Do you foresee this changing anytime soon? Would love to contribute but also I think community adoption and contribution would go along way in terms of businesses less worried about single points of failure.
It’s hard balance to strike for sure. And it’s getting weirder by the day with agents.
This is nuts.
But give me some rope here, how much of react renders in Vello. Like is Vello taking the place of the shadow DOM here or is the entire DOM being render on a WASM thread somehow.
I think (not 100% sure) Cillium [0][1] kinda already does this. This loophole is good for packet processing/routing and even introducing XDP based ACL to bypass any ip/nf tables and get that almost wire speed benefit. I use Cilium with these features for custom made k8s clusters with Talos OS without any kube-proxy.
Cilium is definitely the gold standard if you’re working with Kubernetes clusters and need a full CNI, but if you want to extend CNI functionality without replacing it, then this approach is the only option.
It works quite well because Cillium (and all CNIs that I’m aware of) don’t use XDP like the blog post mentions, they use Netkit instead which is an alternative to veth designed for netfilter-like use cases.
This means XDP can work alongside Cillium (with enough tweaking) which is what we wanted to be able to do.
If you’re using pure containers and no CNI, then of course this provides a significant speed up even beyond netkit devices.
It is nice to see people thinking and working on low level networking stuff that everyone will benefit. I think even single node clusters/container hosts will benefit a lot from XDP loophole. I'll keep an eye on it.
My iPhone 12 mini was bugging me about it the other day. I declined it. I don't want liquid glass and whatever else it does to make that phone feel slower and less usable. I refuse to buy a newer iPhone. They are all too big.
12 mini user here. Phone is just as slow and usable as prior to updating to 26. (Immediately after updating was slow for a little while which scared me initially, but I think it was just still doing some background stuff related to updating).
13 mini here too and last iPhone/smartphone I will buy.
Settings > Accessibility > Motion > Reduce motion and Settings > Accessibility > Display and text size > Reduce transparency make it usable-ish. There is hundreds of ms lag at times inexplicably w/touch and upwards of a second plus when connected to CarPlay. But I can't blame iOS 26. I have to reboot this thing sometimes weekly, sometimes less frequent than that since iOS 18. I can no longer justify spending hundreds of dollars on things that don't meet my standard of "works" even if it's 2025.
Security updates are typically available for the most current 2 OS versions, and 18 is still officially supported, perhaps until 2026 or 2027. 18.7.3 exists with similar security updates as 26.2. It may not show up on iPhone as an update option without being on the beta 18 channel because they're trying to force people onto 26 using dark patterns, but it shows up on iPadOS without any additional magic.
Thanks for your support. I also find these dark patterns unacceptable and even as a technical person one needs forums to figure out why it only shows the 26.2 update very prominently and not the relevant one. x
We can argue over whether 3 extra taps to access counts as "acceptable" or not, but it's clearly not enough of a hurdle to be considered "not available". Otherwise you might as well count iOS 26 as not being available either, because that needs at least 4 taps to install (settings -> about -> software updates -> install -> enter pin -> ok).
I wish they fixed the keyboard focus and UI shifts around that. It's one of the most buggy things I've ever seen, oftentimes I can't even see what I'm typing because everything is offset in weird and incorrect ways.
The pre 26.2 less-glassy options were bearable because they were mostly like pre-Tahoe. The post 26.2 less-glassy options are now so shit that I’m using glassy mode, despite it being also ugly, distracting and harder to read than ever before. Apple have absolutely trashed their OS and their “Apple make good UIs” pedigree. It’s such a disappoibtment. I hope they come to their senses in the next major release round.
Thanks for that link. Before reading I was in the process of migrating all my stuff from a Windows7 machine, deduping archives and identifying software that I may still need to run in a VM somewhere or on a tablet. I had considered flipping to Apple devices since I have an iPhone but have never pulled the trigger on any of that. I was considering iMacs instead of a Linux box for a more seamless interface with the phone.
After reading that article where it is apparent that Apple has intentionally used terms that sound similar to obscure what the customer is actually gaining when they upgrade versus update and they intentionally omit the part about older devices not getting all the security updates that are pushed in the updates. I now have some clarity.
I can focus on moving to Linux and in time will be ditching the iPhone. Should've done this years ago.
> Note: Because of dependency on architecture and system changes to any current version of Apple operating systems (for example, macOS 26, iOS 26, and so on), not all known security issues are addressed in previous versions (for example, macOS 15, iOS 18, and so on).
Now do this in containers with gMSAs. It eliminates the need of passing around Admin creds. Which I cannot stress enough. You shouldn’t be throwing your DA credentials into your random Linux machine’s Kerberos cache.
Amazon open sourced a project trying to solve similar problems.
The problem I have with using a gMSA outside of Windows is you need a Kerberos principal and credential for that principal in the first place to allow retrieving the gMSA details. Why not just use that principal and avoid adding this next step.
It would be great if Linux had a mechanism where the host itself could act as the principal to retrieve the gMSA like on Windows but the GSSAPI worker model just works differently there and runs in process. A similar problem exists for using Kerberos FAST/armouring where Windows uses the hosts' ticket to wrap the client request but on Linux there is no privileged worker process that protects this ticket so the client needs to have full access to it.
The closest thing I've seen is gssproxy [1] which tries to solve the problem where you want to protect host secrets from a client actually seeing the secrets but can still use them but I've not seen anything from there to support gMSAs for armouring for client TGT requests.
UV and the crew at Astral really moved the Python packaging community forward.
I would love to see them compete with the likes of Conda and try to handle the Python C extension story.
But in the interim, I agree with everyone else who has already commented, Pixi which is partly built atop of UV’s solver is an even bigger deal and I think the longer term winner here.
Having a topologically complete package manager who can speak Conda and PyPi, is amazing.
I've been exploring this! Have tried Frigate and SCrypted. With their API it's easy to connect the camera to anything. Haven't got any useful AI models running. What I'd love is sleep tracking.
It’s hard balance to strike for sure. And it’s getting weirder by the day with agents.
reply