Posted on mongodb google news. Visit mongodb google news

To ensure this doesn’t happen in the future, please enable Javascript and cookies in your browser.

If you have an ad-blocker enabled you may be blocked from proceeding. Please disable your ad-blocker and refresh.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

Shares of MongoDB (MDB) have been awarded an AI premium.

Bullishness about the company’s long-term AI opportunity has provided an added tailwind for the stock, which hit a 52-week high of $439 in July. Recently trading around $394, the shares have doubled YTD.

There’s a trend emerging in which more customers are selecting the company’s Atlas cloud database as a key platform to both build and run new AI applications, according to MongoDB CEO Dev Ittycheria.

He thinks the shift to AI will favor modern platforms that offer a rich set of capabilities. Ittycheria also believes many existing applications will be re-platformed to be AI-enabled, arguing that this is a compelling reason for customers to migrate to MongoDB from legacy technologies.

At the MongoDB developer conference held this summer, the company announced several new products along with advanced features for its Atlas cloud platform that make it faster and easier for customers to build modern applications for any workload or use case. Included among the new features and products were Atlas Vector Search (for highly relevant information retrieval) and Atlas Stream Processing (for high-velocity streams of complex data).

Atlas Vector Search simplifies bringing generative AI and semantic search into various applications to deliver more engaging end-user experiences, while Atlas Stream Processing transforms the building of event-driven applications that respond in real-time by unifying how developer teams work with data in motion and data at rest. With Atlas Stream Processing, customers have a single interface to easily extract insights from high-volume streaming data.

One of MongoDB’s major goals is to bring in new workloads from existing customers. The company recently announced the general availability of Relational Migrator, a tool that simplifies application migration and transformation from legacy relational databases to the company’s document-based model. The Migrator tool enables customers to quickly, easily and cost-effectively move off of older database technology, improving operational efficiency.

At the developer conference, Sahir Azam, chief product officer at MongoDB, said legacy relational databases remain the main competition. But he noted that they were optimized for a time when hardware was very expensive. Today, scalable hardware is quite cheap, but hiring developers and making them productive is the challenge. The document model makes it “very natural” for developers to build, iterate and improve applications over time, Azam said.

He explained that rows and tables in relational databases are not how developers think. Instead, developers see things such as managing a sale or managing products in a catalog as objects. Thus, the rise of object-oriented programming over the past 20 years. Azam said MongoDB gives developers a natural way to map object-oriented programming directly into the data model. With MongoDB, developers have a flexible database that is easy to scale effectively.

As more organizations see that MongoDB offers many of the mission-critical features offered by traditional relational databases, demand should continue to grow for the company’s document-based database. Demand will come in the form of new workloads as well as the shifting of workloads over from relational offerings. The Migrator tool helps users create a document-oriented schema within MongoDB, transfer data out and even rewrite associated code.

In fiscal Q2 (ended July), MongoDB’s total revenue rose 40% to $423.8 million, well above the consensus estimate of $393.3 million. It’s impressive that top-line growth reaccelerated from 29% in the previous quarter. Atlas cloud revenue (representing 63% of total revenue) advanced 38%.

MongoDB in FQ2 added 1,900 new customers, including a number of AI accounts (with smaller workloads that will expand over time). The company now has more than 45,000 total customers, up 22% year over year.

For FQ3 (Oct.), MongoDB’s total revenue outlook of $400 million to $404 million came in above the consensus of $389.1 million.

Piper Sandler called out the FQ2 revenue acceleration in raising its MongoDB price target to $425 from $400, noting that the upside was aided by large, multi-year licensing deals and renewal expansions. Needham raised its target to $445 from $430. The firm views MongoDB as a key beneficiary of generative AI, especially as organizations continue to iterate and discover new use cases.

RBC Capital believes MongoDB has the ability to become a major developer data platform by consolidating more workloads. The firm thinks MongoDB is well-positioned to be a long-term beneficiary of the generative AI platform shift.

Goldman Sachs is becoming increasingly constructive on MongoDB’s ability to sustainably land new customers and add workloads that can ultimately translate into $6 billion in revenue longer-term. MongoDB is enriching its platform with new functionality to meet the requirements of the “next big paradigm shift” of generative AI, according to the firm. Goldman sees MongoDB as a big beneficiary of accelerated app development.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on nosqlgooglealerts. Visit nosqlgooglealerts

Cloud database provider Couchbase has launched two strategic initiatives aimed at improving developer productivity while fostering greater collaboration in the fast-growing field of AI-driven application development.

