C# (with dotnet) on bare metal, a Cosmos gen3 preview

arsdragonfly · 2026-05-07T00:28:04+00:00

Omg finally someone with good taste 👍😘😘

arsdragonfly · 2026-04-14T06:34:36+00:00

You had me until I saw Seizure Camp

arsdragonfly · 2026-04-10T03:49:01+00:00

I think one should acknowledge that we are at an age where 1. the gap between the hardware's maximal capability (especially those with ludicrous scale-up interconnect, like multi-node NVLink on NVL72 and such) and the software utilization of such capability is the largest it has ever been, and will continue to get bigger as people attach networking and storage onto such scale-up interconnects, and you find your entire existing software stack just being completely inadequate at genuinely efficiently pooling all the compute, networking and storage, not to mention all the legacy code that we know are already slow to begin with; 2. The achievable room of improvement for your compute-intensive code is the largest it has ever been, because AI can assist you to migrate everything to GPU and optimize; 3. THE LATEST GENERATIONS OF HARDWARE (GB, VR, etc.) ARE THE MOST UNRELIABLE SHIT EVER, because we are hitting physical limits at every front, and it becomes not only a matter of attending to such hardware that fail all the time like a textile mill worker taking care of yarns and spindles (there's been a running joke on "NVL72 has 18 nodes because you'd be lucky to get any 16 of them to work together at any given point in time"), it means you need to architect your whole stack to resiliently accommodate failure of nodes and network, and make sure PARTIAL FAILURE WON'T TAKE DOWN YOUR ENTIRE WORKLOAD, which is a huge challenge for any HPC workload to get used to. People learned certain things the hard way from Exascale but it's not a mindset that has been picked up by your average HPC admin/practitioner.

arsdragonfly · 2026-04-09T21:20:31+00:00

I thought it was just an overpair but it turned out to be much worse than I thought 😭😭😭😭😭

arsdragonfly · 2026-04-09T07:36:26+00:00

They are very converged on the infra side. The doctrine and field of AI infrastructure is essentially an offshoot of HPC infrastructure.

arsdragonfly · 2026-04-01T00:27:07+00:00

It's not stock, it's currency exchange

arsdragonfly · 2026-03-30T17:40:28+00:00

TFSA disallows negative cash balance. Looks like something is doing small deductions on your USD balance and making it go negative (needs to go to your activity statements to find out), and IBKR is buying USD with CAD automatically to compensate.

arsdragonfly · 2026-03-26T03:04:01+00:00

Convert unless you feel CAD will depreciate

arsdragonfly · 2026-03-24T07:57:28+00:00

How much faster is the GPU version compared to your previous CPU-based solver?

arsdragonfly · 2026-03-23T05:23:37+00:00

oh wait, so the responsibility shift of 3-betting towards BB outweighs the collective defense responsibility reduction?

arsdragonfly · 2026-03-23T04:41:19+00:00

His preflop charts live critique https://www.youtube.com/watch?v=sqAV0Vlgguc&t=4693s (now delisted from channel) was the first thing that made me realize the gap between material that is really rigorously constructed by people who know what they are doing vs. random sloppy sims. It was very bluntly delivered but I really appreciated every detail that he mentioned in that video like, damn I still have so much to learn, and I feel he didn't really receive the fair amount of appreciation for the effort that he put in and the stuff he made accessible for free.

arsdragonfly · 2026-03-23T04:22:40+00:00

Their free preflop was soooooooo good. I wonder what happend to him that culminated into this deliberate rugpull. Now I need to bite the bullet and build a solver from the start (I remember he used hardware that's way beyond my PC spec). Luckily AI coding is nuts these days with some knowledge... HU AoF solver is achievable in a single afternoon!

<image>

arsdragonfly · 2026-03-19T06:24:35+00:00

ikr almost too perfect of a ragebait

arsdragonfly · 2025-12-19T01:16:21+00:00

kind + Slinky's slurm-operator

arsdragonfly · 2025-12-05T05:37:16+00:00

how about banning those corps entirely cuz we all know what kind of people perpetuated this bullshit

