Now you will have an American entity be controlling all your assets that you want online on a very regular basis. No way than calling home regularly.
Impossible to manage your own local certificate authority as sub CA without a nightmarish constant process of renewal and distribution.
For security this means that everything will be expected to have almost constant external traffic, RW servers to overwrite the certificates, keys spreaded for that...
And maybe I miss something but would IP address certificate be a nightmare in term of security?
Like when using mobile network or common networks like university networks, it might be very easy to snap certificates for ip shared by multiple unrelated entities. No?
Just my point of view but I like the vibe of the htmx creator but think that htmx sucks to use it more than for a demo case.
If the guy was not cool and posting fun memes, no one would even look at that.
You go backward in term of performance by forcing a constant stream of heavy content between the app and the backend, state is hard to manage, The backend would have again to take charge of the CPU intensive part of the app for users. The framework is limiting by trying to be very simple, fitting tags and hiding the complexity to the dev (in an "automagic" way). But that is the worse as, as soon you want to deviate from the main documented highway case, it will become nightmarish.
Are you replying to the right comment? Mine was about datastar, not htmx.
Though, you seem to be arguing against hypermedia in general - a stance which is just plain wrong in most cases. Htmx's essays and book do a good job of addressing why.
I don't think so, I think that some teams at Google were trying hard to push Dart that no one wanted. And so Flutter was about to create a framework that was supposed to be the main and only one for Android app and co in the future (at that time) to force us on switching to Dart.
Apps made with qt are mostly good but the engine sucks hard indeed. The programming is difficult, let's say compared to GTK, the SDK interface change totally every couple of years forcing apps to rewrite everything from scratch. Probably related to that, the documentation is splitted in an hundred places, often undecipherable between what is obsolete or for current version. Most parts of the framework are not really documented anyway, there is just automatically generated reference guide from the code that is missing most part that is needed. Like you have an option name, now what does it mean? What this option to be used for? It's hard to extend simply to bypass default behavior of the SDK that could be limiting. Let me not speak of the whole qml craziness and the qtuieditor... And the worse of it is that the license is (or was because I don't know recent evolution) totally shitty. Like free to use in that case and that case, and commercial in that case and that case. No one serious would like to build something on a private garden like that.
Don't know if they will get valuable feedbacks but yes, what is needed as always is money. Ever by financing projects or buying solutions that would develop them.
As said by someone else, not do the usual wasteful:
- Create a big global project with a tender directed at bullshit consulting companies and big groups.
- Giving millions/billions to recreate a crappy version of something instead of pushing existing solutions.
Also, I have the feeling that an important point is that "open source" software is Open Source, and the proper solution is to fund good OSS software or stacks wherever they come from and not be short sighted of taking to much care of the dev or project location. Even if obviously it would be better that money goes to European devs)
We are probably in a situation like the one of Firefox or wikipedia.
A (side) business is created to support the oss project, to make it commercially sustainable /profitable, and then it becomes the commercial offer the liability sunk-in the money, using the fame of the oss to feed the beast. Puting the oss project at risk in the end.
Whereas people would happily give money or pay for supporting the oss project, they are kind of forced to feed the commercial project that might not really wanted to keep the beast alive.
As other I don't really have the details, but I think that in most of the world, 1 million of recurring revenue should be quite enough to support a sane evolution of what the project is doing.
In my opinion the problem has more to do with the whole corporate software ecosystem having lost past good practices:
Before you were never to use a public version of something as-is. Each company was having their own corporate repository with each new version of dependencies being carefully curated before being added to the repository.
Normally you should not update anything without at least looking at the release note differential to understand why you update but nowadays people add or update whatever package without even looking.
You just have to look at how many downloads got typosquated clones of famous projects.
For me it is even bad for the whole ecosystem as everyone is doing that, the one still doing that are at odd, slower and less nimble. And so there is a dumping with no one anymore committed to pay the cost of having serious software practices.
In my opinion, node, npm and the js ecosystem are responsible in a big part of the current situation. Pushing people and newbies to wrong practices. Cf all the "is-*x packages...
Now you will have an American entity be controlling all your assets that you want online on a very regular basis. No way than calling home regularly. Impossible to manage your own local certificate authority as sub CA without a nightmarish constant process of renewal and distribution.
For security this means that everything will be expected to have almost constant external traffic, RW servers to overwrite the certificates, keys spreaded for that...
And maybe I miss something but would IP address certificate be a nightmare in term of security?
Like when using mobile network or common networks like university networks, it might be very easy to snap certificates for ip shared by multiple unrelated entities. No?
reply