AI-assisted coding with Capella iQ

The first prong of this dual initiative is Capella iQ, a feature set that enriches Couchbase’s Capella database-as-a-service (DBaaS) platform. What sets Capella iQ apart is its incorporation of generative AI technologies that exploit natural language processing to automatically create sample code, data sets and even unit tests. By doing this, the tool is streamlining the development process substantially, thereby enabling developers to focus more on high-level tasks rather than the nitty-gritty of code writing. Not just that, Capella iQ brings additional utilities to the table by aiding in SQL++ writing and generating essential syntax indexes, among other programming tasks. Scott Anderson, senior vice president of product management and business operations at Couchbase, underscores that these advancements aim to “fuel innovation at a faster pace for customers.”

The goal of Couchbase’s initiatives is to maximize the value of data in Capella by integrating generative AI and positioning it alongside developer tools such as Vercel (a front-end platform aiding developers to build with speed and reliability) and IntelliJ (an integrated development environment [IDE] for JVM languages aimed to enhance productivity). The recent updates to Capella focus on improving operational efficiency, cloud database security and the developer experience as a whole. Key features include integration with popular developer platforms, enhanced scaling capabilities and reinforced security measures such as PCI DSS 4.0 and Cloud Security Alliance STAR Level 2 compliance. This complements the SOC 2 Type II and HIPAA compliance that Couchbase Capella has already achieved.

Enabling partners with AI

Couchbase’s second initiative is its AI Accelerate Partner Program. This new program is part of the company’s broader PartnerEngage effort and is explicitly designed to engage a diverse range of organizational types and partners. The overarching objective is to catalyze the development and deployment of AI-centric applications while fortifying the broader ecosystem around Couchbase’s suite of products.

The AI Accelerate Partner Program offers numerous benefits for companies aiming to develop AI-driven applications using Capella. This initiative provides partners with essential resources to support their journey, including early access to beta releases of Couchbase AI and insights into the company’s product roadmap. They can also attend AI-focused workshops led by Couchbase experts and benefit from a streamlined integration process for Capella, often complemented by extended trial periods. Couchbase’s PartnerEngage portal offers many educational resources, including self-paced online training. Furthermore, members are given opportunities for joint marketing endeavors, potentially including being featured on Couchbase’s website.

The benefits of the program are evident for enterprises contemplating the adoption of Couchbase’s tools and services. Generative AI in particular promises to reduce development cycles dramatically. This could translate into considerable cost savings and operational efficiencies. However, it’s essential to proceed cautiously; integrating AI capabilities into existing systems demands a meticulously thought-out strategy.

Database competitive landscape

Let’s look at Couchbase’s competitors and consider the key differences among them, because each database brings distinct advantages to the table.

In the realm of databases, Couchbase stands out with its comprehensive features tailored for organizations emphasizing scalability, managing significant data volumes and requiring a flexible schema. MongoDB is particularly favored by businesses needing a dynamic schema combined with potent real-time data management. Redis positions itself as the go-to for businesses with high-speed transactional needs. For those aiming at user-friendliness paired with scalability, Amazon DynamoDB, an AWS offering, brings reliability to the table. Microsoft Azure Cosmos DB appeals to businesses eyeing a globally accessible database thanks to its universal accessibility. For entities deeply embedded in the Oracle ecosystem, the Oracle NoSQL Database offers seamless integration, making it a predictable pick. Cassandra is a recognized choice when there’s a need to manage vast amounts of data in a distributed environment; it claims unmatched fault tolerance in distributed settings. Meanwhile, Neo4j, a graph database, is increasingly used by businesses aiming to efficiently store, analyze and query complex interrelated data. Each database, from Couchbase to Neo4j, offers distinct features. Given these nuances, the final choice hinges on specific business prerequisites, underscoring the importance of thorough research and comparison.

Let’s summarize

Couchbase’s recent initiatives signal a drive towards creating a modernized, AI-powered development ecosystem. With emerging technologies, it’s prudent for potential adopters to evaluate any tool based on its speed, cost-effectiveness and functionality. The key takeaway in this case is that while generative AI is making rapid strides, it also requires careful integration into existing systems and processes because of its nascent state.

That said, Couchbase is delivering real results. The company recently released its financial results for the second quarter of fiscal 2024, reporting revenue of $43 million, of which $41 million stemmed from subscriptions. Another highlight is the company’s 24% growth in annual run rate (ARR), which is now pegged at $180.7 million. In a fiercely competitive sector, Couchbase is sustaining its growth as it continues to implement new features and capabilities.

Posted on nosqlgooglealerts. Visit nosqlgooglealerts

Couchbase has announced that its Capella managed service NoSQL database will from now on include “generative AI capabilities” 

Couchbase is a distributed NoSQL cloud database that combines the properties of a distributed document database (JSON) with features of a traditional DBMS including distributed SQL, transactions, and ACID guarantees.

