Lastly, we derive an exact population-risk objective from a single training run with no validation data, for any architecture, loss, or optimizer, and prove that it measures precisely the noise in the signal channel. This objective reduces in practice to an SNR preconditioner on top of Adam, adding one state vector at no extra cost; it accelerates grokking by 5x, suppresses memorization in PINNs and implicit neural representations, and improves DPO fine-tuning under noisy preferences while staying 3x closer to the reference policy. [1]
I'm not discouraging anyone from writing your own auth, but if you have even a little bit higher requirements it becomes more complex. For example I have audited codebases where the TOTP code was enough to get a valid token (without a password, due to a bug), where there was no rate limits on password attempts and one where the password lockout system meant that you could DDoS all admin access trivially, etc, etc. That's even before you need to integrate with a third party via something like OIDC or SAML or SCIM which are probably needed for a product used by businesses these days.
It is hard for serious use-cases. That does not mean you should not do it, but know what tradeoff you are doing in the build-vs-buy equation. Know that this part of your system probably requires more testing, review and expertise than your core product.
Password attempt lockouts where not scoped to anything besides the account itself. By just spamming a few attempts per account you could lock all admin accounts meaning that there was no admin to unlock the other accounts.
The only solution in such a case would be to manually remove the lockout flags in the db.
Cookie management and CSRF stuff harder to get right, hashing passwords is completely trivial with and library.
And the cookies are not difficult on a technical level, you just have to spend time understanding the threat models and mapping those models correctly onto your own app.
Well, I’m doing a new erlang project at a large financial institution; there are a certain class of problems that are best solved by it. I don’t think elixir is a better target; erlang is overall a better language, once you get over the initial syntax.
Mostly our crud services or apis are better served by java or go tho.
It leads to K-shaped education where parents who recognize the deficiency of public education simply teach their kids math themselves or hire private tutors. Public education used to be a force for equality of knowledge in the country. Now it perversely does the opposite, all in the name of education!
At least in elementary school I don't see the deficiency in common core math compared to what I had 30 years ago. My kid has been exposed to a wide variety of topics sooner than I was, and she's way stronger in word problems on top of that. Do people have a specific complaint with elementary school common core math that we should be teaching but aren't, or vice versa? Or is it more problematic later?
One thing I notice is there seem to be far more students who finish elementary school unable to comfortably do basic math in their head (stuff like 17+36 or 144 or even basic multiplication tables like 38).
I really think left-right and honest-dishonest are useless dimensions to evaluate Congress members on. The job practically requires ideological fuzziness and truth stretching to get anything done. This is a feature: legislatures that require high ideological purity tend to become rubber stamps. DPRK is a good example.
My belief is that to a large extent the art of politics is the art of bothsidesing and rationalizing away your integrity for common aims. And that when applied correctly, these common aims can be used to benefit the public. Look at systems where you can't bothesides (also known as finding common ground and compromising) or rationalize the integrity of other members (also known as acting in good faith). I suspect you will not find the results of these political bodies to have preferable results to the American Congress!
Honestly, I'm from NJ and I'm still shocked they actually charged Gold Bar Bob for what he did. He's so influential in NJ politics, I thought they'd let him get away with it like he did all the other bribes he's taken over the years. I guess literal gold bars from Egypt with obvious provenance was just too on the nose.
Interesting. I like it. Now let's say I currently use the OS process as my primitive for agents, just spawning `claude "foo bar baz"`, and orchestrating this way, using perhaps Unix style of files for intermediate data and piping for transformations. What would you are some good use cases of Druid for someone like me?
reply