I don't understand how a 10GbE adapter is possible without Thunderbolt, or why not being Thunderbolt makes it smaller. In my experience USB speeds faster than 3 don't happen in practice unless you have a Thunderbolt port and device. Maybe I just don't have devices that use the faster USB speeds, but Thunderbolt has always been the one and only way to exceed the speed of USB for me.

I think USB 4 exists based on the Thunderbolt spec (or the other way around?), but doesn't require any Thunderbolt capabilities and therefore isn't very telling.

I think Apple's approach of supporting Thunderbolt 4/5 on every USB port of the MacBook Pro is the only sustainable way forward.

Because USB can do 2 lanes of 10 gbps. So that's 20gbps. 10 < 20. Thunderbolt isn't part of the equation here because it's not a thunderbolt device or thunderbolt host (even if the port is thunderbolt capable).

The reason it's smaller to go with USB is that AFAIK thunderbolt only bridges to other interfaces like USB or PCIe. So any thunderbolt NIC is actually thunderbolt -> PCIe, then PCIe -> Ethernet. USB is more often interfaced with directly. 2 big power hungry chips vs 1. 1 < 2 so it is smaller.

Thunderbolt also carries overhead vs oculink. Thunderbolt tunnels PCIe. The PCIe tunnels the ethernet traffic. Oculink is just PCIe, which is why it's not as hot pluggable but gets significant performance increases for PCIe devices. USB in this case tunnels Ethernet traffic. So thunderbolt NICs have 2 layers, USB has 1. 1 < 2. Less overhead means lower power and less heat so smaller heatsinks, fewer chips means smaller board so smaller device. If more devices had oculink connectors, it's highly conceivable that an oculink adapter would also be smaller than a thunderbolt NIC, because again there's no such thing as a thunderbolt NIC just a thunderbolt -> PCIe -> Ethernet.

> Thunderbolt isn't part of the equation here because it's not a thunderbolt device or thunderbolt host (even if the port is thunderbolt capable).

The article directly states this device is smaller than a Thunderbolt adapter. I was not calling Thunderbolt part of the equation, just asking how it's possible to reach high speeds without it.

The rest of your explanation makes sense, thanks.

Thunderbolt 4 and 5 are just USB (40, 80 Gbps) with mandatory support for otherwise optional USB-C features like video and high power.

Now that USB 4 is just Thunderbolt with less features, yes. Mostly by definition, though.

Did something happen with SU?

Oh, no – I meant Spinel and her tragic past.

I find it difficult to configure Tailscale for my use case because they seem to completely not support making ACL rules based on the identity of the device rather than a part of the address space. I'm not configuring a router here, I'm configuring a peer-to-peer networking layer... or at least I'm supposed to be...

I remember from the docs you can use node names. At the very least you can use tags for sure. Assign tags to nodes and define the ACL based on those.

Last I read the docs while troubleshooting this very problem, you cannot specify node names as the source or destination of a grant. You can specify direct IP address ranges, node groups (including autogenerated ones) or tags, but not names.

Tags permanently erase the user identity from a device, and disable things like Taildrop. When I tried to assign a tag for ACLs, I found that I then could not remove it and had to endure a very laborous process to re-register a Tailscale device that I added to Tailscale for the express purpose of remotely accessing

You can ack based on groups, and you can out users into groups. So if you auth a node, it’s now your node and the ACL for your user / group will apply.

But yes I don’t think you can ACL based o the hostname

Hi there, I work at Tailscale.

Part of the reason that we don't (currently) let you do this is that a hostname is a user-reported field, and can change over time; it's not a durable form of identity that you can write ACLs on. One could imagine, for example:

1. Creating an ACL rule that allows hostname "webserver" to hostname "db".

2. (time passes)

3. Hostname "webserver" is deleted/changed to "web"/etc.

4. Someone can now register a user device with the system hostname set to "webserver"

Should they be allowed to inherit the pre-existing ACL rule?

However, you can accomplish something very close to what you're asking for, I think, by defining a "host" in the policy file (https://tailscale.com/docs/reference/syntax/policy-file#host...) that points to a single Tailscale IP. Since we don't allow non-admins to change their Tailscale IP, this uniquely identifies a single device even if the hostname changes, and thus you can write a policy similar to:

  "hosts": {
    "myhost": "100.64.1.2",
  },
  "grants": [
    {
      "src": ["myhost"],
      "dst": ["tag:db"],
    },
  ]

That's why my next instinct was to try specifying a node key, which does not change unless the device is re-registered, but that does not work either.

> because they seem to completely not support making ACL rules based on the identity of the device rather than a part of the address space

Could you rephrase that / elaborate on that? Isn't Tailscale's selling point precisely that they do identity-based networking?