Capella was launched at the end of 2021 with support for AWS, GCP and Azure. The Couchbase team says the new features will enhance developer productivity and accelerate time to market for modern applications. The new feature, called Capella iQ, can be used by developers to write SQL++ and application-level code more quickly through the use of AI to create recommended sample code.

Capella iQ is an AI cloud service that developers can interact with using natural language conversations. It can suggest common prompts, and it knows Couchbase-specific context such as database, collection, and index definitions. iQ is powered by ChatGPT, and will soon let the developer pick the LLM.

The Couchbase team says that the use of JSON by Capella iQ
provides an ideal format for storing both data and metadata designed to feed prompts, that JSON can also store conversation context from session to session, and JSON arrays can hold vector embedding data.

Alongside the introduction of Capella iQ, Couchbase has added several other improvements, starting with the ability to use other IDEs including Vercel and the IntelliJ family of IDEs.

Performance scaling is another improvement, so that Capella can now dynamically scale disk storage and input/output operations per second (IOPS). Security has also been improved, and Capella and Couchbase have now achieved independent validation for PCI DSS 4.0 and CSA STAR Level 2 compliance. Capella has also added the ability to download backup files to S3 or other locations.

Capella iQ is available as a private preview now. 

More Information

Couchbase Website

Capella iQ Private Preview

Related Articles

Couchbase Updates Capella

Couchbase 7 Adds Relational Support Model

Insights From Couchbase Connect

Couchbase Connect Goes Online

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Summer SALE Kindle 9.99 Paperback $10 off!!

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info

Posted on nosqlgooglealerts. Visit nosqlgooglealerts

What is a Database Model? – A Definitive Guide

Have you ever wondered how data is organized in a computer system? Or how companies handle massive amounts of information efficiently? Look no further! In this blog post, we’ll dive into the world of database models and demystify their importance in managing and organizing data.

Let’s start by answering a fundamental question – what is a database model? In simple terms, a database model is a way of structuring and organizing data in a computer system. Just like a well-designed filing cabinet with labeled folders and categorized documents, a database model serves as a framework for storing, managing, and retrieving information efficiently.

Database models provide a structured approach to represent the relationships between various data elements within a database. They define how the data is stored, organized, and accessed by users or applications. By using a database model, businesses can streamline their data management processes, improve data integrity, and enhance decision-making capabilities.

Now, let’s explore two popular types of database models:

1. Relational Database Model:

The relational database model is the most widely used and recognized model in the industry. It organizes data into tables, where each table represents a specific entity or concept. These tables are then linked together through relationships, such as primary keys and foreign keys, which ensure data consistency and integrity.

With a relational database model, businesses can perform complex queries, retrieve data based on specific criteria, and analyze information efficiently. Popular database management systems that follow the relational model include MySQL, Oracle, and Microsoft SQL Server.

2. NoSQL Database Model:

As the name suggests, the NoSQL database model departs from the traditional tabular structure of the relational model. It offers a more flexible and scalable approach to store and retrieve data, particularly in modern web applications with large volumes of data and high transaction rates.

NoSQL databases use a variety of data models, such as key-value stores, document stores, columnar databases, and graph databases, allowing developers to choose the most suitable model for their specific use case. Some popular NoSQL databases include MongoDB, Cassandra, and Redis.

In conclusion, a database model is a fundamental building block for managing data in computer systems. It provides a framework for organizing and structuring data, enabling businesses to efficiently store, retrieve, and analyze information. Whether you opt for a relational database model or a NoSQL model, it’s crucial to choose the right model that aligns with your business requirements and scalability needs. So, the next time you hear about database models, you’ll know that they are the secret sauce behind the organized and structured world of data management.

Key Takeaways:

• A database model is a conceptual representation that defines the structure, relationships, and constraints of a database.
• It acts as a blueprint to guide the design and implementation of a database.

Article originally posted on InfoQ. Visit InfoQ

Modern Java applications are built on top of countless open-source libraries. The libraries encapsulate common, repetitive code and allow application programmers to focus on delivering customer value. But the libraries come with a price – security vulnerabilities. A security issue in a popular library enables malicious actors to attack a wide range of targets cheaply.

Therefore, it’s crucial to have dependency vulnerability checks (a.k.a. Software Composition Analysis or SCA) as part of the CI pipeline. Unfortunately, the security world is not black and white; one vulnerability can be totally harmless in one application and a critical issue in another, so the scans always need human oversight to determine whether a report is a false positive.

