Ben Matthews

Well area looks empty, but recently painted. English wikipedia says no passengers since 2024. French wikipedia says they are, but french influence driven out by russian-backed military coup. 36 hours by train to the coast at Abidjan. Any locals here to tell us ?

Nice architecture, but are there still any passenger trains ?

Indeed it seems Trump picked up some ideas about “Juche” (national self-reliance?) from his best buddy “rocket-man”.

US has only 4% of the world’s population, there are now plenty of super-rich in China, India, etc. who like to flaunt i-stuff.

Yeah, but you just gave me an idea too, how about AI-directed canines? “apple-intelligence” applied to follow-your-nose. My dog loves to chase small spots of light, which might be a trick to steer them.

And if chinese buy iphones, do they now have to pay 84% tariff? - maybe HQ in europe solves that too?

As a global company, Apple could just re-establish itself in europe, e.g. Ireland, and continue trading with China, they can just put the US on hold for a couple of years.
Meanwhile for those who really addicted to istuff, coyotes can smuggle iphones across the border, so maybe this solves the fentanyl ‘issue’.

In principle I’d like to see specific permissions - so for example playing with gui enhancements should be a lower trust barrier than adjusting and running code, but afaik (correct me if wrong) neither js nor rust have a built-in security architecture that could implement this. Maybe certain types of extensions could just be custom script language without filesystem access, but that’s harder to do.

About source code linking, last time I heard (maybe they fixed it?) it seemed that trick vscode extensions can link to arbitrary (safe-looking) source repos, which didn’t actually produce the extension.

I’m less convinced about slowly accumulating publisher trust, as this could be a barrier to honest new contributors, while big actors with a longterm profit or geopolitical motive could game such a system anyway (as they do for social media).

I do trust the scala tools (build Mill, lang-server Metals, compiler) which adjust my code, having seen them evolve over many years.
and like the separation of functions (lang-server / editor), so we are less dependent on any one big-tech solution. So I suppose a fundamental issue is what to trust less - big corps with a reputation but lock-in power, or an ecosystem of small contributors which might include tricksters. No perfect balance.

It seems so far Zed is cautious, providing api only for specific extensions - i.e. language servers and gui themes.

add a line … right before you run it

I run stuff from the command line using a trusted build tool (Mill, in scala), or via a local server (where js is sandboxed).
But indeed, a tricky language server or AI tool (I don’t use yet) might inject code where I don’t inspect before running it. That’s a risk even with java-based IDEs - java has security permissions, not in js (vscode) or rust (zed), but are they applied…? As for audits, a problem with vscode is the marketplace got too big, so many extensions, many lookalikes, nobody can check them all…

Such tricks were was predictable, as VSCode extensions, letting arbitrary JS run on your system, are an obvious security risk.
Recently I used Zed editor instead, it’s smooth, but this also has extensions, only these are fewer and in rust ( maybe a higher barrier, targeting less users, so far… ). What’s the solution here - is there some intrinsically safer sandboxed system ?