just a quick example from the backtracking section:
"Here's the dirty secret of WFC: it fails. A lot. You make a series of random choices, propagate constraints, and eventually back yourself into a corner where some cell has zero valid options left. Congratulations, the puzzle is unsolvable."
It's extremely distracting to read heavily ai edited texts like these because every single aism throws me a curveball.
It doesn't help that the figures of speech ai loves to use are those that stress things and create tension and drama. And it uses one in every single paragraph, rendering the text into the literal equivalent of a deepfried faux HDR jpg (or a dialogue scene in a Michael Bay movie).
And beyond those practical concerns it's just hard to gauge how much the author truly understands of what he's writing about (and transitively if it's worth to continue reading)
>> EV have far more tire wear because they are heavier
Is this true?
If an EV were 30% heavier than an ICE, would it produce 30% more tyre wear emissions? Or would it produce more or less than 30%? Is the primary factor in tyre wear weight and is the relationship linear?
The types of tyres appear to be quite different, the EVs seem to have smaller contact patches (narrower wheels) and they're made of different "less grippy" compounds that drag less. Does this change the equation at all?
Wero is a land grab by the banks who fumbled building a PayPal alternative for 20 years, now desperately trying to stop the digital Euro.
Sure I'd rather use Wero than PayPal -if it was decent- and building it on top of SEPA instant transactions is neat. But the lack of buyers protection is a deal breaker for me!
And quite frankly I'd rather use a digital Euro governed by the ECB than some rent seeking hobby project by a bunch of private banks. Especially because they will inevitably enshittify it with ads and hostile BNPL like PayPal.
I think it would be better to defer the Workspace trust popup and immediately open in restricted mode; maybe add an icon for it in the bottom info bar & have certain actions notify the user that they'd have to opt in before they'd work.
Because right now you are triggering the cookie banner reflex where a user just instinctively dismisses any warnings, because they want to get on with their work / prevent having their flow state broken.
There should also probably be some more context in the warning text on what a malicious repo could do, because clearly people don't understand why are you are asking if you trust the authors.
And while you're at it, maybe add some "virus scanner" that can read through the repo and flag malicious looking tasks & scripts to warn the user. This would be "AI" based so surely someone could even get a job promotion out of this for leading the initiative :)
Some JIT notification to enable it and/or a status bar/banner was considered, but ultimately this was chosen to improve the user experience. Instead of opening a folder, having it restricted and editing code being broken until you click some item in the status bar, it's asked up front.
It was a long time ago this was added (maybe 5 years?), but I think the reasoning there was that since our code competency is editing code, opening it should make that work well. The expectation is that most users should trust almost all their windows, it's an edge case for most developers to open and browse unfamiliar codebases that could contain such attacks. It also affects not just code editing but things like workspace settings so the editor could work radically different when you trust it.
You make a good point about the cookie banner reflex, but you don't need to use accept all on those either.
IMO this is a mistake, for basically the same reason you justify it with. Since most people just want the code to work, and the chances of any specific repo being malicious is low, especially when a lot of the repos you work with are trusted or semi-trusted, it easily becomes a learned behavior to just auto accept this.
Trust in code operates on a spectrum, not a binary. Different code bases have vastly different threat profiles, and this approach does close to nothing to accomodate for that.
In addition, code bases change over time, and full auditing is near impossible. Even if you manually audit the code, most code is constantly changing. You can pull an update from git, and the audited repo you trusted can be no longer trustworthy.
An up front binary and persistent, trust or don't trust model isn't a particularly good match match for either user behavior or the potential threats most users will face.
So why not allow for enabling this behavior as a configuration option?
A big fat banner for most users (i.e. by default) and the few edge cases get the status bar entry after they asked for it.
It's not a lack of engineering, but a lack of time, no? 5 years later and Cyberpunk runs on the Switch 2, MacBook Air and Linux Gaming Handhelds. While also scaling beautifully to 64 core CPUs or $3000 Nvidia raytracing GPUs.