This article will explore examples of vulnerabilities commonly found in standard Spring Boot projects over the last few years. This article is written from the perspective of software engineers. The focus will shift to the challenges faced when utilizing widely available tools such as the OWASP dependency check.

As software engineers are dedicated to delivering product value, they view security as one of their many responsibilities. Despite its importance, security can sometimes get in the way and be neglected because of the complexity of other tasks.

Vulnerability resolution lifecycle

A typical vulnerability lifecycle looks like this:

Discovery

A security researcher usually discovers the vulnerability. It gets reported to the impacted OSS project and, through a chain of various non-profit organizations, ends up in the NIST National Vulnerability Database (NVD). For instance, the Spring4Shell vulnerability was logged in this manner.

Detection

When a vulnerability is reported, it is necessary to detect that the application contains the vulnerable dependency. Fortunately, a plethora of tools are available that can assist with the detection.

One of the popular solutions is the OWASP dependency check – it can be used as a Gradle or Maven plugin. When executed, it compares all your application dependencies with the NIST NVD database and Sonatype OSS index. It allows you to suppress warnings and generate reports and is easy to integrate into the CI pipeline. The main downside is that it sometimes produces false positives as the NIST NVD database does not provide the data in an ideal format. Moreover, the first run takes ages as it downloads the whole vulnerability database.

Various free and commercial tools are available, such as GitHub Dependabot, Checkmarx, and Snyk. Generally, these tools function similarly, scanning all dependencies and comparing them against a database of known vulnerabilities. Commercial providers often invest in maintaining a more accurate database. As a result, commercial tools may provide fewer false positives or even negatives.

Analysis

After a vulnerability is detected, a developer must analyze the impact. As you will see in the examples below, this is often the most challenging part. The individual performing the analysis must understand the vulnerability report, the application code, and the deployment environment to see if the vulnerability can be exploited. Typically, this falls to the application programmers as they are the only ones who have all the necessary context.

Resolution

The vulnerability has to be resolved.

1. Ideally, this is achieved by upgrading the vulnerable dependency to a fixed version.
2.  If no fix is released yet, the application programmer may apply a workaround, such as changing a configuration, filtering an input, etc.
3. More often than not, the vulnerability report is a false positive. Usually, the vulnerability can’t be exploited in a given environment. In such cases, the report has to be suppressed to prevent becoming accustomed to failing vulnerability reports.

Once the analysis is done, the resolution is usually straightforward but can be time-consuming, especially if there are dozens of services to patch. It’s important to simplify the resolution process as much as possible. Since this is often tedious manual work, automating it to the greatest extent possible is advisable. Tools like Dependabot or Renovate can help in this regard to some extent.

Vulnerability examples

Let’s examine some vulnerability examples and the issues that can be encountered when resolving them.

Spring4Shell (CVE-2022-22965, score 9.8)

Let’s start with a serious vulnerability – Spring Framework RCE via Data Binding on JDK 9+, a.k.a. Spring4Shell, which allows an attacker to remotely execute code just by calling HTTP endpoints.

Detection

It was easy to detect this vulnerability. Spring is quite a prominent framework; the vulnerability was present in most of its versions, and it was discussed all over the internet. Naturally, all the detection tools were able to detect it.

Analysis

In the early announcement of the vulnerability, it was stated that only applications using Spring WebMvc/Webflux deployed as WAR to a servlet container are affected. In theory, deployment with an embedded servlet container should be safe. Unfortunately, the announcement lacked the vulnerability details, making it difficult to confirm whether this was indeed the case. However, this vulnerability was highly serious, so it should have been mitigated promptly.

Resolution

The fix was released in a matter of hours, so the best way was to wait for the fix and upgrade. Tools like Dependabot or Renovate can help to do that in all your services.

If there was a desire to resolve the vulnerability sooner, a workaround was available. But it meant applying an obscure configuration without a clear understanding of what it did. The decision to manually apply it across all services or wait for the fix could have been a challenging one to make.

HttpInvoker RCE (CVE-2016-1000027, score 9.8)

Let’s continue to focus on Spring for a moment. This vulnerability has the same criticality as Spring4Shell 9.8. But one might notice the date is 2016 and wonder why it hasn’t been fixed yet or why it lacks a fancy name. The reason lies in its location within the HttpInvoker component, used for the RPC communication style. It was popular in the 2000s but is seldom used nowadays. To make it even more confusing, the vulnerability was published in 2020, four years after it was initially reported due to some administrative reasons.

Detection

This issue was reported by OWASP dependency check and other tools. As it did not affect many, it did not make the headlines.

Analysis

Reading the NIST CVE detail doesn’t reveal much:

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or [may] not occur, and authentication may be required.

