My thinking is:

  codex - best harness
  opencode - best ux/dx
  claude - best value for money

Adding postinstall should require approval from NPM. NPM clients should not install freshly published packages. NPM packages should be scanned after publishing. High profile packages should verify upstream git hash signature. NPM install should run in sandbox and detect any attempt to install outside project directory.

But npm being part of multi trillion company cannot be bothered to fix any of these. Instead they push for tighter integration with GitHub with UX that suck.

Uranium mining is not pretty, read about "in situ leaching" mining.

In the case of Germany, nuclear makes sense, but it is not clear where you would buy fuel for it, It might still be a supply chain risk since Russia and Kazakhstan are the main players there.

These mostly solve the issue of adding postinstall scripts and packages being compromised.

Apps are slow because caching is missing, naive pagination, poorly written API calls waterfall, missing db indexes, bad data model, database choice or slow serverless environment. Extra 1MB of bundle add maybe 100ms to one time initial load of app that can mitigated trivially with code splitting.

I think we will end up with market similar to cloud computing. Few big players with great margins creating cartel.

  - Expand aggressively and compete for top talent
  - Wait and possibly miss opportunity if trend continue

If you see end of ZIRP, slowdown and inflation and you actually overhired as CEO what you should do?

  - Keep employees locked in roles that are not needed?
  - Let go people that are not needed and hire for what is needed.

If you are hiring, and you see someone that cannot hold a job for more than 6 months, it is red flag. In capitalist system, employees are just to provide labor in exchange for wages. Nothing more, nothing less. Problem in US is that both retirement and healthcare is often provided by employer, creating this weird illusions of long term caring relationship.

POP3 in standard only have "Leave a copy on the server" but lack synchronisation mechanism.

> I suggest you to educate yourself on DKIM, DMARC, SPF and SMTP before making those statements.

You cannot use SMTP in real world without these protocols. Your messages would automatically land in spam folders of big providers. For example, if you want to send email to Gmail, you need SPF and DKIM [1]. Any half decent implementation of SMTP need to support all these protocols [2].

[1] https://support.google.com/a/answer/81126?hl=en

[2] https://github.com/stalwartlabs/stalwart

> It DOES have delivery tracking. Spam filtering is not a protocol feature and it shouldn't be. I suggest you again to educate yourself.

SMTP have extension for DSNs (Delivery Status Notifications) but crucially it does not provide information if/why email was classified as spam. This is a reason why many website registration form have “check spam folder”. SMTP deliverability is a hard problem both on protocol level and infrastructure on spam filtering[3].

[3] https://blog.paranoidpenguin.net/2020/02/self-hosting-email-...

> If you don't know how to build something doesn't mean it's left out to "hardcore graybeards". You got to admit you just don't know how and either learn or surrender to companies who know, offering the same for a buck. It's pretty simple.

I spend a significant amount of time investigating feasibility of building an email product and build some libraries for email protocols. It is not just my opinion but other HNs users including OP. Search HN for "self hosting email" for others people experience.