Wednesday, July 10, 2024

Safari 18 — what web features are usable across browsers?

Safari 18 — what web features are usable across browsers?Safari 18 — what web features are usable across browsers?

Google opens up Gemini 1.5 Flash, Pro with 2M tokens to the public

Google Cloud is making two variations of its flagship AI model—Gemini 1.5 Flash and Pro—publicly accessible. The former is a small multimodal model with a 1 million context window that tackles narrow high-frequency tasks. It was first introduced in May at Google I/O. The latter, the most powerful version of Google’s LLM, debuted in February before being notably upgraded to contain a 2 million context window. That version is now open to all developers.

The release of these Gemini variations aims to showcase how Google’s AI work empowers businesses to develop “compelling” AI agents and solutions. During a press briefing, Google Cloud Chief Executive Thomas Kurian boasts the company sees “incredible momentum” with its generative AI efforts, with organizations such as Accenture, Airbus, Anthropic, Box, Broadcom, Cognizant, Confluent, Databricks, Deloitte, Equifax, Estée Lauder Companies, Ford, GitLab, GM, the Golden State Warriors, Goldman Sachs, Hugging Face, IHG Hotels and Resorts, Lufthansa Group, Moody’s, Samsung, and others building on its platform. He attributes this adoption growth to the combination of what Google’s models are capable of and the company’s Vertex platform. It’ll “continue to introduce new capability in both those layers at a rapid pace.”

Google opens up Gemini 1.5 Flash, Pro with 2M tokens to the public

Ken Yeung @thekenyeung

June 27, 2024 6:00 AM

Sir Demis Hassabis introduces Gemini 1.5 Flash. Image credit: Screenshot

We want to hear from you! Take our quick AI survey and share your insights on the current state of AI, how you’re implementing it, and what you expect to see in the future. Learn More

Video Player is loading.

Handling Today’s Threatscape at Machine Scale

Google is also releasing context caching and provisioned throughput, new model capabilities designed to enhance the developer experience.

Gemini 1.5 Flash

Gemini 1.5 Flash offers developers lower latency, affordable pricing and a context window suitable for inclusion in retail chat agents, document processing, and bots that can synthesize entire repositories. Google claims, on average, that Gemini 1.5 Flash is 40 percent faster than GPT-3.5 Turbo when given an input of 10,000 characters. It has an input price four times lower than OpenAI’s model, with context caching enabled for inputs larger than 32,000 characters.

Countdown to VB Transform 2024

Join enterprise leaders in San Francisco from July 9 to 11 for our flagship AI event. Connect with peers, explore the opportunities and challenges of Generative AI, and learn how to integrate AI applications into your industry. Register Now

Gemini 1.5 Pro

As for Gemini 1.5 Pro, developers will be excited to have a much larger context window. With 2 million tokens, it’s in a class of its own, as none of the prominent AI models has as high of a limit. This means this model can process and consider more text before generating a response than ever before. “You may ask, ‘translate that for me in real terms,'” Kurian states. “Two million context windows says you can take two hours of high-definition video, feed it into the model, and have the model understand it as one thing. You don’t have to break it into chunks. You can feed it as one thing. You can do almost a whole day of audio, one or two hours of video, greater than 60,000 lines of code and over 1.5 million words. And we are seeing many companies find enormous value in this.”

Kurian explains the differences between Gemini 1.5 Flash and Pro: “It’s not just the kind of customers, but it’s the specific [use] cases within a customer.” He references Google’s I/O keynote as a practical and recent example. “If you wanted to take the entire keynote—not the short version, but the two-hour keynote—and you wanted all of it processed as one video, you would use [Gemini 1.5] Pro because it was a two-hour video. If you wanted to do something that’s super low latency…then you will use Flash because it is designed to be a faster model, more predictable latency, and is able to reason up to a million tokens.

Context caching now for Gemini 1.5 Pro and Flash

To help developers leverage Gemini’s different context windows, Google is launching context caching in public preview for both Gemini 1.5 Pro and Flash. Context caching allows models to store and reuse information they already have without recomputing everything from scratch whenever they receive a request. It’s helpful for long conversations or documents and lowers developers’ compute costs. Google reveals that context caching can reduce input costs by a staggering 75 percent. This feature will become more critical as context windows increase.

Maven Central and the tragedy of the commons

Maven Central and the tragedy of the commonsMaven Central and the tragedy of the commons

In today's internet, it can be very hard to identify the actual organization behind a given IP… as an example, 75% of the total traffic to Central originates from hyperscale cloud customers, and another decent chunk maps back to telecom providers worldwide. This means it is largely impossible to reach out to these heavy users proactively in most cases.