This sounds pretty serious, prompting immediate attention and a search through the link to find more details. However, the concern turns out to be a false alarm, as it only applies if HttpInvokerServiceExporter is used.

Resolution

No fixed version of a library was released, as Pivotal did not consider it a bug. It was a feature of an obsolete code that was supposed to be used only for internal communication. The whole functionality was dropped altogether in Spring 6, a few years later.

The only action that to take is to suppress the warning. Using the free OWASP dependency check, this process can be quite time-consuming if it has to be done manually for each service.

There are several ways to simplify the flow. One is to expose and use a shared suppression file in all your projects by specifying its URL. Lastly, you can employ a simple service like Dependency Shield to streamline the whole suppression flow. The important point is that a process is needed to simplify the suppression, as most of the reports received are likely false positives.

SnakeYAML RCE (CVE-2022-1471, score 9.8)

Another critical vulnerability has emerged, this time in the SnakeYAML parsing library. Once again, it involves remote code execution, with a score of 9.8. However, it was only applicable if the SnakeYAML Constructor class had been used to parse a YAML provided by an attacker.

Detection

It was detected by vulnerability scanning tools. SnakeYAML is used by Spring to parse YAML configuration files, so it’s quite widespread.

Analysis

Is the application parsing YAML that could be provided by an attacker, for example, on a REST API? Is the unsafe Constructor class being used? If so, the system is vulnerable. The system is safe if it is simply used to parse Spring configuration files. An individual who understands the code and its usage must make the decision. The situation could either be critical, requiring immediate attention and correction, or it could be safe and therefore ignored.

Resolution

The issue was quickly fixed. What made it tricky was that SnakeYAML was not a direct dependency; it’s introduced transitively by Spring, which made it harder to upgrade. If you want to upgrade SnakeYAML, you may do it in several ways.

1. If using the Spring Boot dependency management plugin with Spring Boot BOM,
   • a.    the snakeyaml.version variable can be overridden.
   • b.    the dependency management declaration can be overridden.
2. If not using dependency management, SnakeYAML must be added as a direct dependency to the project, and the version must be overridden.

When combined with complex multi-project builds, it’s almost impossible for tools to upgrade the version automatically. Both Dependabot and Renovate are not able to do that. Even a commercial tool like Snyk is failing with “could not apply the upgrade, dependency is managed externally.”

And, of course, once the version is overridden, it is essential to remember to remove the override once the new version is updated in Spring. In our case, it’s better to temporarily suppress the warning until the new version is used in Spring.

Misidentified Avro vulnerability

Vulnerability CVE-2021-43045 is a bug in .NET versions of the Avro library, so it’s unlikely to affect a Java project. How, then, is it reported? Unfortunately, the NIST report contains cpe:2.3:a:apache:avro:*:*:*:*:*:*:*:* identifier. No wonder the tools mistakenly identify org.apache.avro/avro@1.9.0 as vulnerable, even though it’s from a completely different ecosystem.

Resolution: Suppress

Summary

Let’s look back at the different stages of the vulnerability resolution and how to streamline it as much as possible so the reports do not block the engineers for too long.

Detection

The most important part of detection is to avoid getting used to failing dependency checks. Ideally, the build should fail if there is a vulnerable dependency detected. To be able to enable that, the resolution needs to be as painless and as fast as possible. No one wants to encounter a broken pipeline due to a false positive.
 
Since the OWASP dependency check primarily uses the NIST NVD database, it sometimes struggles with false positives. However, as has been observed, false positives are inevitable, as the analysis is only occasionally straightforward.

Analysis

This is the hard part and actually, the one when tooling can’t help us much. Consider the SnakeYAML remote code execution vulnerability as an example. For it to be exploitable, the library would have to be used unsafely, such as parsing data provided by an attacker. Regrettably, no tool is likely to reliably detect whether an application and all its libraries contain vulnerable code. So, this part will always need some human intervention.

Resolution

Upgrading the library to a fixed version is relatively straightforward for direct dependencies. Tools like Dependabot and Renovate can help in the process. However, the tools fail if the vulnerable dependency is introduced transitively or through dependency management. Manually overriding the dependency may be an acceptable solution for a single project. In cases where multiple services are being maintained, we should introduce centrally managed dependency management to streamline the process.

Most reports are false positives, so it’s crucial to have an easy way to suppress the warning. When using OWASP dependency check, either try a shared suppression file or a tool like Dependency Shield that helps with this task.

It often makes sense to suppress the report temporarily. Either to unblock the pipeline until somebody has time to analyze the report properly or until the transitive dependency is updated in the project that introduced it.

