The piece of documentation I want most for the modern web is something that explains to me what variants of a "set-cookie:" header work in which modern browsers under which conditions
There's a ton of stuff out there about "Total Cookie Protection" in Firefox and "Privacy Sandbox" in Chrome, but I cannot figure out what it actually means for me as a web developer! I need protocol-level documentation for all of this stuff.
A few years ago I put a bunch of work into figuring out the SameSite cookie attribute because the documentation for how that actually worked was so thin on the ground https://simonwillison.net/2021/Aug/3/samesite/
@simon Well, a very stupid summary with some elements of wrong. 1st party cookies with controlled subdomain and permissions will be fine. The rest, notably 3rd party cookies are going to be very difficult (especially for FF and Safari since Chrome has kinda given up).
@simon For me I find a lot of the value of spikes and prototypes comes from the process, e.g. discovering that things work differently than I expected. Even if an LLM can give me a working prototype I am worried about the loss of that learning and discovery. I might be wrong though. I'll try it next time and see.
@simon yes, but to be honest it is inly well suited to specific domains; usually the ones with poor dev tools and a lot of ceremony and boilerplate which also have a lot of users š But it can speed things up there sometimes.
@simon In my brief exploration of it (and based on others experience) it seems to be a direct replacement of Stack Overflow.
That is, if you use reasonably mainstream technology, and you want help in solving a common problem or implementing a standard solution, perhaps with a small twist, then it's helpful and generally correct.
But as you veer off the mainstream path, the suggestions rapidly become misleading and wrong, and it's faster figuring it out for yourself.
@simon In my brief exploration of it (and based on others experience) it seems to be a direct replacement of Stack Overflow.
That is, if you use reasonably mainstream technology, and you want help in solving a common problem or implementing a standard solution, perhaps with a small twist, then it's helpful and generally correct.
Blogged a few thoughts on the OSI's latest draft of a definition for "Open Source AI", which notably doesn't require that the training data itself be released under on open source license: https://simonwillison.net/2024/Aug/27/open-source-ai/
@simon Even if the training data cannot be shared it can be named or described: for "open" to have any meaning I'd like to see a declaration, even if it's 100% "dark" training data.
I just spent ten minutes in Claude-3.5 Sonnet spinning up this little interactive streaming chat app to play around with the latest Google Gemini models - notes and prompts here: https://simonwillison.net/2024/Aug/27/gemini-chat-app/
Here's the Claude transcript - I started by pasting in some example code for a Node.js streaming app and effectively told Claude to guess how to port that to run in a browser instead, by including a snippet of my own code that I used to manage API keys using localStorage https://gist.github.com/simonw/498a66c1c4b5053a6dfa2015c3675e24
LLMs are literally designed to generate *plausible-sounding* *bullshit*.
They have no accountability and even less allegiance to truth than crooked copsābut they will be much, much better at writing the kinds of falsehoods that will bring a conviction.
@ct_bergstrom I'd trust a language model more than an officer who doesn't give a shit about his/her work so much that they're fine with writing fiction in their reports.
LLM's aren't the problem here. Incompetent, unmotivated and lazy people are. Or do you think their reports would get better without LLM's?
And here's a fun little hint at some of the annoying behaviour in the base model that they've tried to knock out of it with some system prompt instructions
Per the rep "We've also heard feedback that some users are finding Claude's responses are less helpful than usual. Our initial investigation does not show any widespread issues. We'd also like to confirm that we've made no changes to the 3.5 Sonnet model or inference pipeline."
Per the rep "We've also heard feedback that some users are finding Claude's responses are less helpful than usual. Our initial investigation does not show any widespread issues. We'd also like to confirm that we've made no changes to the 3.5 Sonnet...
I wish I had the equivalent of threads for my own blog... there's something uniquely interesting about a publishing medium that produces a chronological record of the way you explored a specific thought
A thread is almost like a mini-blog for evolving one very specific idea over time
@simon totally agree, there's something useful about the "livetweet" / "tweetstorm" mode of communication that I wish I could get on my own site. It's not a replacement for normal blog posts but a different kind of thing.
@simon had a few minutes today so started drawing about this... it's not simple but it's still intriguing! The data model and UI presentation model are interesting problems.
@simon Thanks for this! I've just started working on a project that needs to both generate bounding boxes and extract some qualitative information from imagesāhopefully Gemini can be a one stop shop for that, rather than stringing things together like I'd started to do.
Microsoft has docs on a GPT4+"Enhancements" vision model with grounding/bounding boxes, but when you get into their dashboard it seems like it's actually deprecated. š
My covidsewage bot finally generates useful alt text!
I tried scraping text data out of the Microsoft Power BI dashboard but was defeated by their bizarre DOM structureā¦ so Iām passing the image to the OpenAI GPT-4o API instead and asking it āReturn the concentration levels in the sewersheds - single paragraph, no markdownā
My covidsewage bot finally generates useful alt text!