In the coming weeks, we will start to work with our providers to implement throttling mechanisms aimed at the extremely heavy consumers, which are effectively abusing a community resource. We are making every attempt to do this in a way that minimizes disruption to those builds such as slowing their actual download speeds, but in some circumstances it may lead to 429 error codes.

If your organization suspects it is being throttled or blocked, you have a few options:

Installing or enforcing use of existing repository managers: Implementing caching proxies like Sonatype Nexus Repository can significantly reduce the load on Maven Central by serving frequently accessed artifacts locally. Modern repository managers provide this caching capability for every component type such as npm, Docker, NuGet, PyPI, Ruby, etc. This approach allows heavy users to maintain their download speeds while minimizing the impact on all of the central repositories when organizations deploy them.
Contacting us for additional options: The Maven Central team may offer alternative solutions or support for heavy users with specific needs. This could involve exploring different download strategies or discussing custom arrangements. Start a conversation with us at mavencentral@sonatype.com.

The situation with Maven Central highlights the importance of responsible resource management. By acknowledging the tragedy of the commons and implementing solutions like throttling and caching, we can ensure the long-term sustainability of this valuable resource for the entire Java community.

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know

Polyfill.io supply chain attack hits 100,000+ websites — all you need to knowPolyfill.io supply chain attack hits 100,000+ websites — all you need to know

In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised.

Earlier this year, a Chinese company called Funnull took over the ownership of the polyfill[.]io domain. What followed was the CDN delivering malicious JavaScript code which was automatically deployed on websites that embedded scripts from cdn.polyfill[.]io. The code would redirect mobile visitors of a website to scam sites.

As a result of the fall out from this attack, Google has informed advertisers about possible impacts on their landing pages that might be contaminated with malicious scripts, whereas safe mirrors of Polyfill have been setup by Fastly and Cloudflare.

We break down what this incident means for npm developers and packages relying on the Polyfill CDN.

Understanding the Polyfill.io Compromise

In February 2024, Andrew Betts, the original developer of the polyfill service warned users against using polyfill[.]io as a precaution—months before there was any indication, knowledge of, foul play involved.

"If your website uses http://polyfill.io, remove it IMMEDIATELY," wrote Betts. "I created the polyfill service project but I have never owned the domain name and I have had no influence over its sale."

"No website today requires any of the polyfills."

Sansec researchers discovered this week that ever since the domain changed hands, it has been "injecting malware on mobile devices via any site that embeds cdn.polyfill[.]io." and raised the alarm bells for everyone.

Although technology leaders like Cloudflare, Fastly, and Google have all stepped in to thwart the threat, it's not yet over. Google started alerting advertisers that, as a result of this attack, their landing pages contain the malicious code that could send visitors away from the intended site without the website owner knowing about it. Cloudflare and Fastly setup safer mirrors of the Polyfill service.

grow, so does the need for robust supply chain security practices. It highlights the urgent need for improved supply chain security measures and greater vigilance in monitoring third-party services Developers and organizations must prioritize security at every stage of the development process to mitigate risks associated with third-party dependencies.

Investing in advanced threat detection systems, educating developers on secure coding practices, and fostering a culture of security awareness are crucial steps in enhancing supply chain security. Additionally, collaboration between security researchers, developers, and service providers is essential to identify and address vulnerabilities promptly.

New JavaScript Set methods

New JavaScript Set methods are arriving! Since Firefox 127, these methods are available in most major browser engines, which means you won't need a polyfill to make them work everywhere.

This article is a good read for people who are new to Set in JavaScript and are looking to find out how to use these new JavaScript methods. I'll highlight some advantages of using these methods with basic examples to show why you might reach for these instead of building your own implementations.

What's new in Set methods?

For those of you looking for the TL;DR, here's the gist of new methods that have cross-browser support:

intersection() returns a new set with elements in both this set and the given set.
union() returns a new set with all elements in this set and the given set.
difference() returns a new set with elements in this set but not in the given set.
symmetricDifference() returns a new set with elements in either set, but not in both.
isSubsetOf() returns a boolean indicating if all elements of a set are in a specific set.
isSupersetOf() returns a boolean indicating if all elements of a set are in a specific set.
isDisjointFrom() returns a boolean indicating if this set has no elements in common with a specific set.

If you've read (or skimmed) through the above list and are confused, don't worry, we'll describe what they do in the following sections. Each of these methods are used to check what the contents of sets are compared to the contents of another specific set.

What is a JavaScript Set?

A set is similar to an Array, except that each value can only be stored once. For example, we can take a list of items, add them all to a set, and then inspect the results of the set. The list on the right is the contents of the <ol> list on the left, but converted to a set. We have all duplicates removed from the list because we're guaranteed that a set is unique:

Technology

Wednesday, July 10, 2024