12 years on, it’s shocking how much of his fiction became reality.

[0] https://www.destroyallsoftware.com/talks/the-birth-and-death...

Relevant. Loro a lovely CRDT library, explored implementing VCS semantics with CRDTs.

It’s hard balance to strike for sure. And it’s getting weirder by the day with agents.

I have so many questions.

After reading loophole labs post [0] a few months ago. I was hoping someone would cook on this for security research.

[0] https://loopholelabs.io/blog/xdp-for-egress-traffic

Click the ⌘⌥1 on the top right of the terminal or enter it on the keyboard for some fun code golfing.

I wanted to like it too, but some of the new UI modals of iOS 26 are just awful.

Amazon open sourced a project trying to solve similar problems.

https://github.com/aws/credentials-fetcher

Nifty, but was clearly made with AWS assumptions and we had to roll our own with the various hooks we needed for our cloud infra.

I would love to see them compete with the likes of Conda and try to handle the Python C extension story.

But in the interim, I agree with everyone else who has already commented, Pixi which is partly built atop of UV’s solver is an even bigger deal and I think the longer term winner here.

Having a topologically complete package manager who can speak Conda and PyPi, is amazing.

https://pixi.sh/latest/

Unifi accidentally made a fantastic baby monitor.

The recent APIs they’ve built makes me hopeful that I could run an AI model against the footage eventually and build those Ai features for myself.

Only thing that fixes it, is a hard reboot.

I wonder if that is related to this flaw.

Even with VPNs the question should be, what are we gating behind that VPN anyway. Does it actually give us the granularity of controls we want or is this all security theater. (Also what about hybrid infra, between the datacenter and cloud)

FWIW, my ideal architecture is Wireguard into Corp. (Ala CloudFlare Warp, Tailscale, etc) Corp doesn’t hold a ton of sensitive assets. Or put another way, it’s a lower trust tier.

And then using something like Teleport, Octelium, etc to reach production assets.

Admittedly no vendor product I’ve come across yet has bridged this gap nicely. The überProxy tend to focus on the application protocols they support. While the wireguard clients cares more about session control of the tunnel.

What enterprises want is to move away from perimeter based security models towards the promise that Google überProxy/BeyondCorp popularized many years ago. Which has been lost in the buzzword soup. It’s very simple.

1. A clean separation between Prod, Corp, and the public internet. And the UX to hop between them as an employee is as transparent as possible. (Often times network segmentation comes with additional painful friction for engineerings.)

2. One pipe to observe, and clearly attenuate permissions as traffic/messages flows between these boundaries.

3. Strong proofing of identity for every client, as an inherit requirement.

The problem is everyone outside Google has incredibly diverse protocol ecosystems. It makes those three promises incredibly difficult to deliver on as a vendor. (I’ve evaluated many)

To build a proxy that is protocol aware, only solves half the problem. It gets you some coarse grain decision making and a good logging story.

To build a proxy that is also able to perform type-inference at the request layer, allows for a much richer authZ story. One where businesses can build an authorization layer at the proxy better than their in-house apps could even do natively. (As it turns out, having all the predicates of the request available to a policy engine is super useful).

The docs are a little verbose, the marketing maybe isn’t amazing. But this is inherently a complex problem. No one has fully solved.

Teleport was first to the market to OSS and commercialize a lot of these ideas. StrongDM also is doing really interesting work in this space. I wish Hashicorp had invested more in this space.

Disclaimer: my opinions are my own.

Would love to see this land on a Pi Zero 2 inside a husked out iPod classic and a skinable UI to boot.

@gvy_dvpont (@dupontgu ?), did this a few years ago back with a Pi Zero one, but I believe the project has suffered a bit from hardware compatibility decay.