I love the general idea, but banning all forms of paid advertising seems a step to far. That encompass a lot, and enforcing it would be near impossible. There's also clear areas where it could have a negative impact, like for public transport that relies on providing ad placement.
I don't see a problem with criminalizing big ad companies, ad markets, and ad middlemen. I think that would solve a good chunk of the issue.
Not really a surprise. The TOS for the extension marketplace has been clear that it's only to be used for VS Code, that's why VSCodium doesn't use it. Cursor devs undoubtedly knew better, but kept breaking TOS and licenses, MS just chose a strategic moment to enforce the rules already in place.
Cursor not being an extension from the start seemed odd to me, and they wouldn't be in this rough spot if they had done that.
While also the TOS of their extensions like C/C++ also prohibit their usage with forks. It is not about using marketplace endpoint, it is about using the extension itself even if the user installed the vsix manually. At least this is what this submission about.
> While all of these things are certainly possible, I also do think that the development time is longer.
I agree, but I don't think dev time is longer due to some intrinsic reality that local-first is technically harder. Nearly 2 decades of work has been put towards tailoring building blocks for SaaS systems. Similar building blocks can be made for local-first.
If the choice for controls is touchscreen vs conversational, conversational wins by a mile. However if physical buttons and dials are an option there's really no competing with that.
I wish car manufacturers stopped with the touchscreen bullshit, but it seems more likely that they'll try to offset the terrible experience with voice controls.
> For me the biggest gap in programming languages is a rust like language with a garbage collector, instead of a borrow checker.
I agree, though I often think Rust is probably good enough. You can use RC or grab a GC crate. It's not as ergonomic as just assuming all values are GCed, but I think it gives the flexibility and fast iteration of working in a GCed language.
I wouldn't worry about that. Alberta had a pretty close election, and if their current premier Danielle Smith even hinted at the proposition of joining the US she would never win another election again. Not to mention that the federal government of Canada would also have to be on board for a province to seperate.
Economic force wouldn't be enough, so I'm guessing you mean military.
The idea of the US going to war with Canada is seriously stupid. Canada has fought beside the US military. There are deep ties between the countries that go much deeper than trade, many close friendships, and family connections across the border.
The US will not start a war with Canada, despite what Trump may make you think.
And yet, Carrie Lam did sell out Hong Kong to Chinese annexation, and was silent as student protest leaders were black-bagged and dragged off to the mainland for torturing. Her approval rating at that point bottomed out in the single digits; but that is what she did.
Not every politician is motivated solely by winning one more election.
If US annexation of Canada started to look like a fait accompli, and Trump was threatening terrible retributions for anyone who resisted him—which politicians would resist, and which would become Carrie Lams, or Pétains?
It took them a week to respond about the initial report for v12.0.0, the exploit was so trivial and obvious that even that should have been a warning to go check newer versions themselves, even if they hadn't seen the follow up message that had been sent a few days prior showing that the vulnerability was present in later versions.
> It's also exactly the reason why the whole Javascript ecosystem is really showing how immature it is and the hype and euphoria of Vercel is contributing to its clumsiness.
I would hardly say the whole JS ecosystem is immature. There's tons of mature projects that take security very seriously and are written by highly skilled programmers.
> They are now also pushing "Vibe Coding", which is a hot air hype parade, about to be brutally hit with reality when others are deploying production code that is riddled with hundreds of security vulnerabilities
There are certainly many fresh programmers entering the ecosystem and "vibe coding" among other hyped trends are able to ride that wave. It's pretty clear that those hyping it are either new themselves (don't know better), or cater to an audience of new programmers. Those in the latter group are doing it to farm engagement, and/or are really out of touch from what real software systems look like/require.
The silent majority of moderate to highly experienced JS programmers know that these LLMs produce shit code outside of boilerplate and small demos. It's very easy to tell if you try to use them on anything else.
It is concerning on many levels though that new programmers are being guided off a cliff like this. Programming influencers and companies advocating for "vibe coding" and the like should be called out for sabotaging the next generation of programmers.
The trivial nature of the initial exploit does not instil confidence, nor does it that no one noticed it during the refactor that lead to the second variation of the exploit.
I don't see a problem with criminalizing big ad companies, ad markets, and ad middlemen. I think that would solve a good chunk of the issue.