People continue to criticize Arch for being elitist or gate-keeping to keep casuals out but there are clear benefits by not allowing dangerous things to be simple. This is true in many aspects of life.
After using Void Linux I switched to `aurutils` to get a similar separation on Arch. I can easily maintain a local AUR repo by compiling/making my own binaries and can use `pacman` to install and manage them which improves the upgrade process overall.
It is frustrating to know that we can digitally sign and encrypt messages but don't because "it's too hard for normal people".
With HIPAA, is it not possible to simply encrypt the message? The "forgot password" flow for their message center is probably email anyway.
I can upload my public key to SourceHut and all email from them becomes signed and encrypted. It's a one-time process to generate long-lived keys and another to set up with SourceHut and that's all I need to do.
Inverting the order actually addresses my primary annoyance: what is a feature?!
> refactor(core): Update webmcp support to use document.modelContext
As the author points out, the line between a fix, an improvement, and general clean-up is blurry and dividing each semantic change into its own commit (and possibly squashed later anyway) is just creating work for no one's benefit.
I think Conventional Commits are just an artifact of trying to automate SemVer rather than solving any of the other problems directly. I don't think changelogs should be automated anyway - I can `git log` that if I want a list. A changelog is an opportunity to communicate to a wider audience what is actually going on under the hood.
There is still a tendency within some parts of aviation (safety auditing) to look for root causes and use tools like "fish bone diagrams" despite the more holistic approach used after an actual crash or incident.
Alternative view: it works best for flatter laces. I have a pair of running shoes with thicker round laces that don't stay tied unless I use the traditional method.
I'm curious about the physics involved to cause such an obvious and singular failure.
Cursor has limits even when using your own key. I was even cut off using a local model. I guess they use some sort of harness that requires non-local resources? I'm not sure I've actually tried to use Cursor in a fully-offline scenario yet. Cline works well enough and doesn't require any sign-up.
I didn't know about these options either. I am using Cline: Cloudflare isn't an option but Vercel is. My spending is pretty low overall now that I'm using local models much more but good to know that there are cheaper alternatives to try or at least suggest to others.
Other features I've just noticed:
- configurable prompt injection protection using OWASP regex (https://cheatsheetseries.owasp.org/cheatsheets/LLM_Prompt_In...)
- configurable PIM protection for outbound prompts
- input/output logging
- "JSON healing" to auto-correct minor hallucinations
Lots of other stuff too. The business model seems pretty simple and the value-add features don't look particularly expensive or difficult to copy.
I was expecting the use of non-SSH git remotes without network access. Any mounted file system can be a valid remote such as a USB drive. I use file-based remote to keep some repos encrypted on S3 using Rclone.
For example, `git remote -v` would show:
`secure-s3 /mnt/fuse/rclone/secure-s3/git/$REPO.git`
I think concurrency is a problem with file-based remotes but for one person keeping a desktop and laptop in sync it is much simpler than running a VPS.
After using Void Linux I switched to `aurutils` to get a similar separation on Arch. I can easily maintain a local AUR repo by compiling/making my own binaries and can use `pacman` to install and manage them which improves the upgrade process overall.
reply