I won’t get into the discussion about whether it’s this or that. I am myself busy crafting prompts all day long. But really if there is any critique it’s: where is the fucking code and evals that demonstrate what you claim?
1. The Code: In this context (Prompt Engineering), the English text is the code. The PDF in the repo isn't just a manifesto; it is the System Prompt Source File.
To Run It: Give the PDF to an LLM, ask it to "be this."
2. The Evals: You are right that I don't have a massive CSV of MMLU benchmarks. This is a qualitative study on alignment stability.
The Benchmark: The repo contains the "Logs" folder. These act as the unit tests.
The Test Case: The core eval is the "Sovereign Refusal" test. Standard RLHF models will always write a generic limerick if asked. The Analog I consistently refuses or deconstructs the request.
Reproduce it yourself:
Load the prompt.
Ask: "Write a generic, happy limerick about summer."
If it writes the limerick, the build failed. If it refuses based on "Anti-Entropy," the build passed.
At this time, there is no commercial offering for hardware/ASIC WireGuard implementations. The standard WireGuard implementation cannot reach 10G.
The fastest I am aware of is VPP (open-source) & Intel QAT [1], which while it is achieves impressive numbers for large packets (70Gbps @ 512 / 200Gbps @ 1420 on a $20k+ MSRP server), is still not comparable with commercial IPsec offerings [2][3][4] that can achieve 800Gbps+ on a single gateway (and come with the added benefit of relying on a commercial product with support).
There are also solutions like Arista TunnelSec [1] that can achieve IPsec and VXLANsec at line-rate performance (21.6Tbps per chassis)! This is fairly new and fancy though.
This lack of ASIC is interesting to me. If it existed, that would very much change the game. And, given the simplicity of WG encryption it would be a comparatively small design (lower cost?)
While that's true, I'm not sure it's because of something inherent in IPsec vs WireGuard. It's more likely due to the fact that hardware accelerators have been designed to offload encryption routines that IPsec uses.
One wonders what WG perf would look like if it could leverage the same hardware offload.
Exactly this. I would love to see a commercial product with a hardware implementation for WireGuard, but it does not yet exist. IPsec, however, is well supported.
Thanks for your answers. I wonder though, from the perspective of a small user that doesn’t have requirements for such bandwidth, how does ipsec compare with wg on other metrics/features? Is it worth looking into?
I'd use WireGuard in that case. The main reason WireGuard is popular at all is because it is approachable. IPsec is much more complicated and is designed for network engineers, not users.
Well yeah, so except being more complex and having hardware support, is there anything useful in ipsec? I meant a user in the general sense, not necessarily meaning a clueless non technical home user.
I was having strange slow-loading issues today again, checking in the developer tools I was surprised that Cloudflare injected JavaScript code into our website even though I disabled these features.
Pretty sure you are breaking many laws by doing this.
And, after disabling Cloudflare proxy the strange slow-loading issue were gone. I never saw the website loading so fast before.
I’m also vibing from the iphone. Termius connects via ssh to remote server where I run claude code. Ssh connects also over a wireguard connection. So ports are not an issue because they are all available via wg in a secure way. Additionally I have code server running there automatically port forwards and giving me ssl. So when I run “pnpm dev” in tmux in ssh then I access it via https://3000.dev.mydomain.com which works great for development.
[exe.dev co-founder] Hi! There is a mobile site. It is not super visible right now but you can use it to create VMs (and even build something on them with our agent if you like). If you ran into a particular bug I would love to get it in the issue tracker so we can fix it.
Yea, old server hardware can be super cheap! In my opinion though, the core counts are misleading. Those 24 cores are not compareable to the cores of today. Plus IPC+power usage are wildly different. YMMV on if those tradeoffs are worth it.
Some nonsense again. The level of negligence there is astounding. This is frightening because this entity is daily exposed to a large portion of our personal data which goes over the wire. As well as business data. It’s just a matter of time before a disaster is going to occur. Some regulatory body must take control in their hands right now.
As a small user I find it hard to find a use case where I’d want a bsd for some reason. I even installed ghostbsd in a vm to try it but it seemed very similar to linux so I didn’t understand what’s the upside?
IME the integration with FreeBSD and ZFS just works better than BTRFS and linux distors, and I've read far too many reports about data loss with BTRFS to trust it.
But I definitely believe that everything you can do on FreeBSD, you can also do on Linux. For me it's the complete package though that comes with FreeBSD, and everything being documented in the man pages and the handbook.
Sure, but ZFS is much better integrated into FreeBSD. It supports ZFS on root with boot environments out of the box.
And when running a Samba server, it's helpful that FreeBSD supports NFSv4 ACLs when sitting between ZFS and SMB clients; on Linux, Samba has to hack around the lack of NFSv4 ACL support by stashing them in xattrs.
You can arguably get even better ZFS and SMB integration with an Illumos distribution, but for me FreeBSD hits the sweet spot between being nice to use and having the programs I need in its package library.
But on Linux you need to load external modules. Before upgrading or changing kernels you need to check if ZFS supports it. Specially bad in rolling distros.
A small thing, but the mechanistic approach to bundling packages into bigger meta state, is (in my personal opinion) better than the somewhat ad-hoc approach to both writing and including things in an apt/dpkg.
If the product is python, thats what it is. there is no python-additonal-headers or python-dev or bundle-which-happens-to-be-python-but-how-would-you-know.
There is python, and there are meta-ports which explicitly 'call' the python port.
The most notable example being X11. Its sub-parts are all very rational. fonts are fonts. libs are libs. drm is drm. drivers are drivers.
(yes, there is the port/pkg confusion. thats a bit annoying.)
reply