Article originally posted on InfoQ. Visit InfoQ

The most recent update, which covers developments through September 4, 2023, highlights significant pronouncements and accomplishments in the fields of artificial intelligence, machine learning, and data science. Developments from Stability AI, Google, OpenAI, and Meta were among this week’s significant stories.

Stability AI Launches Stable Chat

Stable Chat is a novel AI-powered chat platform designed to prioritize stability and consistency in conversation with users. Stable Chat, developed by Stability AI, aims to reduce the potential for misinformation and misunderstandings in AI-driven conversations by focusing on delivering reliable responses instead of generating creative or unpredictable ones.

This approach could find applications in critical domains like healthcare and customer support, where maintaining clarity and correctness in communication is paramount. The platform’s unique focus on stability makes it an intriguing addition to the evolving landscape of AI chatbots and conversational agents.

Vertex AI Search and Conversation is Now Generally Available

Google Cloud’s Vertex AI Search and Conversation service has officially become generally available. This development empowers organizations to enhance their applications with AI-driven search and conversational capabilities, facilitating more intuitive and efficient interactions with users. With features like semantic search and natural language understanding, Vertex AI Search and Conversation enables businesses to build intelligent search engines and conversational agents that can provide relevant information and engage users in natural conversations.

This launch represents a significant step forward in leveraging AI and machine learning technologies to improve customer experiences and drive innovation in various industries.

OpenAI Introduces ChatGPT Enterprise

OpenAI has launched ChatGPT Enterprise, a subscription-based service aimed at businesses to leverage its powerful language model for various applications. This offering provides enhanced language capabilities tailored for professional use, including improved security features and access controls. With ChatGPT Enterprise, organizations can harness the potential of natural language understanding and generation to enhance customer support, automate tasks, and develop customized AI solutions while maintaining data privacy and compliance.

OpenAI’s move signifies its commitment to catering to enterprise needs and expanding the adoption of AI-powered language models in business contexts.

OpenAI has made GPT-3.5 Turbo Available to Developers

OpenAI has introduced the GPT-3.5 Turbo, an advanced iteration of its language model. This new version allows fine-tuning, enabling users to customize and adapt the model for specific tasks.

OpenAI also unveils updates to the API pricing structure, making it more cost-effective for developers to experiment and deploy GPT-3.5 Turbo-powered applications.

Meta Open-Sources Code Llama

Meta has unveiled Code Llama, a novel AI tool designed to assist developers in writing code more efficiently. Code Llama employs large language models and deep learning techniques to understand and generate code, aiming to simplify the coding process and boost developer productivity.

This tool is a significant addition to the rapidly evolving landscape of AI-powered development tools and further exemplifies Meta’s commitment to advancing AI technologies.

Article originally posted on InfoQ. Visit InfoQ

Subscribe on:

Apple Podcasts
Google Podcasts
Soundcloud
Spotify
Overcast
Podcast Feed

.
From this page you also have access to our recorded show notes. They all have clickable links that will take you directly to that part of the audio.

Article originally posted on InfoQ. Visit InfoQ

The most recent compilation of advanced research, inventive applications, and notable unveilings in the realm of Large Language Models (LLMs) during the week starting September 4th, 2023.

PointLLM: Empowering Large Language Models to Understand Point Clouds

This paper introduces PointLLM, a novel approach aimed at enhancing Large Language Models’ (LLMs) understanding of 3D data, particularly point clouds. PointLLM processes colored object point clouds with human instructions, demonstrating its ability to grasp point cloud concepts and generate contextually relevant responses. Evaluation benchmarks, including Generative 3D Object Classification and 3D Object Captioning, show that PointLLM outperforms existing 2D baselines, with human evaluators finding it superior in over 50% of object captioning samples.

Codes, datasets, and benchmarks are available at https://github.com/OpenRobotLab/PointLLM

WALL-E: Embodied Robotic WAiter Load Lifting with Large Language Model

This paper explores the integration of Large Language Models (LLMs) with visual grounding and robotic grasping systems to enhance human-robot interaction, exemplified by the WALL-E (Embodied Robotic Waiter load lifting with Large Language model) system. WALL-E utilizes ChatGPT’s LLM to generate target instructions through interactive dialogue, which are then processed by a visual grounding system to estimate object pose and size, enabling the robot to grasp objects accordingly. Experimental results in various real-world scenarios demonstrate the feasibility and effectiveness of this integrated framework.

