paid SaaS features appearing in my language's runtime is... odd.
I remember on launch, Deno specifically did not add backwards compatibility for installing Node.js packages from npm, by design. It was supposed to be a "greenfield" approach to serverside javascript/typescript... buuut then they folded and added npm dependency mgmt to their tooling.
Some of the decisions in Deno feel like the "grow and find ways to monetize" strategy of your average vc-funded tech startup, but instead of being a SaaS it's your whole runtime.
Yeah, the loss of Deno's original mission statement was saddening. I was hoping for a scrappy, but minimal and slowly growing runtime. Now that's it's being pumped with VC money, the team is spreading themselves thin between KV, Deno Deploy, Fresh Framework, JSR, and NPM/Node compatibility.
Fair. I think this article was written before they released the open version. Deno KV is still in beta. If you're running it on Deno Deploy then it's a paid service, otherwise you have the option of hosting it wherever you like, and connecting to it is still pretty straight forward (a URL + environment variable).
Outsider perspective; wrapping SQLite to provide a simple k/v JavaScript object persistence that supports all the strangeness of their types feels valuable, no? Irrespective of the economics of Deno itself.
SQLite3 seems like overkill for a K/V store, and in particular it seems like a pessimization for a K/V store.
Besides, if you're going to layer a network service on top of SQLite3 then things like rqlite and similar start to look very good, though, admittedly a K/V store is much simpler.
I never understood this sentiment. Once you get past a dozen or two dozen classes being used all over your codebase, CSS becomes the write-only language to me. I don't know where this class is being used, so I won't edit it. With tailwind, I can see every style and I know exactly where it's going to be applied (to the element it's on). I find it much easier to read.
For sure, but they're talking about CSS modules, where styles are isolated to components at build time.
CSS modules are critical in a large web app for those rare styles you can't accomplish with Tailwind, but for the vast majority of styles I do not want to be hand-writing them. Plus, unless you're extremely strict about using CSS modules, you don't escape the horror of styles being inherited from global classes - on the other hand, a robust library of utility classes like Tailwind makes "inline" styling so easy you're likely to end up with almost no hand-written CSS anywhere.
I tried this output in an HTML file locally and of course, it's barely functional, but even the prompt itself seems so strange.
> Write me a fully complete web app as a single HTML file. The app should contain a simple side-scrolling game where I use WASD to move around. When moving around the world, occasionally the character/sprite will encounter words. When a word is encountered, the player must correctly type the word as fast as possible.The faster the word is successfully typed, the more point the player gets. We should have a counter in the top-right to keep track of points. Words should be random and highly variable to keep the game interesting.
> You should make the website very aesthetic and use Tailwind.
If I'm using WASD to move around, does that overlap with the act of typing any word that includes w, a, s, or d?
It's also got multiple typos? "the more point the player gets" "possible.The"
And while not a typo, "You should make the website very aesthetic" is funny.
In a sense I think this prompt is a good example of the assumable issues that exist with the doom scenario that company CEOs will be able to simply tell an LLM what they want and the whole program will be generated flawlessly for them. What the "CEO" wants in this scenario likely makes sense in their head but can't actually be built as described.
Though, really, there is no real WASD conflict here. When you hit a word, you'd simply disable WASD controls until the word is typed successfully.
Piping curl into sh is bad enough. Piping curl into sh in your rc file is nightmarish. Even with the "verified" version they seem to provide, I can't think of a benevolent explanation for that.
I am a bit fascinated[1] by the "verified" version, as it fetches from the same URL twice. First I found it inefficient, but since they are doing these request for every zsh startup an extraneous request is probably not seen as a performance problem. Then I realised that the data they verify the hash of is not the same copy of the data that they load: An attacker controlling the server at the curl'ed URL could serve a different file on the second request, which in turn reminded me of a blog post describing how to detect `curl | bash` server side[2][3].
I think the lesson of this small aspect of the "zi" tale is that one should strive to have a single source of truth (a single copy of the data served at the URL), and that in security contexts one needs to be very precise with exactly which guarantees have been established for which data at which point in time: it is surprisingly easy to implicitely add an assumption like "GET requests returning 200 OK behave like pure functions".
