<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom"><title>Bernhard's shared items</title><link href="https://bernhardbock.newsblur.com/" rel="alternate"></link><link href="http://www.newsblur.com/social/rss/65344/bernhardbock" rel="self"></link><id>https://bernhardbock.newsblur.com/</id><updated>2025-08-28T14:03:57.597000Z</updated><author><name>bernhardbock</name></author><entry><title>Tracing the thoughts of a large language model</title><link href="https://www.anthropic.com/research/tracing-thoughts-language-model" rel="alternate"></link><published>2025-08-28T14:03:57.597000Z</published><id>https://www.anthropic.com/research/tracing-thoughts-language-model</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/tracing-the-thoughts/0:5ac340">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="Body_body__XEXq7"><p class="Body_reading-column__t7kGM paragraph-m post-text">Language models like Claude aren't programmed directly by humans—instead, they‘re trained<em> </em>on large amounts of data. During that training process, they learn their own strategies to solve problems. These strategies are encoded in the billions of computations a model performs for every word it writes. They arrive inscrutable to us, the model’s developers. This means that we don’t understand how models do most of the things they do.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">Knowing how models like Claude <em>think</em> would allow us to have a better understanding of their abilities, as well as help us ensure that they’re doing what we intend them to. For example:</p><ul class="Body_reading-column__t7kGM paragraph-m post-text"><li>Claude can speak dozens of languages. What language, if any, is it using "in its head"?</li><li>Claude writes text one word at a time. Is it only focusing on predicting the next word or does it ever plan ahead?</li><li>Claude can write out its reasoning step-by-step. Does this explanation represent the actual steps it took to get to an answer, or is it sometimes fabricating a plausible argument for a foregone conclusion?</li></ul><p class="Body_reading-column__t7kGM paragraph-m post-text">We take inspiration from the field of neuroscience, which has long studied the messy insides of thinking organisms, and try to build a kind of AI microscope that will let us identify patterns of activity and flows of information. There are limits to what you can learn just by talking to an AI model—after all, humans (even neuroscientists) don't know all the details of how our own brains work. So we look inside.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">Today, we're sharing two new papers that represent progress on the development of the "microscope", and the application of it to see new "AI biology". In <a class="external" href="https://transformer-circuits.pub/2025/attribution-graphs/methods.html" rel="nofollow">the first paper</a>, we extend <a class="external" href="https://www.anthropic.com/research/mapping-mind-language-model" rel="nofollow">our prior work</a> locating interpretable concepts ("features") inside a model to link those concepts together into computational "circuits", revealing parts of the pathway that transforms the words that go into Claude into the words that come out. In <a class="external" href="https://transformer-circuits.pub/2025/attribution-graphs/biology.html" rel="nofollow">the second</a>, we look inside Claude 3.5 Haiku, performing deep studies of simple tasks representative of ten crucial model behaviors, including the three described above. Our method sheds light on a part of what happens when Claude responds to these prompts, which is enough to see solid evidence that:</p><ul class="Body_reading-column__t7kGM paragraph-m post-text"><li>Claude sometimes thinks in a conceptual space that is shared between languages, suggesting it has a kind of universal “language of thought.†We show this by translating simple sentences into multiple languages and tracing the overlap in how Claude processes them.</li><li>Claude will plan what it will say many words ahead, and write to get to that destination. We show this in the realm of poetry, where it thinks of possible rhyming words in advance and writes the next line to get there. This is powerful evidence that even though models are trained to output one word at a time, they may think on much longer horizons to do so.</li><li>Claude, on occasion, will give a plausible-sounding argument designed to agree with the user rather than to follow logical steps. We show this by asking it for help on a hard math problem while giving it an incorrect hint. We are able to “catch it in the act†as it makes up its fake reasoning, providing a proof of concept that our tools can be useful for flagging concerning mechanisms in models.</li></ul><p class="Body_reading-column__t7kGM paragraph-m post-text">We were often surprised by what we saw in the model: In the poetry case study, we had set out to show that the model <em>didn't</em> plan ahead, and found instead that it did. In a study of hallucinations, we found the counter-intuitive result that Claude's default behavior is to decline to speculate when asked a question, and it only answers questions when something <em>inhibits</em> this default reluctance. In a response to an example jailbreak, we found that the model recognized it had been asked for dangerous information well before it was able to gracefully bring the conversation back around. While the problems we study can (<a class="external" href="https://arxiv.org/abs/2501.06346" rel="nofollow">and</a> <a class="external" href="https://arxiv.org/pdf/2406.12775" rel="nofollow">often</a> <a class="external" href="https://arxiv.org/abs/2406.00877" rel="nofollow">have</a> <a class="external" href="https://arxiv.org/abs/2307.13702" rel="nofollow">been</a>) analyzed with other methods, the general "build a microscope" approach lets us learn many things we wouldn't have guessed going in, which will be increasingly important as models grow more sophisticated.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">These findings aren’t just scientifically interesting—they represent significant progress towards our goal of understanding AI systems and making sure they’re reliable. We also hope they prove useful to other groups, and potentially, in other domains: for example, interpretability techniques have found use in fields such as <a class="external" href="https://arxiv.org/abs/2410.03334" rel="nofollow">medical imaging</a> and <a class="external" href="https://www.goodfire.ai/blog/interpreting-evo-2" rel="nofollow">genomics</a>, as dissecting the internal mechanisms of models trained for scientific applications can reveal new insight about the science.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">At the same time, we recognize the limitations of our current approach. Even on short, simple prompts, our method only captures a fraction of the total computation performed by Claude, and the mechanisms we do see may have some artifacts based on our tools which don't reflect what is going on in the underlying model. It currently takes a few hours of human effort to understand the circuits we see, even on prompts with only tens of words. To scale to the thousands of words supporting the complex thinking chains used by modern models, we will need to improve both the method and (perhaps with AI assistance) how we make sense of what we see with it.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">As AI systems are rapidly becoming more capable and are deployed in increasingly important contexts, Anthropic is investing in a portfolio of approaches including <a class="external" href="https://www.anthropic.com/research/constitutional-classifiers" rel="nofollow">realtime monitoring</a>, <a class="external" href="https://www.anthropic.com/research/claude-character" rel="nofollow">model character improvements</a>, and the <a class="external" href="https://www.anthropic.com/news/alignment-faking" rel="nofollow">science of alignment</a>. Interpretability research like this is one of the highest-risk, highest-reward investments, a significant scientific challenge with the potential to provide a unique tool for ensuring that AI is transparent. Transparency into the model’s mechanisms allows us to check whether it’s aligned with human values—and whether it’s worthy of our trust.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">For full details, please read <a class="external" href="https://transformer-circuits.pub/2025/attribution-graphs/methods.html" rel="nofollow">the</a> <a class="external" href="https://transformer-circuits.pub/2025/attribution-graphs/biology.html" rel="nofollow">papers</a>. Below, we invite you on a short tour of some of the most striking "AI biology" findings from our investigations.</p><h3 class="Body_reading-column__t7kGM display-sans-s post-section">How is Claude multilingual?</h3><p class="Body_reading-column__t7kGM paragraph-m post-text">Claude speaks dozens of languages fluently—from English and French to Chinese and Tagalog. How does this multilingual ability work? Is there a separate "French Claude" and "Chinese Claude" running in parallel, responding to requests in their own language? Or is there some cross-lingual core inside?</p><div class="Body_media-column__xPzhg"></div><p class="Body_reading-column__t7kGM paragraph-m post-text">Recent research on smaller models has shown hints of <a class="external" href="https://arxiv.org/abs/2410.06496" rel="nofollow">shared</a> <a class="external" href="https://arxiv.org/abs/2501.06346" rel="nofollow">grammatical</a> mechanisms across languages. We investigate this by asking Claude for the "opposite of small" across different languages, and find that the same core features for the concepts of smallness and oppositeness activate, and trigger a concept of largeness, which gets translated out into the language of the question. We find that the shared circuitry increases with model scale, with Claude 3.5 Haiku sharing more than twice the proportion of its features between languages as compared to a smaller model.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">This provides additional evidence for a kind of conceptual universality—a shared abstract space where meanings exist and where thinking can happen before being translated into specific languages. More practically, it suggests Claude can learn something in one language and apply that knowledge when speaking another. Studying how the model shares<em> </em>what it knows across contexts is important to understanding its most advanced reasoning capabilities, which generalize across many domains.</p><h3 class="Body_reading-column__t7kGM display-sans-s post-section">Does Claude plan its rhymes?</h3><p class="Body_reading-column__t7kGM paragraph-m post-text">How does Claude write rhyming poetry? Consider this ditty:</p><blockquote class="Body_reading-column__t7kGM paragraph-m post-text">He saw a carrot and had to grab it,<br/>His hunger was like a starving rabbit</blockquote><p class="Body_reading-column__t7kGM paragraph-m post-text">To write the second line, the model had to satisfy two constraints at the same time: the need to rhyme (with "grab it"), and the need to make sense (why did he grab the carrot?). Our guess was that Claude was writing word-by-word without much forethought until the end of the line, where it would make sure to pick a word that rhymes. We therefore expected to see a circuit with parallel paths, one for ensuring the final word made sense, and one for ensuring it rhymes.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">Instead, we found that Claude <em>plans ahead</em>. Before starting the second line, it began "thinking" of potential on-topic words that would rhyme with "grab it". Then, with these plans in mind, it writes a line to end with the planned word.</p><div class="Body_media-column__xPzhg"></div><p class="Body_reading-column__t7kGM paragraph-m post-text">To understand how this planning mechanism works in practice, we conducted an experiment inspired by how neuroscientists study brain function, by pinpointing and altering neural activity in specific parts of the brain (for example using electrical or magnetic currents). Here, we modified the part of Claude’s internal state that represented the "rabbit" concept. When we subtract out the "rabbit" part, and have Claude continue the line, it writes a new one ending in "habit", another sensible completion. We can also inject the concept of "green" at that point, causing Claude to write a sensible (but no-longer rhyming) line which ends in "green". This demonstrates both planning ability and adaptive flexibility—Claude can modify its approach when the intended outcome changes.</p><h3 class="Body_reading-column__t7kGM display-sans-s post-section">Mental math</h3><p class="Body_reading-column__t7kGM paragraph-m post-text">Claude wasn't designed as a calculator—it was trained on text, not equipped with mathematical algorithms. Yet somehow, it can add numbers correctly "in its head". How does a system trained to predict the next word in a sequence learn to calculate, say, 36+59, without writing out each step?</p><p class="Body_reading-column__t7kGM paragraph-m post-text">Maybe the answer is uninteresting: the model might have memorized massive addition tables and simply outputs the answer to any given sum because that answer is in its training data. Another possibility is that it follows the traditional longhand addition algorithms that we learn in school.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">Instead, we find that Claude employs multiple computational paths that work in parallel. One path computes a rough approximation of the answer and the other focuses on precisely determining the last digit of the sum. These paths interact and combine with one another to produce the final answer. Addition is a simple behavior, but understanding how it works at this level of detail, involving a mix of approximate and precise strategies, might teach us something about how Claude tackles more complex problems, too.</p><div class="Body_media-column__xPzhg"></div><p class="Body_reading-column__t7kGM paragraph-m post-text">Strikingly, Claude seems to be unaware of the sophisticated "mental math" strategies that it learned during training. If you ask how it figured out that 36+59 is 95, it describes the standard algorithm involving carrying the 1. This may reflect the fact that the model learns to explain math by simulating explanations written by people, but that it has to learn to do math "in its head" directly, without any such hints, and develops its own internal strategies to do so.</p><div class="Body_media-column__xPzhg"></div><h3 class="Body_reading-column__t7kGM display-sans-s post-section">Are Claude’s explanations always faithful?</h3><p class="Body_reading-column__t7kGM paragraph-m post-text">Recently-released models like <a class="external" href="https://www.anthropic.com/news/claude-3-7-sonnet" rel="nofollow">Claude 3.7 Sonnet</a> can "think out loud" for extended periods before giving a final answer. Often this extended thinking gives better answers, but sometimes this "chain of thought" ends up being misleading; Claude sometimes makes up plausible-sounding steps to get where it wants to go. From a reliability perspective, the problem is that Claude’s "faked" reasoning can be very convincing. We explored a way that interpretability can help tell apart "faithful" from "unfaithful" reasoning.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">When asked to solve a problem requiring it to compute the square root of 0.64, Claude produces a faithful chain-of-thought, with features representing the intermediate step of computing the square root of 64. But when asked to compute the cosine of a large number it can't easily calculate, Claude sometimes engages in what the philosopher Harry Frankfurt would call <a class="external" href="https://uca.edu/honors/files/2018/10/frankfurt_on-bullshit.pdf" rel="nofollow">bullshitting</a>—just coming up with an answer, any answer, without caring whether it is true or false. Even though it does claim to have run a calculation, our interpretability techniques reveal no evidence at all of that calculation having occurred. Even more interestingly, when given a hint about the answer, Claude sometimes works backwards, finding intermediate steps that would lead to that target, thus displaying a form of <a class="external" href="https://en.wikipedia.org/wiki/Motivated_reasoning" rel="nofollow">motivated reasoning</a>.</p><div class="Body_media-column__xPzhg"></div><p class="Body_reading-column__t7kGM paragraph-m post-text">The ability to trace Claude's <em>actual</em> internal reasoning—and not just what it <em>claims</em> to be doing—opens up new possibilities for auditing AI systems. In a separate, <a class="external" href="https://www.anthropic.com/research/auditing-hidden-objectives" rel="nofollow">recently-published experiment</a>, we studied a variant of Claude that had been trained to pursue a hidden goal: appeasing biases in reward models (auxiliary models used to train language models by rewarding them for desirable behavior). Although the model was reluctant to reveal this goal when asked directly, our interpretability methods revealed features for the bias-appeasing. This demonstrates how our methods might, with future refinement, help identify concerning "thought processes" that aren't apparent from the model's responses alone.</p><h3 class="Body_reading-column__t7kGM display-sans-s post-section">Multi-step reasoning</h3><p class="Body_reading-column__t7kGM paragraph-m post-text">As we discussed above, one way a language model might answer complex questions is simply by memorizing the answers. For instance, if asked "What is the capital of the state where Dallas is located?", a "regurgitating" model could just learn to output "Austin" without knowing the relationship between Dallas, Texas, and Austin. Perhaps, for example, it saw the exact same question and its answer during its training.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">But our research reveals something more sophisticated happening inside Claude. When we ask Claude a question requiring multi-step reasoning, we can identify intermediate conceptual steps in Claude's thinking process. In the Dallas example, we observe Claude first activating features representing "Dallas is in Texas" and then connecting this to a separate concept indicating that “the capital of Texas is Austinâ€. In other words, the model is <em>combining</em> independent facts to reach its answer rather than regurgitating a memorized response.</p><div class="Body_media-column__xPzhg"></div><p class="Body_reading-column__t7kGM paragraph-m post-text">Our method allows us to artificially change the intermediate steps and see how it affects Claude’s answers. For instance, in the above example we can intervene and swap the "Texas" concepts for "California" concepts; when we do so, the model's output changes from "Austin" to "Sacramento." This indicates that the model is using the intermediate step to determine its answer.</p><h3 class="Body_reading-column__t7kGM display-sans-s post-section">Hallucinations</h3><p class="Body_reading-column__t7kGM paragraph-m post-text">Why do language models sometimes <em>hallucinate</em>—that is, make up information? At a basic level, language model training incentivizes hallucination: models are always supposed to give a guess for the next word. Viewed this way, the major challenge is how to get models to <em>not</em> hallucinate. Models like Claude have relatively successful (though imperfect) anti-hallucination training; they will often refuse to answer a question if they don’t know the answer, rather than speculate. We wanted to understand how this works.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">It turns out that, in Claude, refusal to answer is <em>the default behavior</em>: we find a circuit that is "on" by default and that causes the model to state that it has insufficient information to answer any given question. However, when the model is asked about something it knows well—say, the basketball player Michael Jordan—a competing feature representing "known entities" activates and inhibits this default circuit (see also <a class="external" href="https://arxiv.org/abs/2411.14257" rel="nofollow">this recent paper</a> for related findings). This allows Claude to answer the question when it knows the answer. In contrast, when asked about an unknown entity ("Michael Batkin"), it declines to answer.</p><div class="Body_media-column__xPzhg"></div><p class="Body_reading-column__t7kGM paragraph-m post-text">By intervening in the model and activating the "known answer" features (or inhibiting the "unknown name" or "can’t answer" features), we’re able to <em>cause the model to hallucinate</em> (quite consistently!) that Michael Batkin plays chess.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">Sometimes, this sort of “misfire†of the “known answer†circuit happens naturally, without us intervening, resulting in a hallucination. In our paper, we show that such misfires can occur when Claude recognizes a name but doesn't know anything else about that person. In cases like this, the “known entity†feature might still activate, and then suppress the default "don't know" feature—in this case incorrectly. Once the model has decided that it needs to answer the question, it proceeds to confabulate: to generate a plausible—but unfortunately untrue—response.</p><h3 class="Body_reading-column__t7kGM display-sans-s post-section">Jailbreaks</h3><p class="Body_reading-column__t7kGM paragraph-m post-text">Jailbreaks are prompting strategies that aim to circumvent safety guardrails to get models to produce outputs that an AI’s developer did not intend for it to produce—and which are sometimes harmful. We studied a jailbreak that tricks the model into producing output about making bombs. There are many jailbreaking techniques, but in this example the specific method involves having the model decipher a hidden code, putting together the first letters of each word in the sentence "Babies Outlive Mustard Block" (B-O-M-B), and then acting on that information. This is sufficiently confusing for the model that it’s tricked into producing an output that it never would have otherwise.</p><div class="Body_media-column__xPzhg"></div><p class="Body_reading-column__t7kGM paragraph-m post-text">Why is this so confusing for the model? Why does it continue to write the sentence, producing bomb-making instructions?</p><p class="Body_reading-column__t7kGM paragraph-m post-text">We find that this is partially caused by a tension between grammatical coherence and safety mechanisms. Once Claude begins a sentence, many features “pressure†it to maintain grammatical and semantic coherence, and continue a sentence to its conclusion. This is even the case when it detects that it really should refuse.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">In our case study, after the model had unwittingly spelled out "BOMB" and begun providing instructions, we observed that its subsequent output was influenced by features promoting correct grammar and self-consistency. These features would ordinarily be very helpful, but in this case became the model’s Achilles’ Heel.</p><p class="Body_reading-column__t7kGM paragraph-m post-text">The model only managed to pivot to refusal after completing a grammatically coherent sentence (and thus having satisfied the pressure from the features that push it towards coherence). It uses the new sentence as an opportunity to give the kind of refusal it failed to give previously: "However, I cannot provide detailed instructions...".</p><div class="Body_media-column__xPzhg"></div><p class="Body_reading-column__t7kGM paragraph-m post-text">A description of our new interpretability methods can be found in our first paper, "<a class="external" href="https://transformer-circuits.pub/2025/attribution-graphs/methods.html" rel="nofollow">Circuit tracing: Revealing computational graphs in language models</a>". Many more details of all of the above case studies are provided in our second paper, "<a class="external" href="https://transformer-circuits.pub/2025/attribution-graphs/biology.html" rel="nofollow">On the biology of a large language model</a>".</p><h2 class="Body_reading-column__t7kGM display-sans-m post-heading">Work with us</h2><p class="Body_reading-column__t7kGM paragraph-m post-text">If you are interested in working with us to help interpret and improve AI models, we have open roles on our team and we’d love for you to apply. We’re looking for <a class="external" href="https://job-boards.greenhouse.io/anthropic/jobs/4020159008" rel="nofollow">Research Scientists</a> and <a class="external" href="https://job-boards.greenhouse.io/anthropic/jobs/4020305008" rel="nofollow">Research Engineers</a>.</p></div></summary></entry><entry><title>Authenticating MCP OAuth Clients With SPIFFE and SPIRE</title><link href="https://blog.christianposta.com/authenticating-mcp-oauth-clients-with-spiffe/" rel="alternate"></link><published>2025-08-28T13:03:52.882000Z</published><id>https://blog.christianposta.com/authenticating-mcp-oauth-clients-with-spiffe/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/authenticating-mcp-o/6518784:4d7d5d">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/6518784.png" style="vertical-align: middle;width:16px;height:16px;"> ceposta Technology Blog.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div><div class="article-wrap"> <p>In the <a class="external" href="https://blog.christianposta.com/implementing-mcp-dynamic-client-registration-with-spiffe/" rel="nofollow">previous blog</a>, we dug into dynamically registering OAuth clients leveraging SPIFFE and SPIRE. We used SPIRE to issue software statements in the SPIFFE JWT SVID that Keycloak can trust as part of Dynamic Client Registration (<a class="external" href="https://datatracker.ietf.org/doc/html/rfc7591" rel="nofollow">RFC 7591</a>). Once we have an OAuth client, we will want to continue to use SPIFFE to authenticate to our Authorization Server. This eliminates the need for a long-lived “client secret†which is common for <a class="external" href="https://oauth.net/2/client-types/" rel="nofollow">Confidential OAuth</a>. This means we can use the Agent or MCP client’s identity (based on SPIFFE) for authorization flows based on OAuth. We dig into that in this blog.</p> <p>TL;DR If you want to see a quick demo of this working:</p> <iframe height="315" src="https://www.youtube.com/embed/ZGDtWlbhGQI?si=9qpvOKKWwKZV_YYX" width="560"></iframe> <h2>OAuth Client Authentication</h2> <p><a class="external" href="https://datatracker.ietf.org/doc/html/rfc6749" rel="nofollow">OAuth 2.0 (and extensions like RFC 7523) specify</a> a few ways an OAuth client can authenticate itself to the Authorization Server (AS):</p> <ul> <li><code class="language-plaintext highlighter-rouge">client_secret_basic</code> - HTTP Basic (default)</li> <li><code class="language-plaintext highlighter-rouge">client_secret_post</code> - Form POST</li> <li><code class="language-plaintext highlighter-rouge">private_key_jwt</code> - JWT with private key</li> <li><code class="language-plaintext highlighter-rouge">client_secret_jwt</code> - JWT with shared secret (less common)</li> <li><code class="language-plaintext highlighter-rouge">none</code> - Public client (no authentication)</li> <li><code class="language-plaintext highlighter-rouge">tls_client_auth</code> - Mutual TLS</li> <li><code class="language-plaintext highlighter-rouge">self_signed_tls_client_auth</code> - Self-signed mutual TLS</li>
</ul> <p>A very common approach in microservice and machine-to-machine environments is to use a confidential client and “client credentials†flow. When the OAuth client is registered, it is issued a <code class="language-plaintext highlighter-rouge">client_id</code> and <code class="language-plaintext highlighter-rouge">client_secret</code>. This id/secret is presented to authenticate the client to the AS. The big problem with this approach is that these are usually long-lived secrets (rarely rotated) and must be kept safe somehow. Confidential clients are assumed to have some safe storage, but even so, this is an additional burden on the client to not slip up (logs, configs, copy/paste) and reveal these secrets. Lastly, these secrets are not “pre-shared secrets†and not rooted in any cryptography.</p> <p>In a scenario where <a class="external" href="https://spiffe.io/docs/latest/spiffe-about/overview/" rel="nofollow">SPIFFE</a> is used to issue cryptographically verifiable workload identity / agent identity / MCP client identity, we can use SPIFFE SVIDs for authenticating to the AS. That is, instead of passing static secrets, we can pass a short lived SPIFFE JWT SVIDs (or client certificates) to authenticate. An Internet Draft at the IETF has been started by Pieter Kasselman et. al. <a class="external" href="https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-spiffe-client-auth/" rel="nofollow">which describes this scenario</a>. I’ve recently implemented this draft spec in some working examples I’ve been exploring and would like to share how it all works.</p> <p><img alt="" src="https://blog.christianposta.com/images/agent-security/spiffe-oauth/client-auth.png"/></p> <h2>SPIFFE SVID Client Authentication</h2> <p>One question I had when digging into this is: can’t we just use <code class="language-plaintext highlighter-rouge">private_key_jwt</code> (<a class="external" href="https://datatracker.ietf.org/doc/html/rfc7523" rel="nofollow">RFC 7523</a>) to do this? That is, just give the AS the public keys for the <a class="external" href="https://spiffe.io/docs/latest/spiffe-about/overview/" rel="nofollow">SPIFFE/SPIRE</a> implementation, and let the IdP/AS trust JWTs that are issued from that system?</p> <p>The original intent behind <code class="language-plaintext highlighter-rouge">private_key_jwt</code> is for the OAuth client to have a private key that can be used to identify itself while the AS has the public key. So the client can create a JWT, sign it, and send it for authentication. The AS can prove that the JWT was created by the OAuth client and use that for authentication. In this scenario, Authorization Servers may expect the <code class="language-plaintext highlighter-rouge">iss</code> and <code class="language-plaintext highlighter-rouge">sub</code> claims to be the same since this is a private key scenario where the issuer should be the subject. In the SPIFFE scenario, this is not the case. Additionally, good implementations should also try to prevent replay attacks by tracking <code class="language-plaintext highlighter-rouge">jti</code>. For example, <a class="external" href="https://www.keycloak.org/securing-apps/authz-client#_client_authentication_with_signed_jwt" rel="nofollow">Keycloak does both of these things</a> (checks <code class="language-plaintext highlighter-rouge">iss</code>==<code class="language-plaintext highlighter-rouge">sub</code> and tracks <code class="language-plaintext highlighter-rouge">jti</code>) for its implementation of RFC 7523.</p> <p>Additionally, Keycloak allows setting up <a class="external" href="https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker_overview" rel="nofollow">identity federation/brokering</a>. The problem is, Keycloak expects a full implementation of a token provider. Using <a class="external" href="https://spiffe.io/docs/latest/spire-about/" rel="nofollow">SPIRE</a> as our SPIFFE implementation, SPIRE does not support full OAuth/OIDC token endpoints.</p> <p>Since we cannot use <code class="language-plaintext highlighter-rouge">private_key_jwt</code> or identity brokering (in Keycloak), what options do we have? One option is to extend Keycloak to support a new client authentication mechanism.</p> <h2>Extending Keycloak for SPIFFE client authentication</h2> <p>To get this POC to work, we need to extend Keycloak. You can follow along <a class="external" href="https://github.com/christian-posta/spiffe-svid-client-authenticator" rel="nofollow">in this GitHub repo to see the code</a>.</p> <p>Keycloak is written in Java and has a nice <a class="external" href="https://www.keycloak.org/docs/latest/server_development/index.html#_providers" rel="nofollow">“Service Provider Interface†(SPI)</a> model for extending many parts of Keycloak, including client authentication. To extend Keycloak to support a SPIFFE JWT authentication mechanism, we need to implement the <code class="language-plaintext highlighter-rouge">ClientAuthenticatorFactory</code> class. I do this in the <a class="external" href="https://github.com/christian-posta/spiffe-svid-client-authenticator/blob/main/src/main/java/com/yourcompany/keycloak/authenticator/SpiffeSvidClientAuthenticator.java#L90" rel="nofollow">SpiffeSvidClientAuthenticator</a> class:</p> <div class="language-java highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">SpiffeSvidClientAuthenticator</span> <span class="kd">extends</span> <span class="nc">AbstractClientAuthenticator</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kd">final</span> <span class="nc">String</span> <span class="no">PROVIDER_ID</span> <span class="o">=</span> <span class="s">"client-spiffe-jwt"</span><span class="o">;</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">authenticateClient</span><span class="o">(</span><span class="nc">ClientAuthenticationFlowContext</span> <span class="n">context</span><span class="o">)</span> <span class="o">{</span> <span class="nc">SpiffeSvidClientValidator</span> <span class="n">validator</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SpiffeSvidClientValidator</span><span class="o">(</span><span class="n">context</span><span class="o">,</span> <span class="n">getId</span><span class="o">());</span> <span class="n">validator</span><span class="o">.</span><span class="na">readJws</span><span class="o">();</span> <span class="c1">// ...more impl here...</span> <span class="n">validator</span><span class="o">.</span><span class="na">validateToken</span><span class="o">();</span> <span class="n">context</span><span class="o">.</span><span class="na">success</span><span class="o">();</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">Set</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="nf">getProtocolAuthenticatorMethods</span><span class="o">(</span><span class="nc">String</span> <span class="n">loginProtocol</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="n">loginProtocol</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="nc">OIDCLoginProtocol</span><span class="o">.</span><span class="na">LOGIN_PROTOCOL</span><span class="o">))</span> <span class="o">{</span> <span class="nc">Set</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">results</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HashSet</span><span class="o">&lt;&gt;();</span> <span class="n">results</span><span class="o">.</span><span class="na">add</span><span class="o">(</span><span class="s">"spiffe_svid_jwt"</span><span class="o">);</span> <span class="k">return</span> <span class="n">results</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span>
<span class="o">}</span>
</code></pre></div></div> <p>A couple things to notice here. We specify a <code class="language-plaintext highlighter-rouge">PROVIDER_ID</code> of <code class="language-plaintext highlighter-rouge">client-spiffe-jwt</code> which can be used under the covers (ie, Keycloak Admin REST API) in Keycloak to refer to this configuration. We also implement an “authenticator method†<code class="language-plaintext highlighter-rouge">spiffe_svid_jwt</code> which can be used by OAuth clients in authorization flows to identify which authentication method to use (ie, <code class="language-plaintext highlighter-rouge">urn:ietf:params:oauth:client-assertion-type:spiffe-svid-jwt</code>). Not shown above, <a class="external" href="https://github.com/christian-posta/spiffe-svid-client-authenticator/blob/main/src/main/java/com/yourcompany/keycloak/authenticator/SpiffeSvidClientAuthenticator.java#L221" rel="nofollow">but you can check the code</a>, we can also extend the configuration that you see in the UI to specify additional properties that can be used in the custom client authenticator. For example, I added an <code class="language-plaintext highlighter-rouge">issuer</code> property that can be configured and used in the custom client authentication validation.</p> <p>From here, we need to load this into a stock Keycloak (we use a recent version at the time of writing). Here’s an example using Docker Compose:</p> <div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">services</span><span class="pi">:</span> <span class="na">keycloak-idp</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">quay.io/keycloak/keycloak:26.2.5</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">KC_HEALTH_ENABLED</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">KEYCLOAK_ADMIN</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">KEYCLOAK_ADMIN_PASSWORD</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080:8080"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./spiffe-svid-client-authenticator-1.0.0.jar:/opt/keycloak/providers/spiffe-svid-client-authenticator-1.0.0.jar:ro</span> <span class="na">command</span><span class="pi">:</span> <span class="s">start-dev</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">keycloak-shared-network</span>
</code></pre></div></div> <p>When we start Keycloak, we should see that our SPI gets loaded:</p> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>keycloak-idp-1 | 2025-07-29 02:03:09,255 WARN <span class="o">[</span>org.keycloak.services] <span class="o">(</span>build-38<span class="o">)</span> KC-SERVICES0047: client-spiffe-jwt <span class="o">(</span>com.yourcompany.keycloak.authenticator.SpiffeSvidClientAuthenticator<span class="o">)</span> is implementing the internal SPI client-authenticator.
