292 private links
Another security issue in the kernel
I think that what you're actually looking for is The Rule of Least Power, just applied to types. You should choose the lightest weight, conceptually simplest approach you can that keeps the code intelligible to others.
Smart Pointers should be used only when regular borrowing does not work.
LA seule chose qui retient Facebook en France, c'est la communauté. Il y a beaucoup de personnes qui utilisent ce réseau car tout le monde est dessus.
ses bilans financiers reconnaissaient 60 milliards de dette fin 2025, soit le double de l’année précédente, et ce malgré une comptabilité très créative.
D'un autre côté, il s'agit d'une négligence du client, alors que la voiture était rappelé au garage par Volkswagen, stationner en extérieur et éviter de charger la batterie au delà de 80%.
Instead of Sentry: https://www.bugsink.com/
Instead of Stripe: https://www.mollie.com/
The client is not a thin view requesting permission to show data. The client is a node in a distributed system with its own database.
It’s overkill for simple CRUD apps with no offline or collaboration needs.
But here’s where it shines: note-taking, document editing, collaborative design tools, project management, field apps with unreliable connectivity, basically anything where data privacy is a selling point, as well as anything with real-time collaboration.
One more thing I wish someone had told me earlier: you don’t have to go all-in. I’ve had the best results using local-first for specific features within otherwise traditional apps. Offline drafts in a blog editor. Real-time collaborative notes inside a project management tool that’s otherwise standard REST.
To do so: SQLite in the browser via WebAssembly; persisted to the Origin Private File System (OPFS). The author describes the method used.
To avoid conflicts: CRDT. Yjs exists. There is also Automerge and the newer Loro.
To grasp the data: replicate rows via database replication.
PowerSync does this well from Postgres to SQLite.
Triplit is a full-stack database with sync built-in.
LiveStore use an event-based approach.
TinyBase for prototyping or small apps.
PGLite (Postgres compiled to WASM) but it has a significant bundle size and memory footprint for mobile browsers.
Often the last-write-wins (LWW) is the best strategy at the field level.
For a document body, CRDT should be used.
To book a meeting, one must verify there is no other meeting booked by someone else. " The approach I’ve landed on (after getting it wrong twice) is: validate on the server during the write-back phase, but flag violations rather than silently rejecting them. When the client pushes mutations to the server during sync, the server runs them through a constraint validation layer before applying them to Postgres". See the example.
The conflict should then be resolved by the user.
For something like inventory management where two people “buy” the last item, that window is unacceptable, and that’s exactly why I said earlier that local-first is wrong for systems requiring strong transactional consistency.
Conflict resolution works well for texts with CRDT.
See such app architecture: https://www.smashingmagazine.com/2026/05/architecture-local-first-web-development/#building-a-real-app-architecture-auth-and-migrations
Example of E2E (local, on device) encryption for https://anytype.io/
One thing to consider is migrations: Design your migrations to be additive. New columns with defaults. New tables. Don’t rename or drop columns unless you absolutely must, because users running old app versions will still be syncing data, and your server needs to handle the mismatch. I learned this the hard way when I dropped a column that an older client was still writing to, which caused silent sync failures for about 200 users over a weekend.
Performance are awesome (< 10ms for read or writes). The initial sync is where the cost occurs.
The architecture can be tested with Playwright and context.setOffline(true).
I’m excited about where this is going. PGlite (full Postgres in the browser) feels like a glimpse of a future where the client/server data layer distinction just dissolves. You write SQL, it runs everywhere, sync is a runtime concern rather than an architectural decision. We’re not there yet, but you can see it from here.
There is also no standard for a sync engine. Migrating away a sync engine is not trivial. I’m also worried about the complexity budget. Local-first adds real architectural complexity: sync engines, conflict resolution, client-side migrations, partial replication, and auth at the sync boundary.
It’s not how much you have. It’s the difference between what you have and what you spend. If you have more than you spend, you’re rich. If you spend more than you have, you’re not. If you live cheaply, it’s easy to be free.
That's the ladybird browser's website by the way
CoMaps est plus simple. OsmAnd requiert de bien comprendre les différentes couches de l'application.
CoMaps est plus simple à mettre en navigation GPS uniquement; soit l'assistance réseau (Wi-Fi, Bluetooth, triangulation via Google Play Services) est activable. Cela est plus complexe sur OsmAnd.
OsmAnd est un couteau suisse: : couches météo, relief, courbes de niveau, profils multiples, traces GPX, plugins…
CoMaps fait moins mais plus simple.
j'aime beaucoup le système de grille du planning. Il permet de situer plusieurs évènements dans la journée.
L'implémentation est décrite sur https://fourbi.eu/billet/2026-05-13-paris-web-2026-la-grille-de-programmes
AppWrite support Rust with a dedicated SDK
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw.
"The result of this is that the X:\Windows\System32\winpeshl.ini is deleted, and when Windows Recovery is entered, rather than launching the actual Windows Recovery environment, it pops up a CMD.EXE. With the disk still unlocked" - Will Dormann