benjhm

OK, nice promises, but seems to me overpowered for phone functions, so what's their plan for battery lifetime (bearing in mind that a desktop os is less optimised for efficiency)?

Indeed it seems Trump picked up some ideas about "Juche" (national self-reliance?) from his best buddy "rocket-man".

US has only 4% of the world's population, there are now plenty of super-rich in China, India, etc. who like to flaunt i-stuff.

Yeah, but you just gave me an idea too, how about AI-directed canines? "apple-intelligence" applied to follow-your-nose. My dog loves to chase small spots of light, which might be a trick to steer them.

And if chinese buy iphones, do they now have to pay 84% tariff? - maybe HQ in europe solves that too?

Hope you are right, but depends on the power balance after the election, and whether federal or provincial law decides such things.
Isn't Alberta is more aligned to MAGA politically? Maybe tries to stir up a big provocation, then eventually 'annex' it.

As a global company, Apple could just re-establish itself in europe, e.g. Ireland, and continue trading with China, they can just put the US on hold for a couple of years.
Meanwhile for those who really addicted to istuff, coyotes can smuggle iphones across the border, so maybe this solves the fentanyl 'issue'.

In principle I'd like to see specific permissions - so for example playing with gui enhancements should be a lower trust barrier than adjusting and running code, but afaik (correct me if wrong) neither js nor rust have a built-in security architecture that could implement this. Maybe certain types of extensions could just be custom script language without filesystem access, but that's harder to do.

About source code linking, last time I heard (maybe they fixed it?) it seemed that trick vscode extensions can link to arbitrary (safe-looking) source repos, which didn't actually produce the extension.

I'm less convinced about slowly accumulating publisher trust, as this could be a barrier to honest new contributors, while big actors with a longterm profit or geopolitical motive could game such a system anyway (as they do for social media).

I do trust the scala tools (build Mill, lang-server Metals, compiler) which adjust my code, having seen them evolve over many years.
and like the separation of functions (lang-server / editor), so we are less dependent on any one big-tech solution. So I suppose a fundamental issue is what to trust less - big corps with a reputation but lock-in power, or an ecosystem of small contributors which might include tricksters. No perfect balance.

Well thought out article - worth reading

It seems so far Zed is cautious, providing api only for specific extensions - i.e. language servers and gui themes.

add a line ... right before you run it

I run stuff from the command line using a trusted build tool (Mill, in scala), or via a local server (where js is sandboxed).
But indeed, a tricky language server or AI tool (I don't use yet) might inject code where I don't inspect before running it. That's a risk even with java-based IDEs - java has security permissions, not in js (vscode) or rust (zed), but are they applied...? As for audits, a problem with vscode is the marketplace got too big, so many extensions, many lookalikes, nobody can check them all...

Trump may echo Nixon, iirc, breaking trust in such systems. Anybody know, can he try to stop them withdrawing? What about China, Japan, others ...?

Such tricks were was predictable, as VSCode extensions, letting arbitrary JS run on your system, are an obvious security risk.
Recently I used Zed editor instead, it's smooth, but this also has extensions, only these are fewer and in rust ( maybe a higher barrier, targeting less users, so far... ). What's the solution here - is there some intrinsically safer sandboxed system ?