The token efficiency improvement might be underrated. If the model solves tasks with fewer tokens, that directly translates into lower cost and faster responses for anyone building on the API.
If you’re installing this on a fresh machine, the network installer is usually the smoother option. The full ISO is great if you’re setting up multiple systems or need an offline install, but for most people the net install saves some headaches.
yes exactly. with proper configuration (e.g. /sandbox with normal claude code) it is impossible for the agent to escape.
agent orchestrations/wrappers that aim to eliminate friction however subtly override these proper setups, leading to the nasty scenario of:
1) you assuming anthropic's /sandbox is keeping you safe
2) the model reaffirms your belief in that /sandbox is keeping you safe
3) you are not safe
4) you leave your agent running overnight and goal drift deletes your os
I think a lot of engineers intellectually agree with this idea, but emotionally still default to building the “proper” system.
There’s a strange pressure in tech to reach for architecture, frameworks, and infrastructure even when the problem might only need something scrappy. Sometimes the ugly solution survives longer simply because it’s closer to the actual problem.
I think this is slightly romanticizing the idea that humans “hold the territory” in their heads.
In most real systems no single engineer actually understands the full territory either. People rely on partial mental models, docs, logs, and tribal knowledge. In that sense, LLMs operating on maps might not be that different from how teams already work.
That's a fair point, and I'd actually agree with the premise. I work in an environment where the scale makes it impossible to fully understand the full picture, so it's true no single engineer holds the full territory.
But I think the distinction isn't about completeness of knowledge. It's about the feedback loop. Engineers hold partial mental models, but those models are constantly being corrected by reality. You get paged at 3am, you see traffic behave in ways the docs don't describe, you debug something and discover the system doesn't work the way anyone thought it did. Tribal knowledge is actually a good example of this. It exists precisely because someone experienced something that was never captured anywhere. LLMs can't acquire that because they don't experience the system IMO.
But I’m not sure it’s entirely inaccessible to models either. If you feed them enough signals,logs, incidents, metrics, past debugging threads they might approximate that feedback indirectly. Not the same as being paged at 3am, but maybe closer than we assume.
but your distinction is really good. The feedback loop is probably the key difference.
ECH is great from a privacy perspective, but I’m curious how well this will actually work in practice.every time the web encrypts more metadata there’s pushback from middleboxes and network operators.
> I’m curious how well this will actually work in practice
You're experiencing it working in practice. RFC9849 is a published document, the end of a very long process in which the people who make this "actually work in practice" decided how to do this years ago and have deployed it.
This isn't like treaty negotiation where the formal document often creates a new reality, the RFC publication is more like the way the typical modern marriage ceremony is just formalising an existing reality. Like yeah, yesterday Bill and Sarah were legally not married, and today Bill and Sarah are married, but "Bill and Sarah" were a thing five Christmases ago, one of the bridesmaids is their daughter, we're just doing some paperwork and having a party.
ECH won't be effective until there's a HSTS-style policy that forces browsers to use it. Otherwise, firewalls will continue to strip parameters and downgrade connections[0].
The Fortigate article proposes that you take a profile in which your end users have said OK, I trust the Fortigate to decide what's allowed, and then you set it to not allow them to use ECH.
Notice that if users don't trust the Fortigate all it can do is IP layer blocks, exactly as intended.
It seems pointless to try to have a policy where people say they trust somebody else (whoever is operating that Fortigate) to override their will but also they don't want their will overridden, that's an incoherent policy, there's no technical problem there, technology can't help.
Well, yes, this is being used in corporate environments but the end user and the system admin aren't on the same page necessarily. Domain blocking doesn't make much sense in my opinion and should be a thing of the past. You already lack admin rights so what is a block on e.g. mullvad.net actually doing other than stopping someone from reading their blog? They can't install the VPN software.
Defense in layers makes sense, but domain blocking was never a "layer" if a hostile actor can just buy a new domain that's not on your blocklist.
I think it'd be good if ECH became more widespread so that we can get away from these antiquated control techniques that just result in frustration with no security benefits.
The tension is that Security and Dev parts of the stack remove the actual troubleshooting capabilities of the Network layer without opening up the tools that are supposed to replace them.
It's not a problem if Network can still do their job. It's a whole other matter to expect Network to do their job through another layer. You end up with organizations that can't maintain their applications and expect magic fixes.
Orgs that are cooperative probably don't have this issue but there are definitely parts of some organizations that when one part takes capability from another they don't give it back in some sort of weird headcount game despite not really wanting to understand Network to a Network level.
This feels like a recurring pattern in the stack. abstraction removes visibility faster than tooling replaces it.
Encryption and higher-level platforms are great for security and productivity, but the debugging surface keeps shrinking. Eventually when something breaks, nobody actually has the layer-by-layer visibility needed to reason about it.