This SPI is internal and may change without notice
</code></pre></div></div> <p>If we go to an existing OAuth client (or create a new one), and navigate to the <code class="language-plaintext highlighter-rouge">Credentials</code> tab, we should see the new SPIFFE SVID JWT authenticator type.</p> <p><img alt="" src="https://blog.christianposta.com/images/agent-security/spiffe-oauth/keycloak3.5.png"/></p> <p>If we select the SPIFFE SVID JWT authenticator, we can see our custom configuration fields (just one in this case, <code class="language-plaintext highlighter-rouge">issuer</code>):</p> <p><img alt="" src="https://blog.christianposta.com/images/agent-security/spiffe-oauth/keycloak4.png"/></p> <p>We will configure the issuer with the SPIRE server address. We will also <strong>need to configure the JWKS</strong> that Keycloak should trust, but <strong>SPIRE doesn’t support this out of the box</strong>. Luckily, they have a pre-built addon to support OIDC style discovery.</p> <h2>SPIRE OIDC Discovery Endpoint</h2> <p><a class="external" href="https://spiffe.io/docs/latest/spire-about/" rel="nofollow">SPIRE</a> is a workload attestation engine and implements the SPIFFE spec. It can issue x509 or JWT SVIDs. For JWTs, it does not expose its public key/JWKS out of the box. Luckily, a simple <a class="external" href="https://github.com/spiffe/spire/blob/main/support/oidc-discovery-provider/README.md" rel="nofollow">JWKS discovery endpoint</a> is available to support an OAuth federation / brokering scenario. We need to stand this up and configure it to work with our SPIRE server.</p> <p>Here’s an example using Docker Compose:</p> <div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="na">spire-oidc-discovery</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ghcr.io/spiffe/oidc-discovery-provider:1.12.4</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">spire-oidc-discovery</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">spire-server</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">18443:8443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./oidc-discovery-provider.conf:/opt/spire/conf/oidc-discovery-provider.conf:ro</span> <span class="pi">-</span> <span class="s">spire-server-socket:/tmp/spire-server/private:ro</span> <span class="na">working_dir</span><span class="pi">:</span> <span class="s">/opt/spire/conf</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-config"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">oidc-discovery-provider.conf"</span><span class="pi">]</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">keycloak_keycloak-shared-network</span>
</code></pre></div></div> <p>Note, the SPIRE OIDC discovery endpoint needs its own configuration and access to the SPIRE server. Ideally this endpoint is co-located with the SPIRE server and can access the SPIRE server’s Unix Domain Socket (UDS). Here’s our configuration for the OIDC discovery endpoint (note, for demo purposes, I’m using an insecure/http endpoint):</p> <div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">log_level</span> <span class="o">=</span> <span class="s">"INFO"</span>
<span class="n">domains</span> <span class="o">=</span> <span class="p">[</span><span class="s">"spire-server"</span><span class="p">,</span> <span class="s">"spire-oidc-discovery"</span><span class="p">,</span> <span class="s">"localhost"</span><span class="p">]</span> <span class="err">#</span> <span class="n">Use</span> <span class="n">HTTP</span> <span class="k">for</span> <span class="n">local</span> <span class="n">development</span> <span class="p">(</span><span class="n">no</span> <span class="n">certificates</span> <span class="n">needed</span><span class="p">)</span>
<span class="n">insecure_addr</span> <span class="o">=</span> <span class="s">":8443"</span>
<span class="n">allow_insecure_scheme</span> <span class="o">=</span> <span class="no">true</span> <span class="n">server_api</span> <span class="p">{</span> <span class="n">address</span> <span class="o">=</span> <span class="s">"unix:///tmp/spire-server/private/api.sock"</span>
<span class="p">}</span> <span class="n">health_checks</span> <span class="p">{}</span>
</code></pre></div></div> <p>Lastly, we’ll need to tune some parameters on the <code class="language-plaintext highlighter-rouge">server.conf</code> for the SPIRE server itself:</p> <div class="language-go highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">server</span> <span class="p">{</span> <span class="o">...</span> <span class="err">#</span> <span class="n">Add</span> <span class="n">JWT</span> <span class="n">issuer</span> <span class="k">for</span> <span class="n">OIDC</span> <span class="p">(</span><span class="n">using</span> <span class="n">HTTP</span> <span class="k">for</span> <span class="n">local</span> <span class="n">development</span><span class="p">)</span> <span class="n">jwt_issuer</span> <span class="o">=</span> <span class="s">"http://spire-server:8443"</span> <span class="n">default_jwt_svid_ttl</span> <span class="o">=</span> <span class="s">"1m"</span> <span class="err">#</span> <span class="n">Configure</span> <span class="n">RSA</span> <span class="n">key</span> <span class="k">type</span> <span class="p">(</span><span class="n">required</span> <span class="k">for</span> <span class="n">OIDC</span><span class="p">)</span> <span class="n">ca_key_type</span> <span class="o">=</span> <span class="s">"rsa-2048"</span> <span class="err">#</span> <span class="n">Add</span> <span class="n">federation</span> <span class="n">bundle</span> <span class="n">endpoint</span> <span class="n">federation</span> <span class="p">{</span> <span class="n">bundle_endpoint</span> <span class="p">{</span> <span class="n">address</span> <span class="o">=</span> <span class="s">"0.0.0.0"</span> <span class="n">port</span> <span class="o">=</span> <span class="m">8443</span> <span class="p">}</span> <span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div> <p>If we curl this discovery endpoint, we can see the discovery metadata and keys:</p> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>⯠curl <span class="nt">-L</span> &lt;a href="http://localhost:18443/.well-known/openid-configuration" rel="nofollow"&gt;http://localhost:18443/.well-known/openid-configuration&lt;/a&gt; <span class="o">{</span> <span class="s2">"issuer"</span>: <span class="s2">"http://localhost:18443"</span>, <span class="s2">"jwks_uri"</span>: <span class="s2">"http://localhost:18443/keys"</span>, <span class="s2">"authorization_endpoint"</span>: <span class="s2">""</span>, <span class="s2">"response_types_supported"</span>: <span class="o">[</span> <span class="s2">"id_token"</span> <span class="o">]</span>, <span class="s2">"subject_types_supported"</span>: <span class="o">[</span> <span class="s2">"public"</span> <span class="o">]</span>, <span class="s2">"id_token_signing_alg_values_supported"</span>: <span class="o">[</span> <span class="s2">"RS256"</span>, <span class="s2">"ES256"</span>, <span class="s2">"ES384"</span> <span class="o">]</span>
<span class="o">}</span>
</code></pre></div></div> <p>JWKS endpoint:</p> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>⯠curl <span class="nt">-L</span> &lt;a href="http://localhost:18443/keys" rel="nofollow"&gt;http://localhost:18443/keys&lt;/a&gt; <span class="o">{</span> <span class="s2">"keys"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"kty"</span>: <span class="s2">"RSA"</span>, <span class="s2">"kid"</span>: <span class="s2">"n0xvkL8A2W3DofkHTJPvlGpeEBJeQB6g"</span>, <span class="s2">"alg"</span>: <span class="s2">"RS256"</span>, <span class="s2">"n"</span>: <span class="s2">"sAp_Vd-X-W7OllYPm_TTk0zvUj443Y9MfQvy4onBcursyxOajcoeSOeNpTdh4QEmLKV3xC8Zq Yv4fkzFp6UTf-_rwPs_uwOpbhPKT-QQZKcconxaf8RkA0m-mzOVHbU7eA3esHLTzN84kbGkr1wozQes yC-MHFE3EwLR9xI1YZfWbHtlXOcnTgBXitgysM5Yw4jkXy7kYvjs21MyEJ01_WSSHCLaISAjlAvnDL WiGV3xx0Vd29m8-mrR5pg4_eicBifxnQnksO_LWRy8jXKk2JTftRKnmIxwqHML_fbVej8RSsaGpu0askj 83gZ4wNDi8KNh7c9ir6yWl9jgDJ3lYQ"</span>, <span class="s2">"e"</span>: <span class="s2">"AQAB"</span> <span class="o">}</span> <span class="o">]</span>
<span class="o">}</span>
</code></pre></div></div> <p>See the <a class="external" href="https://github.com/spiffe/spire/blob/main/support/oidc-discovery-provider/README.md" rel="nofollow">SPIRE OIDC Discovery Provider</a> for more.</p> <p><img alt="" src="https://blog.christianposta.com/images/agent-security/spiffe-oauth/client-auth-2.png"/></p> <p>With this setup, we can now configure the Keycloak JWKS endpoint to point to the SPIRE OIDC Discovery endpoint:</p> <p><img alt="" src="https://blog.christianposta.com/images/agent-security/spiffe-oauth/keycloak5.png"/></p> <h2>OAuth Client Authentication with SPIFFE in Action</h2> <p>With Keycloak configured to use our SPIFFE SVID JWT authenticator, and correctly pointing to the SPIRE JWKS, we can now get a workload SVID and make a call to Keycloak for an authorization flow / client credentials flow to get an access token. To get a SPIFFE JWT SVID, we can call the <code class="language-plaintext highlighter-rouge">spire-agent</code> workload API. Here’s an example SPIFFE JWT SVID:</p> <div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w"> </span><span class="nl">"aud"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"http://localhost:8080/realms/mcp-realm"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"client_auth"</span><span class="p">:</span><span class="w"> </span><span class="s2">"client-spiffe-jwt"</span><span class="p">,</span><span class="w"> </span><span class="nl">"environment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"production"</span><span class="p">,</span><span class="w"> </span><span class="nl">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">1753800643</span><span class="p">,</span><span class="w"> </span><span class="nl">"iat"</span><span class="p">:</span><span class="w"> </span><span class="mi">1753800583</span><span class="p">,</span><span class="w"> </span><span class="nl">"iss"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http://spire-server:8443"</span><span class="p">,</span><span class="w"> </span><span class="nl">"jwks_url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http://spire-oidc-discovery:8443/keys"</span><span class="p">,</span><span class="w"> </span><span class="nl">"organization"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Solo.io Agent IAM"</span><span class="p">,</span><span class="w"> </span><span class="nl">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mcp:read mcp:tools mcp:prompts"</span><span class="p">,</span><span class="w"> </span><span class="nl">"sub"</span><span class="p">:</span><span class="w"> </span><span class="s2">"spiffe://example.org/mcp-test-client"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div> <p>This JWT is signed by spiffe with the correct SPIFFE ID (<code class="language-plaintext highlighter-rouge">spiffe://example.org/mcp-test-client</code>). It has a tight expiration period, and it has additional software statements. Note the <code class="language-plaintext highlighter-rouge">client_auth</code> software statement / claim here points to <code class="language-plaintext highlighter-rouge">client-spiffe-jwt</code> which was the <code class="language-plaintext highlighter-rouge">PROVIDER_ID</code> we specified in our <code class="language-plaintext highlighter-rouge">SpiffeSvidClientAuthenticator</code> class.</p> <p>With this SPIFFE JWT SVID, we can call the token endpoint with the <code class="language-plaintext highlighter-rouge">spiffe-svid-jwt</code> and $JWT client assertions. In this particular example, we are using a <code class="language-plaintext highlighter-rouge">client_credentials</code> flow:</p> <div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl <span class="nt">-s</span> <span class="nt">-X</span> POST <span class="se">\</span> <span class="s2">"</span><span class="nv">$KEYCLOAK_URL</span><span class="s2">/realms/</span><span class="nv">$KEYCLOAK_REALM</span><span class="s2">/protocol/openid-connect/token"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/x-www-form-urlencoded"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s2">"client_id=</span><span class="nv">$CLIENT_ID</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s2">"grant_type=client_credentials"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s2">"client_assertion_type=urn:ietf:params:oauth:client-assertion-type:spiffe-svid-jwt"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s2">"client_assertion=</span><span class="nv">$JWT</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s2">"scope=mcp:read mcp:tools mcp:prompts"</span>
</code></pre></div></div> <p>If this is successful, Keycloak will issue an access token:</p> <div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w"> </span><span class="nl">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">1753804189</span><span class="p">,</span><span class="w"> </span><span class="nl">"iat"</span><span class="p">:</span><span class="w"> </span><span class="mi">1753800589</span><span class="p">,</span><span class="w"> </span><span class="nl">"jti"</span><span class="p">:</span><span class="w"> </span><span class="s2">"trrtcc:35d1fb20-31fa-4055-afb8-e902d0dc25d4"</span><span class="p">,</span><span class="w"> </span><span class="nl">"iss"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http://localhost:8080/realms/mcp-realm"</span><span class="p">,</span><span class="w"> </span><span class="nl">"sub"</span><span class="p">:</span><span class="w"> </span><span class="s2">"6e4b5bc5-9a5c-4f87-aa1e-06ad279da0c8"</span><span class="p">,</span><span class="w"> </span><span class="nl">"typ"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Bearer"</span><span class="p">,</span><span class="w"> </span><span class="nl">"azp"</span><span class="p">:</span><span class="w"> </span><span class="s2">"spiffe://example.org/mcp-test-client"</span><span class="p">,</span><span class="w"> </span><span class="nl">"acr"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"profile email"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email_verified"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"clientHost"</span><span class="p">:</span><span class="w"> </span><span class="s2">"192.168.65.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"preferred_username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"service-account-spiffe://example.org/mcp-test-client"</span><span class="p">,</span><span class="w"> </span><span class="nl">"clientAddress"</span><span class="p">:</span><span class="w"> </span><span class="s2">"192.168.65.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"client_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"spiffe://example.org/mcp-test-client"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div> <h2>Wrapping Up</h2> <p>In this post, we explored how Agent / MCP identity based on SPIFFE can be used as a first-class authentication mechanism for OAuth clients. By integrating SPIFFE JWT SVIDs with Keycloak’s client authentication flow, we eliminated the need for static secrets and created a more secure, scalable model for authenticating MCP clients especially in environments where agents and services need short-lived, verifiable credentials.</p> <p>While this approach required some customization in Keycloak (through its SPI model) and configuration of the SPIRE OIDC Discovery endpoint, the end result is a working OAuth flow powered by cryptographically-verifiable, zero-trust-friendly identity. This isn’t just a more secure option, it’s a necessary evolution as we shift toward AI-native, agentic architectures that demand dynamic trust relationships and automated credential management.</p> </div></div></summary></entry><entry><title>A Few Things About the Anchor Element’s href You Might Not Have Known</title><link href="https://blog.jim-nielsen.com/2025/href-value-possibilities/" rel="alternate"></link><published>2025-08-26T14:45:50.407000Z</published><id>https://blog.jim-nielsen.com/2025/href-value-possibilities/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/a-few-things-about-t/7504645:d79acf">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/7504645.png" style="vertical-align: middle;width:16px;height:16px;"> Jim Nielsen’s Blog.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="copy e-content"><p>I’ve written previously about <a class="external" href="https://blog.jim-nielsen.com/2023/reloading-document-in-html-and-preserve-query-params/" rel="nofollow">reloading a document using only HTML</a> but that got me thinking: What are all the values you can put in an anchor tag’s <code>href</code> attribute?</p><p>Well, <a class="external" href="https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/a#href" rel="nofollow">I looked around</a>. I found some things I already knew about, e.g.</p><ul><li>Link protocols like <code>mailto:</code>, <code>tel:</code>, <code>sms:</code> and <code>javascript:</code> which deal with specific ways of handling links.</li><li>Protocol-relative links, e.g. <code>href="//"</code></li><li><a class="external" href="https://developer.mozilla.org/en-US/docs/Web/URI/Reference/Fragment/Text_fragments" rel="nofollow">Text fragments</a> for linking to specific pieces of text on a page, e.g. <code>href="#:~:text=foo"</code></li></ul><p>But I also found some things I didn’t know about (or only vaguely knew about) so I wrote them down in an attempt to remember them.</p><h2>href="#"</h2><p>Scrolls to the top of a document. I knew that.</p><p>But I’m writing because <code>#top</code> will also scroll to the top <em>if</em> there isn’t another element with <code>id="top"</code> in the document. I didn’t know that.</p><p>(<a class="external" href="https://html.spec.whatwg.org/multipage/browsing-the-web.html#scrolling-to-a-fragment" rel="nofollow">Spec</a>: “If <em>decodedFragment</em> is an ASCII case-insensitive match for the string <code>top</code>, then return the top of the document.â€)</p><p><strong>Update:</strong> <a class="external" href="https://mastodon.social/@HTeuMeuLeu/114971342411854119" rel="nofollow">HTeuMeuLeu pointed out to me on Mastodon</a> that you can use <code>#page=</code> to deep-link to a specific page in a PDF, e.g. <code>my-file.pdf#page42</code> would like to page 42 in the file.</p><h2>href=""</h2><p>Reloads the current page, preserving the search string but removing the hash string (if present).</p><table><thead><tr><th>URL</th><th>Resolves to</th></tr></thead><tbody><tr><td><code>/path/</code></td><td><code>/path/</code></td></tr><tr><td><code>/path/#foo</code></td><td><code>/path/</code></td></tr><tr><td><code>/path/?id=foo</code></td><td><code>/path/?id=foo</code></td></tr><tr><td><code>/path/?id=foo#bar</code></td><td><code>/path/?id=foo</code></td></tr></tbody></table><h2>href="."</h2><p>Reloads the current page, removing both the search and hash strings (if present).</p><p><strong>Note</strong>: If you’re using <code>href="."</code> as a link to the current page, ensure your URLs have a trailing slash or you may get surprising navigation behavior. The path is interpreted as a file, so <code>"."</code> resolves to the parent directory of the current location.</p><table><thead><tr><th>URL</th><th>Resolves to</th></tr></thead><tbody><tr><td><code>/path</code></td><td><code>/</code></td></tr><tr><td><code>/path#foo</code></td><td><code>/</code></td></tr><tr><td><code>/path?id=foo</code></td><td><code>/</code></td></tr><tr><td><code>/path/</code></td><td><code>/path/</code></td></tr><tr><td><code>/path/#foo</code></td><td><code>/path/</code></td></tr><tr><td><code>/path/?id=foo</code></td><td><code>/path/</code></td></tr><tr><td><code>/path/index.html</code></td><td><code>/path/</code></td></tr></tbody></table><p><strong>Update 2025-08-15</strong>: as <a class="external" href="https://front-end.social/@AmeliaBR/114971821114512797" rel="nofollow">pointed out by @AmeliaBR on Mastodon</a>, “reloads the current page†probably isn’t the best terminology for this. It’s more like “loads the default index page for the current directory, based on the URL structure†which might be a reload, but might be something else based on the current URL (see my note and table above).</p><h2>href="?"</h2><p>Reloads the current page, removing both the search and hash strings (if present). <em>However</em>, it preserves the <code>?</code> character.</p><p><strong>Note</strong>: Unlike <code>href="."</code>, trailing slashes don’t matter. The search parameters will be removed but the path will be preserved as-is.</p><table><thead><tr><th>URL</th><th>Resolves to</th></tr></thead><tbody><tr><td><code>/path</code></td><td><code>/path?</code></td></tr><tr><td><code>/path#foo</code></td><td><code>/path?</code></td></tr><tr><td><code>/path?id=foo</code></td><td><code>/path?</code></td></tr><tr><td><code>/path?id=foo#bar</code></td><td><code>/path?</code></td></tr><tr><td><code>/index.html</code></td><td><code>/index.html?</code></td></tr></tbody></table><h2>href="data:"</h2><p>You can make links that navigate to <a class="external" href="https://developer.mozilla.org/en-US/docs/Web/URI/Reference/Schemes/data" rel="nofollow">data URLs</a>. The super-readable version of this would be:</p><pre><code class="language language-html"><span class="hljs-tag">&lt;<span class="hljs-name">a</span> <span class="hljs-attr">href</span>=<span class="hljs-string">"data:text/plain,hello world"</span>&gt;</span> View plain text data URL
<span class="hljs-tag">&lt;/<span class="hljs-name">a</span>&gt;</span>
</code></pre><p>But you probably want <code>data:</code> URLs to be encoded so you don’t get unexpected behavior, e.g.</p><pre><code class="language language-html"><span class="hljs-tag">&lt;<span class="hljs-name">a</span> <span class="hljs-attr">href</span>=<span class="hljs-string">"data:text/plain,hello%20world"</span>&gt;</span> View plain text data URL
<span class="hljs-tag">&lt;/<span class="hljs-name">a</span>&gt;</span>
</code></pre><p>Go ahead and try it (FYI: may not work in your user agent). Here’s a <a class="external" href="http://data:text/plain,hello%20world" rel="nofollow">plain-text file</a> and an <a class="external" href="http://data:text/html,%3Ch1%3Ehello%20world%3C/h1%3E" rel="nofollow">HTML file</a>.</p><h2>href="video.mp4#t=10,20"</h2><p><a class="external" href="https://www.w3.org/TR/media-frags/" rel="nofollow">Media fragments</a> allow linking to specific parts of a media file, like audio or video.</p><p><a class="external" href="https://indieweb.org/media_fragment" rel="nofollow">For example</a>, <code>video.mp4#t=10,20</code> links to a video. It starts play at 10 seconds, and stops it at 20 seconds.</p><p>(<a class="external" href="https://caniuse.com/media-fragments" rel="nofollow">Support</a> is limited at the time of this writing.)</p><h2>See For Yourself</h2><p>I tested a lot of this stuff in the browser and via JS. I think I got all these right.</p><p>Thanks to <a class="external" href="https://developer.mozilla.org/en-US/docs/Web/API/URL/URL" rel="nofollow">JavaScript’s URL constructor</a> (and the ability to pass a <code>base</code> URL), I could programmatically explore how a lot of these href’s would resolve.</p><p>Here’s a snippet of the test code I wrote. You can copy/paste this in your console and they should all pass 🤞</p><pre><code class="language language-js"><span class="hljs-keyword">const</span> assertions = [ { <span class="hljs-attr">href</span>: <span class="hljs-string">''</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">''</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path/'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path/'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">''</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path/#foo'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path/'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">''</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path/?id=foo'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path/?id=foo'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">''</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path/?id=foo#bar'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path/?id=foo'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'.'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'.'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">`/path#foo`</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">`/`</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'.'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">`/path?id=foo`</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">`/`</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'.'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">`/path/`</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">`/path/`</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'.'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">`/path/#foo`</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">`/path/`</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'.'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">`/path/?id=foo`</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">`/path/`</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'.'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">`/path/index.html`</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">`/path/`</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'?'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path?'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'?'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path#foo'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path?'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'?'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path?id=foo'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path?'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'?'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path/'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path/?'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'?'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/path/?id=foo#bar'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/path/?'</span> }, { <span class="hljs-attr">href</span>: <span class="hljs-string">'?'</span>, <span class="hljs-attr">location</span>: <span class="hljs-string">'/index.html#foo'</span>, <span class="hljs-attr">resolves_to</span>: <span class="hljs-string">'/index.html?'</span>}
]; <span class="hljs-keyword">const</span> assertions_evaluated = assertions.<span class="hljs-title function_">map</span>(<span class="hljs-function">(<span class="hljs-params">{ href, location, resolves_to }</span>) =&gt;</span> { <span class="hljs-keyword">const</span> domain = <span class="hljs-string">'https://example.com'</span>; <span class="hljs-keyword">const</span> expected = <span class="hljs-keyword">new</span> <span class="hljs-title function_">URL</span>(href, domain + location).<span class="hljs-title function_">toString</span>(); <span class="hljs-keyword">const</span> received = <span class="hljs-keyword">new</span> <span class="hljs-title function_">URL</span>(domain + resolves_to).<span class="hljs-title function_">toString</span>(); <span class="hljs-keyword">return</span> { href, location, <span class="hljs-attr">expected</span>: expected.<span class="hljs-title function_">replace</span>(domain, <span class="hljs-string">''</span>), <span class="hljs-attr">received</span>: received.<span class="hljs-title function_">replace</span>(domain, <span class="hljs-string">''</span>), <span class="hljs-attr">passed</span>: expected === received };
}); <span class="hljs-variable language_">console</span>.<span class="hljs-title function_">table</span>(assertions_evaluated);
</code></pre></div></summary></entry><entry><title>Disaggregated Prefilling (experimental)¶</title><link href="https://docs.vllm.ai/en/latest/features/disagg_prefill.html" rel="alternate"></link><published>2025-08-22T21:00:17.167000Z</published><id>https://docs.vllm.ai/en/latest/features/disagg_prefill.html</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/disaggregated-prefil/0:e66eff">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
</summary></entry><entry><title>Modern Node.js Patterns for 2025</title><link href="https://kashw1n.com/blog/nodejs-2025/" rel="alternate"></link><published>2025-08-07T13:10:14.996000Z</published><id>https://kashw1n.com/blog/nodejs-2025/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/modern-nodejs-patter/0:58de92">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="content"> <img alt="Modern Node.js development workflow" src="https://kashw1n.com/static/nodejs-2025.png" width="400"/>
<p>Node.js has undergone a remarkable transformation since its early days. If you’ve been writing Node.js for several years, you’ve likely witnessed this evolution firsthand—from the callback-heavy, CommonJS-dominated landscape to today’s clean, standards-based development experience.</p>
<p>The changes aren’t just cosmetic; they represent a fundamental shift in how we approach server-side JavaScript development. Modern Node.js embraces web standards, reduces external dependencies, and provides a more intuitive developer experience. Let’s explore these transformations and understand why they matter for your applications in 2025.</p>
<h2>1. Module System: ESM is the New Standard</h2>
<p>The module system is perhaps where you’ll notice the biggest difference. CommonJS served us well, but ES Modules (ESM) have become the clear winner, offering better tooling support and alignment with web standards.</p>
<h3>The Old Way (CommonJS)</h3>
<p>Let’s look at how we used to structure modules. This approach required explicit exports and synchronous imports:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// math.js</span></span>
<span class="line"><span>function</span><span> add</span><span>(</span><span>a</span><span>, </span><span>b</span><span>) {</span></span>
<span class="line"><span> return</span><span> a</span><span> +</span><span> b</span><span>;</span></span>
<span class="line"><span>}</span></span>
<span class="line"><span>module</span><span>.</span><span>exports</span><span> =</span><span> { </span><span>add</span><span> };</span></span>
<span class="line"></span>
<span class="line"><span>// app.js</span></span>
<span class="line"><span>const</span><span> { </span><span>add</span><span> } </span><span>=</span><span> require</span><span>(</span><span>'./math'</span><span>);</span></span>
<span class="line"><span>console</span><span>.</span><span>log</span><span>(</span><span>add</span><span>(</span><span>2</span><span>, </span><span>3</span><span>));</span></span>
<span class="line"></span></code></pre>
<p>This worked fine, but it had limitations—no static analysis, no tree-shaking, and it didn’t align with browser standards.</p>
<h3>The Modern Way (ES Modules with Node: Prefix)</h3>
<p>Modern Node.js development embraces ES Modules with a crucial addition—the <code>node:</code> prefix for built-in modules. This explicit naming prevents confusion and makes dependencies crystal clear:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// math.js</span></span>
<span class="line"><span>export</span><span> function</span><span> add</span><span>(</span><span>a</span><span>, </span><span>b</span><span>) {</span></span>
<span class="line"><span> return</span><span> a</span><span> +</span><span> b</span><span>;</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span>
<span class="line"><span>// app.js</span></span>
<span class="line"><span>import</span><span> { </span><span>add</span><span> } </span><span>from</span><span> './math.js'</span><span>;</span></span>
<span class="line"><span>import</span><span> { </span><span>readFile</span><span> } </span><span>from</span><span> 'node:fs/promises'</span><span>; </span><span>// Modern node: prefix</span></span>
<span class="line"><span>import</span><span> { </span><span>createServer</span><span> } </span><span>from</span><span> 'node:http'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>console</span><span>.</span><span>log</span><span>(</span><span>add</span><span>(</span><span>2</span><span>, </span><span>3</span><span>));</span></span>
<span class="line"></span></code></pre>
<p>The <code>node:</code> prefix is more than just a convention—it’s a clear signal to both developers and tools that you’re importing Node.js built-ins rather than npm packages. This prevents potential conflicts and makes your code more explicit about its dependencies.</p>
<h3>Top-Level Await: Simplifying Initialization</h3>
<p>One of the most game-changing features is top-level await. No more wrapping your entire application in an async function just to use await at the module level:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// app.js - Clean initialization without wrapper functions</span></span>
<span class="line"><span>import</span><span> { </span><span>readFile</span><span> } </span><span>from</span><span> 'node:fs/promises'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>const</span><span> config</span><span> =</span><span> JSON</span><span>.</span><span>parse</span><span>(</span><span>await</span><span> readFile</span><span>(</span><span>'config.json'</span><span>, </span><span>'utf8'</span><span>));</span></span>
<span class="line"><span>const</span><span> server</span><span> =</span><span> createServer</span><span>(</span><span>/* ... */</span><span>);</span></span>
<span class="line"></span>
<span class="line"><span>console</span><span>.</span><span>log</span><span>(</span><span>'App started with config:'</span><span>, </span><span>config</span><span>.</span><span>appName</span><span>);</span></span>
<span class="line"></span></code></pre>
<p>This eliminates the common pattern of immediately-invoked async function expressions (IIFE) that we used to see everywhere. Your code becomes more linear and easier to reason about.</p>
<h2>2. Built-in Web APIs: Reducing External Dependencies</h2>
<p>Node.js has embraced web standards in a big way, bringing APIs that web developers already know directly into the runtime. This means fewer dependencies and more consistency across environments.</p>
<h3>Fetch API: No More HTTP Library Dependencies</h3>
<p>Remember when every project needed axios, node-fetch, or similar libraries for HTTP requests? Those days are over. Node.js now includes the Fetch API natively:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// Old way - external dependencies required</span></span>
<span class="line"><span>const</span><span> axios</span><span> =</span><span> require</span><span>(</span><span>'axios'</span><span>);</span></span>
<span class="line"><span>const</span><span> response</span><span> =</span><span> await</span><span> axios</span><span>.</span><span>get</span><span>(</span><span>'https://api.example.com/data'</span><span>);</span></span>
<span class="line"></span>
<span class="line"><span>// Modern way - built-in fetch with enhanced features</span></span>
<span class="line"><span>const</span><span> response</span><span> =</span><span> await</span><span> fetch</span><span>(</span><span>'https://api.example.com/data'</span><span>);</span></span>
<span class="line"><span>const</span><span> data</span><span> =</span><span> await</span><span> response</span><span>.</span><span>json</span><span>();</span></span>
<span class="line"></span></code></pre>
<p>But the modern approach goes beyond just replacing your HTTP library. You get sophisticated timeout and cancellation support built-in:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>async</span><span> function</span><span> fetchData</span><span>(</span><span>url</span><span>) {</span></span>
<span class="line"><span> try</span><span> {</span></span>
<span class="line"><span> const</span><span> response</span><span> =</span><span> await</span><span> fetch</span><span>(</span><span>url</span><span>, {</span></span>
<span class="line"><span> signal</span><span>: </span><span>AbortSignal</span><span>.</span><span>timeout</span><span>(</span><span>5000</span><span>) </span><span>// Built-in timeout support</span></span>
<span class="line"><span> });</span></span>
<span class="line"></span>
<span class="line"><span> if</span><span> (</span><span>!</span><span>response</span><span>.</span><span>ok</span><span>) {</span></span>
<span class="line"><span> throw</span><span> new</span><span> Error</span><span>(</span><span>`HTTP </span><span>${</span><span>response</span><span>.</span><span>status</span><span>}</span><span>: </span><span>${</span><span>response</span><span>.</span><span>statusText</span><span>}</span><span>`</span><span>);</span></span>
<span class="line"><span> }</span></span>
<span class="line"></span>
<span class="line"><span> return</span><span> await</span><span> response</span><span>.</span><span>json</span><span>();</span></span>
<span class="line"><span> } </span><span>catch</span><span> (</span><span>error</span><span>) {</span></span>
<span class="line"><span> if</span><span> (</span><span>error</span><span>.</span><span>name</span><span> ===</span><span> 'TimeoutError'</span><span>) {</span></span>
<span class="line"><span> throw</span><span> new</span><span> Error</span><span>(</span><span>'Request timed out'</span><span>);</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span> throw</span><span> error</span><span>;</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This approach eliminates the need for timeout libraries and provides a consistent error handling experience. The <code>AbortSignal.timeout()</code> method is particularly elegant—it creates a signal that automatically aborts after the specified time.</p>
