Well, it's not that hard: just give the LLM a user-scoped access token, same as if the user themselves were asking their own LLM to act on their behalf.
Basically, just like we don't show users information they shouldn't be able to see, and don't let them take actions they shouldn't be able to take -- we can use exactly those same explicit mechanisms (scopes, roles, permissions) to limit what the LLM can see and do.
The LLM could try to do more than what's allowed, but they get shot down with an access denied message just like anyone else.
The anti pattern is to think that you can reimplement access control with prompt engineering and give the LLM root access. That is doomed to fail every time.
This article only promises to get into "the coming AI margin collapse" in a yet to be published "part two". This part only makes the point that GLM 5.2 is pretty good (no shit).
Vite had five major version in the four years 2022-2026. Version 3 => 4 => 5 => 6 => 7 => 8. Each one of those had breaking changes and required devs to go through a migration. It's too much. And for what? It's not as if it is dramatically better now than it was in version 3.
I can't say I would really look forward to bringing this level of needless churn and constant disruption to the rest of my development toolchain. Anyway, Vite+ is really just wrapping existing tools into an abstracted command-line interface? And so I have more layers of indirection to wade through in order to get the thing to do what I want? So far I am not optimistic about this prospect...
Sounds cool. How do agents know what else is going on in the doc? They have an embedded browser and they do like mutation observer type stuff? Or does the integration do polling?
I've been driving glm-5.2 for a day or two now. It feels like a mature, seasoned colleague.
It could be luck, but I don't know -- it keeps one-shotting relatively hard stuff. And taking initiative to think about what potential regressions it should look out for, and choosing to do strategic refactoring when it should do. It is not confidently incorrect hardly at all, doesn't tell me that it's fresh risky pile of changes is ready for production without having exercised all the code paths and writing a bunch of tests, etc.
Makes sense to split the foundation, as the communities have split (and withered).
From its inception Perl 6 was an incredible journey that resulted in a genuinely weird and interesting new programming language, and squandered a broad wealth of momentum and good will and enthusiasm from the Perl community at large. It was a dramatic slow death over the course of a decade, where people who had built their careers, and small and large companies who had built their economic engines on Perl got to come to the realization that the whole thing was over, killed somewhat inadvertently by its own creator...
Well, this is certainly not benchmaxxed, I'll give it that. And props for being honest about how far behind Qwen 3.6 MoE is this model.
But yeah, it's not the best look to have to stretch and say it's "competitive" with other models in it's weight class, when it offers not much else that's useful or novel.
deepseekv4 pro via opencode go is $10/mo and has very generous limits. I use pi for the harness and go just as a model provider. It goes a good long way...
Well, this is the exact opposite of his point. Of course it should make sense when not animating! That is given. The entire crux of his point is that it should also make during an animation.
In an ideal world, it is hard to argue with. Yes, sure it should make sense. But also, please don't spend precious cycles on this unless all the other bugs are fixed, and this animation consistency is truly the most important remaining issue to address.
> In Cellpond, I handpicked hexadecimal values for each channel so that the resultant colours would better fit my app's theme and needs.
Well, this is an admission that trying to balance "wiggle room" without too much "fussing" with 1000 colors didn't really work.
Evenly sampled in rgb space, a 1000 color palette yields neither enough flexibility (especially in the blacks, greys, whites), nor enough constraint to really make it dead simple.
For app development at least -- choose 20 gradations of blackish to whiteish; 8 gradations of an accent color and so too for a couple of secondary colors...and you're good. That's like 48 colors instead of 1000.
Result is ~12 tokens per second, as reported by OP down in these comments here.
An impressive effort, and better than I would have thought possible on this hardware -- but still pretty far short of what one needs for an satisfactory interactive session.
This is my daily driver laptop. It's pretty good for what it is. Runs Linux perfectly, not trying to be especially too fast, very nice pixel density, all metal case, sturdy build. Battery life is not the best. Beautifully compact.
In practice, my experience is that it's mostly a lose-lose proposition. You have to invest in learning a bunch of same-but-difterent framework apis to do what the language already does natively. And in return, the code is more complex, and harder to debug, and so it has more bugs.
We once hired a very smart fellow to build out a media processing pipeline. He did with rxjs, but it wasn't scaling well. We tried to get with the paradigm for a bit and help scale it up, but flame graphs in profiler output were all crazy, and it was a pain to wire in timing traces, etc. We built a POC imperative version just to prove that we could indeed achieve the throughput we thought we could, and then we just said, well hey, this is faster and simpler, so... let's just go with this instead. And so we did.
Basically, just like we don't show users information they shouldn't be able to see, and don't let them take actions they shouldn't be able to take -- we can use exactly those same explicit mechanisms (scopes, roles, permissions) to limit what the LLM can see and do.
The LLM could try to do more than what's allowed, but they get shot down with an access denied message just like anyone else.
The anti pattern is to think that you can reimplement access control with prompt engineering and give the LLM root access. That is doomed to fail every time.