Such a weird take. I should deadlift 400 pounds in my apartment? And where do I put the barbell and weights when I am done destroying my floor and freaking my neighbors out?
(and don't say just do an alternative; there is none at those weights and I enjoy it)
I agree with the parent comment. I have sway on my laptop, i3 on my desktop, I don't notice any difference. Well except sharing and annoying small sway things that works on i3.
Just as I am oblivious to whether this is posted over ipv4 or 6.
That they all have to implement the protocol seems like 20 years of wayland might actually have hurt Linux more than it fixed - without it something else would have happened. Think of how many man hours have been wasted doing the same thing for KDE, gnome, sway, hyprland, etc.
(also I agree about the publicly available thing, it's a bug for me as well. Companies will harvest everything they can and you better believe defaults matter - aka publicly available, for the producer, but they will say your security, of course)
Which is, of course, not how people primarily communicate on WhatsApp (or any communication based app). People don't send streams of videos to each other in group chats. They write text and add gif memes.
Well, I guess? Using TRAMP with large projects is not a pleasant experience. It works great for one-off files and remote bookmarks etc, but for working with large projects you're better off mosh/ssh-ing into the server and using Emacs there. With things like term-keys [1] you can use all the keys there as well. Basically only missing out on images and variable fonts, both of which are none issues for me at least when programming.
Art should require effort. And by that I mean effort on the part of the artist. Not environmental damage. I am SO tired of non tech friends SWOONING me with some song they made in 0.3 seconds. I tell them, sarcastically, that I am indeed very impressed with their endeavors.
I know many people will disagree with me here, but I would be heart broken if it turned out someone like Nick Cave was AI generated.
And of course this goes into a philosophical debate. What does it matter if it was generated by AI?
And that's where we are heading. But for me I feel effort is required, where we are going means close to 0 effort required. Someone here said that just raises the bar for good movies. I say that mostly means we will get 1 billion movies. Most are "free" to produce and displaces the 0.0001% human made/good stuff. I dunno. Whoever had the PR machine on point got the blockbuster. Not weird, since the studio tried 300 000 000 of them at the same time.
Who the fuck wants that?
I feel like that ship in Wall-E. Let's invest in slurpies.
Anyway; AI is here and all of that, we are all embracing it. Will be interesting to see how all this ends once the fallout lands.
Sorry for a comment that feels all over the place; on the tram :)
> Obsidian has a low number of dependencies compared to other apps in our category
Whataboutism. Relative comparisons don't address absolute risk. I checked three random packages: prism pulls 22, remark pulls 51, pixijs 179! So that's 250+ transitive dependencies just from those.
> Features like Bases and Canvas were implemented from scratch instead of importing off-the-shelf libraries. This gives us full control over what runs in Obsidian.
Full control? There are still hundreds of dependencies.
> This approach keeps our dependency graph shallow with few sub-dependencies. A smaller surface area lowers the chance of a malicious update slipping through.
> The other packages help us build the app and never ship to users, e.g. esbuild or eslint.
Build tools like esbuild don't ship to users, but a compromised build tool can still inject malicious code during compilation. This is supply chain security 101.
> All dependencies are strictly version-pinned and committed with a lockfile
Version pinning is, I would hope, standard practice in any professional development team years and years ago. It prevents accidental updates but doesn't stop compromised existing versions.
> When we do dependency updates, we:
> [snip]
While these practices are better than nothing, they don't fundamentally address the core issue.
> That gap acts as an early-warning window: the community and security researchers often detect malicious versions quickly
According to whom? Heartbleed, a vulnerability in a package with far more scrutiny than a typical npm module took what, 2 years to be found? The "community detection" assumption is flawed.
I'm not trying to put Obsidian down here - I sympathize, aside from implementing everything themselves, what can they do! I'm trying to point out that while their intent is good, this is a serious problem and their solution is not a solution.
Of course, it's the same in any project with dependencies. It's the same in other languages as well - if they have a convenient package manager. Like Rust and Cargo.
This problem came with the convenience of package managers and it should be fixed there, not by every application like Obsidian. I'm not sure how but maybe once a package is starting to become popular, additional security measures must be put in place for the author to be able to continue to commit to it. Signing requirements, reproducible builds, 2fa, community reputation systems, who knows.
Individual applications can't solve supply chain security through wishful thinking and version pinning.
Package managers need to solve this at the infrastructure level through measures like mandatory code signing, automated security auditing, dependency isolation, or similar system level approaches.
Obsidian's practices are reasonable given the current tooling limitations, but they don't eliminate the fundamental risks that the package managers bring to modern dependency ecosystems.
I didn't say KDE is the only option for power users, or that there aren't multiple types of power users with different use cases and individual preferences. I'm not sure what I'm gatekeeping.
Is it really gatekeeping to say that KDE is for power users? Setting it up in a way that really meshes with your use case and preferences is a process that you'll spend many hours or days of time on. That's not something that makes sense for grandma's computing workload.
> This is an opinion stated as fact. KDE is mostly for dads that like a mouse oriented Windows/mac like OS but with buttons to customize. Sway, exwm etc are for power users.
So you're saying that prefering a highly customizable GUI means you're be a power user, but instead you're a gasp dad? This isn't Reddit, buddy. Grow up.
It's amazing. Just like you keep repeating full turbo, I hope we all go full turbo, all the time! Who needs thoughtful care in these things anyway, that's for another day! Lets goooo
(and don't say just do an alternative; there is none at those weights and I enjoy it)