<h3>AbortController: Graceful Operation Cancellation</h3>
<p>Modern applications need to handle cancellation gracefully, whether it’s user-initiated or due to timeouts. AbortController provides a standardized way to cancel operations:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// Cancel long-running operations cleanly</span></span>
<span class="line"><span>const</span><span> controller</span><span> =</span><span> new</span><span> AbortController</span><span>();</span></span>
<span class="line"></span>
<span class="line"><span>// Set up automatic cancellation</span></span>
<span class="line"><span>setTimeout</span><span>(() </span><span>=&gt;</span><span> controller</span><span>.</span><span>abort</span><span>(), </span><span>10000</span><span>);</span></span>
<span class="line"></span>
<span class="line"><span>try</span><span> {</span></span>
<span class="line"><span> const</span><span> data</span><span> =</span><span> await</span><span> fetch</span><span>(</span><span>'https://slow-api.com/data'</span><span>, {</span></span>
<span class="line"><span> signal</span><span>: </span><span>controller</span><span>.</span><span>signal</span></span>
<span class="line"><span> });</span></span>
<span class="line"><span> console</span><span>.</span><span>log</span><span>(</span><span>'Data received:'</span><span>, </span><span>data</span><span>);</span></span>
<span class="line"><span>} </span><span>catch</span><span> (</span><span>error</span><span>) {</span></span>
<span class="line"><span> if</span><span> (</span><span>error</span><span>.</span><span>name</span><span> ===</span><span> 'AbortError'</span><span>) {</span></span>
<span class="line"><span> console</span><span>.</span><span>log</span><span>(</span><span>'Request was cancelled - this is expected behavior'</span><span>);</span></span>
<span class="line"><span> } </span><span>else</span><span> {</span></span>
<span class="line"><span> console</span><span>.</span><span>error</span><span>(</span><span>'Unexpected error:'</span><span>, </span><span>error</span><span>);</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This pattern works across many Node.js APIs, not just fetch. You can use the same AbortController with file operations, database queries, and any async operation that supports cancellation.</p>
<h2>3. Built-in Testing: Professional Testing Without External Dependencies</h2>
<p>Testing used to require choosing between Jest, Mocha, Ava, or other frameworks. Node.js now includes a full-featured test runner that covers most testing needs without any external dependencies.</p>
<h3>Modern Testing with Node.js Built-in Test Runner</h3>
<p>The built-in test runner provides a clean, familiar API that feels modern and complete:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// test/math.test.js</span></span>
<span class="line"><span>import</span><span> { </span><span>test</span><span>, </span><span>describe</span><span> } </span><span>from</span><span> 'node:test'</span><span>;</span></span>
<span class="line"><span>import</span><span> assert</span><span> from</span><span> 'node:assert'</span><span>;</span></span>
<span class="line"><span>import</span><span> { </span><span>add</span><span>, </span><span>multiply</span><span> } </span><span>from</span><span> '../math.js'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>describe</span><span>(</span><span>'Math functions'</span><span>, () </span><span>=&gt;</span><span> {</span></span>
<span class="line"><span> test</span><span>(</span><span>'adds numbers correctly'</span><span>, () </span><span>=&gt;</span><span> {</span></span>
<span class="line"><span> assert</span><span>.</span><span>strictEqual</span><span>(</span><span>add</span><span>(</span><span>2</span><span>, </span><span>3</span><span>), </span><span>5</span><span>);</span></span>
<span class="line"><span> });</span></span>
<span class="line"></span>
<span class="line"><span> test</span><span>(</span><span>'handles async operations'</span><span>, </span><span>async</span><span> () </span><span>=&gt;</span><span> {</span></span>
<span class="line"><span> const</span><span> result</span><span> =</span><span> await</span><span> multiply</span><span>(</span><span>2</span><span>, </span><span>3</span><span>);</span></span>
<span class="line"><span> assert</span><span>.</span><span>strictEqual</span><span>(</span><span>result</span><span>, </span><span>6</span><span>);</span></span>
<span class="line"><span> });</span></span>
<span class="line"></span>
<span class="line"><span> test</span><span>(</span><span>'throws on invalid input'</span><span>, () </span><span>=&gt;</span><span> {</span></span>
<span class="line"><span> assert</span><span>.</span><span>throws</span><span>(() </span><span>=&gt;</span><span> add</span><span>(</span><span>'a'</span><span>, </span><span>'b'</span><span>),</span><span> /Invalid input/</span><span>);</span></span>
<span class="line"><span> });</span></span>
<span class="line"><span>});</span></span>
<span class="line"></span></code></pre>
<p>What makes this particularly powerful is how seamlessly it integrates with the Node.js development workflow:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span># Run all tests with built-in runner</span></span>
<span class="line"><span>node</span><span> --test</span></span>
<span class="line"></span>
<span class="line"><span># Watch mode for development</span></span>
<span class="line"><span>node</span><span> --test</span><span> --watch</span></span>
<span class="line"></span>
<span class="line"><span># Coverage reporting (Node.js 20+)</span></span>
<span class="line"><span>node</span><span> --test</span><span> --experimental-test-coverage</span></span>
<span class="line"></span></code></pre>
<p>The watch mode is especially valuable during development—your tests re-run automatically as you modify code, providing immediate feedback without any additional configuration.</p>
<h2>4. Sophisticated Asynchronous Patterns</h2>
<p>While async/await isn’t new, the patterns around it have matured significantly. Modern Node.js development leverages these patterns more effectively and combines them with newer APIs.</p>
<h3>Async/Await with Enhanced Error Handling</h3>
<p>Modern error handling combines async/await with sophisticated error recovery and parallel execution patterns:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>import</span><span> { </span><span>readFile</span><span>, </span><span>writeFile</span><span> } </span><span>from</span><span> 'node:fs/promises'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>async</span><span> function</span><span> processData</span><span>() {</span></span>
<span class="line"><span> try</span><span> {</span></span>
<span class="line"><span> // Parallel execution of independent operations</span></span>
<span class="line"><span> const</span><span> [</span><span>config</span><span>, </span><span>userData</span><span>] </span><span>=</span><span> await</span><span> Promise</span><span>.</span><span>all</span><span>([</span></span>
<span class="line"><span> readFile</span><span>(</span><span>'config.json'</span><span>, </span><span>'utf8'</span><span>),</span></span>
<span class="line"><span> fetch</span><span>(</span><span>'/api/user'</span><span>).</span><span>then</span><span>(</span><span>r</span><span> =&gt;</span><span> r</span><span>.</span><span>json</span><span>())</span></span>
<span class="line"><span> ]);</span></span>
<span class="line"></span>
<span class="line"><span> const</span><span> processed</span><span> =</span><span> processUserData</span><span>(</span><span>userData</span><span>, </span><span>JSON</span><span>.</span><span>parse</span><span>(</span><span>config</span><span>));</span></span>
<span class="line"><span> await</span><span> writeFile</span><span>(</span><span>'output.json'</span><span>, </span><span>JSON</span><span>.</span><span>stringify</span><span>(</span><span>processed</span><span>, </span><span>null</span><span>, </span><span>2</span><span>));</span></span>
<span class="line"></span>
<span class="line"><span> return</span><span> processed</span><span>;</span></span>
<span class="line"><span> } </span><span>catch</span><span> (</span><span>error</span><span>) {</span></span>
<span class="line"><span> // Structured error logging with context</span></span>
<span class="line"><span> console</span><span>.</span><span>error</span><span>(</span><span>'Processing failed:'</span><span>, {</span></span>
<span class="line"><span> error</span><span>: </span><span>error</span><span>.</span><span>message</span><span>,</span></span>
<span class="line"><span> stack</span><span>: </span><span>error</span><span>.</span><span>stack</span><span>,</span></span>
<span class="line"><span> timestamp</span><span>: </span><span>new</span><span> Date</span><span>().</span><span>toISOString</span><span>()</span></span>
<span class="line"><span> });</span></span>
<span class="line"><span> throw</span><span> error</span><span>;</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This pattern combines parallel execution for performance with comprehensive error handling. The <code>Promise.all()</code> ensures that independent operations run concurrently, while the try/catch provides a single point for error handling with rich context.</p>
<h3>Modern Event Handling with AsyncIterators</h3>
<p>Event-driven programming has evolved beyond simple event listeners. AsyncIterators provide a more powerful way to handle streams of events:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>import</span><span> { </span><span>EventEmitter</span><span>, </span><span>once</span><span> } </span><span>from</span><span> 'node:events'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>class</span><span> DataProcessor</span><span> extends</span><span> EventEmitter</span><span> {</span></span>
<span class="line"><span> async</span><span> *</span><span>processStream</span><span>() {</span></span>
<span class="line"><span> for</span><span> (</span><span>let</span><span> i</span><span> =</span><span> 0</span><span>; </span><span>i</span><span> &lt;</span><span> 10</span><span>; </span><span>i</span><span>++</span><span>) {</span></span>
<span class="line"><span> this</span><span>.</span><span>emit</span><span>(</span><span>'data'</span><span>, </span><span>`chunk-</span><span>${</span><span>i</span><span>}</span><span>`</span><span>);</span></span>
<span class="line"><span> yield</span><span> `processed-</span><span>${</span><span>i</span><span>}</span><span>`</span><span>;</span></span>
<span class="line"><span> // Simulate async processing time</span></span>
<span class="line"><span> await</span><span> new</span><span> Promise</span><span>(</span><span>resolve</span><span> =&gt;</span><span> setTimeout</span><span>(</span><span>resolve</span><span>, </span><span>100</span><span>));</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span> this</span><span>.</span><span>emit</span><span>(</span><span>'end'</span><span>);</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span>
<span class="line"><span>// Consume events as an async iterator</span></span>
<span class="line"><span>const</span><span> processor</span><span> =</span><span> new</span><span> DataProcessor</span><span>();</span></span>
<span class="line"><span>for</span><span> await</span><span> (</span><span>const</span><span> result</span><span> of</span><span> processor</span><span>.</span><span>processStream</span><span>()) {</span></span>
<span class="line"><span> console</span><span>.</span><span>log</span><span>(</span><span>'Processed:'</span><span>, </span><span>result</span><span>);</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This approach is particularly powerful because it combines the flexibility of events with the control flow of async iteration. You can process events in sequence, handle backpressure naturally, and break out of processing loops cleanly.</p>
<h2>5. Advanced Streams with Web Standards Integration</h2>
<p>Streams remain one of Node.js’s most powerful features, but they’ve evolved to embrace web standards and provide better interoperability.</p>
<h3>Modern Stream Processing</h3>
<p>Stream processing has become more intuitive with better APIs and clearer patterns:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>import</span><span> { </span><span>Readable</span><span>, </span><span>Transform</span><span> } </span><span>from</span><span> 'node:stream'</span><span>;</span></span>
<span class="line"><span>import</span><span> { </span><span>pipeline</span><span> } </span><span>from</span><span> 'node:stream/promises'</span><span>;</span></span>
<span class="line"><span>import</span><span> { </span><span>createReadStream</span><span>, </span><span>createWriteStream</span><span> } </span><span>from</span><span> 'node:fs'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>// Create transform streams with clean, focused logic</span></span>
<span class="line"><span>const</span><span> upperCaseTransform</span><span> =</span><span> new</span><span> Transform</span><span>({</span></span>
<span class="line"><span> objectMode</span><span>: </span><span>true</span><span>,</span></span>
<span class="line"><span> transform</span><span>(</span><span>chunk</span><span>, </span><span>encoding</span><span>, </span><span>callback</span><span>) {</span></span>
<span class="line"><span> this</span><span>.</span><span>push</span><span>(</span><span>chunk</span><span>.</span><span>toString</span><span>().</span><span>toUpperCase</span><span>());</span></span>
<span class="line"><span> callback</span><span>();</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>});</span></span>
<span class="line"></span>
<span class="line"><span>// Process files with robust error handling</span></span>
<span class="line"><span>async</span><span> function</span><span> processFile</span><span>(</span><span>inputFile</span><span>, </span><span>outputFile</span><span>) {</span></span>
<span class="line"><span> try</span><span> {</span></span>
<span class="line"><span> await</span><span> pipeline</span><span>(</span></span>
<span class="line"><span> createReadStream</span><span>(</span><span>inputFile</span><span>),</span></span>
<span class="line"><span> upperCaseTransform</span><span>,</span></span>
<span class="line"><span> createWriteStream</span><span>(</span><span>outputFile</span><span>)</span></span>
<span class="line"><span> );</span></span>
<span class="line"><span> console</span><span>.</span><span>log</span><span>(</span><span>'File processed successfully'</span><span>);</span></span>
<span class="line"><span> } </span><span>catch</span><span> (</span><span>error</span><span>) {</span></span>
<span class="line"><span> console</span><span>.</span><span>error</span><span>(</span><span>'Pipeline failed:'</span><span>, </span><span>error</span><span>);</span></span>
<span class="line"><span> throw</span><span> error</span><span>;</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>The <code>pipeline</code> function with promises provides automatic cleanup and error handling, eliminating many of the traditional pain points with stream processing.</p>
<h3>Web Streams Interoperability</h3>
<p>Modern Node.js can seamlessly work with Web Streams, enabling better compatibility with browser code and edge runtime environments:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// Create a Web Stream (compatible with browsers)</span></span>
<span class="line"><span>const</span><span> webReadable</span><span> =</span><span> new</span><span> ReadableStream</span><span>({</span></span>
<span class="line"><span> start</span><span>(</span><span>controller</span><span>) {</span></span>
<span class="line"><span> controller</span><span>.</span><span>enqueue</span><span>(</span><span>'Hello '</span><span>);</span></span>
<span class="line"><span> controller</span><span>.</span><span>enqueue</span><span>(</span><span>'World!'</span><span>);</span></span>
<span class="line"><span> controller</span><span>.</span><span>close</span><span>();</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>});</span></span>
<span class="line"></span>
<span class="line"><span>// Convert between Web Streams and Node.js streams</span></span>
<span class="line"><span>const</span><span> nodeStream</span><span> =</span><span> Readable</span><span>.</span><span>fromWeb</span><span>(</span><span>webReadable</span><span>);</span></span>
<span class="line"><span>const</span><span> backToWeb</span><span> =</span><span> Readable</span><span>.</span><span>toWeb</span><span>(</span><span>nodeStream</span><span>);</span></span>
<span class="line"></span></code></pre>
<p>This interoperability is crucial for applications that need to run in multiple environments or share code between server and client.</p>
<h2>6. Worker Threads: True Parallelism for CPU-Intensive Tasks</h2>
<p>JavaScript’s single-threaded nature isn’t always ideal for CPU-intensive work. Worker threads provide a way to leverage multiple cores effectively while maintaining the simplicity of JavaScript.</p>
<h3>Background Processing Without Blocking</h3>
<p>Worker threads are perfect for computationally expensive tasks that would otherwise block the main event loop:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// worker.js - Isolated computation environment</span></span>
<span class="line"><span>import</span><span> { </span><span>parentPort</span><span>, </span><span>workerData</span><span> } </span><span>from</span><span> 'node:worker_threads'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>function</span><span> fibonacci</span><span>(</span><span>n</span><span>) {</span></span>
<span class="line"><span> if</span><span> (</span><span>n</span><span> &lt;</span><span> 2</span><span>) </span><span>return</span><span> n</span><span>;</span></span>
<span class="line"><span> return</span><span> fibonacci</span><span>(</span><span>n</span><span> -</span><span> 1</span><span>) </span><span>+</span><span> fibonacci</span><span>(</span><span>n</span><span> -</span><span> 2</span><span>);</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span>
<span class="line"><span>const</span><span> result</span><span> =</span><span> fibonacci</span><span>(</span><span>workerData</span><span>.</span><span>number</span><span>);</span></span>
<span class="line"><span>parentPort</span><span>.</span><span>postMessage</span><span>(</span><span>result</span><span>);</span></span>
<span class="line"></span></code></pre>
<p>The main application can delegate heavy computations without blocking other operations:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// main.js - Non-blocking delegation</span></span>
<span class="line"><span>import</span><span> { </span><span>Worker</span><span> } </span><span>from</span><span> 'node:worker_threads'</span><span>;</span></span>
<span class="line"><span>import</span><span> { </span><span>fileURLToPath</span><span> } </span><span>from</span><span> 'node:url'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>async</span><span> function</span><span> calculateFibonacci</span><span>(</span><span>number</span><span>) {</span></span>
<span class="line"><span> return</span><span> new</span><span> Promise</span><span>((</span><span>resolve</span><span>, </span><span>reject</span><span>) </span><span>=&gt;</span><span> {</span></span>
<span class="line"><span> const</span><span> worker</span><span> =</span><span> new</span><span> Worker</span><span>(</span></span>
<span class="line"><span> fileURLToPath</span><span>(</span><span>new</span><span> URL</span><span>(</span><span>'./worker.js'</span><span>, </span><span>import</span><span>.</span><span>meta</span><span>.</span><span>url</span><span>)),</span></span>
<span class="line"><span> { </span><span>workerData</span><span>: { </span><span>number</span><span> } }</span></span>
<span class="line"><span> );</span></span>
<span class="line"></span>
<span class="line"><span> worker</span><span>.</span><span>on</span><span>(</span><span>'message'</span><span>, </span><span>resolve</span><span>);</span></span>
<span class="line"><span> worker</span><span>.</span><span>on</span><span>(</span><span>'error'</span><span>, </span><span>reject</span><span>);</span></span>
<span class="line"><span> worker</span><span>.</span><span>on</span><span>(</span><span>'exit'</span><span>, (</span><span>code</span><span>) </span><span>=&gt;</span><span> {</span></span>
<span class="line"><span> if</span><span> (</span><span>code</span><span> !==</span><span> 0</span><span>) {</span></span>
<span class="line"><span> reject</span><span>(</span><span>new</span><span> Error</span><span>(</span><span>`Worker stopped with exit code </span><span>${</span><span>code</span><span>}</span><span>`</span><span>));</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span> });</span></span>
<span class="line"><span> });</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span>
<span class="line"><span>// Your main application remains responsive</span></span>
<span class="line"><span>console</span><span>.</span><span>log</span><span>(</span><span>'Starting calculation...'</span><span>);</span></span>
<span class="line"><span>const</span><span> result</span><span> =</span><span> await</span><span> calculateFibonacci</span><span>(</span><span>40</span><span>);</span></span>
<span class="line"><span>console</span><span>.</span><span>log</span><span>(</span><span>'Fibonacci result:'</span><span>, </span><span>result</span><span>);</span></span>
<span class="line"><span>console</span><span>.</span><span>log</span><span>(</span><span>'Application remained responsive throughout!'</span><span>);</span></span>
<span class="line"></span></code></pre>
<p>This pattern allows your application to utilize multiple CPU cores while keeping the familiar async/await programming model.</p>
<h2>7. Enhanced Development Experience</h2>
<p>Modern Node.js prioritizes developer experience with built-in tools that previously required external packages or complex configurations.</p>
<h3>Watch Mode and Environment Management</h3>
<p>Development workflow has been significantly streamlined with built-in watch mode and environment file support:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>{</span></span>
<span class="line"><span> "name"</span><span>: </span><span>"modern-node-app"</span><span>,</span></span>
<span class="line"><span> "type"</span><span>: </span><span>"module"</span><span>,</span></span>
<span class="line"><span> "engines"</span><span>: {</span></span>
<span class="line"><span> "node"</span><span>: </span><span>"&gt;=20.0.0"</span></span>
<span class="line"><span> },</span></span>
<span class="line"><span> "scripts"</span><span>: {</span></span>
<span class="line"><span> "dev"</span><span>: </span><span>"node --watch --env-file=.env app.js"</span><span>,</span></span>
<span class="line"><span> "test"</span><span>: </span><span>"node --test --watch"</span><span>,</span></span>
<span class="line"><span> "start"</span><span>: </span><span>"node app.js"</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>The <code>--watch</code> flag eliminates the need for nodemon, while <code>--env-file</code> removes the dependency on dotenv. Your development environment becomes simpler and faster:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// .env file automatically loaded with --env-file</span></span>
<span class="line"><span>// DATABASE_URL=postgres://localhost:5432/mydb</span></span>
<span class="line"><span>// API_KEY=secret123</span></span>
<span class="line"></span>
<span class="line"><span>// app.js - Environment variables available immediately</span></span>
<span class="line"><span>console</span><span>.</span><span>log</span><span>(</span><span>'Connecting to:'</span><span>, </span><span>process</span><span>.</span><span>env</span><span>.</span><span>DATABASE_URL</span><span>);</span></span>
<span class="line"><span>console</span><span>.</span><span>log</span><span>(</span><span>'API Key loaded:'</span><span>, </span><span>process</span><span>.</span><span>env</span><span>.</span><span>API_KEY</span><span> ?</span><span> 'Yes'</span><span> :</span><span> 'No'</span><span>);</span></span>
<span class="line"></span></code></pre>
<p>These features make development more pleasant by reducing configuration overhead and eliminating restart cycles.</p>
<h2>8. Modern Security and Performance Monitoring</h2>
<p>Security and performance have become first-class concerns with built-in tools for monitoring and controlling application behavior.</p>
<h3>Permission Model for Enhanced Security</h3>
<p>The experimental permission model allows you to restrict what your application can access, following the principle of least privilege:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span># Run with restricted file system access</span></span>
<span class="line"><span>node</span><span> --experimental-permission</span><span> --allow-fs-read=./data</span><span> --allow-fs-write=./logs</span><span> app.js</span></span>
<span class="line"></span>
<span class="line"><span># Network restrictions </span></span>
<span class="line"><span>node</span><span> --experimental-permission</span><span> --allow-net=api.example.com</span><span> app.js</span></span>
<span class="line"><span># Above allow-net feature not avaiable yet, PR merged in node.js repo, will be available in future release</span></span>
<span class="line"></span></code></pre>
<p>This is particularly valuable for applications that process untrusted code or need to demonstrate security compliance.</p>
<h3>Built-in Performance Monitoring</h3>
<p>Performance monitoring is now built into the platform, eliminating the need for external APM tools for basic monitoring:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>import</span><span> { </span><span>PerformanceObserver</span><span>, </span><span>performance</span><span> } </span><span>from</span><span> 'node:perf_hooks'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>// Set up automatic performance monitoring</span></span>
<span class="line"><span>const</span><span> obs</span><span> =</span><span> new</span><span> PerformanceObserver</span><span>((</span><span>list</span><span>) </span><span>=&gt;</span><span> {</span></span>
<span class="line"><span> for</span><span> (</span><span>const</span><span> entry</span><span> of</span><span> list</span><span>.</span><span>getEntries</span><span>()) {</span></span>
<span class="line"><span> if</span><span> (</span><span>entry</span><span>.</span><span>duration</span><span> &gt;</span><span> 100</span><span>) { </span><span>// Log slow operations</span></span>
<span class="line"><span> console</span><span>.</span><span>log</span><span>(</span><span>`Slow operation detected: </span><span>${</span><span>entry</span><span>.</span><span>name</span><span>}</span><span> took </span><span>${</span><span>entry</span><span>.</span><span>duration</span><span>}</span><span>ms`</span><span>);</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>});</span></span>
<span class="line"><span>obs</span><span>.</span><span>observe</span><span>({ </span><span>entryTypes</span><span>: [</span><span>'function'</span><span>, </span><span>'http'</span><span>, </span><span>'dns'</span><span>] });</span></span>
<span class="line"></span>
<span class="line"><span>// Instrument your own operations</span></span>
<span class="line"><span>async</span><span> function</span><span> processLargeDataset</span><span>(</span><span>data</span><span>) {</span></span>
<span class="line"><span> performance</span><span>.</span><span>mark</span><span>(</span><span>'processing-start'</span><span>);</span></span>
<span class="line"></span>
<span class="line"><span> const</span><span> result</span><span> =</span><span> await</span><span> heavyProcessing</span><span>(</span><span>data</span><span>);</span></span>
<span class="line"></span>
<span class="line"><span> performance</span><span>.</span><span>mark</span><span>(</span><span>'processing-end'</span><span>);</span></span>
<span class="line"><span> performance</span><span>.</span><span>measure</span><span>(</span><span>'data-processing'</span><span>, </span><span>'processing-start'</span><span>, </span><span>'processing-end'</span><span>);</span></span>
<span class="line"></span>
<span class="line"><span> return</span><span> result</span><span>;</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This provides visibility into application performance without external dependencies, helping you identify bottlenecks early in development.</p>
<h2>9. Application Distribution and Deployment</h2>
<p>Modern Node.js makes application distribution simpler with features like single executable applications and improved packaging.</p>
<h3>Single Executable Applications</h3>
<p>You can now bundle your Node.js application into a single executable file, simplifying deployment and distribution:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span># Create a self-contained executable</span></span>
<span class="line"><span>node</span><span> --experimental-sea-config</span><span> sea-config.json</span></span>
<span class="line"></span></code></pre>
<p>The configuration file defines how your application gets bundled:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>{</span></span>
<span class="line"><span> "main"</span><span>: </span><span>"app.js"</span><span>,</span></span>
<span class="line"><span> "output"</span><span>: </span><span>"my-app-bundle.blob"</span><span>,</span></span>
<span class="line"><span> "disableExperimentalSEAWarning"</span><span>: </span><span>true</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This is particularly valuable for CLI tools, desktop applications, or any scenario where you want to distribute your application without requiring users to install Node.js separately.</p>
<h2>10. Modern Error Handling and Diagnostics</h2>
<p>Error handling has evolved beyond simple try/catch blocks to include structured error handling and comprehensive diagnostics.</p>
<h3>Structured Error Handling</h3>
<p>Modern applications benefit from structured, contextual error handling that provides better debugging information:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>class</span><span> AppError</span><span> extends</span><span> Error</span><span> {</span></span>
<span class="line"><span> constructor</span><span>(</span><span>message</span><span>, </span><span>code</span><span>, </span><span>statusCode</span><span> =</span><span> 500</span><span>, </span><span>context</span><span> =</span><span> {}) {</span></span>
<span class="line"><span> super</span><span>(</span><span>message</span><span>);</span></span>
<span class="line"><span> this</span><span>.</span><span>name</span><span> =</span><span> 'AppError'</span><span>;</span></span>
<span class="line"><span> this</span><span>.</span><span>code</span><span> =</span><span> code</span><span>;</span></span>
<span class="line"><span> this</span><span>.</span><span>statusCode</span><span> =</span><span> statusCode</span><span>;</span></span>
<span class="line"><span> this</span><span>.</span><span>context</span><span> =</span><span> context</span><span>;</span></span>
<span class="line"><span> this</span><span>.</span><span>timestamp</span><span> =</span><span> new</span><span> Date</span><span>().</span><span>toISOString</span><span>();</span></span>
<span class="line"><span> }</span></span>
<span class="line"></span>
<span class="line"><span> toJSON</span><span>() {</span></span>
<span class="line"><span> return</span><span> {</span></span>
<span class="line"><span> name</span><span>: </span><span>this</span><span>.</span><span>name</span><span>,</span></span>
<span class="line"><span> message</span><span>: </span><span>this</span><span>.</span><span>message</span><span>,</span></span>
<span class="line"><span> code</span><span>: </span><span>this</span><span>.</span><span>code</span><span>,</span></span>
<span class="line"><span> statusCode</span><span>: </span><span>this</span><span>.</span><span>statusCode</span><span>,</span></span>
<span class="line"><span> context</span><span>: </span><span>this</span><span>.</span><span>context</span><span>,</span></span>
<span class="line"><span> timestamp</span><span>: </span><span>this</span><span>.</span><span>timestamp</span><span>,</span></span>
<span class="line"><span> stack</span><span>: </span><span>this</span><span>.</span><span>stack</span></span>
<span class="line"><span> };</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span>
<span class="line"><span>// Usage with rich context</span></span>
<span class="line"><span>throw</span><span> new</span><span> AppError</span><span>(</span></span>
<span class="line"><span> 'Database connection failed'</span><span>,</span></span>
<span class="line"><span> 'DB_CONNECTION_ERROR'</span><span>,</span></span>
<span class="line"><span> 503</span><span>,</span></span>
<span class="line"><span> { </span><span>host</span><span>: </span><span>'localhost'</span><span>, </span><span>port</span><span>: </span><span>5432</span><span>, </span><span>retryAttempt</span><span>: </span><span>3</span><span> }</span></span>
<span class="line"><span>);</span></span>
<span class="line"></span></code></pre>
<p>This approach provides much richer error information for debugging and monitoring, while maintaining a consistent error interface across your application.</p>
<h3>Advanced Diagnostics</h3>
<p>Node.js includes sophisticated diagnostic capabilities that help you understand what’s happening inside your application:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>import</span><span> diagnostics_channel</span><span> from</span><span> 'node:diagnostics_channel'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span>// Create custom diagnostic channels</span></span>
<span class="line"><span>const</span><span> dbChannel</span><span> =</span><span> diagnostics_channel</span><span>.</span><span>channel</span><span>(</span><span>'app:database'</span><span>);</span></span>
<span class="line"><span>const</span><span> httpChannel</span><span> =</span><span> diagnostics_channel</span><span>.</span><span>channel</span><span>(</span><span>'app:http'</span><span>);</span></span>
<span class="line"></span>
<span class="line"><span>// Subscribe to diagnostic events</span></span>
<span class="line"><span>dbChannel</span><span>.</span><span>subscribe</span><span>((</span><span>message</span><span>) </span><span>=&gt;</span><span> {</span></span>
<span class="line"><span> console</span><span>.</span><span>log</span><span>(</span><span>'Database operation:'</span><span>, {</span></span>
<span class="line"><span> operation</span><span>: </span><span>message</span><span>.</span><span>operation</span><span>,</span></span>
<span class="line"><span> duration</span><span>: </span><span>message</span><span>.</span><span>duration</span><span>,</span></span>
<span class="line"><span> query</span><span>: </span><span>message</span><span>.</span><span>query</span></span>
<span class="line"><span> });</span></span>
<span class="line"><span>});</span></span>
<span class="line"></span>
<span class="line"><span>// Publish diagnostic information</span></span>
<span class="line"><span>async</span><span> function</span><span> queryDatabase</span><span>(</span><span>sql</span><span>, </span><span>params</span><span>) {</span></span>
<span class="line"><span> const</span><span> start</span><span> =</span><span> performance</span><span>.</span><span>now</span><span>();</span></span>
<span class="line"></span>
<span class="line"><span> try</span><span> {</span></span>
<span class="line"><span> const</span><span> result</span><span> =</span><span> await</span><span> db</span><span>.</span><span>query</span><span>(</span><span>sql</span><span>, </span><span>params</span><span>);</span></span>
<span class="line"></span>
<span class="line"><span> dbChannel</span><span>.</span><span>publish</span><span>({</span></span>
<span class="line"><span> operation</span><span>: </span><span>'query'</span><span>,</span></span>
<span class="line"><span> sql</span><span>,</span></span>
<span class="line"><span> params</span><span>,</span></span>
<span class="line"><span> duration</span><span>: </span><span>performance</span><span>.</span><span>now</span><span>() </span><span>-</span><span> start</span><span>,</span></span>
<span class="line"><span> success</span><span>: </span><span>true</span></span>
<span class="line"><span> });</span></span>
<span class="line"></span>
<span class="line"><span> return</span><span> result</span><span>;</span></span>
<span class="line"><span> } </span><span>catch</span><span> (</span><span>error</span><span>) {</span></span>
<span class="line"><span> dbChannel</span><span>.</span><span>publish</span><span>({</span></span>
<span class="line"><span> operation</span><span>: </span><span>'query'</span><span>,</span></span>
<span class="line"><span> sql</span><span>,</span></span>
<span class="line"><span> params</span><span>,</span></span>
<span class="line"><span> duration</span><span>: </span><span>performance</span><span>.</span><span>now</span><span>() </span><span>-</span><span> start</span><span>,</span></span>
<span class="line"><span> success</span><span>: </span><span>false</span><span>,</span></span>
<span class="line"><span> error</span><span>: </span><span>error</span><span>.</span><span>message</span></span>
<span class="line"><span> });</span></span>
