This was a solo project, for about a few months of evenings. What it does not defend against, up front: an actively malicious server (the JS-delivery problem that basically every browser-E2E app shares), a compromised device, etc. Those are in the design doc.
I'd most like feedback on the threat model, and on the auth path: login still goes through a normal password-to-server handshake, and moving to a PAKE (OPAQUE/SRP) so the password never reaches the server is the obvious open item I have not done yet. Happy to get into the cryptography also, the no-bank-connection decision, or why it is bootstrapped and not VC scaled.
I'm not sure about this one, though. Today, my experience with LLMs is that they're already pretty helpful for unit test edge cases I wouldn't have thought of. If you mean broader functional tests then maybe, but I wouldn't say the same for unit tests.
Reading through the thread, it's striking how many people are feeling the same mix of excitement and exhaustion you describe. I'm in that camp too... the tools are incredible, but the pace and expectations around them can feel overwhelming.
I fully agree with what you say regarding Boris, but I would emphasize that I don't think he has malicious intention either. He still is doing his job, to showcase the features their product offers.
I'm curious how much of this behaviour is still intentional design vs. just inertia. Are the modern filesystems still constrained by these older choices, or is it mostly for compatibility?
Genuine question, how did you get to these 11 LLMs instead of 10 or 12? I'm interested in understanding how you did benchmark these 11 LLMs or whether it was an arbitrary ensemble you selected.
DuckDB is a great example of how far you can get by removing unnecessary layers... Columnar layout and vectorized execution is a powerful combination for OLAP workloads.