Open models are trained more generically to work with "Any" tool.
Closed models are specifically tuned with tools, that model provider wants them to work with (for example specific tools under claude code), and hence they perform better.
I think this will always be the case, unless someone tunes open models to work with the tools that their coding agent will use.
> Open models are trained more generically to work with "Any" tool. Closed models are specifically tuned with tools, that model provider wants them to work with (for example specific tools under claude code), and hence they perform better.
Some open models have specific training for defined tools (a notable example is OpenAI GPT-OSS and its "built in" tools for browser use and python execution (they are called built in tools, but they are really tool interfaces it is trained to use if made available.) And closed models are also trained to work with generic tools as well as their “built in” tools.
This gaslighting keeps being repeated, but fact of the matter is that any consumer/home network will be exposed to the internet if they're using SOHO equipment via IPv6 and won't be via IPv4.
And huge % of SOHO routers won't even allow configuring IPv6 firewall which makes security a disaster.
If you look hard enough you will find some, but it's not common.
Half of the Internet is using v6. If a lack of firewall was as common or as dangerous as people think, the supposed security disaster would have already happened. It hasn't.
I don't think "IPv6 is safe because ISP is blocking all your ingress traffic" is a positive argument for an IP standard that's supposed to enable every device to be routable on the internet without things like NAT.
(Also, why the fsck would I want to have an ISP that does that?)
It keeps getting repeated precisely because it isn't gaslighting. And yet we still see people claiming that NAT is security.
The only reason those networks aren't exposed to the whole Internet on v4 is because they're using RFC1918, not because of NAT -- but that still leaves them exposed to some outside networks, so routers come with firewalls, which act as an actual security boundary.
And they won't be exposed on v6, because those exact same firewalls work their magic on v6 too.
NAT doesn't provide and isn't needed for security. Its main security contribution is to confuse people about how secure their network is.
I'd expect folks would see the behavior you're describing here as being part of security.
However, NAT in the real world doesn't work the way you're describing here. My position is based on how NAT actually behaves, not on incorrect descriptions of how it behaves.
Or perhaps you could explain how NAT stops inbound connectivity at the NAT edge? I've tested and it doesn't, so I don't think it's possible to explain how it does, but I'm open to being wrong on that if anybody could actually explain it in a way that doesn't contract actual observed behavior.
Look I get where you're going with this. I do. All things being equal, a device that routes packets will route packets whether or not a NAT is in place. That's not the issue at hand.
The situation is simply that except in the rarest of cases, you're not going to be able to manipulate routing to achieve getting a packet with a RFC1918 (let's be real here, this is what we're talking about 99.9% of the time) destination address to go anywhere, much less to the target. Or more broadly, getting a packet addressed for a target behind a NAT to route TO a NAT gateway. Not to mention that if somehow it did get through, return packets are almost guaranteed to end up NAT'd, preventing traffic flow. So there's that.
On the Internet, even if your ISP didn't drop your packets outright, the routers wouldn't have the faintest idea how to route your packets to your victim.
Not Internet? Ok, let's say you're on a corporate network. You're a user and not a network admin.
Your company has a VPN to a partner company, and you're both using various subnets in 10/8. The partner has provided 192.168.1.0/24 of 1:1 NAT addresses so your two companies can share data, etc.
But there is no route in the IGP to the partner company's 10/8 network, only a block of 192.168.1.x addresses, none of which you are able to use. A magic fairy tells you that partner's payroll server has admin/admin credentials at 10.5.5.5. How are you going to get across the VPN to that address?
You won't, because you can't. Because there's no route, and in the case of a VPN, the interesting traffic probably doesn't include that IP even if you got a packet that far.
It's all simply a question of routing. Whether your traffic is being dropped by a firewall or dropped by a router, it's still being dropped.
FWIW I was a network engineer and architect at a massive enterprise for almost 15 years, and my team had management over all our Internet circuits, NAT, our WAN, etc. At the time I left we probably had >200k 1:1 NAT addresses; mostly across B2B links for management access of our devices on customer premises. It was an enormous PITA.
I get all of that... but it just sounds like you're arguing that either using RFC1918, or someone's inability to route to your router, is a firewall. Neither of these things are NAT! Nor will either of them protect you from all inbound connections, so neither of them count as firewalls either (although I'll grant that they limit the number of people that could make such a connection).
You can't trust an attacker to politely not send you packets that you think they can't send you. They can run `ip route add 10.5.5.5 dev vpn`/`via <next-hop>` just fine if they happen to be in the right place to do it, and your NAT won't help you.
The reason the packets are being dropped does matter. The issue at hand is all the people thinking that v6 is insecure because NAT is a security barrier; they're wrong, because it's not a security barrier, and if they continue to misattribute their security to it then they're going to keep reaching the wrong conclusions about v6.
> I get all of that... but it just sounds like you're arguing that either using RFC1918, or someone's inability to route to your router, is a firewall.
Yes and no. The effect is the same; packets are dropped. If you have no path to a target and no way to create one, it's a security barrier.
> Neither of these things are NAT!
You're right. They're a *result* of having a NAT boundary.
> They can run `ip route add 10.5.5.5 dev vpn`/`via <next-hop>` just fine if they happen to be in the right place to do it, and your NAT won't help you.
'If they happen to be in the right place to do it' is doing a LOT of heavy lifting here. You'd have to have root access on a compromised host, e.g., a linux system, immediately adjacent to the router/firewall/VPN doing NAT. And boy would that be a stupid design for an enterprise, and it would never happen at the Internet edge. So we're talking about the edgiest of edge case unicorns.
Even if you had all that go right, return packets are going to be addressed wrong (NAT) so you'd have to figure out how to deal with that.
Your stance seems to boil down to security being an active security measure - e.g. packet filter policy. My stance is that NAT and the reality of network design naturally results in preventing unwanted traffic flows, effectively producing the same result.
I'm not saying firewalls aren't critical, just that NAT does create a barrier, and v6 advocates always blare on that it doesn't.
1. replacing junior engineers, with AI ofcourse breaks the talent pipeline. Seniors will retire one day, who is going to replace them? Are we taking the bet, that we wont need any engineer at that time? sounds dangerous.
2. Junior engineer's heavy reliance on AI tools is a problem in itself. AI tools learn from existing code that is written by senior engineers. Too much use of AI by junior engineers will result in deterioration of engineering skills. It will eventually result in AI learning from AI generated code. This is true for most other content as well, as more and more content on internet is AI generated.
Google was late to search, late to smartphones, late to internet email. I'm having a hard time thinking of any of their large markets where they were a first mover, maybe YouTube-ish, widespread user uploaded internet video wasn't meaningfully available before the rise of YouTube.
On topic, Waymo is clearly a first mover in self-driving, having the first legal commercial services.
But, being the first mover is usually more of a disadvantage than an advantage, IMHO.
I'm struggling to think of a single product where the first mover won. At best they are able to hold some market share like Dropbox or Slack, but eventually big tech moves in and crushes them by just offering the same thing but cheaper and more integrated.
That is simply not true. I know people who can have millions in their cash account.
Also sometimes you need to liquidate your money and put it in cash account, for example down payment for an upcoming home purchase.
Will it work? Yes. Will it produce same quality as Sonnet or Opus? No.
reply