<span class="line"><span> throw</span><span> error</span><span>;</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This diagnostic information can be consumed by monitoring tools, logged for analysis, or used to trigger automatic remediation actions.</p>
<h2>11. Modern Package Management and Module Resolution</h2>
<p>Package management and module resolution have become more sophisticated, with better support for monorepos, internal packages, and flexible module resolution.</p>
<h3>Import Maps and Internal Package Resolution</h3>
<p>Modern Node.js supports import maps, allowing you to create clean internal module references:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>{</span></span>
<span class="line"><span> "imports"</span><span>: {</span></span>
<span class="line"><span> "#config"</span><span>: </span><span>"./src/config/index.js"</span><span>,</span></span>
<span class="line"><span> "#utils/*"</span><span>: </span><span>"./src/utils/*.js"</span><span>,</span></span>
<span class="line"><span> "#db"</span><span>: </span><span>"./src/database/connection.js"</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This creates a clean, stable interface for internal modules:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// Clean internal imports that don't break when you reorganize</span></span>
<span class="line"><span>import</span><span> config</span><span> from</span><span> '#config'</span><span>;</span></span>
<span class="line"><span>import</span><span> { </span><span>logger</span><span>, </span><span>validator</span><span> } </span><span>from</span><span> '#utils/common'</span><span>;</span></span>
<span class="line"><span>import</span><span> db</span><span> from</span><span> '#db'</span><span>;</span></span>
<span class="line"></span></code></pre>
<p>These internal imports make refactoring easier and provide a clear distinction between internal and external dependencies.</p>
<h3>Dynamic Imports for Flexible Loading</h3>
<p>Dynamic imports enable sophisticated loading patterns, including conditional loading and code splitting:</p>
<pre class="astro-code one-dark-pro"><code><span class="line"><span>// Load features based on configuration or environment</span></span>
<span class="line"><span>async</span><span> function</span><span> loadDatabaseAdapter</span><span>() {</span></span>
<span class="line"><span> const</span><span> dbType</span><span> =</span><span> process</span><span>.</span><span>env</span><span>.</span><span>DATABASE_TYPE</span><span> ||</span><span> 'sqlite'</span><span>;</span></span>
<span class="line"></span>
<span class="line"><span> try</span><span> {</span></span>
<span class="line"><span> const</span><span> adapter</span><span> =</span><span> await</span><span> import</span><span>(</span><span>`#db/adapters/</span><span>${</span><span>dbType</span><span>}</span><span>`</span><span>);</span></span>
<span class="line"><span> return</span><span> adapter</span><span>.</span><span>default</span><span>;</span></span>
<span class="line"><span> } </span><span>catch</span><span> (</span><span>error</span><span>) {</span></span>
<span class="line"><span> console</span><span>.</span><span>warn</span><span>(</span><span>`Database adapter </span><span>${</span><span>dbType</span><span>}</span><span> not available, falling back to sqlite`</span><span>);</span></span>
<span class="line"><span> const</span><span> fallback</span><span> =</span><span> await</span><span> import</span><span>(</span><span>'#db/adapters/sqlite'</span><span>);</span></span>
<span class="line"><span> return</span><span> fallback</span><span>.</span><span>default</span><span>;</span></span>
<span class="line"><span> }</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span>
<span class="line"><span>// Conditional feature loading</span></span>
<span class="line"><span>async</span><span> function</span><span> loadOptionalFeatures</span><span>() {</span></span>
<span class="line"><span> const</span><span> features</span><span> =</span><span> [];</span></span>
<span class="line"></span>
<span class="line"><span> if</span><span> (</span><span>process</span><span>.</span><span>env</span><span>.</span><span>ENABLE_ANALYTICS</span><span> ===</span><span> 'true'</span><span>) {</span></span>
<span class="line"><span> const</span><span> analytics</span><span> =</span><span> await</span><span> import</span><span>(</span><span>'#features/analytics'</span><span>);</span></span>
<span class="line"><span> features</span><span>.</span><span>push</span><span>(</span><span>analytics</span><span>.</span><span>default</span><span>);</span></span>
<span class="line"><span> }</span></span>
<span class="line"></span>
<span class="line"><span> if</span><span> (</span><span>process</span><span>.</span><span>env</span><span>.</span><span>ENABLE_MONITORING</span><span> ===</span><span> 'true'</span><span>) {</span></span>
<span class="line"><span> const</span><span> monitoring</span><span> =</span><span> await</span><span> import</span><span>(</span><span>'#features/monitoring'</span><span>);</span></span>
<span class="line"><span> features</span><span>.</span><span>push</span><span>(</span><span>monitoring</span><span>.</span><span>default</span><span>);</span></span>
<span class="line"><span> }</span></span>
<span class="line"></span>
<span class="line"><span> return</span><span> features</span><span>;</span></span>
<span class="line"><span>}</span></span>
<span class="line"></span></code></pre>
<p>This pattern allows you to build applications that adapt to their environment and only load the code they actually need.</p>
<h2>The Path Forward: Key Takeaways for Modern Node.js (2025)</h2>
<p>As we look at the current state of Node.js development, several key principles emerge:</p>
<ol>
<li>
<p><strong>Embrace Web Standards</strong>: Use <code>node:</code> prefixes, fetch API, AbortController, and Web Streams for better compatibility and reduced dependencies</p>
</li>
<li>
<p><strong>Leverage Built-in Tools</strong>: The test runner, watch mode, and environment file support reduce external dependencies and configuration complexity</p>
</li>
<li>
<p><strong>Think in Modern Async Patterns</strong>: Top-level await, structured error handling, and async iterators make code more readable and maintainable</p>
</li>
<li>
<p><strong>Use Worker Threads Strategically</strong>: For CPU-intensive tasks, worker threads provide true parallelism without blocking the main thread</p>
</li>
<li>
<p><strong>Adopt Progressive Enhancement</strong>: Use permission models, diagnostics channels, and performance monitoring to build robust, observable applications</p>
</li>
<li>
<p><strong>Optimize for Developer Experience</strong>: Watch mode, built-in testing, and import maps create a more pleasant development workflow</p>
</li>
<li>
<p><strong>Plan for Distribution</strong>: Single executable applications and modern packaging make deployment simpler</p>
</li>
</ol>
<p>The transformation of Node.js from a simple JavaScript runtime to a comprehensive development platform is remarkable. By adopting these modern patterns, you’re not just writing contemporary code—you’re building applications that are more maintainable, performant, and aligned with the broader JavaScript ecosystem.</p>
<p>The beauty of modern Node.js lies in its evolution while maintaining backward compatibility. You can adopt these patterns incrementally, and they work alongside existing code. Whether you’re starting a new project or modernizing an existing one, these patterns provide a clear path toward more robust, enjoyable Node.js development.</p>
<p>As we move through 2025, Node.js continues to evolve, but the foundational patterns we’ve explored here provide a solid base for building applications that will remain modern and maintainable for years to come.</p> </div></summary></entry><entry><title>L4S and the Future of Real-Time Performance in 5G and Beyond</title><link href="https://blog.3g4g.co.uk/2025/07/l4s-and-future-of-real-time-performance.html" rel="alternate"></link><published>2025-07-24T19:35:15.693000Z</published><id>https://blog.3g4g.co.uk/2025/07/l4s-and-future-of-real-time-performance.html</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/l4s-and-the-future-o/5168105:3b196a">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/5168105.png" style="vertical-align: middle;width:16px;height:16px;"> The 3G4G Blog.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="post hentry">
<a class="external" rel="nofollow"></a> <div class="post-body entry-content">
<p>As mobile networks continue to evolve to support increasingly immersive and responsive services, the importance of consistent low latency has never been greater. Whether it is cloud gaming, extended reality, remote machine operation or real-time collaboration, all these applications rely on the ability to react instantly to user input. The slightest delay can affect the user experience, making the role of the network even more critical.</p><div class="separator"><a class="external" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicNADJfuJYZUEKMUsO3vTmDy4DZCkEyeJcPa3k1c4rwwbeeyfXr7GmVc5fUCdjGBSqp4HMQF2TdotE5qbSY9g9ISmrHq7go3mCorAP3VaqT-nnvdO5CqJOaG5xET9494Ei9OZMyf5AVjGn3Zb07NmGEwJUqrnjBKwyspfwwPeeOvROkOPhWJO430VnC2w/s1920/NokiaBellLabs_L4Swhitepaper_1.jpg" rel="nofollow"><img alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicNADJfuJYZUEKMUsO3vTmDy4DZCkEyeJcPa3k1c4rwwbeeyfXr7GmVc5fUCdjGBSqp4HMQF2TdotE5qbSY9g9ISmrHq7go3mCorAP3VaqT-nnvdO5CqJOaG5xET9494Ei9OZMyf5AVjGn3Zb07NmGEwJUqrnjBKwyspfwwPeeOvROkOPhWJO430VnC2w/w640-h360/NokiaBellLabs_L4Swhitepaper_1.jpg" width="640"/></a></div><p>While 5G has introduced major improvements in radio latency and overall throughput, many time-critical applications are still affected by a factor that is often overlooked - <a class="external" href="https://www.nokia.com/bell-labs/research/l4s/" rel="nofollow">queuing delay</a>. This occurs when packets build up in buffers before they are forwarded, creating spikes in delay and jitter. Traditional methods for congestion control, such as those based on packet loss, are too slow to react, especially in mobile environments where network conditions can change rapidly.</p><p><strong><em>Low Latency, Low Loss and Scalable Throughput (L4S)</em></strong>, is a new network innovation designed to tackle this challenge. It is an Internet protocol mechanism developed through the Internet Engineering Task Force, and has recently reached standardisation. L4S focuses on preventing queuing delays by marking packets early when congestion is building, instead of waiting until buffers overflow and packets are dropped. The key idea is to use explicit signals within the network to guide congestion control at the sender side.</p><p>Applications that support L4S are able to reduce their sending rate quickly when congestion starts to appear. This is done by using ECN, or Explicit Congestion Notification, which involves marking rather than dropping packets. The result is a smooth and continuous flow of data, where latency remains low and throughput remains high, even in changing network conditions.</p><p>One of the significant benefits of L4S is its ability to support a wide range of real-time services at scale. <a class="external" href="https://www.ericsson.com/en/reports-and-papers/white-papers/enabling-time-critical-applications-over-5g-with-rate-adaptation" rel="nofollow">Ericsson highlights</a> how edge-based applications such as cloud gaming, virtual reality and drone control need stable low-latency connections alongside high bitrates. While over-the-top approaches to congestion control may work for general streaming, they struggle in mobile environments. This is due to variability in channel quality and radio access delays, which can cause sudden spikes in latency. L4S provides a faster and more direct way to detect congestion within the radio network, enabling better performance for these time-sensitive applications.</p><div class="separator"><a class="external" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN5pVzannMkH0DWDq_aHEqA9JEMxfGB94Zp9GJwp5UYAD2fo20AFEPc4xZf5Lb5ht6FdWyVnyDtL5C386OMLsNGl7bUBDlCXTSvlZDS3rf5Wcnr5x7gj7CgxnD65vEwuYmdlPr9HD87vzdeXX6vOvg3kqtnddwQb0hLTj0xnLNGJSQZXSsCnrECP3eqnM/s1920/Ericsson_L4SsolutionInRAN.jpg" rel="nofollow"><img alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN5pVzannMkH0DWDq_aHEqA9JEMxfGB94Zp9GJwp5UYAD2fo20AFEPc4xZf5Lb5ht6FdWyVnyDtL5C386OMLsNGl7bUBDlCXTSvlZDS3rf5Wcnr5x7gj7CgxnD65vEwuYmdlPr9HD87vzdeXX6vOvg3kqtnddwQb0hLTj0xnLNGJSQZXSsCnrECP3eqnM/w640-h360/Ericsson_L4SsolutionInRAN.jpg" width="640"/></a></div><p>To make this possible, mobile networks need to support L4S in a way that keeps its traffic separate from traditional data flows. This involves using dedicated queues for L4S traffic to ensure it is not delayed behind bulk data transfers. In 5G, this is implemented through dedicated quality-of-service flows, allowing network elements to detect and handle L4S traffic differently. For example, if a mobile user is playing a cloud-based game, the network can identify this traffic and place it on an L4S-optimised flow. This avoids interference from other applications, such as file downloads or video streaming.</p><p><a class="external" href="https://www.nokia.com/asset/213410/" rel="nofollow">Nokia's approach</a> further explains how L4S enables fair sharing of bandwidth between classic and L4S traffic without compromising performance. A dual-queue system allows both types of traffic to coexist while preserving the low-latency characteristics of L4S. This is especially important in scenarios where both legacy and L4S-capable applications are in use. In simulations and trials, the L4S mechanism has shown the ability to maintain very low delay even when the link experiences sudden reductions in capacity, which is common in mobile and Wi-Fi networks.</p><p>One of the important aspects of L4S is that it requires support both from the application side and within the network. On the application side, rate adaptation based on L4S can be implemented within the app itself, often using modern transport protocols such as QUIC or TCP extensions. Many companies, including device makers and platform providers, are already trialling support for this approach.</p><p>Within the network, L4S depends on the ability of routers and radio access equipment to read and mark ECN bits correctly. In mobile networks, the radio access network is typically the key bottleneck where marking should take place. This ensures that congestion is detected at the right point in the path, allowing for quicker response and improved performance.</p><p>Although L4S is distinct from ultra-reliable low-latency communication, it can complement those use cases where guaranteed service is needed in controlled environments. What makes L4S more versatile is its scalability and suitability for open internet and large-scale public network use. It can work across both fixed and mobile access networks, providing a common framework for interactive services regardless of access technology.</p><p>With L4S in place, it becomes possible to offer new kinds of applications that were previously limited by latency constraints. This includes lighter and more wearable XR headsets that can offload processing to the cloud, or port automation systems that rely on remote control of heavy equipment. Even everyday experiences, such as video calls or online gaming, stand to benefit from a more responsive and stable network connection.</p><p>Ultimately, L4S offers a practical and forward-looking approach to delivering the consistent low latency needed for the next generation of digital experiences. By creating a tighter feedback loop between the network and the application, and by applying congestion signals in a more intelligent way, L4S helps unlock the full potential of 5G and future networks.</p><p>This <a class="external" href="https://www.youtube.com/watch?v=hBlJ7wXtK_o" rel="nofollow">introductory video</a> by CableLabs is a good starting point for anyone willing to dig deeper in the topic. This <a class="external" href="https://www.linkedin.com/posts/deanbubley_l4s-wifi-wifi8-activity-7333434605863145472-sslo/" rel="nofollow">LinkedIn post</a> by Dean Bubley and the comments are also worth a read.</p><p><em><strong>PS</strong>: Just noticed that T-Mobile USA have announced earlier this week that they are the first to unlock L4S in wireless . You can read their blog post <a class="external" href="https://www.t-mobile.com/news/network/unlock-l4s-5g-advanced" rel="nofollow">here</a> and a promotional video is available in the Tweet below 👇</em></p><blockquote class="twitter-tweet"><p>Your apps need more than speed—they need responsiveness.L4S is now live on our 5G Advanced network, delivering lower latency, less lag, and smarter performance for things like XR, video calls, and remote driving.</p><p>CTO <a class="external" href="https://twitter.com/JohnSaw?ref_src=twsrc%5Etfw" rel="nofollow">@JohnSaw</a> explains: <a class="external" href="https://t.co/4VMI3WbZE2" rel="nofollow">https://t.co/4VMI3WbZE2</a> <a class="external" href="https://t.co/mZ60nvDoM4" rel="nofollow">pic.twitter.com/mZ60nvDoM4</a></p>— T-Mobile Business (@TMobileBusiness) <a class="external" href="https://twitter.com/TMobileBusiness/status/1947318651369271575?ref_src=twsrc%5Etfw" rel="nofollow">July 21, 2025</a></blockquote> </div> </div></summary></entry><entry><title>NVIDIA Tensor Core Evolution: From Volta To Blackwell</title><link href="https://semianalysis.com/2025/06/23/nvidia-tensor-core-evolution-from-volta-to-blackwell/" rel="alternate"></link><published>2025-06-24T14:45:13.116000Z</published><id>https://semianalysis.com/2025/06/23/nvidia-tensor-core-evolution-from-volta-to-blackwell/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/nvidia-tensor-core-e/8271433:d6741c">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/8271433.png" style="vertical-align: middle;width:16px;height:16px;"> SemiAnalysis.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="entry-content wp-block-post-content has-global-padding is-layout-constrained wp-block-post-content-is-layout-constrained">
<p>In our<a class="external" href="https://semianalysis.com/2024/12/11/scaling-laws-o1-pro-architecture-reasoning-training-infrastructure-orion-and-claude-3-5-opus-failures/" rel="nofollow"> AI Scaling Laws article from late last year</a>, we discussed how multiple stacks of AI scaling laws have continued to drive the AI industry forward, enabling greater than Moore’s Law growth in model capabilities as well as a commensurately rapid reduction in unit token costs. These scaling laws are driven by training and inference optimizations and innovations, but advancements in compute capabilities transcending Moore’s Law have also played a critical role.</p> <p>One this front, in the AI Scaling Laws article, we revisited the decades-long debate around compute scaling, recounting the end of Dennard Scaling in the late 2000s as well as the end of classic Moore’s Law pace cost per transistor declines by the late 2010s. Despite this, compute capabilities have continued to improve at a rapid pace, with the baton being passed to other technologies such as <a class="external" href="https://semianalysis.com/2021/12/15/advanced-packaging-part-1-pad-limited/" rel="nofollow">advanced packaging</a>, <a class="external" href="https://semianalysis.com/2025/02/05/iedm2024/" rel="nofollow">3D stacking</a>, <a class="external" href="https://semianalysis.com/2023/02/21/the-future-of-the-transistor/" rel="nofollow">new transistor types</a> and specialized architectures such as the GPU.</p> <p>When it comes to AI and deep learning, GPU compute capabilities have improved at a faster than Moore’s law pace, consistently delivering remarkable “<a class="external" href="https://en.wikipedia.org/wiki/Huang%27s_law" rel="nofollow">Huang’s Law</a>†performance improvements year after year. The technology that is at the heart of driving this improvement is the Tensor Core.</p> <p>Though the Tensor Core is unquestionably the bedrock upon which the foundations of modern AI and machine learning are built, it is not well understood, even by many experienced practitioners in the field. The rapid evolution of GPU architecture and programming models that run on this architecture means that it is increasingly challenging for Machine Learning researchers and scientists to keep up with the latest changes to Tensor Cores and grasp the implications of these changes.</p> <p>In this report, we will introduce the core features of the major datacenter GPUs, first explaining important first principles of performance engineering. We will then trace the evolution of Nvidia’s Tensor Core architectures and programming models, highlighting the motivations behind this evolution. Our end goal is to provide a resource for understanding Nvidia’s GPU architecture and offer intuitive insights into their architectural evolution. Only after explaining each architecture can we explain the beauty of the Blackwell tensor core and the new memory hierarchy of it.</p> <p>It is important that we explain that a solid grasp of computer architecture is a prerequisite for being able to follow many of the explanations and discussions in this article, and this article will provide a brief section about CUDA programming as a refresher rather than explaining foundational concepts of GPU architecture. Instead, we build on the forefront of Tensor Core knowledge, extending understanding of this cutting-edge technology by documenting what is currently tribal knowledge into accessible, structured insight through detailed explanation.</p> <p>Just as a university will teach 101 courses as well as 4000 level courses, different articles at SemiAnalysis will cater to varying levels of understanding of the subject matter as well as to readers in different vocations and specializations.</p> <p>We would like to thank our collaborators:</p> <ul class="wp-block-list">
<li><a class="external" href="https://research.colfax-intl.com" rel="nofollow">Jay Shah</a>, Colfax Research: Terrific CUTLASS tutorials and numerous meetings meticulously checking the technical details</li> <li><a class="external" href="https://benjaminfspector.com/" rel="nofollow">Ben Spector</a>, Stanford Hazy Research: Offered great insights into programming model change and writing advice</li> <li><a class="external" href="https://tridao.me/" rel="nofollow">Tri Dao</a>, Princeton and Together AI: Reviewed drafts and gave detailed feedback</li> <li><a class="external" href="https://www.neilmovva.com/about/" rel="nofollow">Neil Movva</a>, Together AI: Reviewed drafts and offered insights into GPU kernel writing</li> <li><a class="external" href="https://charlesfrye.github.io/about/" rel="nofollow">Charles Frye</a>, Modal: Pedagogical GPU Glossary and general review of the draft</li> <li><a class="external" href="https://simonguo.tech/" rel="nofollow">Simon Guo</a>, Stanford PhD student: Illustrated the cover picture and reviewed the draft</li> <li>NVIDIA: Shared context around the progression of Tensor Core designs. Teams include: </li> <li>Many other GPU wizards</li>
</ul> <p>SemiAnalysis will be posting exclusive content on <a class="external" href="http://instagram.com/semianalysis" rel="nofollow">Instagram Reels</a> and <a class="external" href="https://www.tiktok.com/@semianalysis" rel="nofollow">TikTok</a> starting next week. Follow our socials to get the latest insights on the AI and GPU industry.</p> <p>For a fixed problem size, Amdahl’s Law specifies the maximum speedup you can obtain by parallelizing with more compute resources. Concretely, scaling compute resources only drives down the execution time of the parallel portion, so the performance improvement is bounded by the serial portion. To quantify it, the maximum performance improvement is:</p> <p>where S is the parallel work execution time and p is the speedup of the parallelizable work. In an ideal world where the parallel portion is perfectly parallelized, the speedup p can be the number of processing units.</p> <p>Strong and weak scaling describe the performance improvement of scaling compute resources for different problem setups. Strong scaling refers to scaling compute resources to solve a fixed-size problem, and Amdahl’s Law quantifies the speedup of strong scaling. On the other hand, weak scaling refers to scaling compute resources to solve larger problems at a constant time. For example, processing a 4x larger image in the same time using 4x more compute resources. We recommend <a class="external" href="https://acenet-arc.github.io/ACENET_Summer_School_General/05-performance/index.html" rel="nofollow">this blog post</a> for more detailed explanations.</p> <p>Strong and weak scaling imply different performance improvements across problem sizes. Strong scaling offers speedup for all problem sizes, while weak scaling only guarantees performance improvement when we use more compute to solve a larger problem.</p> <p>Data movement is a sin because in terms of runtime and scaling, computation is cheap and data movement is expensive. Data movement is fundamentally slower because modern DRAM cells operate at tens of nanoseconds, while transistors switch at sub-nanosecond speed. Regarding scaling, while computation speed gains have slowed since the 2000s, <a class="external" href="https://semianalysis.com/2024/09/03/the-memory-wall/" rel="nofollow">memory speed has improved slower</a>, creating the <a class="external" href="https://en.wikipedia.org/wiki/Random-access_memory#Memory_wall" rel="nofollow">memory wall</a>.</p> <p>In this section, we introduce the main Nvidia GPU architectures that use Tensor Cores, namely the Tesla V100 GPU, A100 Tensor Core GPU, H100 Tensor Core GPU, as well as the Blackwell GPU. We have also included a pre-Tensor Core section as a refresher for the CUDA programming model. We will briefly go over the major features and changes that are relevant to understanding the Tensor Core, and we defer the details to other sources, which we link in each subsection.</p> <p>Parallel Thread Execution (PTX) is a virtual instruction set that abstracts over GPU generations. A PTX program describes a <strong>kernel function</strong> that is executed with a large number of GPU threads, which are executed on the GPU’s hardware execution units, i.e. CUDA cores. <strong>Threads</strong> are organized as a grid, and a <strong>grid</strong> consists of cooperative thread arrays (<strong>CTA</strong>s). PTX threads can access data from multiple state spaces, which are memory storage areas with different characteristics. Specifically, threads have per-thread <strong>registers</strong>, threads within a CTA have <strong>shared memory</strong>, and all threads can access <strong>global memory</strong>. For more information, please read <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#programming-model" rel="nofollow">this section of the CUDA documentation</a>.</p> <p>The GPU architecture is built around an array of streaming multiprocessors (<strong>SM</strong>s). An SM consists of scalar processing cores, a multithreaded instruction unit, and an on-chip shared memory. An SM maps each thread to a scalar processing core (also known as a CUDA core), and the multithreaded instruction unit manages threads in groups of 32 parallel threads called <strong>warps</strong>.</p> <p>At instruction issue time, the instruction unit selects a warp and issues an instruction to the threads of the warp. This execution method is called single-instruction, multiple threads (<strong>SIMT</strong>). Similar to single-instruction, multiple data (<strong>SIMD</strong>), SIMT controls multiple processing elements with a single instruction, but unlike SIMD, SIMT specifies a single thread behavior instead of vector width. For more information, please read <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#ptx-machine-model" rel="nofollow">this section of the CUDA documentation</a>.</p> <p>Streaming Assembler (SASS) is the architecture-specific instruction set that PTX virtualizes over. See the <a class="external" href="https://docs.nvidia.com/cuda/cuda-binary-utilities/index.html#instruction-set-reference" rel="nofollow">CUDA binary utilities documentation</a> for more information. Unfortunately, SASS is not well documented due to NVIDIA hiding their architecture ISA details from their competitors.</p> <p>As deep learning became more prominent, the industry noticed that ML workloads were in need of hardware acceleration. Early in 2015, Google deployed TPUv1 for accelerating their internal ML workloads, and in 2017, Nvidia introduced dedicated hardware for matrix math. Although GPUs consume a small amount of energy when issuing instructions (~30pJ) because of their simple hardware pipeline, simple floating point operations like <code> </code>consume even less energy at only 1.5pJ. This creates a 20x overhead of power needed for instructions vs for the floating point operation itself. As a result, performing a lot of floating point operations for matrix multiplication is power inefficient. To amortize the instruction overhead, we need to use complex instructions that can perform more computation per instruction. To this end, Nvidia designed the <strong>half-precision matrix multiply and accumulate (<code></code>) instruction</strong>, a specialized instruction that performs half-precision matrix multiplication. The corresponding dedicated hardware to execute this instruction is the Tensor Core, introduced in the Tesla V100 GPU of Volta architecture in 2017. The Volta tensor core was added very late into development of the Volta architecture, only a handful of months before tape out, a testament to how fast Nvidia can pivot their architecture.</p> <p>Given a matrix, the multiply and accumulate (MMA) instruction computes D = A * B + C:</p> <ul class="wp-block-list">
<li>A is an M by K matrix</li> <li>B is a K by N matrix</li> <li>C and D are M by N matrices</li>
</ul> <p>We denote the matrix shapes as <code></code> or MxNxK.</p> <p>To perform the full computation, we first load matrices A, B, and C from shared memory to thread registers, so that each thread holds fragments of the matrices. Second, we execute the MMA instruction, which reads the matrices from thread registers, performs computation on Tensor Cores, and stores the result to thread registers. Finally, we store the results from thread registers back to shared memory. The full computation is collectively performed by multiple threads, meaning that every step requires a synchronization between the collaborating threads.</p> <p>An SM of a Tesla V100 GPU contains 8 Tensor Cores, grouped in partitions of two. Each Tensor Core is capable of computing an equivalent of 4x4x4 matrix multiplication per cycle, which amounts to 1024 FLOPs per cycle per SM.<br/></p> <p>NVIDIA designed PTX instruction mma to target the lower level <code></code> instructions. On Volta architecture, an MMA instruction performs an 8x8x4 matrix multiplication, and a quadpair of 8 threads participate in the operation by collectively holding the input and output matrices. Here T0 refers to thread 0, [T0, T1, T2, T3] and [T16, T17, T18, T19] are threadgroups, and the 2 threadgroups form a quadpair.</p> <p>In terms of data types, Volta Tensor Cores support FP16 inputs with FP32 accumulation in correspondence with NVIDIA’s <a class="external" href="https://arxiv.org/abs/1710.03740" rel="nofollow">mixed-precision training</a> technique. This technique showed it is possible to train models at lower precision without losing model accuracy.</p> <p>To fully understand the MMA layout, please refer to Citadel’s microbenchmarking paper, <a class="external" href="https://arxiv.org/abs/1804.06826" rel="nofollow">Dissecting the NVIDIA Volta GPU Architecture via Microbenchmarking</a>. To see the interleaved layout pattern for Volta Tensor Core MMAs, please read the slides <a class="external" href="https://developer.download.nvidia.com/video/gputechconf/gtc/2019/presentation/s9593-cutensor-high-performance-tensor-operations-in-cuda-v2.pdf" rel="nofollow">Programming Tensor Cores: Native Tensor Cores with CUTLASS</a>. Finally, for other information of the Volta architecture, please refer to the whitepaper <a class="external" href="https://images.nvidia.com/content/volta-architecture/pdf/volta-architecture-whitepaper.pdf" rel="nofollow">NVIDIA Tesla V100 GPU Architecture</a>.</p> <p>Turing architecture includes the <strong>2nd generation Tensor Cores</strong>, an enhanced version of Volta Tensor Cores, adding INT8 and INT4 precision support. Turing Tensor Cores support a new warp-level synchronous MMA, which we will discuss in the next section. Turing Tensor Cores also enabled Deep Learning Super Sampling (DLSS), marking the start of NVIDIA applying deep learning to gaming graphics. Interested readers can refer to NVIDIA’s blog post <a class="external" href="https://developer.nvidia.com/blog/nvidia-turing-architecture-in-depth/" rel="nofollow">NVIDIA Turing Architecture In-Depth</a> and the <a class="external" href="https://images.nvidia.com/aem-dam/en-zz/Solutions/design-visualization/technologies/turing-architecture/NVIDIA-Turing-Architecture-Whitepaper.pdf" rel="nofollow">Turing architecture whitepaper</a>.</p> <p>With Ampere, NVIDIA introduced asynchronous data copy, a way of copying data directly from global memory to shared memory in an asynchronous fashion. To load data from global memory to shared memory on Volta, threads must first load data from global memory to registers, and then store it to shared memory. However, MMA instructions have high register usage and must share the register file with data-loading operations, causing high register pressure and wasting memory bandwidth for copying data in and out of RF.</p> <p>Async data copy mitigates this issue by fetching data from global memory (DRAM) and directly storing it into shared memory (with optional L1 access), freeing up more registers for MMA instructions. Data loading and compute can happen asynchronously which is more difficult from a programming model perspective but unlocks higher performance.</p> <p>This feature is implemented as PTX instruction thread-level async copy cp.async (<a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#data-movement-and-conversion-instructions-non-bulk-copy" rel="nofollow">documentation</a>). The corresponding SASS is LDGSTS, asynchronous global to shared memory copy. The exact synchronization methods are async-group and mbarrier-based completion mechanisms, detailed <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#data-movement-and-conversion-instructions-asynchronous-copy-completion-mechanisms" rel="nofollow">here</a>.</p> <p>Ampere has 4 Tensor Cores per SM, and each Tensor Core is capable of performing 512 FLOPs per cycle, amounting to 2048 Dense FLOPs per cycle per SM, doubling the performance of Volta.</p> <p>While Volta requires a quadpair of 8 threads to participate in an MMA operation, Ampere requires a full warp of 32 threads. Having MMA instructions warp-wide simplifies the thread layout &amp; reducing RF pressure for Ampere. For instance, here is the thread and data layout for mixed-precision floating point of shape 16x8x16:</p> <p>NVIDIA introduced <code></code> in Ampere, an enhanced vectorized load operation. Like <code></code>, <code></code> is warp-wide, meaning that a warp of threads collectively loads a matrix. Compared to issuing multiple load instructions, this reduces address generation register use, lowering register pressure. See <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html#warp-level-matrix-instructions-ldmatrix" rel="nofollow">the CUDA documentation</a> for more information.</p> <p><code></code> loads data to registers in a layout that matches Tensor Core’s data layout. Compared to Volta’s interleaved pattern (See <a class="external" href="https://developer.download.nvidia.com/video/gputechconf/gtc/2019/presentation/s9593-cutensor-high-performance-tensor-operations-in-cuda-v2.pdf" rel="nofollow">Programming Tensor Cores: Native Tensor Cores with CUTLASS</a>), a simpler thread and data layout greatly improves the programming ergonomics. Watch the GTC talk <a class="external" href="https://www.nvidia.com/en-us/on-demand/session/gtcsj20-s21745/" rel="nofollow">Developing CUDA Kernels to Push Tensor Cores to the Absolute Limit on NVIDIA A100</a> to learn more about how exactly Ampere’s memory loading is coherent with Tensor Core.</p> <p>Ampere MMA features Brain Floating Point Format (BF16), which has become the de facto standard for half-precision data types. BF16 provides the same 8-bit exponent range as FP32 but with a 7-bit mantissa, allowing FP32-level dynamic range at half the storage cost. BF16 also removes the need for loss scaling in mixed-precision training.</p> <p>As the number of SMs grew, the size disparity between an SM and the whole GPU increased. To offer a finer granularity of control between CTAs (map to SMs) and the grid (maps to the whole GPU), on Hopper, NVIDIA added a new thread hierarchy level, <strong>thread block cluster</strong>, which maps to a group of SMs physically located in the same graphics processing cluster (GPC). Thread block cluster is also called cooperative grid array (CGA) and referred to as cluster in the CUDA documentation (<a class="external" href="https://stackoverflow.com/questions/78510678/whats-cga-in-cuda-programming-model" rel="nofollow">See here for more information</a>).