Get real, kepano. You’re overestimating the consciousness of most casual users. Having godmode, RCE-capable plug-ins behind few safety warnings that most people will happily ignore to get shit done is not good engineering. I understand the constraints. In your shoes I would at minimum make a different version of the app in which you could allow these plug-ins and not put them under trivial banners within the canonical version of the app. You say you have banners, but these sit in the natural flow of the user journey, the options are clearly available and these banners are merely to exempt you from any liability, not to protect the users.
Chrome gutted extension capabilities for safety and now it is so useless, politically unwanted extensions have "lite" versions and every big project and their dog ship their own chromium browser.
I use Obsidian because it does not treat me like a child. They can add more nags and banners for normies, but the capabilities should remain.
I have to agree. You can keep pulling that logic back another step (and that seems to have been happening for many steps now) to the point that you no longer have the ability to use the computer.
This can't be dismissed as "slippery slope" logic either. Should elderly people with a bank account be allowed to use a computer? They might read something online and give their savings to a scammer. Frankly, that's a far more convincing argument than the one given here. There's only one solution if your objective function is exclusively to minimize the possibility of a security incident.
Whoa there, am I missing something, why so aggressive and immediately with the ad homs?
I think by that logic dangerously-skip-permissions and openclaw should've never been a thing. I agree that people use them too liberally, but I think at some point you have to find a balance between systemic safety risks and individual freedom.
> Tags and banners do not work. Completely understandable that someone as dismissive and seemingly isolated as you wouldn’t understand that.
One can reduce every tool to a toy and justify it with some hand-wavy security slop, but removing capabilities destroys use cases.
The ability to control your tools is good. You should be able to run anything on your devices. Therefore, those who propose the toyification of tools should carry the burden of justifying the change.
The same infantilization of users currently happens with Signal, where high-level decision makers are asked by strangers to share their deepest secrets. Since these strangers introduce themselves very nicely, users start blurting out their secrets. ... now everyone is pretending this is a Signal problem. It is not. The world is not a kindergarten and people have agency.
A good compromise is to set a safe mode as the default and include an option that lets users confirm they know what they are doing. Obsidian already does this. Given that, I do not understand why anyone would demand to make the entire tool worse.
I wonder: What level of user effort would make you comfortable with users exiting safe modes? Would you want users to be able to run software with full permissions at all?
Web stack plus lack of resources to architect the proper interfaces is my guess. These are software written in high level js frameworks, thus using poor dataflow patterns by default, mostly just following what is actually possible instead of employing intentional design, which would require going down some levels of abstraction and maintaining a custom fork of said frameworks. So they probably just architect plug-ins like you would instantiate a library passing a subset of the context the app uses. Basically the simplest workable thing possible. Although the disclosed hack does not mention any particular “vulnerability”. Plug-ins in obsidian are always in god mode, and the alleged hackers just tricked people in using them. Funny how an RCE waiting to happen behind a few popups is ultimately blamed on users. Shame on the developers.
remapping capslock to esc is something nobody whom i've shamed into doing can go back from. it's just night and day. i've been thinking lately that the reason we need hjkl is vim is because the keyboard layout is actually bad for arrows. on typewriters there was no arrows, but on a computer arrows are of primary importance. i think the spacebar doesn't need to be so big, there's no reason for it to be available to both thumbs, and i think moving the small set of arrows into the left or right part of the spacebar position would be so much better for typing because the hjkl hack only work in hacker editors, but we need to use arrows a lot on normal software and it's super bad for your hand if you use it a lot. i started developing inflamations because of the way i fold my thumb to reach for the arrows without moving my entire hand.
> i think the spacebar doesn't need to be so big, there's no reason for it to be available to both thumbs
This is why I love JIS, even though I don't actually need the Japanese keys. That small spacebar is so much better, and you get three extra keys (Henkan, Muhenkan and Kana) along the bottom row. As an Emacs user, I bind Henkan and Muhenkan to be Control keys. It's very comfortable.
I was just thinking this today tweaking the layout on my lilypad58, a layout I don't love and kept arriving at, "I just want more modifiers". Using JIS is genius.
I have left Control mapped to Meta, {,Mu}Henkan mapped to Control, Kana to right Alt, right Alt to Super, Menu to Compose/Meta (tap/hold) and right Control mapped to Greek.
I use keymapper[0] to do low-level remapping and tap/hold, and a custom XKB layout for the Greek modifier. I highly recommend this setup.
Who the hell let agents directly use a database? Even humans don’t get this privilege. So, of all things, we forgot how to write APIs now? The article suggests creating a role for the agent directly in the database. What is wrong with you people? The very title of the article defeats its own purpose. They are not designed for this so don’t let them be used like this, ffs.
The same applies to the south. It’s shocking to read tales of people spending hundreds of dollars monthly with coding agents, that’s wholly impossible for the vast majority of devs in South America, even 20 dollars is hard to justify for most households. By economic factors alone, I bet there are a lot more people learning the hard skills in places they can’t afford to be dependent on the tools.
I’m also in this camp. There’s nothing better than to be lost in your own flow. However, I find these moments to be richer when someone is silently tinkering besides you, in sort of a passive interaction. Typical people tend to behave awkwardly when there’s no point or reason in talking while in the company of others. This has to be as much as a deficit as the normative definition of social awkwardness. I could never connect with these kind of people, that are always ruining silence for no reason other than trying to escape their own discomfort.
Like others mentioned, letting the agent touch the code makes learning difficult and induces anxiety. By introducing doubt it actually increases the burden of revision, negating the fast apparent progress. The way I found around this is to use LLMs for designing and auditing, not programming per se. Even more so because it’s terrible at keeping the coding style. Call it skill issue, but I’m happier treating it as a lousy assistant rather than as a dependable peer.
Adobe won’t be hurt by this in the professional market because they have inter-app compatibility and a somewhat consistent language, plus you need their software to work with legacy files. Adobe is cheap, you can get the full suite for a very reasonable price. Competing software is always niche and you need to learn each one individually as they don’t share UX principles nor ontologies. They might be free now, but imagine managing individual subscriptions for each one later on; a nightmare for individuals and companies alike. Just needing to sign-up for multiple apps individually is a headache, all the emails and updates, etc. Unless someone makes a comparable and comprehensive suite, they won’t be actually competing with Adobe.
Typst is unfairly good for doing systematic designs. I wrote a template system for a complex product catalog in a couple days. Then I modeled the clients products list (exported from their ERP) to the schema and generated a hundred pages catalog instantly with flawless layout. Traditional catalog design in InDesign is extremely prone to errors and inconsistencies, not to mention time consuming if done by hand and very brittle if done with the native automation, which does not handle tabular data very well, requiring arcane non-UTF8 encodings. With Typst, if done right and input data is properly treated once, you can wholly skip the review phase which is represents a massive cost reduction. IMO doing this kind of parametric design from a DSL, either for print or digital, is something massively underrated. Surely feels like cheating. Organizing the media files is a bit more time consuming, though, even with automation. But once you organize and standardize the media repo you’re set, as you just need to do the plumbing once.
reply