Could you avoid eval by having a CSP mode that forces reactive expressions to only allow functions users have registered with datastar in a lookup table?
You think the difficult part is merging observations with the last forecast? I guess it's a very underdetermined problem, but isn't the loss function (compare the forecast grid with later observations) the same whether you're doing grid_t0 -> grid_t1 or (observations, grid_t0) -> grid'_t0 -> grid_t1? I don't know enough about ML to know how much complexity the extra step adds, but doesn't seem like a massive difference.
Observation assimilation is a huge field in and of itself. Observables have biases that have to be included in assimilation, they also have finite resolution and so observation operators need to be taken into account.
If the FFI is also capability gated why can't the language do it?
Edit: Pony seems to rely on restricting FFI privileges at the package level https://tutorial.ponylang.io/object-capabilities/trust-bound.... Suppose it could have been function by function ("unsafe") but this sounds fine. Not sure what else I could have meant by a capability gated FFI.
This is only true if use a Docker based workflow using `FROM nixos/nix`.
This image exists mainly as a way for people to try out Nix with, not to build production images on top of.
We ship many things which bloat the image size but makes it nicer for interactive usage.
Using dockerTools from nixpkgs is much better and gives you much smaller images closer to Alpine size.
I might have confused download volume with image size but the tar.gz for dockerTools.buildLayeredImage with just node and mariadb in the contents is still 220MB (just checked)
Edit: with nothing in the contents it's 144M, which is getting reasonable but still nearly 30x alpine base
For those looking for a more up to date alternative, with a non-hardcoded DB file path, try https://github.com/greenbender/sqlfs (not affiliated, just had a look in this area a few weeks ago)
