> I agree that seeing types is helpful, though typing them is also not necessary. Perhaps the solution is an IDE that shows you all the types inferred by the compiler
I do wonder how good results you could get with a good capture setup, good macro lens, and high-resolution DSLR. Of course combined with state-of-art software. By the specs something like Canon R5ii + 100mm 1.4x macro should get up to almost 3um per pixel resolution; intuitively that should result also very high detail 3d models. Managing depth of field might be a problem though.
I'd imagine at some point the rig tolerances/vibrations/newly settled dust specks from snapshot to snapshot would completely negate any benefits you'd get from that level of detail. The processing power to handle that resolution would be a huge (but potentially interesting...) problem as well.
That's amazing. Thanks for that reference. If it's good enough for the kernel, then it's good enough for me to start using in my own projects.
It's really cool that the kernel is using this. The compiler must be generating simple bounds checking code with traps instead of crazy stuff involving magical C standard library functions. Perfect for freestanding nostdlib projects.
> Last week, we released a major update to Gemini 3 Deep Think to solve modern challenges across science, research and engineering. Today, we’re releasing the upgraded core intelligence that makes those breakthroughs possible: Gemini 3.1 Pro.
So this is same but not same as Gemini 3 Deep Think? Keeping track of these different releases is getting pretty ridiculous.
This isn't really true, and it wouldn't be a big deal even if it was.
Die areas for consumer card chips are smaller than die areas for datacenter card chips, and this has held for a few generations now. They can't possibly be the same chips, because they are physically different sizes. The lowest-end consumer dies are less than 1/4 the area of datacenter dies, and even the highest-end consumer dies are only like 80% the area of datacenter dies. This implies there must be some nontrivial differentiation going on at the silicon level.
Secondly, you are not paying for the die area anyway. Whether a chip is obtained from being specially made for that exact model of GPU, or it is obtained from being binned after possibly defective areas get fused off, you are paying for the end-result product. If that product meets the expected performance, it is doing its job. This is not a subsidy (at least, not in that direction), the die is just one small part of what makes a usable GPU card, and excess die area left dark isn't even pure waste, as it helps with heat dissipation.
The fact that nVidia excludes decent FP64 from all of its prosumer offerings (*) can still be called "artificial" insofar as it was indeed done on purpose for market segmentation purposes, but it's not some trivial trick. They really are just not putting it into the silicon. This has been the case for longer than it wasn't by now, even.
* = The Quadro line of "professional" workstation cards nowadays are just consumer cards with ECC RAM and special drivers
I feel this is one of the weaknesses of Linux/unix ecosystem. The freeipa/sssd/nss/pam/krb/ldap/dns (+keycloak/samba/...) etc stack is just incredibly byzantine. I'm sure it is technically very capable in the right hands, but to me it feels like intractable mountain of things and worst of all the failure modes are pretty bad; you can accidentally leave security holes or alternatively lock yourself out.
Microsoft is pushing everyone onto Entra. There are so many exploits for AD but few for Entra.
Tenable has been pushing an internal initiative to eliminate all AD use. This action speaks volumes considering they acquired an AD security company and sell a product specifically designed to secure AD.
The consequences of a compromised AD domain are drastic. We should not try to build the same vulnerabilities into Linux environments, but it’s undeniable there is value in leveraging FreeIPA et al. to interoperate with legacy environments.
The byzantine and overly complex nature of FreeIPA is a feature not a bug. It lends itself to consulting money for RedHat et al in those legacy markets. Sure, the server might be free but good luck getting it running.
Active directory is dying along with local computer networks. Microsoft is pushing customers to Entra (formerly Azure Active directory).
Modern, hybrid AD is not easy to use and difficult to manage.
Doesn't FreeIPA work with EntraID? I used to use it with Exchange and it worked pretty well.. (or, as well as any non-microsoft product that has to intergrate with Microsoft products at least).
This is 100% the current situation, and it's worth mentioning because clearly you have a finger on the pulse here - and that needs to be stated for others.
But, I wonder if Microsoft might reverse their stance on EntraID being SaaS; with the handwringing about sovreignty from Europe.
Back when "the deal" was made with Microsoft to basically embed itself into the digital ecosystem of every government, major institution and company in Europe: it was not the case that a member of the european parliament could have their mail disabled arbitrarily by Microsoft- such a thing was technically possible through a lot of hoops but it was significantly less feasible.
If Microsoft was to reverse course then I'm sure it would stop all the handwringing, even if people would continue to use the EntraID product in reality.
I don't see Microsoft backing down from their SaaS push: it's necessary for authentication and authorization in all their Office 365 (or whatever it's called now) applications, also on platforms not running Microsoft clients. Beside that Entra is an OIDC server which makes it possible to integrate other SaaS applications in a domain which is near impossible to do if you only have local authentication.
Of course, you can still run local AD which synchronizes with Entra, but that means you get the worst of both worlds: you are paying for the cloud software but still have to manage your own servers.
Those are all apps running in the cloud. I meant the classic Windows AD company LAN like solutions where the clients, server and network are tightly coupled.
