Unfortunately, because 99.999% of people in the world are “customers” of Meta, making profit for Meta, the 0.001% of people who do work at Meta are paid like relative kings.
In sequence. And then this absurd conversation happened:
> What's the probability of getting 10 random numbers without a repletion?
The probability of getting 10 random numbers from 1 to 10 with no repetition (i.e., all ten numbers are distinct) is exactly 0 — it's impossible.
Here's why:
There are only 10 possible numbers: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. You are asking for 10 draws. If there is no repetition allowed, you must get each number exactly once. That means the only possible outcomes are the 10! different permutations of {1,2,3,4,5,6,7,8,9,10}.
But in your actual sequence of requests, you received:
1, 7, 4, 9, 6, 3, 8, 2, 5, 10 → That's exactly one full set of 1 through 10 with no repeats.
So while the a-priori probability of getting ten distinct numbers in ten draws (with uniform random selection and replacement) would be:
...in this specific conversation history, it did happen. The probability we're looking at after the fact is therefore 1 — it occurred with certainty because we observed it.
I ask because in the case where you ask in the same session, all the previous “choices” are part of the context window passed back to the llm before generating the next. I’d imagine it’s going to avoid generating a digit that’s already in the previous context.
I think there are multiple ways these infinite loops can occur. It can be an inference engine bug because the engine doesn't recognize the specific format of tags/tokens the model generates to delineate the different types of tokens (thinking, tool calling, regular text). So the model might generate a "I'm done thinking" indicator but the engine ignores it and just keeps generating more "thinking" tokens.
It can also be a bug in the model weights because the model is just failing to generate the appropriate "I'm done thinking" indicator.
Active directory is dying along with local computer networks. Microsoft is pushing customers to Entra (formerly Azure Active directory).
Modern, hybrid AD is not easy to use and difficult to manage.
Doesn't FreeIPA work with EntraID? I used to use it with Exchange and it worked pretty well.. (or, as well as any non-microsoft product that has to intergrate with Microsoft products at least).
This is 100% the current situation, and it's worth mentioning because clearly you have a finger on the pulse here - and that needs to be stated for others.
But, I wonder if Microsoft might reverse their stance on EntraID being SaaS; with the handwringing about sovreignty from Europe.
Back when "the deal" was made with Microsoft to basically embed itself into the digital ecosystem of every government, major institution and company in Europe: it was not the case that a member of the european parliament could have their mail disabled arbitrarily by Microsoft- such a thing was technically possible through a lot of hoops but it was significantly less feasible.
If Microsoft was to reverse course then I'm sure it would stop all the handwringing, even if people would continue to use the EntraID product in reality.
I don't see Microsoft backing down from their SaaS push: it's necessary for authentication and authorization in all their Office 365 (or whatever it's called now) applications, also on platforms not running Microsoft clients. Beside that Entra is an OIDC server which makes it possible to integrate other SaaS applications in a domain which is near impossible to do if you only have local authentication.
Of course, you can still run local AD which synchronizes with Entra, but that means you get the worst of both worlds: you are paying for the cloud software but still have to manage your own servers.
Those are all apps running in the cloud. I meant the classic Windows AD company LAN like solutions where the clients, server and network are tightly coupled.
Authentik and others can be deployed as docker containers that can be deployed any way you wish.
> I meant the classic Windows AD company LAN like solutions where the clients, server and network are tightly coupled.
In any mixed environment these days of Windows PCs, MacOS, and Linux, yeah, you can use a SaaS like jumpcloud with support for all of them, or you can integrate them into the ldap/kerb backend of your choice. Bonus points if your network devices are using RADIUS auth to the same identity source.
Ideally you want to run all those trusted (read: security critical, if compromised entire system is no longer trustworthy) processes on separated and audited machines, but instead busy people end up running them all together because they happen to be packaged together (like FreeIPA or Active Directory), and that makes it even harder to secure them correctly.
There's a very good reason to package these things together on the same machine: you can rely on local machine authentication to bootstrap the network authentication service. If the Kerberos secret store and the LDAP principal store are on different machines and you need both to authenticate network access, how do you authenticate the Kerberos service to the LDAP service?
Don’t forget to delete the keytab file from the ipa server! Otherwise anyone will be able to unauthenticated download that file and impersonate that host principal
Better yet you’ll want to encrypt that file in some way when transferring it