More information can be found on the project website https://star-uu-wang.github.io/WALL-E/

AskIt: Unified Programming Interface for Programming with Large Language Models

In this paper, authors discuss AskIt, a domain-specific language (DSL) designed to simplify the integration of Large Language Models (LLMs) in software development. AskIt offers type-guided output control, template-based function definitions, and a unified interface that bridges the gap between LLM-based code generation and application integration. It leverages Programming by Example (PBE) for few-shot learning at the programming language level, achieving significant prompt length reduction and improved speed in benchmark experiments. AskIt aims to streamline the efficient and versatile utilization of LLMs’ emergent abilities in software development, with implementations available in TypeScript and Python.

The implementations of AskIt in TypeScript and Python are available at https://github.com/katsumiok/ts-askit and https://github.com/katsumiok/pyaskit, respectively

Jais and Jais-chat: Arabic-Centric Foundation and Instruction-Tuned Open Generative Large Language Models

This paper introduces Jais and Jais-chat, an Arabic-focused large language model (LLMs) with 13 billion parameters. These models outperform existing Arabic and multilingual models in Arabic knowledge and reasoning capabilities and remain competitive in English despite being trained on less English data. They provide a detailed account of their training, tuning, safety measures, and evaluations, and both the foundation Jais model and instruction-tuned Jais-chat variant are released to foster research in Arabic LLMs.

Accessible at https://huggingface.co/inception-mbzuai/jais-13b-chat

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for September 4th, 2023 features news from OpenJDK, JDK 22, JDK 21, GraalVM Native Build Tools 0.9.26, Quarkus 3.3.2, MicroProfile 6.1-RC1, MicroProfile Config 3.1-RC2, Helidon 4.0.0-M2, Open Liberty 23.0.0.9-beta, Hibernate Search 7.0.0.Beta1, Infinispan 14.0.17.Final, Eclipse Mojarra 4.0.4, JDKMon 17.0.71, JHipster 8.0.0-beta.3 and 7.9.4 and JavaZone 2023 Conference.

OpenJDK

Paul Sandoz, Java architect at Oracle, has initiated a proposal to start a new Java project named Babylon. The primary goal will be to “extend the reach of Java to foreign programming models such as SQL, differentiable programming, machine learning models, and GPUs.” Babylon can achieve Java’s reach to foreign programming models with code reflection, an enhancement to reflective programming in Java, to enable standard access, analysis, and transformation of Java code in a suitable form. Support for a foreign programming model can then be more easily implemented as a Java library.

Sandoz has offered to lead this new project with an initial reviewer list to include Maurizio Cimadamore, software architect at Oracle and Project Panama lead, Gary Frost, software architect at Oracle, and Sandhya Viswanathan, principal software engineer at Intel. Developers can learn more by watching this YouTube video from the recent JVM Language Summit.

Sandoz also introduced JEP Draft 8315945, Vector API (Seventh Incubator) this past week. This JEP, under the auspices of Project Panama, incorporates enhancements in response to feedback from the previous six rounds of incubation: JEP 448, Vector API (Sixth Incubator), to be delivered in the upcoming GA release of JDK 21; JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. The most significant change from JEP 448 includes an enhancement to the JVM Compiler Interface (JVMCI) to support Vector API values.

JDK 21

Build 35 remains the current build in the JDK 21 early-access builds. Further details on this build may be found in the release notes.

JDK 22

Build 14 of the JDK 22 early-access builds was made available this past week featuring updates from Build 13 that include fixes to various issues. More details on this build may be found in the release notes.

Mark Reinhold, chief architect, Java Platform Group at Oracle, formally proposed the release schedule for JDK 22 as follows:

• Rampdown Phase One (fork from main line): December 7, 2023
• Rampdown Phase Two: January 18, 2024
• Initial Release Candidate: February 8, 2024
• Final Release Candidate: February 22, 2024
• General Availability: March 19, 2024

Comments on this proposal from JDK committers and reviewers are open for discussion until September 15, 2023 at 23:00 UTC. If there are no objections at that time, then as per the JEP 2.0 process proposal, this will be the schedule for JDK 22.

For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GraalVM

On the road to version 1.0, Oracle Labs has released version 0.9.26 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: use of the AttributeProvider API to fix compatibility with Gradle 8.3; explicitly declare the dependencies for the Plexus-Xml and Plexus-Utils libraries to fix compatibility with Maven 3.9.x; and prepare Native Build Tools for the upcoming release of GraalVM for JDK 21. Further details on this release may be found in the changelog.

Spring Framework

In terms of releases, things have been quiet over at Spring these past two weeks, but that hasn’t stopped Josh Long, Spring developer advocate at VMware. Along with his weekly “This Week in Spring” blog posts, Long has published: a personal recap of SpringOne 2023; his latest blog post on how Spring Boot 3.2, GraalVM native images, Java 21 and virtual threads with Project Loom all work together; and “Bootiful” podcasts with Rob Winch, Spring Security lead at VMware, Daniel Garnier-Moiroux, senior member of technical staff, Spring Engineering at VMware, and Chris Richardson, founder and CEO at Eventuate and president at Chris Richardson Consulting.