I tried scraping text data out of the Microsoft Power BI dashboard but was defeated by their bizarre DOM structureā¦ so Iām passing the image to the OpenAI GPT-4o API instead and asking it āReturn the concentration levels in the sewersheds - single paragraph, no markdownā
@simon ...the absurdity of having to use a computationally expensive visual-to-text language model to extract data, when PowerBI usually offers an option to download the data visualized in a given graphic right there on the UI. EDIT: which seems to have been disabled here.
@simon - This will be some hilarious prank on DBAs who have spent the last 2 decades irrationally railing against ORMs - Entity Framework in particular.
Under the hood, it's probably quite similar to LINQ and then an engine to translate the AST to SQL!
@simon Short answer, just don't, preferrably provide both a HTML alternative and the LaTeX source.
PDF is essentially a vector graphics format, the ultimate end goal of PDF is making a document that prints and displays in exactly the same way for everybody, everything else is secondary. In HTML, the "recommended way to do things" is to essentially say "put a h1 here" and let the browser deal with it, possibly with some help from your style sheet along the way. In PDF, you essentially say "hey, here's some text, put it 2.7 inches from the left margin, 16 point, use font so and so". If you were so inclined, you could even re-order the characters in your font and use completely nonsensical codepoints, and things would still pretty much work visually.
LaTeX definitely uses shenanigans like that, Polish diacritics for example aren't expressed as a single character. Instead, the English letter is used, along with some extra markup that tells the renderer where to draw the acute accents on the page. Those acute accents aren't actually part of the character from an a11y perspective though, they're just random squiggles that the renderer happens to be told to draw. Some say that modern JS frameworks are crazy, I say that PDF is far, far crazier than that.
Speaking onf the two-column stuff in particular, I've seen it work and I've also seen it not work, this probably depends on where the text goes in the document, what it is rendered with, and probably on what software you're using and what their a11y implementation is like.
Yes, there's a way to mark PDFs up for accessibility properly, but very few people do it, LaTeX makes it far harder, there are a lot of other problems (think math), and support among reading programs is... spotty at best.
@simon Short answer, just don't, preferrably provide both a HTML alternative and the LaTeX source.
PDF is essentially a vector graphics format, the ultimate end goal of PDF is making a document that prints and displays in exactly the same way for everybody, everything else is secondary. In HTML, the "recommended way to do things" is to essentially say "put a h1 here" and let the browser deal with it, possibly with some help from your style sheet along the way. In PDF, you essentially say "hey, here's...
Lots of people are asking why Anthropic and OpenAI don't support OAuth, so you can bounce them through those providers to get a token that uses their API budget for your app
My guess: they're worried malicious app developers would use it to trick people and obtain valid API keys
Imagine a version of my dumb little "write a haiku about a photo you take" page which used OAuth, harvested API keys and then racked up hundreds of dollar bills against everyone who tried it out running illicit election interference campaigns or whatever
This story about why some companies are reconsidering their Microsoft Copliot 365 rollouts is amusing - in this case the problem is that the AI chatbot is /too/ effective, in that if you havenāt correctly configure permissions on documents like the employee salary spreadsheet anyone in your org who asks about it will get the right answer! https://simonwillison.net/2024/Aug/23/microsoft-copilot-data-governance/
@simon Fun story. I worked for a company that used Confluence for wikis and such. The VP of engineering would write all the private team meetings in here. Yet I was not part of the allowed members to see such content.
However, I just told Confluence to e-mail me daily updates on when this VP posted.
So I would get a daily e-mail that showed the contents of these meetings delivered conveniently to my inbox.
Not sure if this would still work as it has been many yearsā¦ š
@simon I'll file a report with Apple to see what's going on with Voiceover/other speech components. I'll also do some testing with different synthesizers. It could be that Apple will need to add this symbol to their emojis.
@simon Tested in latest NVDA on Windows and this symbol is read as "Asterism," regardless of speech synthesizer. Using latest version of JAWS on Windows, it is not read at all. There is no pause, it's just skipped. Same for Windows Narrator. iOS 18 beta reads it as asterism, likewise for macOS beta. The only way to fix this is to beg and plead with screen reader maintainers to add a default pronunciation for ā. Users can add a replacement themselves, but this is a somewhat technical process.
@simon My screen reader (NVDA) announces it, but it's four syllables so might get a bit tedious. No idea about other SRs or how it manifests in braille.
@simon Ah, thatās annoying, would have expected āasterismā or some description. Depending on the usage, the symbol might be decorative and thatās maybe okay. But we need to think about cases where it convey meaning.
A few years ago I put a bunch of work into figuring out the SameSite cookie attribute because the documentation for how that actually worked was so thin on the ground https://simonwillison.net/2021/Aug/3/samesite/
@simon There's some work going on at https://johannhof.github.io/draft-annevk-johannhof-httpbis-cookies/draft-annevk-johannhof-httpbis-cookies.html to specify this. Does that draft at least improve the situation? I believe they're accepting complaints and suggestions.
@simon Well, a very stupid summary with some elements of wrong.
1st party cookies with controlled subdomain and permissions will be fine.
The rest, notably 3rd party cookies are going to be very difficult (especially for FF and Safari since Chrome has kinda given up).