Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Guillermo Rauch Profile picture
@rauchg
Jun 27 3 tweets 2 min read Read on X
Chrome is adding `window​.ai` — a Gemini Nano AI model right inside your browser.

It already works with the AI SDK:

ai-sdk-chrome-ai.vercel.app
I believe this will truly transform frontend applications.

The use-cases are endless: smart auto-completion, error correction and validation, natural language filtering, auto-filling forms, UI suggestions, first-pass summarization and search…

But what we're getting now is:

• Faster AI – the model is tiny and runs on-device, at the speed of keystrokes.

• Optimistic AI – just like `useOptimistic` is a React hook to commit a local state change beating the server roundtrip and provider a better UX, I believe we'll see "multi-tiered AI", where the On-device AI does the first pass, and the Cloud AI enhances it further.

• Cost-efficient AI – many usecases will be altogether served by the local AI end-to-end. And if the device doesn't support it, @vercel AI SDK helps you share code, execute it in the cloud, and just swap out the `provider` to use a fast cloud model like @groqinc
This is how simple the resulting API is.
h/t @jeasonstudio for implementing `chrome-ai`Lines of code in a text editor. import { streamText } from "ai"; import { chromeai } from "chrome-ai"; const { textStream } = await streamText({ model: chromeai(), prompt: "what is a large language model?", });

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Guillermo Rauch

Guillermo Rauch Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @rauchg

Guillermo Rauch Profile picture
Oct 10
A quick analysis of the WP login checkbox making the rounds (https:/⁠/login⁠⁠.⁠⁠) which now states "I am not affiliated with WP Engine in any way, financially or otherwise." 🧵 wordpress.orgImage
The `

` paragraph element has an interestingly-named CSS class `login-lawsuit`.

At first I thought it would be used for the purpose of styling, but it's basically acting as a record in the code that this is in response to the lawsuit.

We can verify this by toggling the value and seeing it doesn't impact rendering.

So, why is `login-remember` there next to it?

Incidentally, and just to bring in another controversial topic, this is a mini case study of why I like Tailwind 🙈

`login-remember` is providing the necessary spacing. Semantic CSS class naming puts an unnecessary burden on the developer to conflate the function of the code (a paragraph for remembering login) with what it should look like.

In a Tailwind world, we would have seen `font-normal m-4`. No need to "label" the group of styles as "remember" or "lawsuit" for that matter.

Oh and, of course, `!important` is indicative of some hidden cascade hell tech debt of sorts that would also not exist in Tailwind land.Image
Read 6 tweets
Guillermo Rauch Profile picture
Sep 22
This @openai researcher got hacked. The classic "a coin just dropped" thing with comments turned off and a fake website. An analysis on how the attack works and its tech stack 🧵 Image
First thing to note: it looks good. It looks like the legit

Most phishing sites have a common downfall: the website looks crappy / outdated. This was the case in 2 recent attacks targeting me, but not here

openai.com


Image
How did they do this? Notice the `data-scrapbook-source` attributes. Some kind of scraper?

If you Google it, it turns up in many phishing reported websites. It's from a Chrome Extension called "WebScrapBook" that clones a site instantly to static HTML. Image
Read 12 tweets
Guillermo Rauch Profile picture
May 12
A new kind of phishing attack showed up in my DMs.

A hacked government account DMs you that your account is in violation of X policies.

Here's an analysis of the attack 🧵 A Twitter profile page showing the profile picture and details of Amélie Oudéa-Castéra, the Minister of Sports and the Olympic and Paralympic Games. Amélie Oudéa-Castéra @AOC1978 Ministre des Sports et des Jeux Olympiques et Paralympiques Joined July 2012 · 52.7K Followers Not followed by anyone you're following X | Security Notification Dear X User, This notification is to inform you that your account does not comply with our current policies. Activities or content that do not align with our company's policies may result in an inconsistent user experience with our services. The reason ...
Notably, if you check out the account, it's not just verified, it's government verified. A fireworks display over a harbor with a large sailing ship. This account is verified because it is a government or multilateral organization account. Verified since May 2022.
Let's take a look at the referenced hostname `twitter[.]support` – could this possibly be legit?

First red flag: it's served by @cloudflare, which and do not use. x.com
x.com
A terminal window displaying network connection information. Connected to 2606:4700:3037::6815:29b5:443 from 2001:5a8:6ad:2000:d893:29a7:91b3:b225:63794 HTTP/2 200 date: Sun, 12 May 2024 17:00:18 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https://\/\/a.nel.cloudflare.com\/report\/v4?s=VwDofB3aMnCX2BXUx0S7%2Bi28nqxwvayXQznUwf0m5Ms3Ss7QcSc85y%2BaVKimoSznUdfq6iEVQ8oaVjSRMR8mZgqB%2FYBz2Bzcl1EIWg2dR%2B272vgQbDMkq1Ny1C5jROef1CpHrArkM1osF'gnWvJXmSSM%3D"}
Read 9 tweets
Guillermo Rauch Profile picture
Mar 7
My favorite @nextjs apps I’ve written to learn the framework.

1️⃣ Next AI News:

My acid test here was: “are we delivering on ‘dynamic at the speed of static’”? next-ai-news.vercel.app
Its search, which is always SSR’d on a per-keystroke basis thanks to RSC, is a good demonstration.
2️⃣ Emoji TODO:

This one set out to prove two things:
✓ React now has PHP-like levels of code simplicity
✓ A mutation that re-renders the page from the server is fast enough

emoji-todo.vercel.app
Read 7 tweets
Guillermo Rauch Profile picture
Feb 11
Next.js and React have never been easier, and they've also never been harder 🧵

Here's the universal 'minimum viable app', a TODO list, implemented with the latest features in 45LOC A TODO list implemented with RSC and Server Actions
Below is the live deployment. The most striking thing is that, as it's been discussed, React is now server-first.

Fetching and mutating data, compared to the old React, is now completely straightforward (as in PHP).
emoji-todo.vercel.app
If I had to teach how to re-create this basic app with "the old React", I'd have to teach:

◆ How to add API servers or RPC routes
◆ `useEffect` and `useState`
◆ External packages and more concepts
◆ Perf would suffer

And therein lies the problem.
Read 6 tweets
Guillermo Rauch Profile picture
Dec 27, 2023
Fascinating talk, highly recommended.

The attackers used the hash of a WebGL rendered triangle for device fingerprinting 😲
Device fingerprinting with JS and WebGL
TrueType is "surprisingly turing-complete"[1] per @gwern who also pointed out the security implications[2]

[1]
[2] gwern.net/turing-complet…
gwern.net/turing-complet…
TrueType VM
@gwern The undocumented instruction 0x8f is still undocumented[1], and there are no mentions of the `ADJUST` opcode anywhere.

Closest I could find is this interpreter calling it `UNKNOWN`[2] 😲

[1]
[2] developer.apple.com/fonts/TrueType…
github.com/servo/libfreet…
0x8F instruction
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(