Well, we're probably not going to be running frontier models anytime soon, but I think the general assumption is smaller models will continue to improve until they're sufficiently good frontier models aren't needed.
There's potentially also augmentation through tools, harnesses and RAG to help boost how well they work without tons of parameters.
Your database can double as the revocation list. You can use a last modified timestamp on the user or a monotonic counter to determine if a JWT is stale.
The word "session" is overloaded. In browser terminology, a session cookie is one that expires/is cleared when you exit the browser (it doesn't persist on disk)
In application terminology, a session is user state that outlives a single request.
Depending on what definition you use and how pedantic you are, a stateless signed cookie is also a session cookie.
A "regular" cookie could also be a signed cookie which is basically the same thing as JWT.
Slight disagree in horizontal scalability--server sessions scale somewhat with Redis, replicated DB but obviously not to the degree stateless ones do.
Also on revocability, you don't need to revoke the token if you're validating fine grain permissions outside the token. You can revoke the permissions (ie disable the user). You can use JWT to gate permissions at a high level (infrastructure, traffic edge, API gateway) then validate fine grained permissions in code
Taking things down doesn't help much unless the platform has something in place to make it hard to recreate them.
>they could do the hard job of combining leads and working with appropriate agencies to maybe find and prevent these things over time
At least in the U.S., everyone will cry government overreach and no one will fund it. In other countries, they should probably just ban U.S. platforms unless they're reachable and actually resolve these type of problems.
My, Maria, and Max are his kids. There is MaxScale which is a L7 SQL proxy/loadbalancer
reply