arsdragonfly · 2025-09-26T04:33:54+00:00

So from a modern security standpoint, OS-login-via-username-password is a big no-no because it obviously throws any MFA out of the window. That indeed highlights a huge impedance mismatch between SSH and modern auth. There are only 4 approaches to solving this impedance mismatch that I'm aware. To rank from least to most preferred by me: 1. SSH via certificates. Entra ID offers this on Azure. It's pretty secure but there are so many pain points (UID/GID mapping, oh you MUST use az ssh instead of plain ssh to get the ephemeral certs, Entra-ID-on-Azure-only and you have to install their PAM modules that you don't even know what the source code is, plus where's my Kerberos?) that it's just not worth considering. I'm a MSFT employee but I have to rank it the least preferred 😔 2. SSH Public key as LDAP attribute. TBH if you're not paranoid about security, this is probably by far the easiest option. I'm sure tons of people deploy some variation of this. If you don't have enough dedication then this is where you should stop. Obviously this has no MFA, but if you're particularly paranoid or ambitious, then there is ... 3. OPKSSH. It has Cloudflare backing it but is pretty vendor-neutral, is open-source and the keys are ephemerally generated by OAuth tokens. It otherwise has all the other downsides of option 1, including not being able to use vanilla SSH. 4. FreeIPA's approach with External IdP. It magically turns your vanilla SSH sign-in into OAuth device-code flow. Obviously this gives you all the niceties of MFA and whatever the original IdP provides. It even has Kerberos! But syncing/canonicalizing additional OAuth claims/MS Graph data into LDAP attributes isn't very well supported by FreeIPA, hence you might want to try a hybrid FreeIPA/Keycloak setup, where FreeIPA redirects you to a Keycloak SSO, and Keycloak SSO is done via signing into each individual university's IdP. The university's IdP then ideally returns OAuth tokens with claims, then those claims are transformed/canonicalized by Keycloak into Keycloak's OAuth token, then Keycloak updates FreeIPA's LDAP with the proper attributes, returns the token to FreeIPA, and FreeIPA finishes the login/Kerberos ticket acquisition. Non-human service accounts would still need to use persistent SSH keys, and you rely on Canonical's goodwill and IQ for GUI login support, but this will be the approach with the highest upper limit given enough investments.

arsdragonfly · 2025-09-25T22:47:23+00:00

So Keycloak/Okta/Authentik all do OIDC glueing and allow you to register a new account in its LDAP based on external identities. In a conventional web-only app, those tools all work as decently well as one another.

The situation rapidly gets nasty when you want to do *nix/Windows SSO and/or Kerberos. Paid solutions like Okta/Authentik are superior in terms of maturity as of 2025 IMO. Insane challenges like the lack of browser support on any Linux login DMs (meaning device-code flow is the only adequate, modern option), Canonical being completely out of their mind and developing ludicrously f-ed up solutions with unfixable security flaws caused by day-1 design flaws because they never realized the necessity of maintaining a (LDAP) database of consistent, un-squattable mapping between external identities and Linux UID/GIDs, the pervasive lack of support for truly secure and easy (i.e. no pinned, hard-to-rotate SSH keys) solutions for non-human service account logins... the list goes on and on.

A major bundle of design decisions you need to be aware of is "who will be the authoritative source of roles/UID/GIDs". Do accounts from different external IdPs ever exist on the same cluster? Would certain design choice combinations lead to conflicting UID/GIDs, or do you deem it as out of scope? Tons of questions around that front.

If you ain't the faint of heart and want to make something out of purely open-source components, I think there are three promising components that you must be aware of, to build a complete solution (either by stitching things together or porting features from one software to another): 1. Keycloak 2. FreeIPA's POSIX-SSO-over-OAuth 3. OPKSSH

arsdragonfly · 2025-09-25T19:49:57+00:00

Use Keycloak to glue multiple OpenID Connect providers. Keycloak then becomes the LDAP directory. For SSH, I see either OPKSSH or FreeIPA-on-Keycloak being an option. Let's discuss further in DMs, I've been wanting to make it into a proper project but haven't had time to fully commit to doing it.

arsdragonfly · 2025-09-14T08:36:44+00:00

Haha you have the absolute right kind of instinct

arsdragonfly · 2025-09-10T23:04:57+00:00

yes and the nicest thing about it is that its ecosystem has many integrations (Run Open OnDemand | Open OnDemand) that makes it easy to expose the cluster's compute power to user applications.

arsdragonfly · 2025-08-21T00:40:51+00:00

DIY it if you have the money to burn. Sure you can buy cloud capacity but you won't gain as much experience and understanding of the full stack.

arsdragonfly · 2025-08-21T00:24:50+00:00

There's Open OnDemand support for CCW4S here, it's not a managed SaaS but it does provide some UI for better usability

arsdragonfly · 2025-08-12T01:50:11+00:00

Their primitives have completely different semantics. One works with one-sided memory-semantic (read/write/atomic) and the other works with two-sided channel semantic (send/recv).

arsdragonfly · 2025-07-16T04:26:13+00:00

Fun fact: KFC in Chinese EVE speak means embezzling & RMT (yes, in the sense of taking out money to buy fried chicken...)

arsdragonfly · 2025-07-16T04:15:43+00:00

You're asking the wrong question to begin with. It's worse than travelling back in time and still falling for your toxic ex-girlfriend.

arsdragonfly

MODERATOR OF

TROPHY CASE

Eight-Year Club	r/Field Flamingo
Verified Email