One counter example: https://nextgraph.org/elfa-consortium-encrypted-local-first-... (eg.. https://www.ironcalc.com/)

Is it really a counter example?

"Gathering 12 partners for at least 3 years, towards a suite composed of 16 apps!"

Read the About page and tell me what is it exactly that you will be paying for? https://nextgraph.org/introduction/

I mean we all agree of how good are the values posted on these page, but what are we paying for? Oh I see: https://nextgraph.org/roadmap/

   This is the new roadmap for 2025, established thanks to the new grant received from NLnet Foundation and the NGI Zero Commons Fund.
   The main goal is to finish the Core protocol, improve the Wallet and App, and bring about the Framework/SDK so that developers can create standalone or embedded apps based on NextGraph. Those apps can make capability-based access requests on the user's data, define smart-contracts and implement any business logic within cross-document transactions. 

No LOL, this is where your money is going... At the same time, the maintainers of the openssl, sqllite, openssh, ... or for example NGINX that now belongs to big american company...

> throwing shitload of money to the big actors of a field

My reply was directed at this part. Based on my memory seeing ironcalc specifically getting funding. Unless they hide it well they are not a big actor. And the project looks interesting and worthy to me. (I see I should have omitted the nextgraph link as I'm not familiar at all with that project)

Few of the projects listed here seems to be big actors: https://nlnet.nl/project/index.html

Some projects funded by NLnet: Organic Maps, KDE Connect, KDE Plasma Wayland, Bottles (Builds on Wine IIRC), Briar, mitmproxy, Nextcloud, Wireguard

Note: NLnet is an independent organization, but it seems to get quite some support from EU. Maybe you would argue NLnet itself is a big actor?

I think funding already established, respected donor organizations is a decent strategy.

The source code is published [1] and there are MIT course videos available [2] (albeit 9 years old...).

The source code appear to be primarily in Matlab(!) though.

[1] https://github.com/Accla

[2] https://ocw.mit.edu/courses/res-ll-005-mathematics-of-big-da...

Except most of the attacks so far has not landed actually source code changes to git IIRC. They have targeting the release files directly.

Software vulnerabilities are often not placed maliciously, and are present in the original source. If you don't patch them if discovered later, you'll be vulnerable to them.

Yes. Isn't that "giant PITA" is referring to here?

> your own repo reviewing and merging from upstream as needed. Would be a giant PITA though

pnpm also support this

The gist link above covers how to use it in yarn, npm, and pnpm

Their transcription (STT) models are good IMO

And the gotcha has been known about since 2014:

> This is the class of attack documented by Adnan Khan in 2024. It's not a TanStack-specific bug; it's a known GitHub Actions design issue that requires conscious mitigation.

While it seems the maintainers kinda went-out-of-their way to enable this - GitHub could easily have at least turned of cache-sharing between fork jobs and the main jobs...

I've had good experiences with the Mistral Voxtral models (I've used the API, but some of the model-variants are open weight)

Idk, it almost seem a workaround for slow/broken go-back? If go-back is fast and state preserving, it's basically a fullscreen modal.

All(?) browser open links in a new tab when middle-clicked?

Can you please fix https://github.com/anthropics/claude-code/issues/43713 ?

Wish reword took a commit range though

I had to check and `jj describe` does. You get all the commit messages in a single file to edit, with headers separating them.