In today's architecture, the person who wrote the software has to be the one to extend it with new functionality.

2025-02-10 · Bits and Bobs 2/10/25

In today's architecture, the person who wrote the software has to be the one to extend it with new functionality.
- You can't run untrusted 3P code in a trusted context unless it's actively sandboxed.
- There are some ways to do sandboxing in the context of another experience (e.g. iframes) but they create noticeable seams between the host and the inner content. It's hard to make seamless experiences.
- In the architecture of today, this means the person who writes the software has to write turing complete code to extend their app that works on your data.
- The software runs on the software creator's servers, out of our reach.
- But things that you care a lot about will not necessarily be a thing they care about, if few other people have that use case... or it's against their business incentives.