[1]: Though this might just be me piling on the mockery of their project, for my own amusement and schadenfreude.
The "verification" downloads the file twice... seems like one could easily make a custom HTTP server to change the second consecutive response to a malicious one.
No, I absolutely do not do this. For one, I don't have any network requests in my vimrc. I also keep my plugins versioned using an external tool that pulls them from a given git hash rather than request them from some other server.
Well then there is Emacs which is like an entire ripscrip BBS in your terminal if you configure it that way. If the Lisp you hand edit to actually make the plugin start up works you may want to also see what it’s doing apparently. Even though that happens sometimes Emacs is very good at what it does.
I don’t use zsh plugin managers myself, but it looks like zinit already had the ability to update itself. Why on earth replace a working solution with a broken one? Unlike zinit, zi won’t be able to load plugins when the computer is offline for no good legitimate reason that I can possibly think of.
It sort of isn't though. You put it there and you don't take it away. You don't put anything else in there to load it. It stops loading entirely if you take out the ethernet cable. That kind of seems like it's loading from the internet every single time. The setup function doesn't add anything to load it without the init script running. That's kind of weird, to me at least.
Oh, I didn't mean to imply it was a good way of doing things, just that the intent was to auto-update. Regardless of how the auto-update works, if a program like this is auto-updating then you're giving arbitrary execution permission to the project.
I think two things can be true about congressional motivation to legislate tiktok
- it's almost entirely fueled (in congress) by economic anxiety and xenophobia towards China
- it's good that this is happening, because it's good to legislate against brainmelting, algorithm-driven platforms
This same legislation being levied against the exact same feature on "american platforms" like YouTube and Instagram might never happen, but I hope it does in the future.
Believe me, I'm not a tankie. I just watched the congressional hearing where a Republican senator repeatedly asked the TikTok CEO, Shou Chew, if he had Chinese citizenship, if he was a member of the CCP, etc. etc. with Shou repeatedly saying that he's not Chinese, he's from Singapore. That's not measured concern about TikTok possibly being an arm of China's surveillance state, that's just being racist. The Republican half of the bipartisan support for legislating TikTok isn't from concern about dopamine-pushing algorithms and misinformation, it's just xenophobia.
Tom Cotton literally has brain damage but there are indeed legitimate concerns about TikTok's relationship with the CCP. It's not racist or xenophobic. You are just stupid and spend too much time on buzzfeed.
It's not xenophobia it's purely about the communist party. They are wagging a cold war against the US with barely any response afraid that it will affect their economy. The concern with tiktok is not privacy it's China's control over a large part of the US population and they've more than proved it this time.
> As a part of that agreement, Bowser now has to send Nintendo 20-30% of any money left over after he pays for necessities such as rent.
> Bowser has now managed to secure housing, and he thinks that after rent, he has a couple of hundred dollars leftover for food and other necessities. He assumes he’ll be turning to food support services.
Nintendo's not being compensated any meaningful amount. This is nothing more than a lifelong public flogging. And for what?
I'm not pretending that Nintendo is the justice system, although I will admit that the US legal system does confuse me!
The point was that if you have deeper pockets than your opponent then you're able to leverage the legal system to make life hard and stressful for them.
Nintendo has deep pockets and the will to go after anyone it considers a threat to its business model.
A lot of this new wave of "privacy focused" "we're not Chrome" browsers are A) just Chrome and B) venture capital funded. They're cool and fun now, but their ultimate goal is to burn VC money in a giant advertising pyre in hopes of pulling enough of the market away from Chrome to justify their existence. They'll either fail and burn out, or succeed and promptly enshittify to be even worse than Chrome. Please just use Firefox.
Regulation is what keeps things fun after commercialization kicks in. You aren't currently being gouged for the price of your internet by the Bell monopoly thanks to antitrust regulation enforced in the eighties!
I remember on launch, Deno specifically did not add backwards compatibility for installing Node.js packages from npm, by design. It was supposed to be a "greenfield" approach to serverside javascript/typescript... buuut then they folded and added npm dependency mgmt to their tooling.
Some of the decisions in Deno feel like the "grow and find ways to monetize" strategy of your average vc-funded tech startup, but instead of being a SaaS it's your whole runtime.