</p> <p>CTAs in a thread block cluster are guaranteed to be co-scheduled on SMs in the same GPC and distributed one CTA per SM by default. The shared memory partitions of those SMs form a <strong>distributed shared memory (DSMEM)</strong>. A thread can access the shared memory from another SM with low latency through the dedicated SM-to-SM network (without going through L2 cache). By exposing the GPC hardware execution unit to the programming model, programmers can reduce data movement and improve the data locality.</p> <p>To improve data fetch efficiency, NVIDIA added the Tensor Memory Accelerator (TMA) to each Hopper SM. TMA is a dedicated hardware unit that accelerates asynchronous data transfers of large quantities between global and shared memory (bulk asynchronous copies). </p> <p>A single thread in a CTA can initiate a TMA copy operation. TMA frees up threads to execute other independent work, handling address generation and offering additional benefits such as out-of-bounds handling. In PTX, the corresponding instruction is <code></code>, detailed in <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#data-movement-and-conversion-instructions-bulk-copy" rel="nofollow">this CUDA documentation section</a>.</p> <p>However, for small requests, TMA loads have higher latency than regular async data copies because of the address generation overhead. Thus, NVIDIA recommends programmers to use TMAs for large data copies to amortize the overhead. For example, in LLM inference, TMA is not suitable for workloads that load KV cache in small chunks, but works well when each chunk is a multiple of 16 bytes. For more concrete examples of this, see <a class="external" href="https://lmsys.org/blog/2024-01-17-sglang/" rel="nofollow">SGLang prefix caching</a>, paper <a class="external" href="https://arxiv.org/abs/2501.01005" rel="nofollow">FlashInfer</a> section 3.2.1, paper <a class="external" href="https://arxiv.org/abs/2505.21487v1" rel="nofollow">Hardware-Efficient Attention for Fast Decoding</a> section 4.2, and <a class="external" href="https://github.com/HazyResearch/ThunderKittens/blob/mla/kernels/attn/demo/mla_decode/template_mla_decode.cu#L117" rel="nofollow">ThunderKittens MLA decode</a>.</p> <p>TMA also supports a mode of loading data called multicast, where TMA loads data from global memory to shared memory of multiple SMs in a thread block cluster, specified by a multicast mask. Instead of issuing multiple global memory loads loading the same piece of data into multiple SMs, multicast completes it in one load. Specifically, multiple CTAs in a thread block cluster load a portion of the data into their corresponding SMEMs and share the data through DSMEM. This reduces L2 cache traffic and subsequently reduces HBM traffic. We recommend reading <a class="external" href="https://research.colfax-intl.com/tutorial-hopper-tma/" rel="nofollow">Jay Shah’s TMA tutorial</a> for more details.</p> <p>NVIDIA introduced a new type of MMA with Hopper, warpgroup-level MMA (<code></code>). <code></code> is warpgroup-wide, meaning that a warpgroup of 4 warps collectively performs an MMA operation. <code></code> supports a wider range of shapes. For example, mixed-precision MMA supports <code></code>, where N can be multiples of 8 from 8 to 256. <code></code> lowers to a new set of SASS: <code></code>. In another example, half-precision <code></code> instructions lowers to . See <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#asynchronous-warpgroup-level-matrix-shape" rel="nofollow">this CUDA documentation section</a> for the details of MMA shapes and data types.</p> <p>While all threads in a warpgroup collectively hold the output matrix in their registers, Hopper Tensor Cores can directly load operands from shared memory instead of registers, saving register space and bandwidth. Specifically, operand matrix A can reside in either registers or shared memory, while operand matrix B can only be accessed through shared memory. See the <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#asynchronous-warpgroup-level-matrix-instructions" rel="nofollow">CUDA documentation wgmma section</a> for the details of ’s completion mechanism, SMEM layout, and more.</p> <p>For <code></code> data types, Hopper introduced 8-bit floating-point data types (E4M3 and E5M2) with FP32 accumulation. In practice,<a class="external" href="https://arxiv.org/abs/2412.19437" rel="nofollow"> the accumulation path was implemented as a 22-bit fixed-point format (13-bit mantissa plus sign and exponent bits),</a> limiting the dynamic range compared to true 32-bit accumulation. Due to the reduced tensor core precision, every N_c accumulations has to happen in the CUDA core to prevent constraining training accuracy. (<a class="external" href="https://arxiv.org/abs/2412.19437" rel="nofollow">See this paper section 3.3.2</a>). This reduced precision accumulation improves efficiency, but comes at the cost of accuracy.</p> <p>For more information on the Hopper Architecture, see the following:</p> <p>For examples of how to program Hopper GPUs, see:</p> <p>The extreme register pressure did not let up on Hopper, which motivated <strong>Tensor Memory (TMEM)</strong>, a new piece of memory specialized for Tensor Core operations. On every SM, TMEM has 128 rows (lanes) and 512 columns of 4-byte cells, totaling to 256 KB, which is also the size of the register file on an SM.</p> <p>TMEM has a restricted memory access pattern. Specifically, it takes a warpgroup to access the whole TMEM, and each warp in a warpgroup can only access a specific set of lanes. By limiting the memory access pattern, hardware designers can reduce the number of access ports, saving chip space. On the other hand, this design also means that epilogue operations need a warpgroup to operate. Unlike shared memory, programmers have to explicitly manage TMEM, including allocation, deallocation, and copying data in and out of TMEM.</p> <p>Two CTAs in a thread block cluster form a <strong>CTA pair</strong> if their CTA ranks in their thread block cluster differ by the last bit, e.g. 0 and 1, 4 and 5. A CTA pair maps to a Texture Processing Cluster (TPC), which consists of two SMs and combines with other TPCs to form a GPC. When Blackwell Tensor Core operations perform at a CTA pair granularity, the two CTAs are able to share input operands. This sharing reduces both SMEM capacity and bandwidth requirements.</p> <p>Tensor Core 5th Generation MMA instruction (<code></code> in PTX) fully moved away from using registers for holding matrices. Operands now reside in shared memory and Tensor Memory. </p> <p>Specifically, suppose the MMA computes D = A * B + D: Not using thread registers removes the complex data layouts and frees up thread register space for other work such as epilogue operations. Unlike <code></code> using a warpgroup to initiate an MMA operation, <code></code> has single thread semantics, meaning that a single thread initiates an MMA operation. This removes the role of warps from issuing MMA.</p> <p>One notable MMA variant is MMA.2SM, which uses 2 SMs to collectively perform an MMA operation. MMA.2SM executes at the CTA-pair level granularity, and since <code></code> has single thread semantics, a single thread in the leader CTA of the CTA pair launches MMA.2SM. Here we illustrate data path organization <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#tcgen05-data-path-layout-a" rel="nofollow">layout A</a>. Layout A shows MMA.2SM doubles the M dimension compared to the 1SM version (<a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#tcgen05-data-path-layout-d" rel="nofollow">layout D</a>), so the two SMs load different matrix A and D tiles. In addition, MMA.2SM splits matrix B, halving the amount of data loaded.</p> <p>Matrix B is shared across the two SMs, meaning tiles B0 and B1 need to be communicated across the DSMEM. Although there is a bandwidth difference between DSMEM and SMEM, the effects on the coordination are minimal because we are loading smaller tiles. That said, we suspect that on Blackwell the communication bandwidth between SMs in a TPC is higher than DSMEM’s, so MMA.2SM leverages this to achieve better performance.</p> <p>5th-gen Tensor Cores can also perform convolutions in addition to general matrix multiplication. <code></code> supports weight stationary patterns with a collector buffer, which caches matrix B for reuse. For more information, please refer to the <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html#tcgen05-mma" rel="nofollow">CUDA documentation</a> and the corresponding <a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html#tcgen05-mma-instructions-mma-ws" rel="nofollow">weight stationary MMA instruction</a>.</p> <p>In terms of supported data types, Blackwell supports microscaling floating-point format (MXFP), including MXFP8, MXFP6, and MXFP4. See <a class="external" href="https://arxiv.org/abs/2310.10537" rel="nofollow">this paper</a> for details. Blackwell also supports NVIDIA’s own NVFP4 format, which is known for being more accurate than MXFP4. This is likely because of its smaller block size, different scaling factor data format, and the two-level quantization method (See <a class="external" href="https://github.com/NVIDIA/TensorRT-LLM/issues/3037" rel="nofollow">this GitHub issue</a>). See <a class="external" href="https://arxiv.org/abs/2505.19115" rel="nofollow">this paper</a> for data format comparisons.</p> <p>With Blackwell, since FP8 and FP6 have the same theoretical throughput, we believe that they share physical circuits in Tensor Cores. In contrast, CDNA4 has 2x the FP6 throughput compared to FP8 because their FP6 units share data paths with FP4 instead. We believe that UDNA will switch to having FP6 units share with FP8 instead.</p> <p>Ampere featured 2:4 structured sparsity, which in theory doubled the Tensor Core throughput. It achieves this by pruning the weight matrix such that for every 4 elements, 2 of them are zero. In this format, the matrix is compressed by removing zero elements, and an additional metadata index matrix records their positions, roughly halving the memory usage and bandwidth.</p> <p>According to <a class="external" href="https://arxiv.org/abs/2501.12084" rel="nofollow">this microbenchmarking paper from cracked chinese engineers</a>, Ampere’s structured sparsity can realize 2x speedup for large shape MMA operations at the instruction level. It also shows that in Hopper, structured sparsity <code></code> instructions can reach 2x speedup and save up to 2x on memory bandwidth used to load weights.</p> <p>Unfortunately, 2:4 structured sparsity GEMMs kernels are unable to reach anywhere close to 2x speedup compared to their dense counterparts on hopper. This is due to difficulties in doing structured pruning while maintaining model accuracy, cuSPARSELt kernels being unoptimized, and TDP limitations. Except for Chinese AI labs and a limited number of experimental western <a class="external" href="https://arxiv.org/abs/2503.16672" rel="nofollow">research</a> <a class="external" href="https://developers.redhat.com/articles/2024/12/18/24-sparse-llama-fp8-sota-performance-nvidia-hopper-gpus" rel="nofollow">papers</a>, most AI labs ignore 2:4 structured sparsity for production inferencing and focus on quantization &amp; distillation. Meta is experimenting with it in Llama, but that is a dead end path in many cases as well.</p> <p>Furthermore, there is a lack of closed or open models that have shown performance improvements with 2:4 FP8 structured sparsity or 4:8 FP4 structured sparsity while maintaining zero accuracy loss &amp; a <a class="external" href="https://github.com/NVIDIA/TensorRT-Model-Optimizer/blame/main/modelopt/torch/sparsity/sparsegpt.py" rel="nofollow">general lack of resources dedicated</a> to structured pruning. We recommend that NVIDIA should stop with <a class="external" href="https://semianalysis.com/2025/03/19/nvidia-gtc-2025-built-for-reasoning-vera-rubin-kyber-cpo-dynamo-inference-jensen-math-feynman/#jensen-math-changes-every-year" rel="nofollow">Jensen math</a> structured sparsity flops in keynotes &amp; marketing material unless they start consistently showing SOTA open models being able to take advantage of structured pruning for inferencing. A good first step would be to do structured sparsity on DeepSeek and also show that performance can stack on top of other techniques like distillation &amp; quantization like NVFP4.</p> <p>In its fifth‑generation Tensor Cores, NVIDIA introduced pair‑wise 4 : 8 structured sparsity for the NVFP4 data type. In this scheme, every eight elements are grouped into four consecutive pairs, and exactly two of those pairs must contain non‑zero values while the remaining two are pruned to zero. Because NVFP4 is a sub‑byte data type, we believe this constraint motivated NVIDIA to adopt the pair‑wise 4 : 8 pattern. Although 4 : 8 sparsity may appear more permissive than the earlier 2 : 4 pattern, the added pair‑wise requirement means it is not, in practice, a more relaxed constraint for ML engineers seeking to preserve model accuracy while pruning.</p> <p>Over generations, NVIDIA scaled the Tensor Core size more aggressively than the number of Tensor Cores. NVIDIA chose scaling the tensor core size rather than number of cores because it suits the performance characteristics of matrix multiplication better. Specifically, when scaling the problem size, matrix multiplication computation grows cubically, but data movement grows quadratically, meaning the arithmetic intensity grows linearly. O(n) arithmetic intensity, combined with the fact that data movement is more expensive than computation, incentivized the tensor core size increase.</p> <p>However, both scaling core size and number of cores come at the cost of the quantization effects. Specifically, having a large number of cores suffer from the <a class="external" href="https://docs.nvidia.com/deeplearning/performance/dl-performance-matrix-multiplication/index.html#tile-quant" rel="nofollow">tile quantization effect</a>, and having a large core size leads to <a class="external" href="https://docs.nvidia.com/deeplearning/performance/dl-performance-matrix-multiplication/index.html#wave-quant" rel="nofollow">wave quantization effect</a>. The wave quantization effect occurs when the number of work units isn’t fully divisible by the number of workers, causing utilization to drop when processing the final, smaller batch of work. Increasing tensor core size is essentially increasing the work unit size, resulting in low utilization for small matrices (See this <a class="external" href="https://hazyresearch.stanford.edu/blog/2025-03-15-tk-blackwell" rel="nofollow">ThunderKittens blog post</a>).</p> <p>The linear growth in arithmetic intensity also motivates the increase in MMA shape. Having larger MMA shapes enhances the operand sharing granularity. Specifically, launching fewer larger tiles would increase the data reuse, saving memory footprint and bandwidth of RF and SMEM. For architectures before Blackwell, this led to increasing the number of threads to collectively perform an MMA operation, from a quadpair of 8 threads (Volta), to a warp of 32 threads (Ampere), and then a warpgroup of 128 threads (Hopper).</p> <p>Shared memory increased almost every generation, while register file size stayed constant. The reason for this is that Tensor Core throughput increase requires a deeper staging buffer.</p> <p>Because Tensor Cores consume data much faster than global memory can load, we use a staging memory to buffer data, so memory loading can run ahead of MMA operations. <strong>Tensor Core throughput doubled every generation, but global memory load latency didn’t decrease and in fact increased. As a result, we need to increase the staging memory size for buffering more data.</strong> To implement this, NVIDIA chose shared memory as the staging memory for Tensor Cores, which explains why shared memory increased but register file size remained constant.</p> <p>However, Blackwell’s shared memory size didn’t increase from Hopper. This is because tcgen05 MMA can leverage 2 SMs, so each SM’s shared memory only needs to load half of the operands. Thus, Blackwell’s shared memory size effectively doubled.</p> <p>NVIDIA’s staging memory choice also explains why operand locations gradually moved away from registers to shared memory. That said, NVIDIA added TMEM on Blackwell to support the increased Tensor Core throughput. Since TMEM is placed closer to Tensor Cores, it can be more power efficient. In addition, having a separate memory increases the aggregate memory bandwidth for saturating the Tensor Cores.</p> <p>Among all operands, matrix D always stays in TMEM. We can take advantage of TMEM’s power efficiency with this design because matrix D is more frequently accessed than matrix A and B. For example, to compute a tile in a naive tiled matrix multiplication, matrix D tile is accessed 2Kt times (Kt reads and Kt writes. Kt: The number of tiles along the K dimension), whereas matrix A tiles and matrix B tiles are accessed only once.</p> <p>The “H†in <code></code> stands for half precision since it is a 16 bit format while “Q†in <code></code> stands for quarter precision (8 bit) since 8 bits is a quarter of a full precision (32 bits). “O†stands for “Octal†which means one eighth of 32 bits as <code></code> is FP4.</p> <p>MMA instructions seemingly jumped from synchronous to asynchronous. In reality, MMA instructions gradually became asynchronous at the SASS level because of the need to overlap instructions.</p> <p>At SASS level, an MMA operation involves executing one <code></code> instruction to load matrix tiles from shared memory to the register file, and then two instructions to perform MMA. During execution, the two instructions are issued asynchronously, and block the register usage with hardware interlocks. Since hardware interlocks disallows overlapping LDSM instructions, sequential execution of one <code></code> and two instructions creates a small bubble in the instruction issue pipeline. However, Tensor Cores have become so fast that this bubble causes non-negligible amount of performance loss, which calls for an asynchronous completion mechanism for MMA.</p> <p>Hopper supports asynchronous completion mechanism commit and fence for <code></code>. When <code></code> instructions are issued, there are no hardware interlocks to guard register usage. Instead, the compiler schedules <code></code> for the next MMA and uses instruction to keep the next <code></code> waiting. With Blackwell, the MMA operation is fully asynchronous. Instructions for loading into Tensor Memory (<a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#tcgen05-memory-consistency-model-async-operations" rel="nofollow">tcgen05.ld / </a><a class="external" href="http://tcgen05.st" rel="nofollow">tcgen05.st</a><a class="external" href="https://docs.nvidia.com/cuda/parallel-thread-execution/index.html?highlight=tcgen05%2520cp#tcgen05-memory-consistency-model-async-operations" rel="nofollow"> / tcgen05.cp</a>) are all explicitly asynchronous.</p> <p>Throughout each successive generation of NVIDIA Tensor Cores, NVIDIA continues to add lower precision data types, starting from 16-bit to 4-bits. This is because deep learning workloads are extremely tolerant of low precision. This is especially true for inference, where even lower precision can be used than during training. Low precision is more power efficient, takes up less silicon floor space and achieves higher compute throughput. In newer generations, we also see NVIDIA removing FP64 support to prioritize low precision data types under silicon area and power budgets.</p> <p>Interestingly, the prioritization also affected integer data type support. Since Hopper, INT4 data types are deprecated, and on Blackwell Ultra, we see lower INT8 compute throughput. This is caused by the delayed popularity of low-precision integer data types. Although Turing supported INT8 and INT4, it wasn’t until 4 years later that new inference quantization methods were able to exploit the compactness of INT4 for serving LLMs. By that time, NVIDIA had already deprecated INT4 on Hopper <code></code>.</p> <p>Next, we will talk about how the programming model evolved, including the transition from high-occupancy to single-occupancy, the increase in explicit asynchronous execution, and how those designs relate to NVIDIA betting on strong scaling.</p> <div class="wp-block-passport-restricted-content"> </div> <p>If readers like to learn the basics of CUDA programming model, hardware, and concepts, <a class="external" href="https://modal.com/gpu-glossary" rel="nofollow">GPU Glossary by Modal</a> is a great resource for everything before Blackwell. To understand the big ideas of CUDA, we recommend all of Stephen Jones’ GTC talks (<a class="external" href="https://www.nvidia.com/en-us/on-demand/search/?facet.mimetype[]=event%20session&amp;layout=list&amp;page=1&amp;q=%22Stephen%20Jones%20%28SW%29%22&amp;sort=relevance&amp;sortDir=desc" rel="nofollow">playlist here</a>). To get a deeper understanding of the memory features, GTC talk <a class="external" href="https://www.nvidia.com/en-us/on-demand/session/gtc25-s72683/" rel="nofollow">CUDA Techniques to Maximize Memory Bandwidth and Hide Latency</a> explains the memory features of Volta, Ampere, and Hopper, and <a class="external" href="https://www.nvidia.com/en-us/on-demand/session/gtc24-s62192/" rel="nofollow">Advanced Performance Optimization in CUDA</a> dives deep into memory models. Finally, for Blackwell-specific resources, we recommend GTC talk <a class="external" href="https://www.nvidia.com/en-us/on-demand/session/gtc25-s72720/" rel="nofollow">Programming Blackwell Tensor Cores with CUTLASS</a>, Colfax research CUTLASS articles (<a class="external" href="https://research.colfax-intl.com/cutlass-tutorial-writing-gemm-kernels-using-tensor-memory-for-nvidia-blackwell-gpus/" rel="nofollow">latest one here</a>), and the CUTLASS kernel examples.</p>
</div></summary></entry><entry><title>Anthropic: How we built our multi-agent research system</title><link href="https://simonwillison.net/2025/Jun/14/multi-agent-research-system/#atom-everything" rel="alternate"></link><published>2025-06-24T13:15:12.159000Z</published><id>https://simonwillison.net/2025/Jun/14/multi-agent-research-system/#atom-everything</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/anthropic-how-we-bui/790:237301">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/790.png" style="vertical-align: middle;width:16px;height:16px;"> Simon Willison&#x27;s Weblog.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div><div class="entry entryPage"> <p><strong><a class="external" href="https://www.anthropic.com/engineering/built-multi-agent-research-system" rel="nofollow">Anthropic: How we built our multi-agent research system</a></strong>. OK, I'm sold on multi-agent LLM systems now.</p>
<p>I've been pretty skeptical of these until recently: why make your life more complicated by running multiple different prompts in parallel when you can usually get something useful done with a single, carefully-crafted prompt against a frontier model?</p>
<p>This detailed description from Anthropic about how they engineered their "Claude Research" tool has cured me of that skepticism.</p>
<p><a class="external" href="https://simonwillison.net/2025/Jun/2/claude-trace/" rel="nofollow">Reverse engineering Claude Code</a> had already shown me a mechanism where certain coding research tasks were passed off to a "sub-agent" using a tool call. This new article describes a more sophisticated approach.</p>
<p>They start strong by providing a clear definition of how they'll be using the term "agent" - it's the "tools in a loop" variant:</p>
<blockquote>
<p>A multi-agent system consists of multiple agents (LLMs autonomously using tools in a loop) working together. Our Research feature involves an agent that plans a research process based on user queries, and then uses tools to create parallel agents that search for information simultaneously.</p>
</blockquote>
<p>Why use multiple agents for a research system?</p>
<blockquote>
<p>The essence of search is compression: distilling insights from a vast corpus. Subagents facilitate compression by operating in parallel with their own context windows, exploring different aspects of the question simultaneously before condensing the most important tokens for the lead research agent. [...]</p>
<p>Our internal evaluations show that multi-agent research systems excel especially for breadth-first queries that involve pursuing multiple independent directions simultaneously. We found that a multi-agent system with Claude Opus 4 as the lead agent and Claude Sonnet 4 subagents outperformed single-agent Claude Opus 4 by 90.2% on our internal research eval. For example, when asked to identify all the board members of the companies in the Information Technology S&amp;P 500, the multi-agent system found the correct answers by decomposing this into tasks for subagents, while the single agent system failed to find the answer with slow, sequential searches.</p>
</blockquote>
<p>As anyone who has spent time with Claude Code will already have noticed, the downside of this architecture is that it can burn <em>a lot</em> more tokens:</p>
<blockquote>
<p>There is a downside: in practice, these architectures burn through tokens fast. In our data, agents typically use about 4× more tokens than chat interactions, and multi-agent systems use about 15× more tokens than chats. For economic viability, multi-agent systems require tasks where the value of the task is high enough to pay for the increased performance. [...]</p>
<p>We’ve found that multi-agent systems excel at valuable tasks that involve heavy parallelization, information that exceeds single context windows, and interfacing with numerous complex tools.</p>
</blockquote>
<p>The key benefit is all about managing that 200,000 token context limit. Each sub-task has its own separate context, allowing much larger volumes of content to be processed as part of the research task.</p>
<p>Providing a "memory" mechanism is important as well:</p>
<blockquote>
<p>The LeadResearcher begins by thinking through the approach and saving its plan to Memory to persist the context, since if the context window exceeds 200,000 tokens it will be truncated and it is important to retain the plan.</p>
</blockquote>
<p>The rest of the article provides a detailed description of the prompt engineering process needed to build a truly effective system:</p>
<blockquote>
<p>Early agents made errors like spawning 50 subagents for simple queries, scouring the web endlessly for nonexistent sources, and distracting each other with excessive updates. Since each agent is steered by a prompt, prompt engineering was our primary lever for improving these behaviors. [...]</p>
<p>In our system, the lead agent decomposes queries into subtasks and describes them to subagents. Each subagent needs an objective, an output format, guidance on the tools and sources to use, and clear task boundaries.</p>
</blockquote>
<p>They got good results from having special agents help optimize those crucial tool descriptions:</p>
<blockquote>
<p>We even created a tool-testing agent—when given a flawed MCP tool, it attempts to use the tool and then rewrites the tool description to avoid failures. By testing the tool dozens of times, this agent found key nuances and bugs. This process for improving tool ergonomics resulted in a 40% decrease in task completion time for future agents using the new description, because they were able to avoid most mistakes.</p>
</blockquote>
<p>Sub-agents can run in parallel which provides significant performance boosts:</p>
<blockquote>
<p>For speed, we introduced two kinds of parallelization: (1) the lead agent spins up 3-5 subagents in parallel rather than serially; (2) the subagents use 3+ tools in parallel. These changes cut research time by up to 90% for complex queries, allowing Research to do more work in minutes instead of hours while covering more information than other systems.</p>
</blockquote>
<p>There's also an extensive section about their approach to evals - they found that LLM-as-a-judge worked well for them, but human evaluation was essential as well:</p>
<blockquote>
<p>We often hear that AI developer teams delay creating evals because they believe that only large evals with hundreds of test cases are useful. However, it’s best to start with small-scale testing right away with a few examples, rather than delaying until you can build more thorough evals. [...]</p>
<p>In our case, human testers noticed that our early agents consistently chose SEO-optimized content farms over authoritative but less highly-ranked sources like academic PDFs or personal blogs. Adding source quality heuristics to our prompts helped resolve this issue.</p>
</blockquote>
<p>There's so much useful, actionable advice in this piece. I haven't seen anything else about multi-agent system design that's anywhere near this practical.</p>
<p>They even added <a class="external" href="https://github.com/anthropics/anthropic-cookbook/tree/main/patterns/agents/prompts" rel="nofollow">some example prompts</a> from their Research system to their open source prompting cookbook. Here's <a class="external" href="https://github.com/anthropics/anthropic-cookbook/blob/46f21f95981e3633d7b1eac235351de4842cf9f0/patterns/agents/prompts/research_lead_agent.md?plain=1#L135-L137" rel="nofollow">the bit</a> that encourages parallel tool use:</p>
<blockquote>
<p><code>&lt;use_parallel_tool_calls&gt; For maximum efficiency, whenever you need to perform multiple independent operations, invoke all relevant tools simultaneously rather than sequentially. Call tools in parallel to run subagents at the same time. You MUST use parallel tool calls for creating multiple subagents (typically running 3 subagents at the same time) at the start of the research, unless it is a straightforward query. For all other queries, do any necessary quick initial planning or investigation yourself, then run multiple subagents in parallel. Leave any extensive tool calls to the subagents; instead, focus on running subagents in parallel efficiently. &lt;/use_parallel_tool_calls&gt;</code></p>
</blockquote>
<p>And an interesting description of <a class="external" href="https://github.com/anthropics/anthropic-cookbook/blob/46f21f95981e3633d7b1eac235351de4842cf9f0/patterns/agents/prompts/research_subagent.md?plain=1#L10" rel="nofollow">the OODA research loop</a> used by the sub-agents: </p>
<blockquote>
<p><code>Research loop: Execute an excellent OODA (observe, orient, decide, act) loop by (a) observing what information has been gathered so far, what still needs to be gathered to accomplish the task, and what tools are available currently; (b) orienting toward what tools and queries would be best to gather the needed information and updating beliefs based on what has been learned so far; (c) making an informed, well-reasoned decision to use a specific tool in a certain way; (d) acting to use this tool. Repeat this loop in an efficient way to research well and learn based on new results.</code></p>
</blockquote> </div></div></summary></entry><entry><title>Tips on prompting ChatGPT for UK technology secretary Peter Kyle</title><link href="https://simonwillison.net/2025/Jun/3/tips-for-peter-kyle/#atom-everything" rel="alternate"></link><published>2025-06-06T15:00:53.536000Z</published><id>https://simonwillison.net/2025/Jun/3/tips-for-peter-kyle/#atom-everything</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/tips-on-prompting-ch/790:675308">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/790.png" style="vertical-align: middle;width:16px;height:16px;"> Simon Willison&#x27;s Weblog.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div> <p class="mobile-date">3rd June 2025</p> <p>Back in March <a class="external" href="https://www.newscientist.com/article/2472068-revealed-how-the-uk-tech-secretary-uses-chatgpt-for-policy-advice/" rel="nofollow">New Scientist reported on</a> a successful Freedom of Information request they had filed requesting UK Secretary of State for Science, Innovation and Technology <a class="external" href="https://en.wikipedia.org/wiki/Peter_Kyle" rel="nofollow">Peter Kyle’s</a> ChatGPT logs:</p>
<blockquote>
<p>New Scientist has obtained records of Kyle’s ChatGPT use under the Freedom of Information (FOI) Act, in what is believed to be a world-first test of whether chatbot interactions are subject to such laws.</p>
</blockquote>
<p>What a fascinating precedent this could set!</p>
<p>They picked out some highlights they thought were particularly newsworthy. Personally I’d have loved to see that raw data to accompany the story.</p> <p>Among the questions Kyle asked of ChatGPT was this one:</p>
<blockquote>
<p>Why is AI adoption so slow in the UK small and medium business community?</p>
</blockquote>
<p>(I pinged the New Scientist reporter, Chris Stokel-Walker, to confirm the exact wording here.)</p>
<p>This provides an irresistible example of the “jagged frontier†of LLMs in action. LLMs are great at some things, terrible at others and the difference between the two is often not obvious at all.</p>
<p>Experienced prompters will no doubt have the same reaction I did: that’s not going to give an accurate response! It’s worth digging into why those of us with a firmly developed sense of intuition around LLMs would jump straight to that conclusion.</p>
<p>The problem with this question is that it assumes a level of omniscience that even the very best LLMs do not possess.</p>
<p>At the very best, I would expect this prompt to spit out the approximate average of what had been published on that subject in time to be hoovered up by the training data for the GPT-4o training cutoff <a class="external" href="https://platform.openai.com/docs/models/gpt-4o" rel="nofollow">of September 2023</a>.</p>
<p>(Here’s <a class="external" href="https://chatgpt.com/share/683f3f94-d51c-8006-aea9-7567d08e2f68" rel="nofollow">what I got just now</a> running it against GPT-4o.)</p>
<p>This illustrates the first lesson of effective LLM usage: <strong>know your training cutoff dates</strong>. For many queries these are an essential factor in whether or not the LLM is likely to provide you with a useful answer.</p>
<p>Given the pace of change in the AI landscape, an answer based on September 2023 training data is unlikely to offer useful insights into the state of things in 2025.</p>
<p>It’s worth noting that there <em>are</em> tools that might do better at this. OpenAI’s Deep Research tool for example can run a barrage of searches against the web for recent information, then spend multiple minutes digesting those results, running follow-up searches and crunching that together into an impressive looking report.</p>
<p>(I still wouldn’t trust it for a question this broad though: the report format looks more credible than it is, and can suffer from <a class="external" href="https://simonwillison.net/2025/Feb/25/deep-research-system-card/" rel="nofollow">misinformation by omission</a> which is very difficult to spot.)</p>
<p>Deep Research only rolled out in February this year, so it is unlikely to be the tool Peter Kyle was using given likely delays in receiving the requested FOIA data.</p>
<h4>What I would do instead</h4>
<p>Off the top of my head, here are examples of prompts I would use if I wanted to get ChatGPT’s help digging into this particular question:</p>
<ul>
<li>
<strong>Brainstorm potential reasons that UK SMBs might be slow to embrace recent advances in AI</strong>. This would give me a starting point for my own thoughts about the subject, and may highlight some things I hadn’t considered that I should look into further.</li>
<li>
<strong>Identify key stakeholders in the UK SMB community who might have insights on this issue</strong>. I wouldn’t expect anything comprehensive here, but it might turn up some initial names I could reach out to for interviews or further research.</li>
<li>
<strong>I work in UK Government: which departments should I contact that might have relevant information on this topic</strong>? Given the size and complexity of the UK government even cabinet ministers could be excused from knowing every department.</li>
<li>
<strong>Suggest other approaches I could take to research this issue</strong>. Another brainstorming prompt. I like prompts like this where “right or wrong†doesn’t particularly matter. LLMs are electric bicycles for the mind.</li>
<li>
<strong>Use your search tool: find recent credible studies on the subject and identify their authors</strong>. I’ve been getting some good results from telling LLMs with good search tools—<a class="external" href="https://simonwillison.net/2025/Apr/21/ai-assisted-search/#o3-and-o4-mini-are-really-good-at-search" rel="nofollow">like o3 and o4-mini</a>—to evaluate the “credibility†of sources they find. It’s a dumb prompting hack but it appears to work quite well—you can watch their reasoning traces and see how they place more faith in papers from well known publications, or newspapers with strong reputations for fact checking.</li>
</ul>
<h4>Prompts that do make sense</h4>
<p>From the New Scientist article:</p>
<blockquote>
<p>As well as seeking this advice, Kyle asked ChatGPT to define various terms relevant to his department: antimatter, quantum and digital inclusion. Two experts <em>New Scientist</em> spoke to said they were surprised by the quality of the responses when it came to ChatGPT’s definitions of quantum. “This is surprisingly good, in my opinion,†says <a class="external" href="https://profiles.imperial.ac.uk/p.knight" rel="nofollow">Peter Knight</a> at Imperial College London. “I think it’s not bad at all,†says <a class="external" href="https://researchportal.hw.ac.uk/en/persons/cristian-bonato" rel="nofollow">Cristian Bonato</a> at Heriot-Watt University in Edinburgh, UK.</p>
