Yeah they are, this problem is super overblown. Weirdly I’ve seen articles about this coming up for other apps too, like the ChatGPT app for MacOS storing conversation history in plain text on the device. Weird that this is suddenly a problem.

If someone wants better security, the can use full disk encryption and encrypt their home directory and unlock it on login.

That’s just not true though

I agree, I wish fonts just defaulted to distinguishing between them

Again, the binaries aren’t from questionable sources. From what I can tell they all come from the official source. The problem is them being unsigned, which is a simple oversight that can be made when something is being written by someone who is not security minded. It is alpha software and this is already actively being discussed.

Fair, they’re pretty common but most fonts support OpenType variations which let you change parts of the fonts to other variants. Having a variant with distinct l’s and I’s is pretty common and Inter supports this.

It should just work, distrobox supports graphical apps.

Since OP is using an immutable distro they are likely unable to install some dependencies they need without using a container.

Like most modern fonts, it supports a lot of OpenType features, so this can be changed dynamically. Changing some settings by default has already been mentioned in the discussion around the change.

Do what? Nothing has even been done yet, they’re just discussing the possibility of changing the font…

Because people can make make mistakes…

Loads of important projects have had vulnerabilities that showed up through minor mistakes and oversights. I agree that this shouldn’t happen, but it did. I’d still prefer this project to a closed source editor/IDE and even VSCodes method of having a store full of plugins, many of which are closed source and unverified. The project is in alpha, mistakes and problems are expected. This was obviously an oversight, and after being pointed out, it is being addressed.

Can you elaborate on questionable sources? All the sources I saw were the official sources of the binaries they wanted to download.

Better/simpler experience out of the box. With Helix you install the LSPs for languages you use and you’re set with a fully featured editor. Manual configuration is only needed for setting themes, keybinds, and small setting changes. It also feels much faster than a fully configured vim/neovim. Lastly its keybinds are inspired by Vim/Kakoune, but different from both.

It supports LSPs, and has treesitter syntax highlighting and git integration which honestly makes it 90% of the way there already

They are addressing this here: https://github.com/zed-industries/zed/pull/14034

yeah the editor is being updated way too fast for nix to keep up. I’m sure it’ll be easier once it has its stable release. I see the have a nix flake in the repo, it would be great if they added a package to the outputs instead of just a devshell, nix users could easily build it from master or whichever tag they want.

There are solutions in this issue to the LSP issue. The editor would need to be built in an fhs-env, or they will need to find a way to make it uses binaries installed with nix instead of the ones it downloads itself. VSCode had a similar issue, so there is a version of the package that let’s you install extensions through nix, and another that uses an fhs-env that allows extensions to work out of the box.

it is true that they do not integrate with widgets and theming, but that’s not exclusive to electron. GTK apps don’t follow system widgets, nor will they follow theming on non-gtk desktops. I do also prefer desktop apps not be written in electron for the performance reasons you mentioned.

I don’t really have a YouTube video or blog post on hand to explain it, but I do have a degree in cybersecurity. Putting a malicious executable in a video is not a simple task. The most likely way for this to occur would require a vulnerability in the video player you are using that allows for code execution. If your system is up to date, it’s unlikely the video player you’re using is going to have a known vulnerability that allows this. If someone does have knowledge of a vulnerability like this that is not publicly known, it’s very unlikely random 1337x users will be their target.

Something I will recommend is if you are using Windows, make sure you do not have file extensions hidden in File Explorer, because then someone could trick you by simply naming an executable with .exe at the end. These types of tricks are more important for the average user to be cautious about than attacks utilizing steganography.

Electron is capable of having just as good integration with the system as native applications. It’s just that a lot of people are not optimizing these cross platform apps to have optimal integration with them. Electron has the safeStorage API that allows you to use kwallet or GNOME Keyring to securely store information. I believe both Discord and Spotify use this on Linux.

I tried to test it a few weeks ago but couldn’t get logged into it successfully. I’ll have to give it another try.

Tauri is the electron alternative we already have. This does look like a good framework, just not the same as electron.

I generally would for desktop use, and absolutely wouldn’t rexommend them for a new user.