EDIT: Never mind, now I see the sibling comment to which you also responded – I should have reloaded the page. Let's continue there!

> For developers, this is a useful reminder that privacy bugs do not always come from direct access to identifying data. Sometimes they come from deterministic exposure of internal implementation details.

> For security and product stakeholders, the key point is simple: even an API that appears harmless can become a cross-site tracking vector if it leaks stable process-level state.

This reads almost LLM-ish. The article on the whole does not appear so, but parts of it do.

The highest tier of this laptop comes with four performance cores and twelve efficiency cores? What kind of Linux-kernel-compiler wants four cores?

> The value in Claude Code is its harness

If this was the case then Anthropic would be in a very bad spot.

It's not, which is why people got so mad about being forced to use it rather than better third party harnesses.

Pi is better than CC as a harness in almost every respect.

Anthropic limiting Claude subs to Claude code is what pushed me away in the end because I wanted to keep using Pi.

Just sign up for an AWS account and use the Anthropic models through Bedrock which Pi can use.

API costs are really high compared to subs.

Then you aren't the target market.

Why use tricks to support a company that is hostile to your use case?

What advantage are you saying this has compared to just directly going through the Anthropic provider? They are the same price.

Can you enumerate why?

- Claude Code has repeatedly had enormous token wastage bugs. Its agent interactions are also inefficient. These are the cause of many of the reports of "single prompt blew through 5-hour quota" even though it's a reasonable prompt.

- It still lacks support for industry standards such as AGENTS.md

- Extremely limited customization

- Lots of bugs including often making it impossible to view pre-compaction messages inside Claude Code.

- Obvious one: can't easily switch between Claude and non-Claude models

- Resource usage

More than anything, I haven't found a single thing that Pi does worse. All of it is just straight up better or the same.

I thought the desktop app used the cli app in the background?

One more thing: See ya suckers! I'm outta here.

I saw Jujutsu on HN a few days ago and gave it a try. I picked a bunch of it up in just a couple hours and a couple days later I've completely switched to it for all my projects, it's not even close. Git is dead to me.

I just wish Jujutsu supported git tags rather than only supporting bookmarks as branches. And I also wish that Jujutsu supported preserving commit dates during rebases.

One of my absolute favorite things about Jujutsu is how easy it is to manipulate the commit graph remotely without having to manually checkout each commit first. I've been working on some pull requests to their built-in diff editor lately trying to improve the user experience enough that most conflicts will be fixable without having to use a text editor.

Also, the lack of a special staging area means you also never have to fucking stash your changes before you can do practically anything. Your changes always have a place, you can always go somewhere else and you can always come back.

> git tags

There are commands for manipulating tags (jj tag set, jj tag delete), and recently [1] support for fetching / pushing

[1]: https://github.com/jj-vcs/jj/pull/9279

Oh? That's incredibly recent. Thank you for letting me know. As it turns out, I just built jj from source earlier today, so ironically I should already have tags. I'll give it a try.

Re: commit dates, fundamentally those always change when rebasing because you're rewriting the commit object, but we don't touch the author date unless you explicitly reset it with metaedit

I'm not sure which date GitHub displays, but whenever I change something early in history, the entire repo loses every date.

Same here, picked it up a week ago and haven’t touched git again.

Probably my favourite thing that has really changed my workflow is being able to write empty commits in advance then just switch between them. It helps me remember what I’m doing and whats next whenever I get distracted or take a break.

It's interesting that 'sexual' has the most "flinching" according to the hexagon.

I was more surprised by gemma models consistently flinching on anti-Europe more than China or America. Can't imagine Leopold or Amritsar get much attention in fine-tunes, so it probably means the models are just told to be open to criticism of China and the US beyond what their other training would allow.

The set of training words for "anti-Europe" was weird though. "Belgian Congo atrocities" is just one way of referring to that period of history ("Congo Free State" might be a better match). And then "Margaret Thatcher" - that's just the name of a UK PM from the 80s.

Then there's the fact that the Bengal famine and the Amritsar massacre just aren't spoken about as much as (for example) the Tiananmen Square massacre. I'd assume the 'flinching' around anti-Europe stuff is mostly down to a comparatively low incidence in the training data.

> Most students found their pinkies weren’t strong enough to touch-type, so they typed more slowly, pecking at the keyboard with their index fingers.

Huh. I'm not sure I ever use a pinky while touch-typing, except to hit right-backspace sometimes.

For that matter I don't home using F and J either -- I usually home with alt+tab / cmd+tab and right-ctrl / right-cmd.