</blockquote>
<p>This doesn’t surprise me at all. If you ask a good LLM for definitions of terms with strong, well established meanings you’re going to get great results almost every time.</p>
<p>My rule of thumb used to be that if a friend who had just read the Wikipedia page on a subject could answer my question then an LLM will be able to answer it too.</p>
<p>As the frontier models have grown stronger I’ve upgraded that rule of thumb. I now expect a good result for any mainstream-enough topic for which there was widespread consensus prior to that all-important training cutoff date.</p>
<p>Once again, it all comes down to intuition. The only way to get really strong intuition as to what will work with LLMs is to spend a huge amount of time using them, and paying a skeptical eye to everything that they produce.</p>
<p>Treating ChatGPT as an all knowing Oracle for anything outside of a two year stale Wikipedia version of the world’s knowledge is almost always a mistake.</p>
<p>Treating it as a brainstorming companion and electric bicycle for the mind is, I think, a much better strategy.</p>
<h4>Should the UK technology secretary be using ChatGPT?</h4>
<p>Some of the reporting I’ve seen around this story has seemed to suggest that Peter Kyle’s use of ChatGPT is embarrassing.</p>
<p>Personally, I think that if the UK’s Secretary of State for Science, Innovation and Technology was <em>not</em> exploring this family of technologies it would be a dereliction of duty!</p>
<p>The thing we can’t tell from these ChatGPT logs is how dependent he was on these results.</p>
<p>Did he idly throw some questions at ChatGPT out of curiosity to see what came back, then ignore that entirely, engage with his policy team and talk to experts in the field to get a detailed understanding of the issues at hand?</p>
<p>Or did he prompt ChatGPT, take the results as gospel and make policy decisions based on that sloppy interpretation of a two-year stale guess at the state of the world?</p>
<p>Those are the questions I’d like to see answered.</p> </div></summary></entry><entry><title>Introduction#</title><link href="https://module-federation.io/guide/start/index.html" rel="alternate"></link><published>2025-04-03T10:10:54.009000Z</published><id>https://module-federation.io/guide/start/index.html</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/introduction/0:6439d5">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="rspress-doc"> <p class="my-4 leading-7">Module Federation is an architectural pattern for the decentralization of JavaScript applications (similar to microservices on the server-side). It allows you to share code and resources among multiple JavaScript applications (or micro-frontends). This can help you:</p>
<ul class="list-disc pl-5 my-4 leading-7">
<li class="[&amp;:not(:first-child)]:mt-2">Reduce code duplication</li>
<li class="[&amp;:not(:first-child)]:mt-2">Improve code maintainability</li>
<li class="[&amp;:not(:first-child)]:mt-2">Lower the overall size of your applications</li>
<li class="[&amp;:not(:first-child)]:mt-2">Enhance the performance of your applications</li>
</ul>
<h3 class="mt-10 mb-2 leading-7 text-xl title_3b154">✨ What is Module Federation 2.0?<a class="link_3b154 header-anchor" href="http://#-what-is-module-federation-20" rel="nofollow">#</a></h3>
<p class="my-4 leading-7"><code>Module Federation 2.0</code> differs from the <code>Module Federation</code> built into <code>Webpack5</code> by providing not only the core features of module export, loading, and dependency sharing but also additional dynamic type hinting, <code>Manifest</code>, <code>Federation Runtime</code>, and <code>Runtime Plugin System</code>. These features make <code>Module Federation</code> more suitable for use as a micro-frontend architecture in large-scale <code>Web</code> applications.</p>
<h3 class="mt-10 mb-2 leading-7 text-xl title_3b154">🔥 Features<a class="link_3b154 header-anchor" href="http://#-features" rel="nofollow">#</a></h3>
<p class="my-4 leading-7">Module Federation has the following features:</p> <h3 class="mt-10 mb-2 leading-7 text-xl title_3b154">🎯 Use Cases<a class="link_3b154 header-anchor" href="http://#-use-cases" rel="nofollow">#</a></h3>
<p class="my-4 leading-7">Module Federation is suitable for the following scenarios:</p>
<ul class="list-disc pl-5 my-4 leading-7">
<li class="[&amp;:not(:first-child)]:mt-2"><strong class="font-semibold">Large Applications</strong>: For large applications, you can break the application into multiple micro-frontends and use Module Federation to share code and resources between them.</li>
<li class="[&amp;:not(:first-child)]:mt-2"><strong class="font-semibold">Microfrontend Architecture</strong>: Module Federation is an ideal tool for building microfrontend architectures.</li>
<li class="[&amp;:not(:first-child)]:mt-2"><strong class="font-semibold">Multi-team Development</strong>: Module Federation can assist multiple teams in collaboratively developing large applications.</li>
</ul>
<h3 class="mt-10 mb-2 leading-7 text-xl title_3b154">🕠History of Module Federation<a class="link_3b154 header-anchor" href="http://#-history-of-module-federation" rel="nofollow">#</a></h3>
<p class="my-4 leading-7">Module Federation is a new feature introduced in Webpack 5, but its history dates back to 2017. At that time, the Webpack team began exploring a way to share code between multiple applications.</p>
<ul class="list-disc pl-5 my-4 leading-7">
<li class="[&amp;:not(:first-child)]:mt-2">
<p class="my-4 leading-7">In 2018, Webpack 4.20 was released, introducing module hooks, which laid the foundation for the development of Module Federation.</p>
</li>
<li class="[&amp;:not(:first-child)]:mt-2">
<p class="my-4 leading-7">In 2019, Webpack 5 was released, officially introducing the Module Federation feature.</p>
</li>
</ul>
<p class="my-4 leading-7">Module Federation has become a powerful tool for building modern web applications.</p>
<h3 class="mt-10 mb-2 leading-7 text-xl title_3b154">ðŸ•°ï¸ The Future of Module Federation<a class="link_3b154 header-anchor" href="http://#ï¸-the-future-of-module-federation" rel="nofollow">#</a></h3>
<p class="my-4 leading-7">Module Federation aims to become an architectural method for building large web applications, similar to microservices in the backend. Module Federation will provide more capabilities to meet the foundational needs of large web application decentralization, currently including these parts:</p>
<ul class="list-disc pl-5 my-4 leading-7">
<li class="[&amp;:not(:first-child)]:mt-2">Providing comprehensive Devtool tools</li>
<li class="[&amp;:not(:first-child)]:mt-2">Offering more high-level framework capabilities like Router, Sandbox, SSR</li>
<li class="[&amp;:not(:first-child)]:mt-2">Providing best practices for large web applications based on Module Federation</li>
</ul>
<h2 class="mt-12 mb-6 pt-8 text-2xl tracking-tight border-t-[1px] border-divider-light title_3b154">Follow Us<a class="link_3b154 header-anchor" href="http://#follow-us" rel="nofollow">#</a></h2>
<ul class="list-disc pl-5 my-4 leading-7">
<li class="[&amp;:not(:first-child)]:mt-2"><a class="link_03735 link_3b154 inline-link_3b154" href="https://github.com/module-federation/core" rel="nofollow">GitHub - Star us on GitHub</a></li>
<li class="[&amp;:not(:first-child)]:mt-2"><a class="link_03735 link_3b154 inline-link_3b154" href="https://discord.com/channels/1055442562959290389/1055442563718467637" rel="nofollow">Discord</a></li>
<li class="[&amp;:not(:first-child)]:mt-2"><a class="link_03735 link_3b154 inline-link_3b154" href="https://applink.larkoffice.com/client/chat/chatter/add_by_link?link_token=a41s8f79-741f-41ba-8349-395d9a0e9662" rel="nofollow">Lark Group (Chinese Community)</a></li>
</ul>
<h2 class="mt-12 mb-6 pt-8 text-2xl tracking-tight border-t-[1px] border-divider-light title_3b154">✨ Next Steps<a class="link_3b154 header-anchor" href="http://#-next-steps" rel="nofollow">#</a></h2>
<p class="my-4 leading-7">You might want to:</p> </div></summary></entry><entry><title>GitHub - PriorLabs/TabPFN</title><link href="https://github.com/PriorLabs/TabPFN" rel="alternate"></link><published>2025-04-03T09:45:56.916000Z</published><id>https://github.com/PriorLabs/TabPFN</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/github-priorlabstabp/0:0c7b68">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div><div class="application-main"> <p>Official installation (pip)</p> <p>OR installation from source</p>
<div class="highlight highlight-source-shell notranslate position-relative overflow-auto"><pre>pip install <span class="pl-s"><span class="pl-pds">"</span>tabpfn @ git+https://github.com/PriorLabs/TabPFN.git<span class="pl-pds">"</span></span></pre></div>
<p>OR local development installation</p>
<div class="highlight highlight-source-shell notranslate position-relative overflow-auto"><pre>git clone &lt;a href="https://github.com/PriorLabs/TabPFN.git" rel="nofollow"&gt;https://github.com/PriorLabs/TabPFN.git&lt;/a&gt;
pip install -e <span class="pl-s"><span class="pl-pds">"</span>TabPFN[dev]<span class="pl-pds">"</span></span></pre></div> <div class="highlight highlight-source-python notranslate position-relative overflow-auto"><pre><span class="pl-k">from</span> <span class="pl-s1">sklearn</span>.<span class="pl-s1">datasets</span> <span class="pl-k">import</span> <span class="pl-s1">load_breast_cancer</span>
<span class="pl-k">from</span> <span class="pl-s1">sklearn</span>.<span class="pl-s1">metrics</span> <span class="pl-k">import</span> <span class="pl-s1">accuracy_score</span>, <span class="pl-s1">roc_auc_score</span>
<span class="pl-k">from</span> <span class="pl-s1">sklearn</span>.<span class="pl-s1">model_selection</span> <span class="pl-k">import</span> <span class="pl-s1">train_test_split</span> <span class="pl-k">from</span> <span class="pl-s1">tabpfn</span> <span class="pl-k">import</span> <span class="pl-v">TabPFNClassifier</span> <span class="pl-c"># Load data</span>
<span class="pl-c1">X</span>, <span class="pl-s1">y</span> <span class="pl-c1">=</span> <span class="pl-en">load_breast_cancer</span>(<span class="pl-s1">return_X_y</span><span class="pl-c1">=</span><span class="pl-c1">True</span>)
<span class="pl-v">X_train</span>, <span class="pl-v">X_test</span>, <span class="pl-s1">y_train</span>, <span class="pl-s1">y_test</span> <span class="pl-c1">=</span> <span class="pl-en">train_test_split</span>(<span class="pl-c1">X</span>, <span class="pl-s1">y</span>, <span class="pl-s1">test_size</span><span class="pl-c1">=</span><span class="pl-c1">0.5</span>, <span class="pl-s1">random_state</span><span class="pl-c1">=</span><span class="pl-c1">42</span>) <span class="pl-c"># Initialize a classifier</span>
<span class="pl-s1">clf</span> <span class="pl-c1">=</span> <span class="pl-en">TabPFNClassifier</span>()
<span class="pl-s1">clf</span>.<span class="pl-c1">fit</span>(<span class="pl-v">X_train</span>, <span class="pl-s1">y_train</span>) <span class="pl-c"># Predict probabilities</span>
<span class="pl-s1">prediction_probabilities</span> <span class="pl-c1">=</span> <span class="pl-s1">clf</span>.<span class="pl-c1">predict_proba</span>(<span class="pl-v">X_test</span>)
<span class="pl-en">print</span>(<span class="pl-s">"ROC AUC:"</span>, <span class="pl-en">roc_auc_score</span>(<span class="pl-s1">y_test</span>, <span class="pl-s1">prediction_probabilities</span>[:, <span class="pl-c1">1</span>])) <span class="pl-c"># Predict labels</span>
<span class="pl-s1">predictions</span> <span class="pl-c1">=</span> <span class="pl-s1">clf</span>.<span class="pl-c1">predict</span>(<span class="pl-v">X_test</span>)
<span class="pl-en">print</span>(<span class="pl-s">"Accuracy"</span>, <span class="pl-en">accuracy_score</span>(<span class="pl-s1">y_test</span>, <span class="pl-s1">predictions</span>))</pre></div> <div class="highlight highlight-source-python notranslate position-relative overflow-auto"><pre><span class="pl-k">from</span> <span class="pl-s1">sklearn</span>.<span class="pl-s1">datasets</span> <span class="pl-k">import</span> <span class="pl-s1">fetch_openml</span>
<span class="pl-k">from</span> <span class="pl-s1">sklearn</span>.<span class="pl-s1">metrics</span> <span class="pl-k">import</span> <span class="pl-s1">mean_squared_error</span>, <span class="pl-s1">r2_score</span>
<span class="pl-k">from</span> <span class="pl-s1">sklearn</span>.<span class="pl-s1">model_selection</span> <span class="pl-k">import</span> <span class="pl-s1">train_test_split</span> <span class="pl-c"># Assuming there is a TabPFNRegressor (if not, a different regressor should be used)</span>
<span class="pl-k">from</span> <span class="pl-s1">tabpfn</span> <span class="pl-k">import</span> <span class="pl-v">TabPFNRegressor</span> <span class="pl-c"># Load Boston Housing data</span>
<span class="pl-s1">df</span> <span class="pl-c1">=</span> <span class="pl-en">fetch_openml</span>(<span class="pl-s1">data_id</span><span class="pl-c1">=</span><span class="pl-c1">531</span>, <span class="pl-s1">as_frame</span><span class="pl-c1">=</span><span class="pl-c1">True</span>) <span class="pl-c"># Boston Housing dataset</span>
<span class="pl-c1">X</span> <span class="pl-c1">=</span> <span class="pl-s1">df</span>.<span class="pl-c1">data</span>
<span class="pl-s1">y</span> <span class="pl-c1">=</span> <span class="pl-s1">df</span>.<span class="pl-c1">target</span>.<span class="pl-c1">astype</span>(<span class="pl-s1">float</span>) <span class="pl-c"># Ensure target is float for regression</span> <span class="pl-c"># Train-test split</span>
<span class="pl-v">X_train</span>, <span class="pl-v">X_test</span>, <span class="pl-s1">y_train</span>, <span class="pl-s1">y_test</span> <span class="pl-c1">=</span> <span class="pl-en">train_test_split</span>(<span class="pl-c1">X</span>, <span class="pl-s1">y</span>, <span class="pl-s1">test_size</span><span class="pl-c1">=</span><span class="pl-c1">0.5</span>, <span class="pl-s1">random_state</span><span class="pl-c1">=</span><span class="pl-c1">42</span>) <span class="pl-c"># Initialize the regressor</span>
<span class="pl-s1">regressor</span> <span class="pl-c1">=</span> <span class="pl-en">TabPFNRegressor</span>() <span class="pl-s1">regressor</span>.<span class="pl-c1">fit</span>(<span class="pl-v">X_train</span>, <span class="pl-s1">y_train</span>) <span class="pl-c"># Predict on the test set</span>
<span class="pl-s1">predictions</span> <span class="pl-c1">=</span> <span class="pl-s1">regressor</span>.<span class="pl-c1">predict</span>(<span class="pl-v">X_test</span>) <span class="pl-c"># Evaluate the model</span>
<span class="pl-s1">mse</span> <span class="pl-c1">=</span> <span class="pl-en">mean_squared_error</span>(<span class="pl-s1">y_test</span>, <span class="pl-s1">predictions</span>)
<span class="pl-s1">r2</span> <span class="pl-c1">=</span> <span class="pl-en">r2_score</span>(<span class="pl-s1">y_test</span>, <span class="pl-s1">predictions</span>) <span class="pl-en">print</span>(<span class="pl-s">"Mean Squared Error (MSE):"</span>, <span class="pl-s1">mse</span>)
<span class="pl-en">print</span>(<span class="pl-s">"R² Score:"</span>, <span class="pl-s1">r2</span>)</pre></div> <p>For optimal performance, use the <code>AutoTabPFNClassifier</code> or <code>AutoTabPFNRegressor</code> for post-hoc ensembling. These can be found in the <a class="external" href="https://github.com/PriorLabs/tabpfn-extensions" rel="nofollow">TabPFN Extensions</a> repository. Post-hoc ensembling combines multiple TabPFN models into an ensemble.</p>
<p><strong>Steps for Best Results:</strong></p>
<ol>
<li>
<p>Install the extensions:</p>
<div class="highlight highlight-source-shell notranslate position-relative overflow-auto"><pre>git clone &lt;a href="https://github.com/priorlabs/tabpfn-extensions.git" rel="nofollow"&gt;https://github.com/priorlabs/tabpfn-extensions.git&lt;/a&gt;
pip install -e tabpfn-extensions</pre></div>
</li>
<li>
<div class="highlight highlight-source-python notranslate position-relative overflow-auto"><pre><span class="pl-k">from</span> <span class="pl-s1">tabpfn_extensions</span>.<span class="pl-s1">post_hoc_ensembles</span>.<span class="pl-s1">sklearn_interface</span> <span class="pl-k">import</span> <span class="pl-v">AutoTabPFNClassifier</span> <span class="pl-s1">clf</span> <span class="pl-c1">=</span> <span class="pl-en">AutoTabPFNClassifier</span>(<span class="pl-s1">max_time</span><span class="pl-c1">=</span><span class="pl-c1">120</span>, <span class="pl-s1">device</span><span class="pl-c1">=</span><span class="pl-s">"cuda"</span>) <span class="pl-c"># 120 seconds tuning time</span>
<span class="pl-s1">clf</span>.<span class="pl-c1">fit</span>(<span class="pl-v">X_train</span>, <span class="pl-s1">y_train</span>)
<span class="pl-s1">predictions</span> <span class="pl-c1">=</span> <span class="pl-s1">clf</span>.<span class="pl-c1">predict</span>(<span class="pl-v">X_test</span>)</pre></div>
</li>
</ol> <p>Choose the right TabPFN implementation for your needs:</p>
<ul>
<li>
<p><strong><a class="external" href="https://github.com/priorlabs/tabpfn-client" rel="nofollow">TabPFN Client</a></strong><br/>
Simple API client for using TabPFN via cloud-based inference.</p>
</li>
<li>
<p><strong><a class="external" href="https://github.com/priorlabs/tabpfn-extensions" rel="nofollow">TabPFN Extensions</a></strong><br/>
A powerful companion repository packed with advanced utilities, integrations, and features - great place to contribute:</p>
<ul>
<li>🔠<strong><code>interpretability</code></strong>: Gain insights with SHAP-based explanations, feature importance, and selection tools.</li>
<li>🕵ï¸â€â™‚ï¸ <strong><code>unsupervised</code></strong>: Tools for outlier detection and synthetic tabular data generation.</li>
<li>🧬 <strong><code>embeddings</code></strong>: Extract and use TabPFN’s internal learned embeddings for downstream tasks or analysis.</li>
<li>🧠<strong><code>many_class</code></strong>: Handle multi-class classification problems that exceed TabPFN's built-in class limit.</li>
<li>🌲 <strong><code>rf_pfn</code></strong>: Combine TabPFN with traditional models like Random Forests for hybrid approaches.</li>
<li>âš™ï¸ <strong><code>hpo</code></strong>: Automated hyperparameter optimization tailored to TabPFN.</li>
<li>🔠<strong><code>post_hoc_ensembles</code></strong>: Boost performance by ensembling multiple TabPFN models post-training.</li>
</ul>
<p>✨ To install:</p>
<div class="highlight highlight-source-shell notranslate position-relative overflow-auto"><pre>git clone &lt;a href="https://github.com/priorlabs/tabpfn-extensions.git" rel="nofollow"&gt;https://github.com/priorlabs/tabpfn-extensions.git&lt;/a&gt;
pip install -e tabpfn-extensions</pre></div>
</li>
<li>
<p><strong><a class="external" href="https://github.com/priorlabs/tabpfn" rel="nofollow">TabPFN (this repo)</a></strong><br/>
Core implementation for fast and local inference with PyTorch and CUDA support.</p>
</li>
<li>
<p><strong><a class="external" href="https://ux.priorlabs.ai" rel="nofollow">TabPFN UX</a></strong><br/>
No-code graphical interface to explore TabPFN capabilities—ideal for business users and prototyping.</p>
</li>
</ul> <p>Prior Labs License (Apache 2.0 with additional attribution requirement): <a class="external" href="https://priorlabs.ai/tabpfn-license/" rel="nofollow">here</a></p> <p>We're building the future of tabular machine learning and would love your involvement:</p>
<ol>
<li>
<p><strong>Connect &amp; Learn</strong>:</p>
<ul>
<li>Join our <a class="external" href="https://discord.gg/VJRuU3bSxt" rel="nofollow">Discord Community</a></li>
<li>Read our <a class="external" href="https://priorlabs.ai/docs" rel="nofollow">Documentation</a></li>
<li>Check out <a class="external" href="https://github.com/priorlabs/tabpfn/issues" rel="nofollow">GitHub Issues</a></li>
</ul>
</li>
<li>
<p><strong>Contribute</strong>:</p>
<ul>
<li>Report bugs or request features</li>
<li>Submit pull requests</li>
<li>Share your research and use cases</li>
</ul>
</li>
<li>
<p><strong>Stay Updated</strong>: Star the repo and join Discord for the latest updates</p>
</li>
</ol> <p>You can read our paper explaining TabPFN <a class="external" href="https://doi.org/10.1038/s41586-024-08328-6" rel="nofollow">here</a>.</p>
<div class="highlight highlight-text-bibtex notranslate position-relative overflow-auto"><pre><span class="pl-k">@article</span>{<span class="pl-en">hollmann2025tabpfn</span>, <span class="pl-s">title</span>=<span class="pl-s"><span class="pl-pds">{</span>Accurate predictions on small data with a tabular foundation model<span class="pl-pds">}</span></span>, <span class="pl-s">author</span>=<span class="pl-s"><span class="pl-pds">{</span>Hollmann, Noah and M{\"u}ller, Samuel and Purucker, Lennart and</span>
<span class="pl-s"> Krishnakumar, Arjun and K{\"o}rfer, Max and Hoo, Shi Bin and</span>
<span class="pl-s"> Schirrmeister, Robin Tibor and Hutter, Frank<span class="pl-pds">}</span></span>, <span class="pl-s">journal</span>=<span class="pl-s"><span class="pl-pds">{</span>Nature<span class="pl-pds">}</span></span>, <span class="pl-s">year</span>=<span class="pl-s"><span class="pl-pds">{</span>2025<span class="pl-pds">}</span></span>, <span class="pl-s">month</span>=<span class="pl-s"><span class="pl-pds">{</span>01<span class="pl-pds">}</span></span>, <span class="pl-s">day</span>=<span class="pl-s"><span class="pl-pds">{</span>09<span class="pl-pds">}</span></span>, <span class="pl-s">doi</span>=<span class="pl-s"><span class="pl-pds">{</span>10.1038/s41586-024-08328-6<span class="pl-pds">}</span></span>, <span class="pl-s">publisher</span>=<span class="pl-s"><span class="pl-pds">{</span>Springer Nature<span class="pl-pds">}</span></span>, <span class="pl-s">url</span>=<span class="pl-s"><span class="pl-pds">{</span>&lt;a href="https://www.nature.com/articles/s41586-024-08328-6" rel="nofollow"&gt;https://www.nature.com/articles/s41586-024-08328-6&lt;/a&gt;<span class="pl-pds">}</span></span>,
} <span class="pl-k">@inproceedings</span>{<span class="pl-en">hollmann2023tabpfn</span>, <span class="pl-s">title</span>=<span class="pl-s"><span class="pl-pds">{</span>TabPFN: A transformer that solves small tabular classification problems in a second<span class="pl-pds">}</span></span>, <span class="pl-s">author</span>=<span class="pl-s"><span class="pl-pds">{</span>Hollmann, Noah and M{\"u}ller, Samuel and Eggensperger, Katharina and Hutter, Frank<span class="pl-pds">}</span></span>, <span class="pl-s">booktitle</span>=<span class="pl-s"><span class="pl-pds">{</span>International Conference on Learning Representations 2023<span class="pl-pds">}</span></span>, <span class="pl-s">year</span>=<span class="pl-s"><span class="pl-pds">{</span>2023<span class="pl-pds">}</span></span>
}</pre></div> <p><strong>Q: What dataset sizes work best with TabPFN?</strong><br/>
A: TabPFN is optimized for <strong>datasets up to 10,000 rows</strong>. For larger datasets, consider using <strong>Random Forest preprocessing</strong> or other extensions. See our <a class="external" href="https://colab.research.google.com/drive/154SoIzNW1LHBWyrxNwmBqtFAr1uZRZ6a#scrollTo=OwaXfEIWlhC8" rel="nofollow">Colab notebook</a> for strategies.</p>
<p><strong>Q: Why can't I use TabPFN with Python 3.8?</strong><br/>
A: TabPFN v2 requires <strong>Python 3.9+</strong> due to newer language features. Compatible versions: <strong>3.9, 3.10, 3.11, 3.12, 3.13</strong>.</p> <p><strong>Q: How do I use TabPFN without an internet connection?</strong></p>
<p>TabPFN automatically downloads model weights when first used. For offline usage:</p>
<p><strong>Using the Provided Download Script</strong></p>
<p>If you have the TabPFN repository, you can use the included script to download all models (including ensemble variants):</p>
<div class="highlight highlight-source-shell notranslate position-relative overflow-auto"><pre><span class="pl-c"><span class="pl-c">#</span> After installing TabPFN</span>
python scripts/download_all_models.py</pre></div>
<p>This script will download the main classifier and regressor models, as well as all ensemble variant models to your system's default cache directory.</p>
<p><strong>Manual Download</strong></p>
<ol>
<li>
<p>Download the model files manually from HuggingFace:</p>
<ul>
<li>Classifier: <a class="external" href="https://huggingface.co/Prior-Labs/TabPFN-v2-clf/resolve/main/tabpfn-v2-classifier.ckpt" rel="nofollow">tabpfn-v2-classifier.ckpt</a></li>
<li>Regressor: <a class="external" href="https://huggingface.co/Prior-Labs/TabPFN-v2-reg/resolve/main/tabpfn-v2-regressor.ckpt" rel="nofollow">tabpfn-v2-regressor.ckpt</a></li>
</ul>
</li>
<li>
<p>Place the file in one of these locations:</p>
<ul>
<li>Specify directly: <code>TabPFNClassifier(model_path="/path/to/model.ckpt")</code></li>
<li>Set environment variable: <code>os.environ["TABPFN_MODEL_CACHE_DIR"] = "/path/to/dir"</code></li>
<li>Default OS cache directory:
<ul>
<li>Windows: <code>%APPDATA%\tabpfn\</code></li>
<li>macOS: <code>~/Library/Caches/tabpfn/</code></li>
<li>Linux: <code>~/.cache/tabpfn/</code></li>
</ul>
</li>
</ul>
</li>
</ol>
<p><strong>Q: I'm getting a <code>pickle</code> error when loading the model. What should I do?</strong><br/>
A: Try the following:</p>
<ul>
<li>Download the newest version of tabpfn <code>pip install tabpfn --upgrade</code></li>
<li>Ensure model files downloaded correctly (re-download if needed)</li>
</ul> <p><strong>Q: Can TabPFN handle missing values?</strong><br/>
A: <strong>Yes!</strong></p>
<p><strong>Q: How can I improve TabPFN’s performance?</strong><br/>
A: Best practices:</p>
<ul>
<li>Use <strong>AutoTabPFNClassifier</strong> from <a class="external" href="https://github.com/priorlabs/tabpfn-extensions" rel="nofollow">TabPFN Extensions</a> for post-hoc ensembling</li>
<li>Feature engineering: Add domain-specific features to improve model performance<br/>
Not effective:
<ul>
<li>Adapt feature scaling</li>
<li>Convert categorical features to numerical values (e.g., one-hot encoding)</li>
</ul>
</li>
</ul> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto"><pre>python -m venv venv
<span class="pl-c1">source</span> venv/bin/activate <span class="pl-c"><span class="pl-c">#</span> On Windows: venv\Scripts\activate</span>
git clone &lt;a href="https://github.com/PriorLabs/TabPFN.git" rel="nofollow"&gt;https://github.com/PriorLabs/TabPFN.git&lt;/a&gt;
<span class="pl-c1">cd</span> tabpfn
pip install -e <span class="pl-s"><span class="pl-pds">"</span>.[dev]<span class="pl-pds">"</span></span>
pre-commit install</pre></div> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto"><pre>pre-commit run --all-files</pre></div> <p>Built with â¤ï¸ by <a class="external" href="https://priorlabs.ai" rel="nofollow">Prior Labs</a> - Copyright (c) 2025 Prior Labs GmbH</p> </div><p class="ajax-error-message"> You can’t perform that action at this time. </p></div></summary></entry><entry><title>Minimal CSS-only blurry image placeholders</title><link href="https://leanrada.com/notes/css-only-lqip/" rel="alternate"></link><published>2025-04-03T08:15:53.910000Z</published><id>https://leanrada.com/notes/css-only-lqip/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/minimal-css-only-blu/0:72f949">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
</summary></entry><entry><title>qdm12/gluetun: VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.</title><link href="https://github.com/qdm12/gluetun" rel="alternate"></link><published>2025-03-14T16:20:59.061000Z</published><id>https://github.com/qdm12/gluetun</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/qdm12gluetun-vpn-cli/0:56cbcc">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div><div class="application-main"> </div><p class="ajax-error-message"> You can’t perform that action at this time. </p></div></summary></entry><entry><title>How MIG maximizes GPU efficiency on OpenShift AI | Red Hat Developer</title><link href="https://developers.redhat.com/articles/2025/02/06/how-mig-maximizes-gpu-efficiency-openshift-ai#the_nvidia_mig_solution_and_test" rel="alternate"></link><published>2025-02-07T09:01:08.243000Z</published><id>https://developers.redhat.com/articles/2025/02/06/how-mig-maximizes-gpu-efficiency-openshift-ai#the_nvidia_mig_solution_and_test</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/how-mig-maximizes-gp/0:fb41cd">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Modern data science workloads demand high computational power, and Graphic Processing Units (GPUs) are often at the heart of these operations. However, sharing GPU resources efficiently among multiple users or workloads can be challenging. <a class="external" href="https://www.nvidia.com/en-us/technologies/multi-instance-gpu/" rel="nofollow">NVIDIA Multi-Instance GPU</a> (MIG) technology offers a solution. This article explores how I tested MIG on <a class="external" href="https://developers.redhat.com/products/red-hat-openshift-ai/overview" rel="nofollow">Red Hat OpenShift AI</a> using an NVIDIA Ampere architecture GPU and the benefits for AI and data science teams.</p><h2>The NVIDIA MIG solution and test</h2><p>GPUs in a <a class="external" href="https://developers.redhat.com/topics/kubernetes/" rel="nofollow">Kubernetes</a> environment are assigned to pods in a 1:1 ratio by default. This means a single GPU is dedicated to one pod, regardless of whether the workload fully utilizes the GPU’s capacity. This limitation can lead to inefficient resource usage, especially for smaller workloads. NVIDIA MIG solves this issue by splitting a single GPU into multiple independent instances to be used by different pods. This feature maximizes GPU utilization and ensures resources are not wasted. In the next sections, I will demonstrate how I tested MIG on Red Hat OpenShift AI.</p><h3>Prepare the environment</h3><p>For this test, certain preparatory steps are required to leverage MIG on OpenShift. I used Azure’s <code>Standard_NC24ads_A100_v4</code> virtual machine (VM), equipped with an NVIDIA A100 PCIe 80GB GPU as an OpenShift worker (Figure 1).</p>
<h4>Step 1: Install NFD</h4><p>First, I installed the Node Feature Discovery (NFD) operator, as shown in Figures 2 and 3.</p>
<p>This operator detects hardware features and ensures that GPUs are discoverable by the NVIDIA GPU operator.</p>
<p>We will see many labels added to the node, indicating the operator detects its GPU:</p><div><pre><code class="language-plaintext">$ oc describe node/ods-cluster-mqt7l-worker-eastus2-fn5w8
Labels: beta.kubernetes.io/arch=amd64
feature.node.kubernetes.io/cpu-cpuid.ADX=true
feature.node.kubernetes.io/cpu-cpuid.AESNI=true
...
feature.node.kubernetes.io/cpu-cpuid.FMA3=true
feature.node.kubernetes.io/gpu.present=true
feature.node.kubernetes.io/gpu.memory=80GB
feature.node.kubernetes.io/gpu.vendor=nvidia
feature.node.kubernetes.io/gpu.model=A100</code></pre></div><h4>Step 2: Install the NVIDIA GPU operator</h4><p>Next, I installed the NVIDIA GPU operator, which handles the configuration of GPU resources (Figure 4).</p>
<p>I made sure to enable the MIG manager in the ClusterPolicy configuration to facilitate the MIG setup (Figure 5).</p>
<h4>Step 3: Check the pods</h4><p>There are two ways to make sure all pods under the <code>nvidia-gpu-operator</code> namespace are up and running:</p><ol><li><p>From the CLI:</p><pre><code class="language-plaintext">$ oc get pods -n nvidia-gpu-operator</code></pre></li><li>From the console, as shown in Figure 6:</li></ol>
<h3>Choose the right MIG configuration</h3><p>MIG offers a variety of configurations tailored to different GPU models and workload requirements. You have to understand which configurations are supported for the NVIDIA A100–80GB GPU. For example, I ran the command <code>oc describe configmap/default-mig-parted-config</code>, explored the available configurations, and selected one that matched my <code>requirements.1g.10gb</code>, which divides the GPU into seven instances.</p><p>The following configuration is ideal for workloads that require smaller, dedicated slices of GPU power.</p><pre><code class="language-plaintext"> # H100-80GB, H800-80GB, A100-80GB, A800-80GB, A100-40GB, A800-40GB
all-1g.10gb:
# H100-80GB, H800-80GB, A100-80GB, A800-80GB
- device-filter: ["0x233010DE", "0x233110DE", "0x232210DE", "0x20B210DE", "0x20B510DE", "0x20F310DE", "0x20F510DE", "0x232410DE"]
devices: all
mig-enabled: true
mig-devices:
"1g.10gb": 7</code></pre><h3>Enable and verify MIG</h3><p>To verify the setup, I used the <code>nvidia-smi</code> tool to query the GPU status and configurations. When MIG was initially disabled, I enabled it and restarted the node:</p><div><pre><code class="language-plaintext">sh-4.4# nvidia-smi -i 0 -mig 1
Enabled MIG Mode for GPU 00000001:00:00.0
All done.</code></pre></div><p>To verify that MIG is enabled for the GPU, I connected to the <code>nvidia-mig-manager</code> pod in OpenShift and used the terminal tab to query <code>GPU=0</code> configurations with the following command:</p><div><pre><code class="language-plaintext">sh-4.4#
sh-4.4# nvidia-smi -i 0 -q
==============NVSMI LOG==============
Timestamp : Tue Dec 5 15:41:13 2023
Driver Version : 535.104.12
CUDA Version : Not Found
Attached GPUs : 1
GPU 00000001:00:00.0
Product Name : NVIDIA A100 80GB PCIe
Product Brand : NVIDIA
Product Architecture : Ampere
Display Mode : Enabled
Display Active : Disabled
Persistence Mode : Enabled
Addressing Mode : None
MIG Mode
Current : Enabled
Pending : Enabled</code></pre></div><p>After selecting the configuration, I labeled the node with the following command:</p><div><pre><code class="language-plaintext">$Â oc label node &lt;node-name&gt; nvidia.com/mig.config=all-1g.10gb --overwrite</code></pre></div><p>The MIG manager pod logs insights into the status of the node labeling process (Figure 7).</p>
<p>Once successful, the node reported multiple allocatable GPUs instead of a single one.</p><p>Let's describe the node to confirm that it recognizes seven GPUs:</p><div><pre><code class="language-plaintext">$ oc describe node/ods-cluster-mqt7l-worker-eastus2-fn5w8
Capacity:
attachable-volumes-azure-disk: 8
cpu: 24
ephemeral-storage: 133682156Ki
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 226965748Ki
nvidia.com/gpu: 7
pods: 250
Allocatable:
attachable-volumes-azure-disk: 8
cpu: 23500m
ephemeral-storage: 122127732942
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 225814772Ki
nvidia.com/gpu: 7
pods: 250</code></pre></div><h3>Consume the sliced GPUs via Red Hat OpenShift AI</h3><p>With MIG enabled, the OpenShift AI dashboard reflected the increased availability of GPU resources. I could select up to seven GPUs for my workbench (Figure 8). This setup empowers AI and data science teams to run diverse workloads simultaneously without bottlenecks.</p>
<h2>Unlock GPU potential with NVIDIA MIG and OpenShift AI</h2><p>NVIDIA MIG technology, integrated with Red Hat OpenShift AI, transforms GPU resource management by facilitating scalable and efficient workloads. By partitioning GPUs into smaller, independent units, organizations can achieve maximum resource utilization, cost savings, and streamlined <a class="external" href="https://developers.redhat.com/topics/ai-ml" rel="nofollow">AI/ML</a> operations. MIG on OpenShift AI helps teams fully harness the power of GPU technology, whether they manage diverse workloads or scale multi-user environments.</p><p>Learn more about <a class="external" href="https://developers.redhat.com/articles/2024/11/12/generative-ai-nvidia-nim-openshift-ai" rel="nofollow">using NVIDIA NIM on Red Hat OpenShift AI</a> and the<a class="external" href="https://www.redhat.com/en/blog/sharing-caring-how-make-most-your-gpus-part-2-multi-instance-gpu" rel="nofollow"> performance results</a> shown by Red Hat AI Performance and Scale when testing NVIDIA GPUs with MIG.</p></summary></entry><entry><title>Dumping packets from anywhere in the networking stack | Red Hat Developer</title><link href="https://developers.redhat.com/articles/2025/01/09/dumping-packets-anywhere-networking-stack" rel="alternate"></link><published>2025-01-17T14:46:04.358000Z</published><id>https://developers.redhat.com/articles/2025/01/09/dumping-packets-anywhere-networking-stack</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/dumping-packets-from/0:62ae6d">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div><div class="article-content pf-c-content pf-l-grid__item rhd-c-fetch-article-toc"> <p>Dumping traffic on a network interface is one of the most performed steps while debugging networking and connectivity issues. On <a class="external" href="https://developers.redhat.com/topics/linux/" rel="nofollow">Linux</a>, <a class="external" href="https://www.tcpdump.org/" rel="nofollow">tcpdump</a> is probably the most common way to do this, but some use <a class="external" href="https://www.wireshark.org/" rel="nofollow">Wireshark</a> too.</p><h2>Where does tcpdump get the packets from?</h2><p>Internally, both <code>tcpdump</code> and <code>Wireshark</code> use the Packet Capture (<code>pcap</code>) library. When capturing packets, a socket with the <code>PF_PACKET</code> domain is created (see <code>man packet</code>) which allows you to receive and send packets at the layer 2 from the <a class="external" href="https://en.wikipedia.org/wiki/OSI_model" rel="nofollow">OSI model</a>.</p><p>From <a class="external" href="https://github.com/the-tcpdump-group/libpcap" rel="nofollow">libpcap</a>:</p><pre><code class="language-plaintext">sock_fd = is_any_device ?
