Ben Matthews

  • New here on lemmy, will add more info later …
  • Also on mdon: @[email protected]
  • Try my interactive climate / futures model: SWIM
  • 0 Posts
  • 18 Comments
Joined 2 years ago
cake
Cake day: September 15th, 2023

help-circle





  • In principle I’d like to see specific permissions - so for example playing with gui enhancements should be a lower trust barrier than adjusting and running code, but afaik (correct me if wrong) neither js nor rust have a built-in security architecture that could implement this. Maybe certain types of extensions could just be custom script language without filesystem access, but that’s harder to do.

    About source code linking, last time I heard (maybe they fixed it?) it seemed that trick vscode extensions can link to arbitrary (safe-looking) source repos, which didn’t actually produce the extension.

    I’m less convinced about slowly accumulating publisher trust, as this could be a barrier to honest new contributors, while big actors with a longterm profit or geopolitical motive could game such a system anyway (as they do for social media).

    I do trust the scala tools (build Mill, lang-server Metals, compiler) which adjust my code, having seen them evolve over many years.
    and like the separation of functions (lang-server / editor), so we are less dependent on any one big-tech solution. So I suppose a fundamental issue is what to trust less - big corps with a reputation but lock-in power, or an ecosystem of small contributors which might include tricksters. No perfect balance.


  • It seems so far Zed is cautious, providing api only for specific extensions - i.e. language servers and gui themes.

    add a line … right before you run it

    I run stuff from the command line using a trusted build tool (Mill, in scala), or via a local server (where js is sandboxed).
    But indeed, a tricky language server or AI tool (I don’t use yet) might inject code where I don’t inspect before running it. That’s a risk even with java-based IDEs - java has security permissions, not in js (vscode) or rust (zed), but are they applied…? As for audits, a problem with vscode is the marketplace got too big, so many extensions, many lookalikes, nobody can check them all…



  • I’d like to have no phone at all, I don’t like small screens, nor being interrupted. Problem is that phone apps are now almost obligatory for IDs, transport tickets, passes, banking, etc. So I’d just like a phone-receiver (modem) with a sim card on a USB stick that can enable phone-app-stuff via my laptop or tablet. (Yes some tablets have data sim cards, but we still need sms and occasional phone functions for ‘verification’ etc.). Any suggestions?






  • Two thoughts:

    • I’m subscribed to 160 communities, most very small, but see interesting stuff due to the Scaled option - also deliberately avoid the big news communities. Evidently, it takes time to join 160 small cs, so to get started it could be handy to have an all/local except list, and remove the biggest news /memes unless people tick a box saying they like such. Or make an algorithm that prioritises stuff related to what I upvote (which is how other social sites seem to get people started - e.g. i just tried rednote and it quickly learned i like mountains and trains) - but i guess that’s hard to implement as each instance would need to work out ‘related to’.
    • 2nd point - there are other user-interfaces - I’m using Alexandrite which has a better layout than lemmy default, but how to make this easier (instructions suggest docker, how many casual users will do that …)?

  • I might try Friendica, although coming from lemmy I’d be more inclined towards Mbin, to combine topic-focus and people-focus.
    However as a developer I first check the code repos and see that both are based on php, which seems rather old, and i doubt this would scale efficiently if the network really took off. Recall that twitter was once based on ruby (like mastodon is) and shifted to scala for such reasons. So I feel, these are exploring well the potential user-experience, but the code may need a fresh structure (if somebody knows this tech issue better, please say). It’s good to discuss these things, to help consolidate potential efforts.