That is very interesting. Would you mind testing the same prompt with Claude Sonnet 3.5 and Opus? If not available to you, would you be willing to share the prompt/question? Thank you.
> In the course of using this feature in the `jextract` project, we did learn quite a few things we didn’t already know, and this was conclusive enough that it has motivated us to adjust our approach in this feature. Specifically, the role of processors is “outsized” to the value they offer, and, after further exploration, we now believe it is possible to achieve the goals of the feature without an explicit “processor” abstraction at all! This is a very positive development.
My Summary:
- nothing to do with the choice of backslash vs dollar. Doubles down on dollar being bad (due to backward and cross compat with other languages)
- original choice to use "Template Processors" misguided, reverses course to StringTemplate Literals
- this requires a new paradigm where APIs now need to explicitly support StringTemplates, instead of relying on the Processor to convert them into Strings as necessary (big
leap in my logic here)
- StringTemplates are explicitly still not Strings. This is in line with their "Security Focus First"
- sensitive APIs that depend on StringTemplates should explicitly treat their interpolated results carefully through overloads in a sensitive context.
Obviously I don't know much about the `jextract` project but I can guess 1 possible way this breaks the security concept is if you use the wrong Processor to pass into a Db.query method, for example.
db.query(STR."select * from users where id = \{id};");
This way, you can still do it, but its just much harder to do. Or as an API developer you could deprecate your String overload and insist only on StringTemplate usage from now on.
db.query("select * from users where id = \{id};"); // this is compiled as a StringTemplate
db.query("select * from users where id = \"" + id "\""); // this is still a String, and it's still bad, but can be mitigated by deprecating Stringm method
Disclaimer: i haven't done java in nearly 10 years... i just love theorycrafting. So take my contribution with a pinch of salt please :)
That's actually a really clever mechanism. Although it'll make the common case (basic string interpolation, no need for security concerns) more complicated unless a lot of APIs support a StringTemplate overload.
It's not just you. My reading is that the flaw was toxic Java users made the developers feel so bad about the feature that they canceled it out of spite. I'm almost certain that's not what it was but that's the only information in there.
This comment is *not* an explanation of why the feature was problematic in its current form, and portraying it that way makes the JDK team look far more political than they actually are. The comment is just explaining why feedback from usage is better than comments just looking at syntax.
A sibling comment links to the actual technical discussion and reasoning.
I understand where you are coming from, but it is a very good signal for the team. The easiest way to get the desired feedback would probably be to adequately address to the current community concern.
It is very well addressed, in the right forum (on the OpenJDK mailing list). It's a bit uncharitable to cherry pick a reddit comment on a specific thing and portray that as the public messaging on the technical decision.
I want Brian et al. to comment more on reddit threads, not less, but this sort of interpretation is a reason for him not to.
I'm not taking a particular stance on the JEP. I am not sure what is being cherry picked. The comment explicitly called out the customers for creating antihelpful noise. In my eyes, that tells me there is deep value misalignment between the involved parties, which is worth reflecting on.
Has anyone seen an implementation of 'SpQR: A Sparse-Quantized Representation,' published in June 2023 by Tim Dettmers et al.? https://arxiv.org/abs/2306.03078
Regarding the use of the Apple Neural Engine (ANE) for ML tasks: yes, it is closed source for direct access. However, reports indicate that it supports only forward propagation (without backward propagation) and offers a relatively limited set of supported precisions [1]. Should the API ever be opened, the ANE's primary use case would likely shift towards inference rather than training.
Have a look at section 2.3 of our paper. Between any two chips we get 100 Gbps. The overall bandwidth depends on the connection topology used. I don't know if we make that public.
Not sure how many have discovered but ChatGPT works well with many languages, for example asking a question in estonian gives an adequate answer in estonian, just the grammar is a tiny bit more off.
I was frustrated trying something with Mapbox today and asked GPT to do it... And it returned fine react-mapboxgl code that was mostly correct. Got me a bit more angry.
Then I asked for the same "but as Dutch song lyrics"... And got a song with three verses and a chorus about setting map layers and longitudes and latitudes and stuff, in Dutch.
Youtube Premium is a perfect proposition for an easy ad free streaming to TV and to mobile. On Desktop browser adblock extension is efficient enough to cut out the ads.
Google search on the other hand is primarily for desktop and is not a streaming platform that consumes your attention minutes, hence Google Premium has little market with effective adblockers.
you can just add +myalias to most email services and get it delivered automatically. E.g. first.second+github@gmail.com delivers to firstsecond@gmail.com
Not just "can," they do strip the + part. Especially the sketchy ones. Or they barf. I tried this for a while and had a 30% success rate. It was dismal.