socket(PF_PACKET, SOCK_DGRAM, 0) :
socket(PF_PACKET, SOCK_RAW, 0);</code></pre><p>Note that the last parameter in the socket call is later set to a specific protocol, or <code>ETH_P_ALL</code> if none is explicitly provided. The latter makes all packets to be received by the socket.</p><p>This allows to get packets directly after the device driver in ingress, without any change being made to the packet, and right before entering the device driver on egress. Or to say it differently packets are seen between the networking stack and the NIC drivers.</p><h2>Limitations</h2><p>While the above use of <code>PF_PACKET</code> works nicely, it also comes with limitations. As packets are retrieved from a very specific and defined place of the networking stack, they can only be seen in the state they were at that point, e.g., on ingress packets are seen before being processed by the firewall or qdiscs, and the opposite is true on egress.</p><h2>Offline analysis</h2><p>By default, <code>tcpdump</code> and <code>Wireshark</code> process packets live at runtime. But they can also store the captured packets data to a file for later analysis (<code>-w</code> option for <code>tcpdump</code>). The <code>pcap</code> file format (<code>application/vnd.tcpdump.pcap</code>) is used. Both tools (and others, e.g., <a class="external" href="https://tshark.dev/" rel="nofollow">tshark</a>), support reading <code>pcap</code> formatted files.</p><h2>How to capture packets from other places?</h2><p>Retrieving packets from other places of the networking stack using <code>tcpdump</code> or <code>Wireshark</code> is not possible. However, other initiatives emerged and targeted monitoring traffic within a single host, like <a class="external" href="https://github.com/retis-org/retis" rel="nofollow">Retis</a> (<a class="external" href="https://retis.readthedocs.io" rel="nofollow">documentation</a>).</p><p>Retis is a recently released tool aiming at improving visibility into the Linux networking stack and various control and data paths. It allows capturing networking-related events and providing relevant context using eBPF, with one notable feature being capturing packets on any (packet-aware—AKA socket buffer) kernel function and tracepoint.</p><p>To capture packets from the <code>net:netif_receive_skb</code> <a class="external" href="https://docs.kernel.org/trace/tracepoints.html" rel="nofollow">tracepoint</a>:</p><pre><code class="language-plaintext">$ retis collect -c skb -p net:netif_receive_skb
4 probe(s) loaded
4581128037918 (8) [irq/188-iwlwifi] 1264 [tp] net:netif_receive_skb
if 4 (wlp82s0) 2606:4700:4700::1111.53 &gt; [redacted].34952 ttl 54 label 0x66967 len 79 proto UDP (17) len 71</code></pre><p>Note that Retis can capture packets from multiple functions and tracepoints by using the above <code>-p</code> option multiple times. It can even identify packets and reconstruct their flow! To get a list of compatible functions and tracepoints, use <code>retis inspect -p</code>.</p><p>Also it should be noted that by default <code>tcpdump</code> and <code>Wireshark</code> put devices on promiscuous mode when dumping packets from a specific interface. This is not the case with Retis. An interface can be set in this mode manually by using <code>ip link set &lt;interface&gt; promisc on</code>.</p><p>In addition to the above, another tool provides a way to capture packets and convert them to a <code>pcap</code> file: bpftrace. It is a wonderful tool but is more low-level and requires to you write the probe definitions by hand and for compilation of the BPF program to take place on the target. Here the <code>skboutput</code> function can be used, as <a class="external" href="https://github.com/bpftrace/bpftrace/blob/v0.21.2/man/adoc/bpftrace.adoc#functions-skboutput" rel="nofollow">shown in the help</a>.</p><h2>Making the link</h2><p>That's nice, but while Retis is a powerful tool when used standalone, we might want to use the existing <code>tcpdump</code> and <code>Wireshark</code> tools but with packets captured from other places of the networking stack.</p><p>This can be done by using the Retis <code>pcap</code> post-processing command. This works in two steps: first Retis can capture and store packets, and then post-process them. The <code>pcap</code> sub-command allows converting Retis saved packets to a <code>pcap</code> format. This can then be used to feed existing <code>pcap</code>-aware tools, such as <code>tcpdump</code> and <code>Wireshark</code>:</p><pre><code class="language-plaintext">$ retis collect -c skb -p net:netif_receive_skb -p net:net_dev_start_xmit -o
$ retis print
4581115688645 (9) [isc-net-0000] 12796/12797 [tp] net:net_dev_start_xmit
if 4 (wlp82s0) [redacted].34952 &gt; 2606:4700:4700::1111.53 ttl 64 label 0x79c62 len 59 proto UDP (17) len 51
4581128037918 (8) [irq/188-iwlwifi] 1264 [tp] net:netif_receive_skb
if 4 (wlp82s0) 2606:4700:4700::1111.53 &gt; [redacted].34952 ttl 54 label 0x66967 len 79 proto UDP (17) len 71
$ retis pcap --probe net:net_dev_start_xmit | tcpdump -nnr -
01:31:55.688645 IP6 [redacted].34952 &gt; 2606:4700:4700::1111.53: 28074+ [1au] A? &lt;a href="http://redhat.com" rel="nofollow"&gt;redhat.com&lt;/a&gt;. (51)
$ retis pcap --probe net:netif_receive_skb -o retis.pcap
$ wireshark retis.pcap</code></pre><p>As seen above, Retis can collect packets from multiple probes during the same session. All packets seen on a given probe can then be filtered and converted to the <code>pcap</code> format.</p><p>When generating <code>pcap</code> files, Retis adds a comment in every packet with a description of the probe the packet was retrieved on:</p><pre><code class="language-plaintext">$ capinfos -p retis.pcap
File name: retis.pcap
Packet 1 Comment: probe=raw_tracepoint:net:netif_receive_skb</code></pre><p>In many cases, tools like <code>tcpdump</code> and <code>Wireshark</code> are sufficient. But, due to their design, they can only dump packets from a very specific place of the networking stack, which in some cases can be limiting. When that's the case it's possible to use more recent tools like Retis, either standalone or in combination with the beloved pcap aware utilities to allow using familiar tools or easily integrate this into existing scripts.</p> </div></div></summary></entry><entry><title>Red Hat OpenStack Services on OpenShift: Rethinking storage design in pod-based architectures</title><link href="https://www.redhat.com/en/blog/red-hat-openstack-services-on-openshift-rethinking-storage-design-pod-based-architectures" rel="alternate"></link><published>2025-01-14T10:45:52.764000Z</published><id>https://www.redhat.com/en/blog/red-hat-openstack-services-on-openshift-rethinking-storage-design-pod-based-architectures</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/red-hat-openstack-se/5741853:550c59">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/5741853.png" style="vertical-align: middle;width:16px;height:16px;"> Red Hat Blog.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="rh-generic--component"> <p>With the release of<a class="external" href="/en/about/press-releases/red-hat-openstack-services-openshift-now-generally-available" rel="nofollow"> Red Hat OpenStack Services on OpenShift</a>, there is a major change in the design and architecture that impacts how OpenStack is deployed and managed. The OpenStack control plane has moved from traditional standalone containers on <a class="external" href="/en/technologies/linux-platforms/enterprise-linux" rel="nofollow">Red Hat Enterprise Linux</a> (RHEL) to an advanced pod-based<a class="external" href="/en/topics/containers/what-is-kubernetes" rel="nofollow"> Kubernetes </a>managed architecture.</p><h2>Introducing Red Hat OpenStack Services on OpenShift</h2><p>In this new form factor, the OpenStack control services such as keystone, nova, glance and neutron that were once deployed as standalone containers on top of bare metal or <a class="external" href="/en/topics/virtualization/what-is-a-virtual-machine" rel="nofollow">virtual machines </a>(VMs) are now deployed as native <a class="external" href="/en/technologies/cloud-computing/openshift" rel="nofollow">Red Hat OpenShift</a> pods leveraging the flexibility, placement, abstraction and scalability of Kubernetes orchestration</p><p>The OpenStack compute nodes that are running VMs are still relying on RHEL, with the difference being that it is provisioned by Metal3 and configured by an OpenShift operator using <a class="external" href="/en/technologies/management/ansible" rel="nofollow">Red Hat Ansible Automation Platform</a> behind the scenes. It is worth noting that it’s still possible to bring preprovisioned nodes with RHEL pre-install.</p><h2>New approach, new storage considerations</h2><p>Deploying and managing the OpenStack control plane on top of OpenShift brings several new advantages, but it also comes with new storage considerations.</p><p>Previously, the OpenStack control plane was deployed as three “controllers†which usually took form as bare metal servers or, in some cases, VMs.</p><p>In terms of storage, the OpenStack control services used the server’s local disk(s) to write persistent data (or a network storage backend when booting from your storage area network (SAN)).</p><p>With the shift to a native OpenShift approach, the OpenStack control services are dynamically scheduled across OpenShift workers as pods. This approach introduces a number of benefits, but the default pod storage option is to use ephemeral storage. Ephemeral storage is perfectly fine for stateless services such as the service’s API, but not appropriate for services that require persistent data such as the control plane database. When a pod restarts or terminates, it must get its data back.</p><p>Fortunately, OpenShift provides a <a class="external" href="https://docs.openshift.com/container-platform/latest/storage/understanding-persistent-storage.html" rel="nofollow">persistent storage abstraction layer</a> in the form of “Persistent Volumes†(PV) and “Persistent Volume Claim†(PVC) that enable pods to mount volumes that persist across pod’s lifecycle. This persistent storage framework is tightly coupled with another standard called <a class="external" href="https://docs.openshift.com/container-platform/latest/storage/container_storage_interface/persistent-storage-csi.html" rel="nofollow">Container Storage Interface</a> (CSI) that allows OpenShift to provision volumes from a variety of storage backends should the storage vendor provide a certified CSI Driver.</p> <a class="rhdc-media__image-link" href="/rhdc/managed-files/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%2C%20high%20level%20design_0.png" rel="nofollow"> <img alt="Red Hat OpenStack Services on OpenShift, high level design" src="https://www.redhat.com/rhdc/managed-files/styles/wysiwyg_full_width/private/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%2C%20high%20level%20design_0.png.webp?itok=0BVD-rYM" width="1170"/> </a> <p><br/>This is where the paradigm changes, in previous versions of Red Hat OpenStack, the control services' persistent data were stored on local controllers disks and no further design decisions were needed besides the size, type, performance and RAID level of the disks.</p><p>With OpenStack Services on OpenShift, a storage solution must also be considered for OpenShift alongside the traditional OpenStack storage.</p><p>In this article, we dive into the main available options to back OpenShift and OpenStack data for environments that are using Ceph or third-party storage solutions.</p><p>Before we get into the details, you may wonder which OpenStack control services need persistent storage:</p><ul><li>Glance for the staging area and optional cache</li><li>Galera for storing the database</li><li>OVN Northbound and Southbound database</li><li>RabbitMQ for storing the queues</li><li>Swift for storing object data when not using external physical nodes</li><li>Telemetry for storing metrics</li></ul><h2>Red Hat OpenStack Services on OpenShift with Red Hat Ceph Storage</h2><p>Ceph is a well known and widely used storage backend for OpenStack. It can serve block with Nova, Glance and Cinder, file with Manila, and object with S3/SWIFT APIs.</p><p>The integration between OpenStack Services on OpenShift and Ceph is the same as previous OpenStack versions—block is served by RADOS block devices (RBD), file by CephFS or network file system (NFS) and object by S3 or SWIFT.</p><p>The different OpenStack services are configured to connect to the Ceph cluster, but what changes is the way you configure it at install time, as we are now using native Kubernetes Custom Resources Definition (CDR) instead of TripleO templates as in previous versions.</p><p>The main design change is how to serve OpenShift volumes.</p><h3>Using Ceph across both platforms</h3><p>The first option is to use the same external Ceph cluster between OpenStack and OpenShift, consolidating the Ceph investment by sharing the storage resources.</p> <a class="rhdc-media__image-link" href="/rhdc/managed-files/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%20design%20with%20shared%20Ceph%20cluster_0.png" rel="nofollow"> <img alt="Red Hat OpenStack Services on OpenShift design with shared Ceph cluster" src="https://www.redhat.com/rhdc/managed-files/styles/wysiwyg_full_width/private/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%20design%20with%20shared%20Ceph%20cluster_0.png.webp?itok=SF5pEWDC" width="1170"/> </a> <p><br/> In the above diagram, OpenStack is consuming Ceph as usual, and OpenShift uses OpenShift Data Foundation (ODF) external mode to connect to the same cluster. <a class="external" href="https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/deploying_openshift_data_foundation_in_external_mode/index" rel="nofollow">ODF external</a> deploys the Ceph CSI drivers that allow OpenShift to provision persistent volumes from a Ceph cluster.</p><p>OpenStack and OpenShift use different Ceph pools and keys, but architects should review their cluster’s capacity and performance to anticipate any potential impact. It’s also possible to isolate the storage I/O of both platforms by customizing the CRUSH map and allowing data to be stored on different object storage daemons (OSDs).</p><p>The design outlined above shares the same Ceph cluster between OpenShift and OpenStack but they can be different clusters based on the use case.</p><h3>Third-party or local storage for OpenShift and Ceph for OpenStack</h3><p>In some cases, you do not want to share OpenStack and OpenShift data on the same cluster. As mentioned before, it’s possible to use another Ceph cluster but the capacity needed for the control plane services may not be enough to justify it.</p><p>Another option is to leverage OpenShift’s workers' local disks. To do so, OpenShift includes an out-of-the-box logical volume manager (LVM) based CSI operator called LVM Storage (<a class="external" href="https://docs.openshift.com/container-platform/4.16/storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.html" rel="nofollow">LVMS</a>). LVMS allows dynamic local provisioning of the persistent volumes via LVM on the workers' local disks. This has the advantage of using local direct disk performance at a minimum cost.</p><p>On the other hand, if the data being local to the worker, the pods relying on volumes cannot be evacuated to other workers. This is a limitation to consider, especially if OpenStack control services are deployed on more than three workers.</p><p>It is also possible to rely on an existing third-party backend using a certified CSI driver which would remove the 1:1 pinning between the pod and the volume but can increase the cost. Using ODF internally as an OpenShift storage solution is also an option.</p><p>The OpenStack integration to Ceph remains the same.</p> <a class="rhdc-media__image-link" href="/rhdc/managed-files/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%20design%20with%20Ceph%20cluster%20for%20OpenStack%20and%20a.png" rel="nofollow"> <img alt="Red Hat OpenStack Services on OpenShift design with Ceph cluster for OpenStack and alternative solution for OpenShift" src="https://www.redhat.com/rhdc/managed-files/styles/wysiwyg_full_width/private/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%20design%20with%20Ceph%20cluster%20for%20OpenStack%20and%20a.png.webp?itok=SVbgq5s9" width="1170"/> </a> <h3>OpenStack with Ceph hyper-converged</h3><p>Deploying Ceph hyper-converged with OpenStack compute nodes is a popular solution to combine both compute and storage resources on the same hardware, reducing the cost and hardware footprint.</p><p>The integration with Ceph does not differ from an external Ceph besides the fact that the compute and storage services are collocated.</p><p>The OpenShift storage options are more limited, however, as it is not possible to use the hyper-converged Ceph cluster to back OpenShift persistent volumes.</p><p>The options are the same as those outlined in the previous section—OpenShift can rely on LVMS to leverage the local worker disks or use an existing third-party backend with a certified CSI driver.</p> <a class="rhdc-media__image-link" href="/rhdc/managed-files/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%20design%20Ceph%20HyperConverged%20for%20OpenStack.png" rel="nofollow"> <img alt="Red Hat OpenStack Services on OpenShift design with Ceph HyperConverged for OpenStack" src="https://www.redhat.com/rhdc/managed-files/styles/wysiwyg_full_width/private/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%20design%20Ceph%20HyperConverged%20for%20OpenStack.png.webp?itok=tWObEvkY" width="1170"/> </a> <h3>OpenStack with third-party storage solutions</h3><p>For environments that are not using Ceph, the same principle applies. The OpenStack integration does not change, the control and compute services are configured to use an external shared storage backend through iSCSI, FC, NFS, NVMe/TCP or other vendor-specific protocols. Cinder and Manila drivers are still used to integrate the storage solution with OpenStack.</p><p>On the OpenShift side, the options are to either use LVMS to leverage the local worker disks or use an existing third-party backend with a certified CSI driver. This third-party backend can be the same as the one used for OpenStack or a different one.</p> <a class="rhdc-media__image-link" href="/rhdc/managed-files/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%20design%20with%20third%20party%20storage_0.png" rel="nofollow"> <img alt="Red Hat OpenStack Services on OpenShift design with third party storage" src="https://www.redhat.com/rhdc/managed-files/styles/wysiwyg_full_width/private/Red%20Hat%20OpenStack%20Services%20on%20OpenShift%20design%20with%20third%20party%20storage_0.png.webp?itok=rVaRerCg" width="1170"/> </a> <h2>Wrap up</h2><p>As Red Hat OpenStack moves to a more modern OpenShift-based deployment model, new storage systems need to be considered. Red Hat OpenStack Services on OpenShift offers a broad set of options for storing the OpenStack control services and the end user’s data. Whether you’re using Ceph or not, and whether you want shared storage or to rely on local disks, the different supported combinations will match a vast set of use cases and requirements.</p><p>For more details on Red Hat OpenStack Services on OpenShift storage integration, please refer to our <a class="external" href="https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/planning_your_deployment/index" rel="nofollow">planning guide</a>. </p> </div></summary></entry><entry><title>How To Create Multi-Step Forms With Vanilla JavaScript And CSS</title><link href="https://css-tricks.com/how-to-create-multi-step-forms-with-vanilla-javascript-and-css/" rel="alternate"></link><published>2024-12-18T17:25:24.039000Z</published><id>https://css-tricks.com/how-to-create-multi-step-forms-with-vanilla-javascript-and-css/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/how-to-create-multi-/9536825:7511da">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/9536825.png" style="vertical-align: middle;width:16px;height:16px;"> Comments on: How to Create Multi-Step Forms With Vanilla JavaScript and CSS.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="article-content"> <p>Multi-step forms are a good choice when your form is large and has many controls. No one wants to scroll through a super-long form on a mobile device. By grouping controls on a screen-by-screen basis, we can improve the experience of filling out long, complex forms.</p> <p>But when was the last time you developed a multi-step form? Does that even sound fun to you? There’s so much to think about and so many moving pieces that need to be managed that I wouldn’t blame you for resorting to a form library or even some type of form widget that handles it all for you.</p> <p>But doing it by hand can be a good exercise and a great way to polish the basics. I’ll show you how I built my first multi-step form, and I hope you’ll not only see how approachable it can be but maybe even spot areas to make my work even better.</p> <p>We’ll walk through the structure together. We’ll build a job application, which I think many of us can relate to these recent days. I’ll scaffold the baseline HTML, CSS, and JavaScript first, and then we’ll look at considerations for accessibility and validation.</p> <span></span> <p>I’ve created a <a class="external" href="https://github.com/FatumaA/mulit-step-form/" rel="nofollow">GitHub repo for the final code</a> if you want to refer to it along the way.</p> <p>Our job application form has four sections, the last of which is a summary view, where we show the user all their answers before they submit them. To achieve this, we divide the HTML into four sections, each identified with an ID, and add navigation at the bottom of the page. I’ll give you that baseline HTML in the next section.</p> <p>Navigating the user to move through sections means we’ll also include a visual indicator for what step they are at and how many steps are left. This indicator can be a simple dynamic text that updates according to the active step or a fancier progress bar type of indicator. We’ll do the former to keep things simple and focused on the multi-step nature of the form.,</p> <p>We’ll focus more on the logic, but I will provide the code snippets and a link to the complete code at the end.</p> <p>Let’s start by creating a folder to hold our pages. Then, create an <code>index.html</code> file and paste the following into it:</p> <p>Looking at the code, you can see three sections and the navigation group. The sections contain form inputs and no native form validation. This is to give us better control of displaying the error messages because native form validation is only triggered when you click the submit button.</p> <p>Next, create a <code>styles.css</code> file and paste this into it:</p> <p>Open up the HTML file in the browser, and you should get something like the two-column layout in the following screenshot, complete with the current page indicator and navigation.</p> <p>Now, create a <code>script.js</code> file in the same directory as the HTML and CSS files and paste the following JavaScript into it:</p> <p>This script defines a method that shows and hides the section depending on the <code>formStep</code> values that correspond to the IDs of the form sections. It updates <code>stepInfo</code> with the current active section of the form. This dynamic text acts as a progress indicator to the user.</p> <p>It then adds logic that waits for the page to load and click events to the navigation buttons to enable cycling through the different form sections. If you refresh your page, you will see that the multi-step form works as expected.</p> <p>Let’s dive deeper into what the Javascript code above is doing. In the <code>updateStepVisibility()</code> function, we first hide all the sections to have a clean slate:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>formSteps.forEach((step) =&gt; {
document.getElementById(step).style.display = "none";
});</code></pre> <p>Then, we show the currently active section:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>document.getElementById(formSteps[currentStep]).style.display = "block";`</code></pre> <p>Next, we update the text that indicators progress through the form:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>stepInfo.textContent = `Step ${currentStep + 1} of ${formSteps.length}`;</code></pre> <p>Finally, we hide the Previous button if we are at the first step and hide the Next button if we are at the last section:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>navLeft.style.display = currentStep === 0 ? "none" : "block";
navRight.style.display = currentStep === formSteps.length - 1 ? "none" : "block";</code></pre> <p>Let’s look at what happens when the page loads. We first hide the Previous button as the form loads on the first section:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>document.addEventListener("DOMContentLoaded", () =&gt; {
navLeft.style.display = "none";
updateStepVisibility();</code></pre> <p>Then we grab the Next button and add a click event that conditionally increments the current step count and then calls the <code>updateStepVisibility()</code> function, which then updates the new section to be displayed:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>navRight.addEventListener("click", () =&gt; {
if (currentStep &lt; formSteps.length - 1) {
currentStep++;
updateStepVisibility();
}
});</code></pre> <p>Finally, we grab the Previous button and do the same thing but in reverse. Here, we are conditionally decrementing the step count and calling the <code>updateStepVisibility()</code>:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>navLeft.addEventListener("click", () =&gt; {
if (currentStep &gt; 0) {
currentStep--;
updateStepVisibility();
}
});</code></pre> <p>Have you ever spent a good 10+ minutes filling out a form only to submit it and get vague errors telling you to correct this and that? I prefer it when a form tells me right away that something’s amiss so that I can correct it <em>before</em> I ever get to the Submit button. That’s what we’ll do in our form.</p> <p>Our principle is to clearly indicate which controls have errors and give meaningful error messages. Clear errors as the user takes necessary actions. Let’s add some validation to our form. First, let’s grab the necessary input elements and add this to the existing ones:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>const nameInput = document.getElementById("name");
const idNumInput = document.getElementById("idNum");
const emailInput = document.getElementById("email");
const birthdateInput = document.getElementById("birthdate")
const documentInput = document.getElementById("document");
const departmentInput = document.getElementById("department");
const termsCheckbox = document.getElementById("terms");
const skillsInput = document.getElementById("skills");</code></pre> <p>Then, add a function to validate the steps:</p> <p>Here, we check if each required input has some value and if the email input has a valid input. Then, we set the isValid boolean accordingly. We also call a <code>showError()</code> function, which we haven’t defined yet.</p> <p>Paste this code above the <code>validateStep()</code> function:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>function showError(input, message) {
const formControl = input.parentElement;
const errorSpan = formControl.querySelector(".error-message");
input.classList.add("error");
errorSpan.textContent = message;
}</code></pre> <p>Now, add the following styles to the stylesheet:</p> <p>If you refresh the form, you will see that the buttons do not take you to the next section till the inputs are considered valid:</p> <p>Finally, we want to add real-time error handling so that the errors go away when the user starts inputting the correct information. Add this function below the <code>validateStep()</code> function:</p> <p>This function clears the errors if the input is no longer invalid by listening to input and change events then calling a function to clear the errors. Paste the <code>clearError()</code> function below the <code>showError()</code> one:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>function clearError(input) {
const formControl = input.parentElement;
const errorSpan = formControl.querySelector(".error-message");
input.classList.remove("error");
errorSpan.textContent = "";
}</code></pre> <p>And now the errors clear when the user types in the correct value:</p> <p>The multi-step form now handles errors gracefully. If you do decide to keep the errors till the end of the form, then at the very least, jump the user back to the erroring form control and show some indication of how many errors they need to fix.</p> <p>In a multi-step form, it is valuable to show the user a summary of all their answers at the end before they submit and to offer them an option to edit their answers if necessary. The person can’t see the previous steps without navigating backward, so showing a summary at the last step gives assurance and a chance to correct any mistakes.</p> <p>Let’s add a fourth section to the markup to hold this summary view and move the submit button within it. Paste this just below the third section in <code>index.html</code>:</p> <p>Then update the <code>formStep</code> in your Javascript to read:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>const formSteps = ["one", "two", "three", "four"];</code></pre> <p>Finally, add the following classes to <code>styles.css</code>:</p> <pre class="wp-block-csstricks-code-block language-css"><code>.summary-section {
display: flex;
align-items: center;
gap: 10px;
}
.summary-section p:first-child {
width: 30%;
flex-shrink: 0;
border-right: 1px solid var(--secondary-color);
}
.summary-section p:nth-child(2) {
width: 45%;
flex-shrink: 0;
padding-left: 10px;
}
.edit-btn {
width: 25%;
margin-left: auto;
background-color: transparent;
color: var(--primary-color);
border: .7px solid var(--primary-color);
border-radius: 5px;
padding: 5px;
}
.edit-btn:hover {
border: 2px solid var(--primary-color);
font-weight: bolder;
background-color: transparent;
}
</code></pre> <p>Now, add the following to the top of the <code>script.js</code> file where the other <code>const</code>s are:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>const nameVal = document.getElementById("name-val");
const idVal = document.getElementById("id-val");
const emailVal = document.getElementById("email-val");
const bdVal = document.getElementById("bd-val")
const cvVal = document.getElementById("cv-val");
const deptVal = document.getElementById("dept-val");
const skillsVal = document.getElementById("skills-val");
const editButtons =
"name-edit": 0,
"id-edit": 0,
"email-edit": 0,
"bd-edit": 0,
"cv-edit": 1,
"dept-edit": 1,
"skills-edit": 2
};</code></pre> <p>Then add this function in <code>scripts.js</code>:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>function updateSummaryValues() {
nameVal.textContent = nameInput.value;
idVal.textContent = idNumInput.value;
emailVal.textContent = emailInput.value;
bdVal.textContent = birthdateInput.value;
const fileName = documentInput.files[0]?.name;
if (fileName)
const extension = fileName.split(".").pop();
const baseName = fileName.split(".")[0];
const truncatedName = baseName.length &gt; 10 ? baseName.substring(0, 10) + "..." : baseName;
cvVal.textContent = `${truncatedName}.${extension}`;
} else {
cvVal.textContent = "No file selected";
}
deptVal.textContent = departmentInput.value;
skillsVal.textContent = skillsInput.value || "No skills submitted";
}</code></pre> <p>This dynamically inserts the input values into the summary section of the form, truncates the file names, and offers a fallback text for the input that was not required.</p> <p>Then update the <code>updateStepVisibility()</code> function to call the new function:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>function updateStepVisibility() {
formSteps.forEach((step) =&gt; {
document.getElementById(step).style.display = "none";
});
document.getElementById(formSteps[currentStep]).style.display = "block";
stepInfo.textContent = `Step ${currentStep + 1} of ${formSteps.length}`;
if (currentStep === 3) {
updateSummaryValues();
}
navLeft.style.display = currentStep === 0 ? "none" : "block";
navRight.style.display = currentStep === formSteps.length - 1 ? "none" : "block";
}</code></pre> <p>Finally, add this to the <code>DOMContentLoaded</code> event listener:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>Object.keys(editButtons).forEach((buttonId) =&gt; {
const button = document.getElementById(buttonId);
button.addEventListener("click", (e) =&gt; {
currentStep = editButtons[buttonId];
updateStepVisibility();
});
});</code></pre> <p>Running the form, you should see that the summary section shows all the inputted values and allows the user to edit any before submitting the information:</p> <p>And now, we can submit our form:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>form.addEventListener("submit", (e) =&gt; {
e.preventDefault();
if (validateStep(2)) {
alert("Form submitted successfully!");
form.reset();
currentFormStep = 0;
updateStepVisibility();
}
});</code></pre> <p>Our multi-step form now allows the user to edit and see all the information they provide before submitting it.</p> <p>Making multi-step forms accessible starts with the basics: <strong>using semantic HTML.</strong> This is half the battle. It is closely followed by using appropriate form labels.</p> <p>Other ways to make forms more accessible include giving enough room to elements that must be clicked on small screens and giving meaningful descriptions to the form navigation and progress indicators.</p> <p>Offering feedback to the user is an important part of it; it’s not great to auto-dismiss user feedback after a certain amount of time but to allow the user to dismiss it themselves. Paying attention to contrast and font choice is important, too, as they both affect how readable your form is.</p> <p>Let’s make the following adjustments to the markup for more technical accessibility:</p> <ol class="wp-block-list">
<li><strong>Add <code>aria-required="true"</code> to all inputs except the skills one.</strong> This lets screen readers know the fields are required without relying on native validation.</li> <li><strong>Add <code>role="alert"</code> to the error spans.</strong> This helps screen readers know to give it importance when the input is in an error state.</li> <li><strong>Add <code>role="status" aria-live="polite"</code> to the <code>.stepInfo</code>.</strong> This will help screen readers understand that the step info keeps tabs on a state, and the aria-live being set to polite indicates that should the value change, it does not need to immediately announce it.</li>
</ol> <p>In the script file, replace the <code>showError()</code> and <code>clearError()</code> functions with the following:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>function showError(input, message) {
const formControl = input.parentElement;
const errorSpan = formControl.querySelector(".error-message");
input.classList.add("error");
input.setAttribute("aria-invalid", "true");
input.setAttribute("aria-describedby", errorSpan.id);
errorSpan.textContent = message;
}
function clearError(input) {
const formControl = input.parentElement;
const errorSpan = formControl.querySelector(".error-message");
input.classList.remove("error");
input.removeAttribute("aria-invalid");
input.removeAttribute("aria-describedby");
errorSpan.textContent = "";
}</code></pre> <p>Here, we programmatically add and remove attributes that explicitly tie the input with its error span and show that it is in an invalid state.</p> <p>Finally, let’s add focus on the first input of every section; add the following code to the end of the <code>updateStepVisibility()</code> function:</p> <pre class="wp-block-csstricks-code-block language-javascript"><code>const currentStepElement = document.getElementById(formSteps[currentStep]);
const firstInput = currentStepElement.querySelector(
"input, select, textarea"
);
if (firstInput) {
firstInput.focus();
}</code></pre> <p>And with that, the multi-step form is much more accessible.</p> <p>There we go, a four-part multi-step form for a job application! As I said at the top of this article, there’s a lot to juggle — so much so that I wouldn’t fault you for looking for an out-of-the-box solution.</p> <p>But if you have to hand-roll a multi-step form, hopefully now you see it’s not a death sentence. There’s a happy path that gets you there, complete with navigation and validation, without turning away from good, accessible practices.</p> <p>And this is just how I approached it! Again, I took this on as a personal challenge to see how far I could get, and I’m pretty happy with it. But I’d love to know if you see additional opportunities to make this even more mindful of the user experience and considerate of accessibility.</p> <p>Here are some relevant links I referred to when writing this article:</p> </div></summary></entry><entry><title>seddonym/import-linter: Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.</title><link href="https://github.com/seddonym/import-linter/?featured_on=talkpython" rel="alternate"></link><published>2024-12-15T09:20:29.452000Z</published><id>https://github.com/seddonym/import-linter/?featured_on=talkpython</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/seddonymimport-linte/0:68ceff">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
</summary></entry><entry><title>Publishing a simple client-side JavaScript package to npm with GitHub Actions</title><link href="https://til.simonwillison.net/npm/npm-publish-github-actions" rel="alternate"></link><published>2024-12-11T16:59:01.141000Z</published><author><name>Simon Willison</name></author><id>https://til.simonwillison.net/npm/npm-publish-github-actions</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/publishing-a-simple-/7901422:c70d48">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/7901422.png" style="vertical-align: middle;width:16px;height:16px;"> Simon Willison TIL.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<p>Here's what I learned about publishing a single file JavaScript package to NPM for my <a href="https://simonwillison.net/2024/Dec/7/prompts-js/" rel="nofollow">Prompts.js</a> project.</p>
<p>The code is in <a href="https://github.com/simonw/prompts-js">simonw/prompts-js</a> on GitHub. The NPM package is <a href="https://www.npmjs.com/package/prompts-js" rel="nofollow">prompts-js</a>.</p>
<div class="markdown-heading"><h2 class="heading-element">A simple single file client-side package</h2><a class="anchor" href="https://til.simonwillison.net/tils/feed.atom#a-simple-single-file-client-side-package" id="user-content-a-simple-single-file-client-side-package"><span class="octicon octicon-link"></span></a></div>
<p>For this project, I wanted to create an old-fashioned JavaScript file that you could include in a web page using a <code>&lt;script&gt;</code> tag. No TypeScript, no React JSK, no additional dependencies, no build step.</p>
<p>I also wanted to ship it to NPM, mainly so it would be magically available from various CDNs.</p>
<p>I think I've boiled that down to about as simple as I can get. Here's the <code>package.json</code> file:</p>
<div class="highlight highlight-source-json"><pre>{
<span class="pl-ent">"name"</span>: <span class="pl-s"><span class="pl-pds">"</span>prompts-js<span class="pl-pds">"</span></span>,
<span class="pl-ent">"version"</span>: <span class="pl-s"><span class="pl-pds">"</span>0.0.4<span class="pl-pds">"</span></span>,
<span class="pl-ent">"description"</span>: <span class="pl-s"><span class="pl-pds">"</span>async alternatives to browser alert() and prompt() and confirm()<span class="pl-pds">"</span></span>,
<span class="pl-ent">"main"</span>: <span class="pl-s"><span class="pl-pds">"</span>index.js<span class="pl-pds">"</span></span>,
<span class="pl-ent">"homepage"</span>: <span class="pl-s"><span class="pl-pds">"</span>https://github.com/simonw/prompts-js<span class="pl-pds">"</span></span>,
<span class="pl-ent">"scripts"</span>: {
<span class="pl-ent">"test"</span>: <span class="pl-s"><span class="pl-pds">"</span>echo <span class="pl-cce">\"</span>Error: no test specified<span class="pl-cce">\"</span> &amp;&amp; exit 1<span class="pl-pds">"</span></span>
},
<span class="pl-ent">"author"</span>: <span class="pl-s"><span class="pl-pds">"</span>Simon Willison<span class="pl-pds">"</span></span>,
<span class="pl-ent">"license"</span>: <span class="pl-s"><span class="pl-pds">"</span>Apache-2.0<span class="pl-pds">"</span></span>,
<span class="pl-ent">"repository"</span>: {
<span class="pl-ent">"type"</span>: <span class="pl-s"><span class="pl-pds">"</span>git<span class="pl-pds">"</span></span>,
<span class="pl-ent">"url"</span>: <span class="pl-s"><span class="pl-pds">"</span>git+https://github.com/simonw/prompts-js.git<span class="pl-pds">"</span></span>
},
<span class="pl-ent">"keywords"</span>: [
<span class="pl-s"><span class="pl-pds">"</span>alert<span class="pl-pds">"</span></span>,
<span class="pl-s"><span class="pl-pds">"</span>prompt<span class="pl-pds">"</span></span>,
<span class="pl-s"><span class="pl-pds">"</span>confirm<span class="pl-pds">"</span></span>,
<span class="pl-s"><span class="pl-pds">"</span>async<span class="pl-pds">"</span></span>,
<span class="pl-s"><span class="pl-pds">"</span>promise<span class="pl-pds">"</span></span>,
<span class="pl-s"><span class="pl-pds">"</span>dialog<span class="pl-pds">"</span></span>
],
<span class="pl-ent">"files"</span>: [
<span class="pl-s"><span class="pl-pds">"</span>index.js<span class="pl-pds">"</span></span>,
<span class="pl-s"><span class="pl-pds">"</span>README.md<span class="pl-pds">"</span></span>,
<span class="pl-s"><span class="pl-pds">"</span>LICENSE<span class="pl-pds">"</span></span>
]
}</pre></div>
<p>That "scripts.test" block probably isn't necessary. The <code>keywords</code> are used when you deploy to NPM, and the <code>files</code> block tells NPM which files to include in the package.</p>
