Calling these letters toothless is missing the point. Ofcom doesn’t expect 4chan to comply. They are creating a paper trail to justify the next step of forcing UK ISPs to block the content at a network level.
Some of the best software engineers I know are ex-physics PhDs… it’s one of those “can’t fake it” skillsets that also happens to have high transferability to ML/AI fields. On the other hand, I snuck through the CS major without ever multiplying a matrix.
Yeah… one of them addresses a market populated by hundreds of thousands of developers with extensive professional experience in the framework, and the other addresses a niche of Python developers who refused to learn JavaScript until somebody hid it from them and called it hypermedia.
100’s of thousands used to use php too :) most developers (roughly 97.56% are terrible/incompetent so going with the herd should tell you you are on the wrong train :)
Thousands of developers still use PHP… and even more users… Wordpress (43% of web), Facebook (billions of users), Wikipedia (billions of users)…. all PHP.
htmx is a a toy, mildly amusing to play with, built on an insecure foundation that bypasses basic browser security controls and hands a blob of JavaScript to a bunch of backend developers who can’t be bothered to learn it because they think they know better…
No serious project uses htmx and none ever will, because it becomes an unmaintainable mess by the third developer and second year of development.
“No serious project uses [insert any framework/language/…] and none ever will, because it becomes an unmaintainable mess by the third developer and second year of development” if team is incompetent
JS has the fastest, most robust and widely deployed sandboxing engines (V8, followed closely by JavaScriptCore which is what Bun uses). It also has TypeScript which pairs well with agentic coding loops, and compiles to the aforementioned JavaScript which can run pretty much anywhere.
Note that "sandboxing" in this case is strictly runtime sandboxing - it's basically like having a separate process per event loop (as if you ran separate Node processes). It does not sandbox the machine context in which it runs (i.e. it's not VM-level containment).
When you say runtime sandboxing, are you referring to JavaScript agents? I haven't worked all that much with JavaScript execution environments outside of the browser so I'm not sure about what sandboxing mechanics are available.
Bun claims this feature is for running untrusted code (https://bun.com/reference/node/vm), while Node says "The node:vm module is not a security mechanism. Do not use it to run untrusted code." I'm not sure whom to believe.
It's interesting to see the difference in how both treat the module. It feels similar to a realm which makes me lean by default to not trusting it for untrusted code execution.
It looks like Bun also supports Shadow Realms which from my understanding was more intended for sandboxing (although I have no idea how resources are shared between a host environment and Shadow Realms, and how that might potentially differ from the node VM module).
The reference docs are auto generated from node’s TypeScript types. node:vm is better than using the same global object to run untrusted code, but it’s not really a sandbox
> It also has TypeScript which pairs well with agentic coding loops, (...)
I've heard that TypeScript is pretty rough on agentic coding loops because the idiomatic static type assertion code ends up requiring huge amounts of context to handle in a meaningful way. Is there any truth to it?
> Not sure where you heard this but general sentiment is the opposite.
My personal experience and anecdotal evidence is in line with this hypothesis. Using the likes of Microsoft's own Copilot with small simple greenfield TypeScript 5 projects results in surprisingly poor results the minute you start leaning heavily on type safety and idiomatic techniques such as branded types.
> There was recently a conference which was themed around the idea that typescript monorepos are the best way to build with AI
It's especially tricky since monorepos are an obvious antipattern to begin with. They're a de-separation of concerns: an encouragement to blur the unit boundaries, not write docs, create unstable APIs (updating all usages at once when they change), and generally to let complexity spread unchecked.
Hate to say it but this sounds like a skill issue. The reason Typescript monorepos are gaining popularity for building with AI is because of how powerful TS's inference system is. If you are writing lots of types you are doing it wrong.
You declare your schema with a good TS ORM then use something like TRPC to get type inference from your schemas in your route handlers and your front end.
You get an enforced single source of truth that keeps the AI on track with a very small amount of code compared to something like Java.
This really only applies to full stack SAAS apps though.
> It also has TypeScript which pairs well with agentic coding loops
The language syntax has nothing to do with it pairing well with agentic coding loops.
Considering how close Typescript and C# are syntactically, and C#'s speed advantage over JS among many other things would make C# the main language for building Agents. It is not and that's because the early SDKs were JS and Python.
Typescript is probably generally a good LLM language because
- static types
- tons and tons of training data
Kind of tangent but I used to think static types were a must-have for LLM generated code. But the most magical and impressively awesome thing I’ve seen for LLM code generation is “calva backseat driver”, a vscode extension that lets copilot evaluate clojure expressions and generally do REPL stuff.
It can write MUCH cleaner and more capable code, using all sorts of libraries that it’s unfamiliar with, because it can mess around and try stuff just like a human would. It’s mind blowingly cool!!
> C#'s speed advantage over JS among many other things would make C# the main language
Nobody cares about this, JS is plenty fast for LLM needs. If maximum performance was necessary, you're better off using Go because of fast compiler and better performance.
And that was my point. The choice of using JS/TS for LLM stuff was made for us based on initial wave of SDK availabilities. Nothing to do with language merits.