Authentik and others can be deployed as docker containers that can be deployed any way you wish.
> I meant the classic Windows AD company LAN like solutions where the clients, server and network are tightly coupled.
In any mixed environment these days of Windows PCs, MacOS, and Linux, yeah, you can use a SaaS like jumpcloud with support for all of them, or you can integrate them into the ldap/kerb backend of your choice. Bonus points if your network devices are using RADIUS auth to the same identity source.
Ideally you want to run all those trusted (read: security critical, if compromised entire system is no longer trustworthy) processes on separated and audited machines, but instead busy people end up running them all together because they happen to be packaged together (like FreeIPA or Active Directory), and that makes it even harder to secure them correctly.
There's a very good reason to package these things together on the same machine: you can rely on local machine authentication to bootstrap the network authentication service. If the Kerberos secret store and the LDAP principal store are on different machines and you need both to authenticate network access, how do you authenticate the Kerberos service to the LDAP service?
It's always been awful. OpenLDAP by itself is already attrocious and a pain to make work.
I have always been convinced it was on purpose. It's the point where you were supposed to decide paying Redhat is actually a good idea and nowadays it pushes towards a cloud based authentication solution you can integrate.
Realistically, who has any interest in fixing the mess?
I think that's actually directly in agreement with what I said. Okta built their own thing on the side without touching the Linux stack and is very happy for you to turn to them. So did Authentik actually.
There used to be a time in history when a system administrator had to know all this shit in order to keep their job. I guess nowadays devops just means dev as we furiously pump tokens into the AI Wurlitzer whenever we dont know how to do something and hope it doesnt gaslight us into deleting prod.
- Freeipa is Linux AD, includes DNS, dogtag, and OpenLDAP.
- SSSD is how linux machines authenticate with a central directory. this includes AD.
- nss is the order of operations in which the system attempts lookups against various directories for services.
- pam is the subsystem of authentication in linux.
- kerberos is a ticket based authentication system started by MIT and popularized by Microsoft.
- ldap is a directory for information and authentication data
- DNS should not need an explanation.
Active Directory is the exact same byzantine architecture, the only reason you dont complain about it is because Microsoft has hidden nearly every meaningful internal from you with fun buttons and dropdowns like a childs toy.
Make no mistake, when it breaks it is much more cataclysmic in its complexity. major multinational corporations can spend weeks with external consultants and even Microsoft themselves trying to debug it. Most failure modes result in rebuilding the entire directory from scratch out of the sheer futility of trying to recover anything. things as simple as an OS update can cause the complete failure of the directory, replication, kerberos key subsystem, or even the ADUC tool you use to interface with any of this. Most of the time your only solution is to wait for MS to release a fix.
FreeIPA isnt complete. it doesnt include things like group policies or account expiration but its infinitely easier to debug. its individual components are well documented and offer standalone debug and trace features. most if its components have existed longer than their competitive Microsoft offerings, or at very least vastly outscale and outperform them.
Kubernetes is just as complex, but cloud providers will happily bill you by the nanosecond for the gentle equivalent of Microsofts buttons and dropdowns. Microsoft will gladly bill you for "cloud" based AD. You can just as easily deploy local users in ansible.
Dang, your failure modes certainly are extreme. What companies actually performed a from-scratch rebuild because they failed to take a backup or thought "today's thursday, it's too complicated to restore!"?
If an "OS upgrade" nukes your directory, that means you're running a single DC. The question is... why would you do that?
There used to be a time in history when a system administrator had to know all this shit in order to keep their job. I guess nowadays devops just means dev as we furiously pump tokens into the AI Wurlitzer whenever we dont know how to do something and hope it doesnt gaslight us into deleting prod.
LDAP Kerberos 5 SSSD is pretty easy to configure and more or less maintenance free for a small set of servers and users. By my personal experience.
The costs usually come from complexity: every new user needs its credentials, guidance to services and help in error situations. New services need to be integrated to existing systems. But those won't go away, be the system anything.
> The cooperation builds on the success of existing solutions, connecting them via a central hub to create a truly pan-European experience for cross-border payments.
> European consumers will continue using their current preferred solution, now with broader European reach
> The cooperation is based on a central interoperability hub, operated by a future central entity jointly established by the partners.
So it is unlikely that Wero will be the single solution for entire Europe. Instead it is one of many solutions that hopefully will interoperate in the future. But we are still in the MoU phase only, so lets see what happens...
> There are a few high resolution satellites but there frame is very small and not suited for complete coverage. If they are geostationary they cant look anywhere, or they have to look at an angle giving oblique photos. If they are moving then they are only over the part of the earth once per several days (weeks/months?)
Pleiades Neo advertises 30cm resolution with possibility for twice a day visits for a location. They are operating on sun-synchronous orbits with afaik global coverage. They also advertise that they can capture up to 2 million km² daily. So Earth imaging satellites are pretty good these days.
That being said, it is true that Google Maps etc heavily rely on aerial imagery instead of satellites.
see "The Editor as Type Viewer" section in the docs: https://loonlang.com/concepts/invisible-types
reply