

I think one of us misunderstood how the event happened.

In my understanding restricting local admin rights would not have change anything here.

The Vercel employee signed up for Context.ai (a third-party tool) using their work account and granted it "Allow All" access to their environment.

Maybe Admin-Managed Consent would have helped prevent context.ai access the environment but this is not configured locally on the employee's machine.

It is a cloud-level setting managed within their identity provider's administrative portal.

Just an addition to the prior comment: To be as generous as possible, I just pulled their audit report [0] and to answer your question, all I propose is that they stick to this (especially the part on minimum permissions, any extended permissions need to be reasonable and reasoned for, etc), which they did not. The fault lies threefold:

First of all with the team members as Context.ai, that either weren't experienced or did not care enough to know that the "all green" they got from Delve straight away couldn't have been accurate.

Secondly, with the people at Delve who, at least in this isolated case, seem to not have fulfilled their obligations and are suspected to have done so in a consistent, repeated and intentionally malicious manner.

Third, the people who, despite claiming to have done their due diligence, being experienced investors and professionals in the field whose own prior companies also had to undergo audits in the past, looked at Delve and were willing to overlook the misdeeds for financial gain.

[0] https://news.ycombinator.com/item?id=47848077

In those cases you’ve seen firsthand, who is actually using Claude design (or similar tools) to create the good enough design?

The important point is that 2 years ago these AI tools were like 20% percentile for UX designers, today it is as good as a junior or normal UI UX Developer, 2 years from now it will be in 90th percentile, etc

But again: who is actually using/commanding the tool to create the designs?

Someone who is wearing more hats than they used to.

And then in 2 years after what, what will happen?