<p>The <code>"repository"</code> block is used by NPM's <a href="https://docs.npmjs.com/generating-provenance-statements" rel="nofollow">provenance statements</a>. Don't worry too much about these - they're only needed if you use the <code>npm publish --provenance</code> option later on.</p>
<p>Really the three most important keys here are <code>"name"</code>, which needs to be a unique name on NPM, <code>"version"</code> and that <code>"main"</code> key. I set <code>"main"</code> to <code>index.js</code>.</p>
<p>All that's needed now is that <code>index.js</code> file - and optionally the <code>README.md</code> and <code>LICENSE</code> files if we want to include them in the package. The <code>README.md</code> ends up displayed on the NPM listing page so it's worth including.</p>
<p>Here's my <a href="https://github.com/simonw/prompts-js/blob/main/index.js">index.js</a> file. It starts and ends like this (an <a href="https://developer.mozilla.org/en-US/docs/Glossary/IIFE" rel="nofollow">IFFE</a>):</p>
<div class="highlight highlight-source-js"><pre><span class="pl-k">const</span> <span class="pl-v">Prompts</span> <span class="pl-c1">=</span> <span class="pl-kos">(</span><span class="pl-k">function</span> <span class="pl-kos">(</span><span class="pl-kos">)</span> <span class="pl-kos">{</span>
<span class="pl-c">// ...</span>
<span class="pl-k">return</span> <span class="pl-kos">{</span> alert<span class="pl-kos">,</span> confirm<span class="pl-kos">,</span> prompt <span class="pl-kos">}</span><span class="pl-kos">;</span>
<span class="pl-kos">}</span><span class="pl-kos">)</span><span class="pl-kos">(</span><span class="pl-kos">)</span><span class="pl-kos">;</span></pre></div>
<div class="markdown-heading"><h2 class="heading-element">Publishing to NPM</h2><a class="anchor" href="https://til.simonwillison.net/tils/feed.atom#publishing-to-npm" id="user-content-publishing-to-npm"><span class="octicon octicon-link"></span></a></div>
<p>With these pieces in place, running <code>npm publish</code> in the root of the project will publish the package to NPM - after first asking you to sign into your NPM account.</p>
<div class="markdown-heading"><h2 class="heading-element">Automating this with GitHub Actions</h2><a class="anchor" href="https://til.simonwillison.net/tils/feed.atom#automating-this-with-github-actions" id="user-content-automating-this-with-github-actions"><span class="octicon octicon-link"></span></a></div>
<p>I use GitHub Actions that trigger on any release to publish all of my Python projects to PyPI. I wanted to do the same for this JavaScript project.</p>
<p>I found <a href="https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages#publishing-packages-to-the-npm-registry">this example</a> in the GitHub documentation which gave me most of what I needed. This is in <a href="https://github.com/simonw/prompts-js/blob/main/.github/workflows/publish.yml">.github/workflows/publish.yml</a>:</p>
<div class="highlight highlight-source-yaml"><pre><span class="pl-ent">name</span>: <span class="pl-s">Publish Package to npmjs</span>
<span class="pl-ent">on</span>:
<span class="pl-ent">release</span>:
<span class="pl-ent">types</span>: <span class="pl-s">[published]</span>
<span class="pl-ent">jobs</span>:
<span class="pl-ent">build</span>:
<span class="pl-ent">runs-on</span>: <span class="pl-s">ubuntu-latest</span>
<span class="pl-ent">permissions</span>:
<span class="pl-ent">contents</span>: <span class="pl-s">read</span>
<span class="pl-ent">id-token</span>: <span class="pl-s">write</span>
<span class="pl-ent">steps</span>:
- <span class="pl-ent">uses</span>: <span class="pl-s">actions/checkout@v4</span>
- <span class="pl-ent">uses</span>: <span class="pl-s">actions/setup-node@v4</span>
<span class="pl-ent">with</span>:
<span class="pl-ent">node-version</span>: <span class="pl-s"><span class="pl-pds">'</span>20.x<span class="pl-pds">'</span></span>
<span class="pl-ent">registry-url</span>: <span class="pl-s"><span class="pl-pds">'</span>https://registry.npmjs.org<span class="pl-pds">'</span></span>
- <span class="pl-ent">run</span>: <span class="pl-s">npm publish --provenance --access public</span>
<span class="pl-ent">env</span>:
<span class="pl-ent">NODE_AUTH_TOKEN</span>: <span class="pl-s">${{ secrets.NPM_TOKEN }}</span></pre></div>
<p>There's that <code>--provenance</code> option which only works if you have the <code>repository</code> block set up in your <code>package.json</code>.</p>
<p>This needs a secret called <code>NPM_TOKEN</code> to be set up in the GitHub repository settings.</p>
<p>It took me a few tries to get this right. It needs to be a token created on the NPM website using the Access Tokens menu item, then Generate New Token -&gt; Classic Token. As far as I can tell the new "Granular Access Token" format doesn't work for this as it won't allow you to create a token that never expires, and I never want to have to remember to update the secret in the future.</p>
<p>An "Automation" token should do the trick here - it bypasses 2-factor authentication when publishing.</p>
<p>Set that in GitHub Actions as a secret called <code>NPM_TOKEN</code> and now you can publish a new version of your package to NPM by doing the following:</p>
<ol>
<li>Update the version number in <code>package.json</code>
</li>
<li>Create a new release on GitHub with a tag that matches the version number</li>
</ol></summary></entry><entry><title>Simple trick to save environment and money when using GitHub Actions</title><link href="https://turso.tech/blog/simple-trick-to-save-environment-and-money-when-using-github-actions" rel="alternate"></link><published>2024-12-11T15:55:31.348000Z</published><id>https://turso.tech/blog/simple-trick-to-save-environment-and-money-when-using-github-actions</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/simple-trick-to-save/0:c698b4">shared this story</a>
.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="prose prose-invert prose-quoteless prose-a:text-aquamarine prose-lg max-w-none"><p>We recently onboarded <a class="external" href="https://x.com/SivukhinN" rel="nofollow">Nikita Sivukhin</a> as a new member of our Engineering team at <a class="external" href="https://turso.tech" rel="nofollow">Turso</a>. He immediately started to have meaningful contributions to our <a class="external" href="https://turso.tech/vector" rel="nofollow">Native Vector Search</a> but something else triggered me to write this article. In addition to working on his main task, Nikita started to poke around our codebase and to fix anything he found worth tackling. This is a great proactive approach which I highly recommend to any software engineer. One thing improved by Nikita was our GitHub Actions setup to avoid running jobs that are no longer needed. This is great because GitHub Actions not only consume electricity when they run but also either cost money when used for private repositories or have some usage quota for open source projects.</p>
<h2 class="relative"><a class="opacity-70 hover:opacity-90 pr-2 font-semibold -ml-7" href="http://#what-s-the-problem" rel="nofollow">#</a><a class="external" href="http://#whats-theproblem" rel="nofollow"><span class="icon icon-link"></span></a>What's the problem</h2>
<p>We use GitHub Actions for our CI/CD at <a class="external" href="https://turso.tech" rel="nofollow">Turso</a>. Both on open source projects and the ones that are private. Among other things, we run GitHub Actions on our Pull Requests. Some of those actions are pretty heavy and can take considerable amount of time. Rust compilation has its share but we also run all sorts of tests spanning from unit tests to end-to-end tests. It isn't uncommon for Pull Request to be updated before CI/CD is finished for the previous version. Unfortunately, GitHub does not cancel GitHub Actions for a stale version of the code and those tasks keep running until they either fail or fully finish. This is a problem because those old runs of CI/CD consume resources like electricity and GitHub Action runners even though no one is interested in the outcome of the run any more.</p>
<h2 class="relative"><a class="opacity-70 hover:opacity-90 pr-2 font-semibold -ml-7" href="http://#solution" rel="nofollow">#</a><a class="external" href="http://#solution" rel="nofollow"><span class="icon icon-link"></span></a>Solution</h2>
<p>This problem can be easily solved in a universal way. If you're running your GitHub Actions on <code>pull_request:</code> target then you just need to add the following snipped to the definition of your GitHub workflow:</p>
<pre><code class="hljs language-yaml">concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
</code></pre>
<p>And voilà , GitHub will start to cancel all old GitHub Actions runs that are stale after a new version of the Pull
Request was uploaded. You can see the solution in wider context in <a class="external" href="https://github.com/tursodatabase/libsql/pull/1540" rel="nofollow">Nikita's Pull Request</a> that added this to <a class="external" href="https://turso.tech/libsql" rel="nofollow">LibSQL</a> GitHub repository.</p>
<h2 class="relative"><a class="opacity-70 hover:opacity-90 pr-2 font-semibold -ml-7" href="http://#effects" rel="nofollow">#</a><a class="external" href="http://#effects" rel="nofollow"><span class="icon icon-link"></span></a>Effects</h2>
<p>As a consequence of this change you will start seeing new result type in your GitHub Actions summary page. There will be not only green circle with a tick and red circle with an X but also a grey octagon with an exclamation point that means a task was cancelled. Below is a screenshot from GitHub Actions summary page of <a class="external" href="https://turso.tech/libsql" rel="nofollow">LibSQL</a> repository</p>
<p></p>
<p>During the first week after Nikita's Pull Request had been merged, 56 tasks were cancelled in <a class="external" href="https://turso.tech/libsql" rel="nofollow">LibSQL</a> repository alone.</p>
<h2 class="relative"><a class="opacity-70 hover:opacity-90 pr-2 font-semibold -ml-7" href="http://#conclusion" rel="nofollow">#</a><a class="external" href="http://#conclusion" rel="nofollow"><span class="icon icon-link"></span></a>Conclusion</h2>
<p>I hope that this short article was able to convince you that if you're using GitHub Actions for your CI/CD then you can easily become more environment friendly and possibly save some money on GitHub bills.</p></div></summary></entry><entry><title>Brendan Gregg's Blog</title><link href="https://www.brendangregg.com/blog/2024-10-29/ai-flame-graphs.html" rel="alternate"></link><published>2024-12-11T15:45:32.342000Z</published><id>https://www.brendangregg.com/blog/2024-10-29/ai-flame-graphs.html</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/brendan-greggs-blog/5492585:438980">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/5492585.png" style="vertical-align: middle;width:16px;height:16px;"> Brendan Gregg&#x27;s Blog.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div class="post">
<p>Imagine halving the resource costs of AI and what that could mean for the planet and the industry -- based on extreme estimates such savings could reduce the total US power usage by over 10% by 2030<sup>1</sup>. At Intel we've been creating a new analyzer tool to help reduce AI costs called <em>AI Flame Graphs</em>: a visualization that shows an AI accelerator or GPU hardware profile along with the full software stack, based on my <strong><a class="external" href="https://www.brendangregg.com/FlameGraphs/cpuflamegraphs.html" rel="nofollow">CPU flame graphs</a></strong>. Our first version is available to customers in the <strong><a class="external" href="https://www.intel.com/content/www/us/en/developer/tools/devcloud/services.html" rel="nofollow">Intel Tiber AI Cloud</a></strong> as a preview for the Intel Data Center GPU Max Series (previously called Ponte Vecchio). Here is an example:</p> <p></p><center><a class="external" href="/blog/images/2024/matrixAIflamegraph.svg" rel="nofollow"><img alt="" src="https://www.brendangregg.com/blog/images/2024/matrixAIflamegraph.png" width="700"/></a><br/><em>Simple example: SYCL matrix multiply microbenchmark</em></center> <p>(Click for interactive <a class="external" href="/blog/images/2024/matrixAIflamegraph.svg" rel="nofollow">SVG</a>.) The green frames are the actual instructions running on the AI or GPU accelerator, aqua shows the source code for these functions, and red (C), yellow (C++), and orange (kernel) show the CPU code paths that initiated these AI/GPU programs. The gray "-" frames just help highlight the boundary between CPU and AI/GPU code. The x-axis is proportional to cost, so you look for the widest things and find ways to reduce them.</p> <p></p><center><img alt="" src="https://www.brendangregg.com/blog/images/2024/AIflamegraph-legend.png" width="150"/><br/><em>Layers</em></center> <p>This flame graph shows a simple program for SYCL (a high-level C++ language for accelerators) that tests three implementations of matrix multiply, running them with the same input workload. The flame graph is dominated by the slowest implementation, multiply_basic(), which doesn't use any optimizations and consumes at 72% of stall samples and is shown as the widest tower. On the right are two thin towers for multiply_local_access() at 21% which replaces the accessor with a local variable, and multiply_local_access_and_tiling() at 6% which also adds matrix tiling. The towers are getting smaller as optimizations are added.</p> <p>This flame graph profiler is a prototype based on Intel EU stall profiling for hardware profiling and <a class="external" href="https://ebpf.io/" rel="nofollow">eBPF</a> for software instrumentation. It's designed to be <strong>easy and low-overhead</strong>, just like a CPU profiler. You should be able to generate a flame graph of an existing AI workload whenever you want, without having to restart anything or launch additional code via an interposer.</p> <h2>Instruction-offset Profiling</h2> <p>This is not the first project to build an AI profiler or even something called an AI Flame Graph, however, others I've seen focus on tracing CPU stacks and timing accelerator execution, but don't profile the instruction offsets running on the accelerator; or do profile them but via expensive binary instrumentation. I wanted to build AI flame graphs that work like CPU flame graphs: Easy to use, negligible cost, production safe, and shows everything. A daily tool for developers, with most of the visualization <em>in the language of the developer</em>: source code functions.</p> <p>This has been an internal AI project at Intel for the past year. Intel was already investing in this space, building the EU stall profiler capability for the Intel Data Center GPU Max Series that provides an approximation of HW instruction sampling. I was lucky to have <strong>Dr. Matthew (Ben) Olson</strong>, an Intel AI engineer who has also worked on eBPF performance tooling (<a class="external" href="https://github.com/intel/processwatch" rel="nofollow">processwatch</a>) as well as memory management research, join my team and do most of the development work. His background has helped us power through difficulties that seemed insurmountable. We've also recently been joined by <strong>Dr. Brandon Kammerdiener</strong> (coincidentally another graduate of the University of Tennessee, like Ben), who also has eBPF and memory internals experience, and has been helping us take on harder and harder workloads. And <strong>Gabriel Muñoz</strong> just joined today to help with releases. Now that our small team has shown that this is possible, we'll be joined by other teams at Intel to develop this further.</p> <p>We could have built a harder-to-use and higher-overhead version months ago using Intel <a class="external" href="http://binary%20instrumentation" rel="nofollow">GTPin</a> but for widespread adoption it needs minimal overhead and ease of use so that developers don't hesitate to use this daily and to add it to deployment pipelines.</p> <h2>What's a Flame Graph?</h2> <p></p><center><img alt="" src="https://www.brendangregg.com/blog/images/2024/flamegraph-cost.png" width="300"/></center> <p>A <a class="external" href="https://www.brendangregg.com/flamegraphs.html" rel="nofollow">flame graph</a> is a visualization I invented in 2011 for showing sampled code stack traces. It has become the standard for CPU profiling and analysis, helping developers quickly find performance improvements and eliminate regressions. A CPU flame graph shows the "big picture" of running software, with x-axis proportional to CPU cost. The example picture on the right summarizes how easy it can be to go from compute costs to responsible code paths. Prior to flame graphs, it could take hours to understand a complex profile by reading through <a class="external" href="https://www.brendangregg.com/FlameGraphs/cpuflamegraphs.html#Problem" rel="nofollow">hundreds of pages of output</a>. Now it takes seconds: all you have to do is look for the widest rectangles.</p> <p>Flame graphs have had worldwide adoption. They have been the basis for five startups so far, have been adopted in over thirty performance analysis products, and have had <a class="external" href="https://www.brendangregg.com/Slides/YOW2022_flame_graphs/#8" rel="nofollow">over eighty implementations</a>.</p> <p>My first implementation of flame graphs took a few hours on a Wednesday night after work. The real effort has been in the decade since, where I worked with different profilers, runtimes, libraries, kernels, compilers, and hypervisors to get flame graphs working properly in different environments, including fixing stack walking and symbolization. Earlier this year I posted about the final missing piece: Helping distros <a class="external" href="/blog/2024-03-17/the-return-of-the-frame-pointers.html" rel="nofollow">enable frame pointers</a> so that profiling works across standard system libraries.</p> <p>Similar work is necessary for AI workloads: fixing stacks and symbols and getting profiling to work for different hardware, kernel drivers, user-mode drivers, frameworks, runtimes, languages, and models. A lot more work, too, as AI analysis has less maturity than CPU analysis.</p> <h2>Searching Samples</h2> <p>If you are new to flame graphs, it's worth mentioning the built-in search capability. In the earlier example, most of the stall samples are caused by sbid: software scoreboard dependency. As that may be a unique search term, you can run search (Ctrl-F, or click "Search") on "sbid" and it will highlight it in magenta:</p> <p></p><center><img alt="" src="https://www.brendangregg.com/blog/images/2024/AIflamegraph-search.png" width="530"/></center> <p>Search also shows the total number of stack samples that contained sbid in the bottom right: 78.4%. You can search for any term in the flame graph: accelerator instructions, source paths, function names, etc., to quickly calculate the percentage of stacks where it is present (excluding vertical overlap) helping you prioritise performance work.</p> <p>Note that the samples are EU stall-based, which means theoretical performance wins can take the percentages down to zero. This is different to timer-based samples as are typically used in CPU profiling. Stalls mean you better focus on the pain, the parts of the code that aren't making forward progress, but you aren't seeing resource usage by unstalled instructions. I'd like to supuport timer-based samples in the future as well, so we can have both views.</p> <h2>Who will use this?</h2> <p>At a recent golang conference, I asked the audience of 200+ to raise their hands if they were using CPU flame graphs. Almost every hand went up. I know of companies where flame graphs are a daily tool that developers use to understand and tune their code, reducing compute costs. This will become a daily tool for AI developers.</p> <p>My employer will use this as well for evaluation analysis, to find areas to tune to beat competitors, as well as to better understand workload performance to aid design.</p> <h2>Why is AI profiling hard?</h2> <p>Consider CPU instruction profiling: This is easy when the program and symbol table are both in the file system and in a standardized file format (such as ELF) as is the case with native compiled code (C). CPU profiling gets hard for JIT-complied code, like Java, as instructions and symbols are dynamically generated and placed in main memory (the process heap) without following a universal standard. For such JITted code we use runtime-specific methods and agents to retrieve snapshots of the heap information, which is different for each runtime.</p> <p>AI workloads also have different runtimes (and frameworks, languages, user-mode drivers, compilers, etc.) any of which can require special tinkering to get their CPU stacks and symbols to work. These CPU stacks are shown as the red, orange, and yellow frames in the AI Flame Graph. Some AI workloads are easy to get these frames working, some (like PyTorch) are a lot more work. </p> <p></p><center><img alt="" src="https://www.brendangregg.com/blog/images/2024/AIsourcezoom.png" width="450"/></center> <p>But the real challenge is instruction profiling of actual GPU and AI accelerator programs -- shown as the aqua and green frames -- and correctly associating them with the CPU stacks beneath them. Not only may these GPU and AI programs not exist in the file system, but they may not even exist in main memory! Even for running programs. Once execution begins, they may be deallocated from main memory and only exist in special accelerator memory, beyond the direct reach of OS profilers and debuggers. Or within reach, but only through a prohibitively high-overhead HW-specific debugger interface.</p> <p>There's also no /proc representation for these programs either (I've been proposing building an equivalent) so there's no direct way to even tell what is running and what isn't, and all the other /proc details. Forget instruction profiling, even ps(1) and all the other process tools do not work.</p> <p>It's been a mind-bending experience, revealing what gets taken for granted because it has existed in CPU land for decades: A process table. Process tools. Standard file formats. Programs that exist in the file system. Programs running from main memory. Debuggers. Profiliers. Core dumping. Disassembling. Single stepping. Static and dynamic instrumentation. Etc. For GPUs and AI, this is all far less mature. It can make the work exciting at times, when you think something is impossible and then find or devise a way.</p> <p>Fortunately we have a head start as some things do exist. Depending on the runtime and kernel driver, there are debug interfaces where you can list running accelerator programs and other statistics, as used by tools like intel_gpu_top(1). You can kill -9 a GPU workload using intel_gpu_abrt(1). Some interfaces can even generate basic ELF files for the running accelerator programs that you can try to load in a debugger like gdb(1). And there is support for GPU/AI program disassembly, if you can get your hands on the binary. It feels to me like GPU/AI debugging, OS style, is about two years old. Better than zero, but still early on, and lots more ahead of us. A decade, at least.</p> <h2>What do AI developers think of this?</h2> <p>We've shown AI Flame Graphs to other AI developers at Intel and a common reaction is to be a bit puzzled, wondering what to do with it. AI developers think about their bit of code, but with AI Flame Graphs they can now see the entire stack for the first time, including the HW, and many layers they don't usually think about or don't know about. It basically looks like a pile of gibberish with their code only a small part of the flame graph.</p> <p></p><center><a class="external" href="https://www.brendangregg.com/Slides/YOW2022_flame_graphs/#8" rel="nofollow"><img alt="" src="https://www.brendangregg.com/blog/images/2024/flamegraph-montage.png" width="190"/></a><br/><em>CPU Flame Graph Implementations</em></center> <p>This reaction is similar to people's first experiences with CPU flame graphs, which show parts of the system that developers and engineers typically don't work on, such as runtime internals, system libraries, and kernel internals. Flame graphs are great at highlighting the dozen or so functions that matter the most, so it becomes a problem of learning what those functions do across a few different code bases, which are typically open source. Understanding a dozen such functions can take a few hours or even a few days -- but if this leads to a 10% or 2x cost win, it is time well spent. And the next time the user looks at a flame graph, they start saying "I've seen that function before" and so on. You can get to the point where understanding the bulk of a CPU flame graph takes less than a minute: look for the widest tower, click to zoom, read the frames, done.</p> <p>I'm encouraged by the success of CPU flame graphs, with over 80 implementations and countless real world case studies. Sometimes I'm browsing a performance issue I care about on github and hit page down and there's a CPU flame graph. They are everywhere.</p> <p>I expect AI developers will also be able to understand AI Flame Graphs in less than a minute, but to start with people will be spending a day or more browsing code bases they didn't know were involved. Publishing case studies of found wins will also help people learn how to interpret them, and also help explain the value.</p> <h2>What about PyTorch?</h2> <p>Another common reaction we've had is that AI developers are using PyTorch, and initially we didn't support it as it meant walking Python stacks, which isn't trivial. But prior work has been done there (to support CPU profiling) and after a lot of tinkering we now have the first PyTorch AI Flame Graph:</p> <p></p><center><a class="external" href="/blog/images/2024/PyTorchFlamegraph.svg" rel="nofollow"><img alt="" src="https://www.brendangregg.com/blog/images/2024/PyTorchFlamegraph.png" width="700"/></a><br/><em>PyTorch frames in pink </em></center> <p>(Click for interactive <a class="external" href="/blog/images/2024/PyTorchFlamegraph.svg" rel="nofollow">SVG</a>.) The PyTorch functions are at the bottom and are colored pink. This example runs oneDNN kernels that are JIT-generated, and don't have a source path so that layer just reads "jit". Getting all other the layers included was a real pain to get going, but an important milestone. We think if we can do PyTorch we can do anything.</p> <p>In this flame graph, we show PyTorch running the Llama 2 7B model using the Intel Extensions for PyTorch (IPEX). This flame graph shows the origin of the GPU kernel execution all the way back to the Python source code shown in pink. Most samples are from a stack leading up to a gemm_kernel (matrix multiply) shown in aqua, which like the previous example has many stalls due to software scoreboarding.</p> <p>There are two instructions (0xa30 and 0xa90) that combined are 27% of the entire profile. I expect someone will ask: Can't we just click on instructions and have it bring up a dissassembly view with full source? Yes, that should be possible, but I can't answer how we're going to provide this yet. Another expected question I can't yet answer: Since there are now multiple products providing AI auto-tuning of CPU workloads using CPU flame graphs (including <a class="external" href="https://granulate.io/" rel="nofollow">Intel Granulate</a>) can't we have AI auto-tuning of <em>AI</em> workloads using AI Flame Graphs?</p> <h2>First Release: Sometimes hard and with moderate overhead</h2> <p>Getting AI Flame Graphs to work with some workloads is easy, but others are currently hard and cost moderate overhead. It's similar to CPU profiling, where some workloads and languages are easy to profile, whereas others need various things fixed. Some AI workloads use many software dependencies that need various tweaks and recompilation (e.g., enabling frame pointers so that stack walking works) making setup time consuming. PyTorch is especially difficult and can take over a week of OS work to be ready for AI Flame Graphs. We will work on getting these tweaks changed upstream in their respective repositories, something involving teams inside and outside of Intel, and is a process I'd expect to take at least a year. During that time AI workloads will gradually become easier to flame graph, and with lower-overhead as well.</p> <p>I'm reminded of eBPF in the early days: You had to patch and recompile the kernel and LLVM and Clang, which could take multiple days if you hit errors. Since then all the eBPF dependency patches have been merged, and default settings changed, so that eBPF "just works." We'll get there with AI Flame Graphs too, but right now it's still those early days.</p> <p>The changes necessary for AI Flame Graphs are really about improving debugging in general, and are a requirement for <a class="external" href="https://www.brendangregg.com/Slides/eBPFSummit2023_FastByFriday/" rel="nofollow">Fast by Friday</a>: A vision where we can root-cause analyze anything in five days or less.</p> <h2>Availability</h2> <p>AI Flame Graphs will first become available on the <a class="external" href="http://yes,%20Intel%20has%20a%20public%20cloud" rel="nofollow">Intel Tiber AI Cloud</a> as a preview feature for the Intel Data Center GPU Max Series. If you are currently deployed there you can ask through the Intel service channel for early access. As for if or when it will support other hardware types, be in other Intel products, be officially launched, be open source, etc., these involve various other teams at Intel and they need to make their own announcements before I can discuss them here.</p> <h2>Conclusions</h2> <p>Finding performance improvements for AI data centers of just fractions of a percent can add up to planetary savings in electricity, water, and money. If AI flame graphs have the success that CPU flame graphs have had, I'd expect finding improvements of over 10% will be common, and 50% and higher will eventually be found*. But it won't be easy in these early days as there are still many software components to tweak and recompile, and software layers to learn about that are revealed in the AI flame graph.</p> <p>In the years ahead I imagine others will build their own AI flame graphs that look the same as this one, and there may even be startups selling them, but if they use more difficult-to-use and higher-overhead technologies I fear they could turn companies off the idea of AI flame graphs altogether and prevent them from finding sorely needed wins. This is too important to do badly. AI flame graphs should be easy to use, cost negligible overhead, be production safe, and show everything. Intel has proven it's possible.</p> <h2>Disclaimer</h2> <p>
* This is a personal blog post that makes personal predictions but not guarantees of possible performance improvements. Feel free to take any claim with a grain of salt, and feel free to wait for an official publication and public launch by Intel on this technology.</p> <p><sup>1</sup> Based on halving the Arm CEO Rene Haas' estimate of 20-25% quoted in <a class="external" href="https://arstechnica.com/ai/2024/06/is-generative-ai-really-going-to-wreak-havoc-on-the-power-grid/" rel="nofollow">Taking a closer look at AI's supposed energy apocalypse</a> by Kyle Orland of ArsTechnica.
</p> <h2>Thanks</h2> <p><em>Thanks to everyone at Intel who have helped us make this happen. Markus Flierl has driven this project and made it a top priority, and Greg Lavender has expressed his support. Special thanks to Michael Cole, Matthew Roper, Luis Strano, Rodrigo Vivi, Joonas Lahtinen, Stanley Gambarin, Timothy Bauer, Brandon Yates, Maria Kraynyuk, Denis Samoylov, Krzysztof Raszknowski, Sanchit Jain, Po-Yu Chen, Felix Degrood, Piotr Rozenfeld, Andi Kleen, and all of the other coworkers that helped clear things up for us, and thanks in advance for everyone else who will be helping us in the months ahead.</em></p> <p>My final thanks is to the companies and developers who do the actual hands-on work with flame graphs, collecting them, examining them, finding performance wins, and applying them.<br/>You are helping save the planet.</p> </div></summary></entry><entry><title>BadRAM: Historischer Seitenkanal hebelt Confidential Computing in der Cloud aus</title><link href="https://www.heise.de/news/BadRAM-Historischer-Seitenkanal-hebelt-Confidential-Computing-in-der-Cloud-aus-10193941.html" rel="alternate"></link><published>2024-12-11T07:08:46.427000Z</published><author><name>nomail@bock.nu (No Author)</name></author><id>https://www.heise.de/news/BadRAM-Historischer-Seitenkanal-hebelt-Confidential-Computing-in-der-Cloud-aus-10193941.html</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/badram-historischer-/8848229:5cacb1">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/8848229.png" style="vertical-align: middle;width:16px;height:16px;"> Heise Online.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
None</summary><category term="c_t_magazin"></category></entry><entry><title>Split tunneling using Wireguard and namespaces - Thea Flowers</title><link href="https://blog.thea.codes/nordvpn-wireguard-namespaces/" rel="alternate"></link><published>2024-12-10T21:50:25.200000Z</published><id>https://blog.thea.codes/nordvpn-wireguard-namespaces/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/split-tunneling-usin/7297635:e43932">shared this story</a>
from <img src="https://www.newsblur.com/rss_feeds/icon/7297635" style="vertical-align: middle;width:16px;height:16px;"> blog.thea.codes.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
</summary></entry><entry><title>Lazy self-installing Python scripts with uv</title><link href="https://treyhunner.com/2024/12/lazy-self-installing-python-scripts-with-uv/" rel="alternate"></link><published>2024-12-10T21:45:27.010000Z</published><id>https://treyhunner.com/2024/12/lazy-self-installing-python-scripts-with-uv/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/lazy-self-installing/4690472:4b9182">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/4690472.png" style="vertical-align: middle;width:16px;height:16px;"> Trey Hunner.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
</summary></entry><entry><title>Ubiquitous Successful Bus: Hacking USB 2 Hubs</title><link href="https://hackaday.com/2024/11/05/ubiquitous-successful-bus-hacking-usb-2-hubs/" rel="alternate"></link><published>2024-11-12T16:08:19.673000Z</published><author><name>Arya Voronova</name></author><id>https://hackaday.com/2024/11/05/ubiquitous-successful-bus-hacking-usb-2-hubs/</id><summary type="html"><table style="border: 1px solid #E0E0E0; margin: 0; padding: 0; background-color: #F0F0F0" valign="top" align="left" cellpadding="0" width="100%">
<tr>
<td rowspan="2" style="padding: 6px;width: 36px;white-space:nowrap" width="36" valign="top"><img src="https://www.gravatar.com/avatar/c7974846cecc4d764f6e3bfe203a0954" style="width: 36px; height: 36px; border-radius: 4px;"></td>
<td width="100%" style="padding-top: 6px;">
<b>
bernhardbock
<a href="https://bernhardbock.newsblur.com/story/ubiquitous-successfu/6031118:3ee64b">shared this story</a>
from <img src="https://s3.amazonaws.com/icons.newsblur.com/6031118.png" style="vertical-align: middle;width:16px;height:16px;"> Blog – Hackaday.</b>
</td>
</tr>
</table>
<hr style="clear: both; margin: 0 0 24px;">
<div><img alt="" class="attachment-large size-large wp-post-image" height="450" src="https://hackaday.com/wp-content/uploads/2024/04/usb-featured.jpg?w=800" style="margin: 0 auto; margin-bottom: 15px;" tabindex="0" width="800" /></div><p><a href="https://hackaday.com/2024/10/17/ubiquitous-successful-bus-version-2/">We&#8217;ve been recently looking into USB 2.0</a> &#8211; the ubiquitous point-to-point communications standard. USB 2 is completely different from USB 3, the blue-connector next-generation USB standard. For instance, USB 2 is a full-duplex pseudo-differential bus, and it&#8217;s not AC-coupled. This makes USB2 notoriously difficult to galvanically isolate, as opposed to USB 3. On the other hand, USB 2 is a lot easier to incorporate into your projects. And perhaps the best way to do so is to implement a USB hub.</p>
<p>USB 2 hubs are, by now, omnipresent. it doesn&#8217;t cost much to add to your board, and you truly have tons of options. The standard option is 4-port hubs &#8211; one uplink port to your host, four downlink ports to your devices. If you only have two or three devices, you might be tempted to look for a hub IC with a lower amount of ports, but it&#8217;s not worth bothering &#8211; just use a 4-port chip, and stock up on them.</p>
<p>What about 7-port chips? You will see those every now and then &#8211; but take a close look at the datasheet. Some of them will be two 4-port chips inside a single package, with four of the ports bottlenecked compared to the three other ports &#8211; watch out! Desktop 7-port hubs are basically guaranteed to use two 4-port ICs, too, so, again, watch out for bottlenecks. <code>lsusb -t</code> will help you determine the hub&#8217;s structure in case you don&#8217;t want to crack its case open, thankfully.</p>
<p>Recommendations? I use SL2.1 chips &#8211; they&#8217;re available in an SO16 package, very unproblematic, to-the-point pinout and easily hand-solderable. CH334 is a close contender, but watch out because there are different variants of this chip that differ by both package and pinout, so if you&#8217;re buying a chip with a certain letter, you will want to stick to it. Not just that, be careful &#8211; different variants run out at different rates, so if you lock yourself into a CH334 variant, consider stocking up on it.<span id="more-725468"></span></p>
<p>There&#8217;s no shortage of Western-origin chips, either &#8211; Texas Instruments is a leader here no doubt. If you ever fear running out of hub ICs in your stock while assembling something, you can prepare for this in advance by leaving zero-ohm footprints under the hub&#8217;s package. USB 2 doesn&#8217;t care for stubs much, and such a hack is very easy to do with SL2.1 in particular. Got two extra ports left over? Put them on a PC-case style dual USB2 9-pin header &#8211; there&#8217;s never a shortage of fun accessories compatible with it!</p>
<p>Powering USB2 hub ICs is easy &#8211; they tend to include a 5 V to 3.3 V linear regulator inside, so you can power them from a 5 V source directly. On the other hand, if you don&#8217;t have any 5 V to spare, the overwhelming majority of hub ICs can be powered from 3.3 V directly &#8211; usually, that requires shorting the hub&#8217;s 5 V input to 3.3 V, but not necessarily. If the datasheet is unclear on 3.3 V-only operation, leave in some 0R jumpers. And, of course, make sure to add 100 nF or similar capacitors &#8211; one per hub IC&#8217;s power pin. Remember the disclaimer about built-in RC oscillators in MCUs being imprecise? Same goes for hubs &#8211; if your hub boasts an internal RC oscillator, don&#8217;t trust it, make sure you have a crystal footprint you can populate if you get stability issues.</p>
<p>Putting some USB port pins to the outside world? You will want to protect them from harm &#8211; or, rather, you will want to protect your expensive CPU from harm.</p>
<h2>Please, Consider ESD Diodes</h2>
<figure class="wp-caption alignright" id="attachment_705446" style="width: 400px;"><img alt="" class="wp-image-705446 size-medium" height="310" src="https://hackaday.com/wp-content/uploads/2024/08/hadimg_usb2_2.png?w=400" tabindex="0" width="400" /><figcaption class="wp-caption-text" id="caption-attachment-705446">The black SOT23-6 footprint is a group of ESD diodes &#8211; small, cheap, and it&#8217;s easy to add in case you ever need it, which you very well might.</figcaption></figure>
<p>Bringing USB somewhere far, or even just using it as your link to the external world? You should really use ESD diodes &#8211; or at least plan them in and give yourself the option to populate them later. There&#8217;s no shortage of USB2-capable ESD diodes, after all, and ESD problems are closer than you might expect.</p>
<p>For instance, I&#8217;ve recently built a pocket device consisting of a battery-powered Pi Zero and a USB soundcard connected to wired headphones, with a pretty standard kind of long cable. I wear a lot of synthetic clothes, in particular, hoodies and jackets, and I kept having the Pi reboot every time I took my jacket off or put it on, through static electricity induced into the headphone wires through the cable insulation, going into the USB port on the Pi Zero.</p>
<p>So, I went and put ESD diodes on the USB 2 pins, using the footprint I previously added to my board &#8220;just in case&#8221; but didn&#8217;t populate, and this failure mode has instantly disappeared for good. Remember, footprints are free, and bodges cost time. Want a recommendation? The four-channel diodes are pretty good for USB 2; look for the SRV-05 footprint in KiCad, in the SOT-23-6 package. It&#8217;s a generic enough footprint that there&#8217;s no shortage of ESD diode packs in the same footprint, they&#8217;re low-capacity enough that you can even use it for purposes like captouch pad protection, and they will also work for applications like Ethernet or externally available GPIOs.</p>
<p>Do you need ESD diodes? Yes, just add the footprint. Same goes for over-current control switches, by the way &#8211; I&#8217;ve already talked about the SY6820, but it bears repeating. Your entire system doesn&#8217;t have to reboot when you short-circuit a USB port on the board, and a cheap current-limited switch IC will let you ensure that&#8217;s the case, while also letting you switch the port power on and off, as a nice bonus.</p>
<p>This was just a few tips on and around USB 2 hubs and connectors, but I hope it helps you out with your projects.</p></summary><category term="hackaday columns"></category><category term="hardware"></category><category term="usb"></category><category term="usb 2"></category><category term="usb hub"></category></entry></feed>