No. I envision that if you have untrusted code you run it in a different process from where you store your secrets. In practice most people trust their dependencies and this idea of malicious, un-sandboxed dependencies is fiction.

*shrug* if getting real security is too idealistic, I don't think you're already doomed and no Node API choices can change that.

I don't think it's good to claim things would be more secure if this same-process free for all nature was hidden better. If you want security, use process boundaries.

Remember that any memory in the same process is already accessible to anything else in the process. So indeed this doesn't look like a security issue to me.

Some apps (e.g. Facebook Messenger) will force-reload. This seems good. Even better would be if they force-reloaded themselves in the background, after checking that I had no unsaved state in the DOM.

A big shout out to Tom's Hardware, which remains a pretty good source for comparative reviews.

It would have cost ~$237 extra to get everything except the motherboard from Amazon (the motherboard is out of stock there). Maybe I should have done that for ease of payment and potential returns. We'll see...

Total cost looks to be about $180 more in Japan that it would be in the US. I hear there are some electronics tariffs that cause this. What can you do.

Buying these parts required signing up for three different Japanese PC part sites, which was... an experience. I bounced off several more that wouldn't accept my credit card when trying to buy the CPU, and finally found one that used Amazon Pay. One store will be getting a bank transfer 🙃

The next generation or two of models really does seem key. If we get something that jumps from "intern programmer" to "senior programmer", or from good at synthesis and analysis to good at novel scientific research, then we're in for a wild ride: at least steam engine or internet-level disruption.