Quarkus

The release of Quarkus 3.3.2 ships with dependency upgrades and notable changes such as: improvements to the OIDC Auth0 in the Dev UI; a removal of the imagePushSecret() method from the BuildConfig class that has been deemed invalid when using the internal registry; and a fix for a Quarkus build using the quarkus.container-image.builder=jib property that does not consider the auth.json file from Podman. More details on this release may be found in the changelog.

MicroProfile

The MicroProfile Working Group has provided the first release candidate of MicroProfile 6.1 featuring updates to the MicroProfile Config, MicroProfile Metrics and MicroProfile Telemetry specifications. Therefore, the final feature set of MicroProfile 6.1, scheduled for a GA release in early October, will include:

• Jakarta EE 10 Core Profile
• MicroProfile Config 3.1
• MicroProfile Fault Tolerance 4.0
• MicroProfile Metrics 5.1
• MicroProfile Health 4.0
• MicroProfile Telemetry 1.1
• MicroProfile OpenAPI 3.1
• MicroProfile JWT Authentication 2.1
• MicroProfile Rest Client 3.0

It is important to note that four of the seven specifications contained within the Jakarta EE 10 Core Profile, namely: Jakarta Contexts and Dependency Injection (CDI) 4.0; Jakarta RESTful Web Services 3.1; Jakarta JSON Processing 2.1; and Jakarta JSON Binding 3.0, are the evolved JSR specifications from Java EE 7 and Java EE 8 from the early days of MicroProfile.

The second release candidate of MicroProfile Config 3.1 delivers notable changes such as: an update to the TCK to align with breaking changes in CDI 4.0 that include an empty beans.xml file and change in bean discovery mode from all to annotated; and the MissingValueOnObserverMethodInjectionTest class, that asserts a DeploymentException, fails a different reason due to the the ConfigObserver bean being defined as @ApplicationScoped (proxyable) and final (not proxyable). Further details on this release may be found in the list of issues.

Helidon

The second release candidate of Helidon 4.0.0 delivers: a baseline of JDK 21; full integration of the Helidon Níma web server; significantly refactored Helidon SE APIs to optimize imperative/blocking use cases; and numerous enhancements to the Web Server and Web Client components to achieve feature parity with Helidon 3.0. More details on this release may be found in the changelog.

Open Liberty

IBM has released version 23.0.0.9-beta of Open Liberty to provide continuous improvement: for Liberty Spring Boot Support 3.0 with capability to “thin” an application when they are created in containers; and the early preview of the Jakarta Data specification.

Hibernate

The first beta release of Hibernate Search 7.0.0 delivers a number of dependency upgrades, namely: JDK 11 as a baseline, a migration to Jakarta EE, Hibernate ORM 6.3.0.Final, Lucene 9.7.0, Elasticsearch 8.9.0 and OpenSearch 2.9.0.

Infinispan

Version 14.0.17.Final of Infinispan has been released featuring notable fixes such as: the cache created by ServerEventLogger class blocks the cache join with the potential for a deadlock; the DefaultExecutorFactory class creating unnecessary multiple instances of a Java ThreadGroup; and add missing cross-site metrics for the implementation of the RpcManager interface. Further details on this release may be found in the list of issues.

Eclipse Mojarra

The release of Eclipse Mojarra 4.0.4 delivers notable changes such as: a fix for Mojarra failing to initialize when the Bean Deployment Archive in Weld is empty; a more robust implementation of the RetargetedAjaxBehavior class; and return a static empty data model from the UIData class if its current value is null. More details on this release may be found in the release notes.

JDKMon

Version 17.0.71 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version provides additional information about the remaining days to the GA release of JDK 21 and the next OpenJDK update.

JHipster

The third beta release of JHipster release 8.0.0 with enhancements such as: support for JDK 20 and JDK 21; a cleanup of the JHipster Domain Language (JDL) to move file manipulation, configuration and validation to the JDL generator; and a fix for the H2 console not loading due to an incorrect path setting. Further details on this release may be found in the release notes.

Similarly, the release of JHipster 7.9.4 features bug fixes and support for Node.js 18. More details on this release may be found in the release notes.

JavaZone Conference

The JavaZone conference was held at the Oslo Spektrum in Oslo, Norway this past week featuring speakers from the Java community who presented talks and workshops on topics such as: garbage collection, quantum computing, Haskell, Kubernetes, application monitoring, micro frontends, JavaScript and Quarkus.