When you are looking for a new apartment you are always trying to find the best place that fits your budget, so you will always find it near the peak of the cycle and see it going downhill in front of your eyes.

Just a theory.

The only comment that I have that if you are already querying users table (or collection in case of NoSQL or whatever), you might as well have a sessions table/collection in the same database/storage and query them together. It seems that difference is not that big.

The purported advantage of stateless sessions is that you can check the auth without querying the main db/storage (maybe only querying a smaller/faster axillary storage).

Well, this approach throws out a lot of babies with the bathwater. You invalidate tons of legitimate tokens along with the one that you wanted to invalidate and get a thundering herd [0] of clients wishing to re-authenticate.

This is probably not good in case of a really high load.

And if you don't have a really high load, then there is no good reason not to have a stateful session storage.

[0] https://en.wikipedia.org/wiki/Thundering_herd_problem

Perhaps there is a business opportunity for a "rigorously fact-checked" chatbot? You can test chatbot to see if it gives "correct" (according to the author's opinion) answers on a topic of your choice and fix errors through prompt engineering, RAG (or other "memory" techniques), fine-tuning the base model if previous two approaches didn't work.

You can also probably teach it to use your own voice instead of dreaded LLM-isms, to make it sound less like typical AI-slop. This potentially can attract people, who are annoyed by the typical AI voice.

Perhaps, people who wrote self-help books should craft bespoke, custom-made chatbots instead?

Why make a 24-minute Youtube video instead of an article with proper navigation?

This is slightly off-topic, but this is a pet-peeve of mine. I believe that for most practical purposes hypertext beats video:

- you can Ctrl-F through text (well, now you sort of can search through a video, but it is much less efficient)

- you can quickly skim through text to find what you need

- text can have proper navigation (chapters etc)

- texts can be linked to each other. Link could lead to a specific part of the text (proper navigation)

- text is much quicker and cheaper to produce

Yet a lot of people make and watch serious educational and informational videos. Why? I don't get it.

> And there are more security problems. Unlike sessions - which can be invalidated by the server whenever it feels like it - individual stateless JWT tokens cannot be invalidated. By design, they will be valid until they expire, no matter what happens. This means that you cannot, for example, invalidate the session of an attacker after detecting a compromise. You also cannot invalidate old sessions when a user changes their password.

> You are essentially powerless, and cannot 'kill' a session without building complex (and stateful!) infrastructure to explicitly detect and reject them, defeating the entire point of using stateless JWT tokens to begin with.

I'm not sure that this is entirely true. Typically, the total number of non-expired issued tokens is much higher than the number of invalidated unexpired tokens. Therefore, if you store only invalidated tokens and delete them when they get expired, you can significantly reduce the amount of required storage and the cost of lookup.

Although, in any real application the performance gains will be minuscule (compared to the cost of, you know, everything else. Auth is just a small part) and probably not worth the extra complexity.

[0] "Stop using JWT for sessions" - http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-fo...

What is this veiled threat bullshit, lol

I wonder what was the initial prompt that made LLM "think" that it can talk like that.

I think that this is mostly a UI problem. Chat UI is just not a good UI for programming and the fact that the current "AI"-coding sphere has converged on it is incredibly silly.

One of of the first things that I did when I first seriously tried an LLM-based coding agent is making an ad-hoc task manager on skills and simple daemons.

So that I can interact with it using files instead of this stupid workflow of typing a prompt into the console and then just doing nothing while waiting for the response.

There is absolutely no reason not to do it asynchronously.

It is free only if you ignore the cost of getting the thing into the orbit in the first place.

Edit: also, AFAIK, normal microchips (without special radiation hardening) don't last that long in space

To all the people, who complain about "price gouging" or "scalpers" and "lack of regulations": if there are no fair market price, how exactly are you planning to judge who is "worthy" of getting a ticket and who isn't.

Let's say, you somehow forced them to sell tickets at low prices and somehow magically got rid of all the resellers. Now you have a 1000 people venue and 10_000 people willing to buy a ticket for the stated price. What do you do? How do you decide who are the lucky ones?

> GPUI - Zed's GPU UI framework

Cool, but a comparison would also be very helpful.

If I decide to make a GUI app with Zig, how do I choose between Gooey and GPUI?

So far, all I know that GPUI is more mature and has at least one successful project built with it, so...

Also:

> Gooey: Turn (almost) any Python 3 Console Program into a GUI application with one line

> https://github.com/chriskiehl/Gooey

I've seen this behavior before only in places where people post memes and other entertainment content.

No actionable bug report/feature request. No text version. Not even a link to the original post.

Did the person who posted this mistake GitHub Issues for their personal Twitter account?

I think that this is much better than the previous situation with total lack of clarity on what is allowed and what isn't.

This is very interesting, I didn't know that! Thanks for the links!

I have some experience being a software engineer in a data science team or in a team adjacent to a DS team, a lot of problems that they think are "data science problems" are actually software engineering problems being solved in an extremely convoluted and weird way.

I think that if DS community wasn't so resistant to basic SE good practices, or involved engineers in making architectural decisions, total time and effort needed to solve some problems would be greatly reduced.

When I'm in a bad mood, I even entertain a silly conspiracy theory in my head: they do everything in the most ugly and weird way specifically to keep people like me out :)