Readit NewsThe historical evidence should give us zero confidence that new tech will get more secure.
From an uncertainty point of view, AI security is an _unknown unknown_, or a non-consideration to most product engineering teams. Everyone is rushing to roll the AI features out, as they fear missing out and start running behind any potential AI-native solutions from competitors. This is a hype phase, and it's a matter of time that it ends.
Best case scenario? the hype train runs out of fuel and those companies will start allocating some resources to improving robustness in AI integrations. What else could happen? AI-targeted attacks create such profound consequences and damage to the market that everyone will stop pushing out of (rational) fear of running the same fate.
Either way, AI security awareness will eventually increase.
> the general state of security has gotten significantly worse over time. More attacks succeed, more attacks happen, ransoms are bigger, damage is bigger
Yeah, that's right. And there's also more online businesses, services, users each year. It's just not that easy to state that things are going for the better or worse unless we (both of us) put the effort to properly contextualize the circumstances and statistically reason through it.
The biggest concern to me is that most public-facing LLM integrations follow product roadmaps that often focus in shipping more capable, more usable versions of the tool, instead of limiting the product scope based on the perceived maturity of the underlying technology.
There's a worrying amount of LLM-based services and agents in development by engineering teams that haven't still considered the massive threat surface they're exposing, mainly because a lot of them aren't even aware of how LLM security/safety testing even looks like.
"DRM means you don't own the product, and you'll eventually lose acces to it. Therefore, subscription based gaming plans are a preferred option, as they don't attempt to deceive you into thinking you're buying an ownable game, often with a real, ownable game price tag. The subscription starts at a given date, has a defined expiration date that depends on the offering you choose, and provides a clearer statement of non-ownership of games."
Personally I get the point, but this take is missing lots of important details that should've been considered before making such an impactful decision:
- Think, for instance, of some of the policies that are already present in some services, such as restrictions for offline play.
- And how much this opinion actually benefits videogame lobbies that are looking into pushing game-as-a-service practices that, very coincidentally, we're attempting to fight against in Europe with initiatives like "Stop Killing Games".
In fact, this message, at this time, could have counterproductive consequences for the non DRM market and overall customer rights exactly because of the surrounding situation.
Small web tools have some advantages that could make them sustainable as a business model. Off the top of my head, some of these are:
* Creators are way more reachable, they often get back to you directly when you send them feedback. Sometimes, even, you get to have longer conversations with them too.
* You have more impact on what the product evolves into. It's also likely that you get some minor features added if you ask for them.
* Smaller tools are able to resist against enshittification with less of an effort. Doesn't mean that it may not happen, of course.
If you're asking this because you want to create a small web tool, I'd say the best advice you could use is to make something you like, make it reliable, and be proactive in engaging with you clients / let them reach out easily, demonstrating that you can and will listen and care about their concerns.
And if you create something you're proud of and have value, feel more than welcome of posting it here!
Sure you don't need bundlers and compilers (such as TS to JS), but at some point you might need async updates on `fetch()` of components that also share state with other components. At this point you're into framework territory, whether using your own or someone else's.
Producing a framework with those features that still fits in a single small size JS file would be great, especially if it can do component updates to shared state (without updating the DOM each turn, hence shadow DOM).
The former packs no dependencies, with a total size of 89.18 kB if you were to put all the module JS code together, unminified, on a single file. Which could be even smaller with an optimising bundler that tree-shakes and minifies the build.
[1]: https://www.npmjs.com/package/@tanstack/query-core [2]: https://www.npmjs.com/package/@signaldb/core
I loathe the Python convention of just using kwargs instead of clearly annotated parameters; most libraries don't even have doc comments in the code, so you're really required to look up the documentation, hope that it actually describes the method you're interested in and contains more than stuff like "foo: the foo to use"—or fall back to rummaging in the library intestines to figure out how it works.
It's pathetic.
On a more serious note, I can't even blame library devs as long as they try. Type "hints" often are anything but _just_ hints. Some are expected to be statically checked; some may alter runtime behavior (e.g. the @overload decorator). It's like the anti-pattern of TypeScript's enums laid out here and there, and it's even harder to notice such side-effects in Python.
What more could you ask for? Or, are you asking for too much?
What I mean is: What innovative functionality is missing to such a degree, that if it was introduces, would make people abandon Discord?
It's an information black hole, as someone else mentioned in this comment section. Otherwise, it's a nifty communication tool.
I personally come from running and using {TeamSpeak,Ventrilo,Mumble} servers. Started using Discord in winter 2015, it was just trivial to open a browser tab and join a group session with your friends. The audio experience was an order of magnitude worse when compared to other solutions, but the overall UX and ease of use made up for it.
> What I mean is: What innovative functionality is missing to such a degree, that if it was introduces, would make people abandon Discord?
If you'd allow me to, I'm going to address this question from a different perspective, as this post is about Revolt: What could Revolt do that would make me, at least, start using it alongside Discord?
I'd love it if I could self-host a server, place it online and let people find it and join seamlessly, similar to how Fediverse works for other social networks. They don't seem to be interested in adding this: https://developers.revolt.chat/faq.html#admonition-does-revo...
Other than that, I'd see myself using it to run a workspace. Having used Discord as a work-related communication platform in the past, I've come to find voice-based channels very useful, these seem to transmit a better feeling of productivity somehow. Other tools (e.g Slack, Teams) make me feel kind of "alone" when working. Even if it's just for body doubling, I'd argue voice channels are underrated and actually quite helpful for remote workers.