Actually, the VS Code approach is closer to the first one (Clear API boundaries). VS Code extensions don't have direct access to internals, no direct access to the UI [1], and extensions can control VS Code only via the Extension API [2]. However, extensions have access to many standard JS functionalities that could be used in the wrong way.
By the way, Figma plugins can also send arbitrary information (such as file contents) to external servers.
That said, I think it's good idea to add to extensions permissions/capabilities security like in mobile apps.
P.S. If the Extension API doesn't have what you need, there are Proposed APIs [3], but you can't use them in published extensions, and sometimes proposals move very slowly.
I noticed that some people expect AGI to have some superhuman intelligence instead of just intelligence similar to that of humans. I have seen some posts arguing that an AI can only be called AGI if it is better than any human being on every task.
It's nice to see that this article doesn't fall into that.
Just a small nitpick: most ad networks optimize for price of impression, so at the end of the day they charge for impressions (just not always directly).
If your ad has low click rate and average price then it just won't be shown, because it's more profitable for an ad network to show ad with better click rate or with better price (i.e. with better price for impression) .
Sadly, seem like the decision in that case was changed. From your link:
> In a November 2022 ruling the Ninth Circuit ruled that hiQ had breached LinkedIn's User Agreement and a settlement agreement was reached between the two parties.
It wasn't changed, it's just that there's more than one issue at hand: the earlier decision was that hiQ didn't violate CFAA, the later one was that it did violate LinkedIn's EULA. The November 2022 ruling specifically states that hiQ "accepted LinkedIn’s User Agreement in running advertising and signing up for LinkedIn subscriptions" - keep in mind that LinkedIn profiles haven't been public for a while in a sense that logging in is required to view them, and thus to scrape them.
Hence why OP is saying that this all will lead to increase in paywalls and such, and a reduction in truly public content.
Accroding to the results from this paper
(page 34) performance of NativeScript is better than React Native, and both are better in performance than Flutter.
The results was quite surprising for me. My expectation was that Flutter will be the best (after Native) followed by React Native.
I found other small benchmarks that shows Flutter is better on CPU-intensive tasks but React Native is better on typical UI side. I didn't found other useful benchmarks about NativeScript.
> What I want is to declare I want this service to be under this domain and this IP - so for that you still need to configure your load balancer (bare metal) manually, setup certificates etc. I am writing a tool to automate this, but it's been a pain.
So this is not going to work for several reasons.
One being that on bare metal you don't have a cloud provider, so there is no load balancer it can talk to.
Second - it will setup a hostname and a certificate on the ingress, but there is no way to contact it from outside world. The domain still needs A record pointing at the server and in the cluster that may be a local IP or a set of IPs.
What I have in mind is an external server that is not being a part of the cluster that bears the role of load balancer. It will contact the cluster and look for services and then setup up a reverse proxy based on their declared hostname, then setup certificates and update DNS records at DNS provider.
As far as I know something like this does not exist.
Maybe Traefik has such a capability, but their documentation is so complex I have no idea.
Actually I'm using it on bare metal and it works. Initial setup wasn't very hard but I think it could be more intuitive. Overall I think documentation for self-hosting kubernetes sometimes a bit incomplete.
Yes, I need to add A records with IPs for each domain, but that's one time setup. I did it manually, but you can automate it [1] (depends on what you use for DNS provider but you can extend it to support your provider or maybe there is another existing solution).
I'm not sure that one server in front of the cluster is more reliable than using all cluster nodes for load balancing. I guess that in automated solutions like [1] cluster's node could be automatically deleted from DNS if it went down.
My setup is not so big so I don't have real need for load balancing, but it seems possible with existing solutions.
Sure it does, I ran kube-vip[1](but there are many others, e.g. metallb) as my cloud controller, all it needs are valid static IPs/range/dhcp and it will assign these to LoadBalancer services(which you usually only need one of for your ingress) and it will either ARP or use BGP to route external traffic.
As for DNS records, external-dns[2] works perfectly as long as your DNS as some way to doing automatic updates.
The problem with kube-vip is that it has poor documentation. I have read it many times and still don't know how I could use it.
Last time I was running something assigning IP addresses to the dedicated server interface I got it null routed and provider threatened to terminate the service because it was interfering with other clients network.
So if I see things like ARP, BGP, DHCP it is not clear what exactly it does on the network and how that would work in the real world.
I am missing an example where I have a server with a static IP from which I want to access the exposed services that are on a private network.
All I really want is an automatically configured reverse proxy that will direct traffic to appropriate services and take care of certificates and DNS.
Before the Kubernetes I used Rancher 1.6 and that was super simple. For instance I would start a wordpress container and then all I needed to do was to add a reverse proxy entry with its hostname as a backend and point where the certificates are (that was before lets encrypt).
Closest I could get was exposing a NodePort and having nginx to reverse proxy to the nodes at given port, but that seems more complex / fragile, as I need o keep track which service uses which port and it is still manual, so I might as well just use containers without Kubernetes.
> Copilot is completely depending on the legal theory of being effectively exempt from copyright, under fair use doctrine; if that legal theory falls apart, the entire space (and a lot of other machine learning stuff) is utterly doomed.
That's really depends on the country.
For example Japan has a law[0] that's allows usage of any copyrighted materials for machine learning and other data analysis. You can also do it for commercial purposes. There are some limitations (you can't share the dataset itself, but you can share the model), but overall it sounds good.
By the way, Figma plugins can also send arbitrary information (such as file contents) to external servers.
That said, I think it's good idea to add to extensions permissions/capabilities security like in mobile apps.
P.S. If the Extension API doesn't have what you need, there are Proposed APIs [3], but you can't use them in published extensions, and sometimes proposals move very slowly.
[2] https://code.visualstudio.com/api/extension-capabilities/ove... [1] https://code.visualstudio.com/api/references/vscode-api [3] https://code.visualstudio.com/api/advanced-topics/using-prop...