While I agree, I personally always opt out if I'm aware, and hate it when a tool suddenly gets telemetry, I don't think Git is comparable, same with Linux.

Linux and Git are fully open source, and have big companies contribute to it. If a company like Google, Microsoft etc need a feature, they can usually afford to hire someone and develop _and_ maintain this feature.

Something like gh is the opposite. It's maintained by a singular organisation, the team maintaining this has a finite resources. I don't think it's much to ask for understand what features are being used, what errors might come up, etc.

Good news! gh is actually a client of a web API so they can just read their logs to know what's being used!

> Have people lost their spine? seriously, quit your job. this is insane. why are americans putting up with this bullshit?

While I agree with you, sadly not everyone is in a position to just quit so easily, and even if the majority of the company quits, there are always people who are desperate enough to do the work and not complain.

Create a wrapping binary instead

    mkdir -p ~/.local/bin
    printf '#!/usr/bin/env sh\nexec android-cli --no-metrics "$@"' > ~/.local/bin/android-cli
    echo 'PATH="$HOME/.local/bin:$PATH"' >> ~/.zshenv

I'm pretty sure this will just call itself in a loop. You need to use the absolute path to the wrapped binary to distinguish it from the wrapper.

Also it's not a binary :-)

Aah! Yes absolutely right! Using `exec command android-cli` would work I believe

Nope. I have this alias (a default on my distribution) and it's no loop:

    alias ls='ls --color=auto'

Creating an alias is not the same as putting an executable in your $PATH.

That's true. So an alias won't do it if you use that tool from a script or something.

I think it was 15 minutes? Or maybe it was upped to 15 mins? But yes, it was super annoying when part n of something was missing.

> :v

I guess I found the millennial. I haven't seen that in so long!

:<

:')

>_>

\o/

Analog emojis FTW

Neither analog nor emojis. An analog emoji would just be a picture printed on paper.

¬_¬

(╯°□°)╯︵ ┻━┻

¯\_(ツ)_/¯

Obligatory: https://xkcd.com/538/

Leaving aside the fact that this is an ad thinly veiled as an article, OneCli does the same, and recently NanoClaw made OneCli setup their default.

Fair criticism on the framing and it reads more promotional than I intended.

Took a look at OneCLI after your comment. The approaches are different.

OneCLI stores the real key encrypted and decrypts it at request time, injecting it as a header through their gateway. The full key exists in plaintext at the moment of injection.

VaultProof splits the key into cryptographic shares using Shamir Secret Sharing. No complete key exists anywhere at rest. The proxy reconstructs it transiently for the duration of the API call then zeros it immediately.

Different trust models and different threat coverage. OneCLI is a solid approach for agent credential management. The Shamir splitting is specifically for teams where the key existing as plaintext even transiently on a third party server is a concern.

I'm on the max 20 plan, and yes, it's the same for me. The week before last it used to last all week for me, but now it's Wednesday and it's already at 40% usage.

Android kernel has the relevant kernel parameters disabled. It is entirely possible to run containers directly on android, but it requires enabled the relevant parameter (iirc no recompilation need, just a cmdline change). But this of course requires root.

Can they actually realistically do this? Nothing technical can stop a client from masquerading as another, and with the right level of dedication, this wouldn't be very hard to do. And since they're mostly targeting power users, seems like they're barking up the wrong tree. Have I missed something?

Realistically, they can likely prevent the majority of this sort of use. You're right that's it's impossible to prevent 100%, but they can likely stop most of it. Particularly because each user is linked with an account which has an extra high cost to the user if penalized. Abuse prevention is harder when you permit anonymous users. (Like OAI's battle against people turning the free logged out chatgpt.com into an API)