You won't be bringing your own graphics card to RadiantOS. According to one of the pages, they want to design their own hardware and the graphics will be provided by a memory-mapped FPGA.
If your question is about the general intricacies in graphics that usually have bugs, then I'd say they have a much better chance at solving those issues than other projects that try to support 3rd party graphics hardware.
I am fascinated by the art but it seem bizzarely overdefined relative to the software vision laid out in text. That is, the amount of richly imagined imagery dramatically outpaces the overall coherence of the vision in every other respect.
And as with the text, the art feels AI generated. In fact I even think it's quite beautiful for what it is, but it reminds me of "dark fantasy" AI generated art on Tikok.
I have nothing against an aesthetic vision being the kernel of inspiration for a computing paradigm (I actually think the concept art process is a fantastic way to ignite your visionary mojo, and I'm flashing back to amazing soviet computing design art).
But I worry about the capacity and expertise to be able to follow through given the vagueness of the text and the, at least, strongly-suggestive-of-AI text and art, which might reflect the limited capacity and effort even to generate the website let alone build out any technology.
You’re right, it’s so unrealistic to imagine that maybe a hominid telepresence platform in your home with a human operator might get operated by its operator to do some type of weird privacy-violating stuff. Only a crazy person would dream of such a thing.
This is like the online trend of pretending that US Postal Police are superheroes, clowns are scary, fedoras are lame and so on. I get it.
Some people make jokes, and then the rest don't get the joke so they think it's real and go along with the meme out of wanting to fit in. Eventually, the neurotic find everything scary and dangerous. Everyone else just skips over this nonsense while you guys self-reinforce. Social media's worst effect.
I love this idea, and I imagine with years of successful lobbying efforts we could potentially get some laws passed to provide rights and clarity around our own data that could move us into this direction. But until then, while BlueSky is solid, I'll wait and see.
We live in a complicated world, and we do need the freedom to get things right and wrong. Never easy though in times of crisis.
Silver lining in this is the conversation continued and will continue. I can see governments needing to try to get accurate and helpful information out in crisis - and needing to pressure or ask more of private companies to do that. But also like that we can reflect back and go - maybe that didn’t work like what we wanted or maybe it was heavy-handed.
In many governments, the government can do no wrong. There are no checks and balances.
The question is - should we still trust YouTube/Google? Is YouTube really some kind of champion of free speech? No. Is our current White House administration a champion of free speech? Hardly.
But hopefully we will still have a system that can have room for critique in the years to come.
If anything, I think we're even closer. It feels like the current administration is stifling speech more than ever. It's open season on people who don't proudly wave the flag or correctly mourn Charlie Kirk. People who dare speak against Israel are being doxxed and in some cases hounded out of their jobs. Books are being taken off library shelves on the whim of a very few community members with objections. And all of it is getting a giant stamp of approval from the White House.
I’ve been using other apps than Obsidian for notes and sharing, so this is nice to read and consider. But isn’t Obsidian an electron app or whatever? Electron has always seemed resource intensive and not native. JavaScript has never struck me as “secure”. Am I just out of touch?
JavaScript is a very secure language. The browser is a massive success at running secure JavaScript on a global scale. Every website you use is running JavaScript and not able to read other site data. Electron is the same, running v8 to sandbox JavaScript. Assuming you aren't executing user input inside that sandbox (something many programming languages allow, including JS), it's very secure.
The problem with supply chain attacks is specifically related to npm, and not related to JS. npm as an organization needs to be taking more responsibility for the recent attacks and essentially forcing everyone to use more strict security controls when publishing their dependencies.
Doesn’t this mean browser sandboxing is secure, not JS? Or are you referring to some specific aspect of JS I’m not aware of? (I’m not aware of a lot of JS)
It’s maybe a nit-pick, since most JS is run sandboxed, so it’s sort of equivalent. But it was explicitly what GP asked for. Would it be more accurate to say Electron is secure, not JS?
Turing completeness is irrelevant, as it only addresses computation. Security has to do with system access, not computational capacity. Brainfuck is Turing complete, but lacks any primitives to do more than read from a single input stream and write to a single output stream. Unless someone hooks those streams up to critical files, you can't use it to attack a system.
Language design actually has a lot of impact on security, because it defines what primitives you have available for interacting with the system. Do you have an arbitrary syscall primitive? Then the language is not going to help you write secure software. Is your only ability to interact with the system via capability objects that must be provided externally to authorize your access? Then you're probably using a language that put a lot of thought into security and will help out quite a lot.
A number of operating system security features, such as ASLR, exist because low level languages allow reading and writing memory that they didn't create.
Conversely, barring a bug in the runtime or compiler, higher level languages don't enable those kinds of shenanigans.
See for example the heart bleed bug, where openssl would read memory it didn't own when given a properly malformed request.
I mean, JavaScript doesn’t even have APIs for reading a file from disk, let alone executing an arbitrary binary. (Anything similar comes from a runtime like NodeJS.) You can’t access memory in different JS processes… so what would make it insecure?
To be fair, a plugin system built on JS with all plugins interacting in the same JS context as the main app has some big risks. Anything plugin can change definitions and variable in the global scope with some restrictions. But any language where you execute untrusted code in the same context/memory/etc as trusted code has risks. the only solution is sandboxing plugins
None of this makes or is a result of the language js (being) secure. Security is far and away predominantly a matter of how it's used, not a character of them language itself. "Safety" helps, but you can still easily write and package unsafe and insecure code in "safe" languages like rust, just as you can in C, JS, python, etc etc etc.
Not a huge electron fan (thank god for tauri), but Obsidian is a fantastic app and you shouldn't let the electron put you off of it. You can even hook a MCP up to it and an agent can use it as a personal knowledge base, it's quite handy.
I think I would prefer to see official supports for major package managers, even with unofficial repos (Debian, Macports,...). We went from a time where software were usually tarballed to one where devs are encouraging piping to shell.
I run OS 9 on my lamp iMac G4 but now I want to try 7.6.1!
reply