This has always been the case. The Java and C# ecosystems prioritise stability and scale. They wait for ideas to prove themselves in other languages like Erlang, Python, Go, Scala, and so on, and then adopt the successful ones. Last-mover advantage. That said, there are some caveats. Java is still missing value types, while C# has moved quickly with async/await rather than adopting models like goroutines or virtual threads, which can sometimes limit concurrency ergonomics for the developer.
The runtime protections aren’t pointless. The interpreter makes it difficult to inspect the malicious code during execution, but it doesn’t circumvent any sandboxing of the browser.
Imgur is one of the more annoying UK geoblocks because they persist it with cookies, so if you want to view something you can’t just switch to VPN for a second without also changing browser sessions.
Reddit is worse… you can’t even view someone’s profile if they’ve ever submitted a post labeled NSFW.
Why would they do that? (Not a rhetorical question, just curious). It would suffice to block UK IPs for compliance, if visitors use a VPN to circumvent that Imgur would get more traffic and more ad revenue. No reason to put extra work into blocking those users.
Gives them proof they did their best to "protect minors" even if they circumvented the GeoIP rule: someone trying and realising it still does not work might get X percentage to not bother further thinking there was something smarter at play and not just GeoIP (which there is).
Could be for performance? Basically cache the group lookup result into a signed cookie that can be checked at the edge rather than needing to do a geoip lookup for every request.
Maybe, maybe not. It'll be signficiantly harder for the EU to target decentralised services with no organisation behind them. It'll be far easier for them to put every major tech site which accepts VPN traffic into the box of organisations they can still fine. I'm not entirely sure the wider population will really care all that much once the dust settles. The internet works in China, and people are happy with it, and while we can agree that is probably what you'd call th dark age, you'll need significantly public opposition to do anything about it. I think we'll sadly see most major tech sites adopt whatever age verification tool the EU builds. They did with all the various form of payment system though this was obviously helped along with the API provided by companies like visa.
Honestly you could probably even use the 0 cost back charge that visa has, which is used by some finance services to verify that you are who you say you are through the visa connection to your national digital identity.
> I think we'll sadly see most major tech sites adopt whatever age verification tool the EU builds.
No, we won't. Tech doesn't care about users. We saw this when Valve delisted thousands of games in Germany instead of implementing the (completely anonymous) age verification process we've had built into our ID cards for years.
They do care about money though, and there is a difference between delisting thousands of games in Germany and losing access to the EU market entirely.
Lockfiles work if you combine them with version pinning (exact version, no semver), or always run `npm install ci` unless you’re intentionally attempting to update your packages.
I’ve always preferred exact versions because I’d rather updates be opt-in rather than an opt-out footgun. Otherwise any new dev to the project might accidentally pull some new version of a package that satisfies the semver requirement but modifies the lockfile, then they’ll check it into the code, and it’s another thing to fix at review time… there’s just a lot less friction if you use exact versions. It makes hermetic/reproducible builds and static dependency analysis easier, too.
Of course you need some update hygiene, preferably via an automated bot that opens PRs and runs tests. Renovate works well.
(btw, this same issue occurs with Docker base images; it’s better to base images on the sha256sum of the target image rather than a floating tag. Renovate can update those too.)
Really? It's one of my main discriminators. The quality of the bathroom is the highest signal indicator of the quality of the hotel. I look for a stone shower basin, a rainhead, a bath tub, or at a least glass shower door... if it looks bolted onto a plastic box, I'm not staying there.
If they're cheaping out on the shower then I'm not going to trust the mattress is clean or the linens are soft.
The ICC somehow managed to create an institution even more useless than the UN. The very concept of an International Criminal Court, operating in some idealistic moral space above war and diplomacy, is completely divorced from the reality of realpolitik and total war. If everyone agreed to arbitrate world matters in the ICC, why even have militaries?
> The ICC somehow managed to create an institution even more useless than the UN.
Its been very useful at doing the same thing the ad hoc international war crimes tribunals that preceded it did but with greater regularity and without as much spinup/winddown costs for each conflict they address.
> The very concept of an International Criminal Court, operating in some idealistic moral space above war and diplomacy,
That's not its concept or where it operates, though.
> If everyone agreed to arbitrate world matters in the ICC, why even have militaries?
I think you’ve confused the ICC with the ICJ or the UN itself. The ICC does not exist to arbitrate disputes between nations in place of settling them by war.
A leader is difficult to arrest and prosecute while they are in power. But it does have a political cost for them (both being branded as wanted by the ICC, and how complicated international travel becomes, including your host country burning political capital by not arresting you). But of course the real cost comes if you ever fall from power. The ICC means we don't have to invent laws on the spot like we did in the Nuremberg trials for the Nazis, we can use established laws, courts and processes
Yeah sounds great. But it’s hopelessly naive. As soon as someone disagrees, if they have more real power than the ICC, then its enforcement becomes ineffective. You can’t solve disagreements by agreeing to disagree.
International law is inherently more of a social contract than an actual law. That doesn't make it useless because it does have a real effect on how countries behave, but it does mean that enforcement looks more like getting ostracized than it looks like law enforcement.
Frequently is false. Netanyahu only visited one European country after the ICC arrest order - it was Hungary because Orban explicitly managed he wouldn't be arrested.
Also, if look at the exact plane movements of his visits, they specifically avoid the air space of countries that do take the ICC seriously.
reply