That only summarizes the first two paragraphs. The article goes on about VC funding and office expansions among other things.
The flow of venture capital dollars into AI and machine learning companies in San Francisco hit new highs this year, with start-ups raising $18.5 billion in the first quarter — about 82 percent of U.S. investments in the segment
There's no denying the fact that SF is the place for AI startups.
To be fair to ChatGPT though, all the search engines first recognize that the query is trying to perform an arithmetic calculation, then pass it on to a calculator. ChatGPT already understands what is being asked, it would be trivial to perform the next step, pass it on to a calculator and return the right answer.
This reasoning could be extended (and maybe it should be) to remove APIs/headers allowing detection of OS/browser version (maybe Mac users are willing to pay more?), screen size (bigger monitor = more disposable income?), etc. For all of them there are tradeoffs, but it would be an interesting exercise to think about.
First of all, congratulations for the awesome work. Do any of the components of your CRS make use of machine learning techniques? I read somewhere that mayhem uses deep learning but I'm not sure how exactly that would work in a program analysis scenario. I am assuming you used some form of symbolic execution (Edit: just realized it's angr, which is often useful in CTFs). How different was it from other general purpose SE systems (Klee etc)? Did you use any formal methods too?
CRIME: TLS compression can reveal private headers, like auth cookies. Fixed by turning off TLS compression. Not applicable to HTTP because HTTP never had header compression.
BREACH: Response body compression of a page where there's (a) something attacker controlled, (b) something private and unchanging in the body can reveal that secret, and (c) response length is visible to an attacker. Doesn't require HTTPS.
If an attack applied, it would be one like BREACH. Which isn't surprising: this is a direct replacement for "Accept-Encoding: gzip / Content-Encoding: gzip" and so we should expect it to be in the same security situation.
They write their own apps for elementary OS instead of making UI changes to other apps. This includes the music player, file explorer, calendar, terminal emulator and settings app among others. IIRC the browser, email app and photo viewer are written by third parties specifically for elementary.
As a new potential user I'd like to see more screenshots on the front page before I send them my money or download and install the OS. A video preview of 2-3 minutes would be even better.
There is a surprising lack of information on the website. Here are a couple links that help fill in the gaps.
"elementary OS is a Linux distribution based on Ubuntu. It makes use of a desktop with its own shell named Pantheon,[2] and is deeply integrated with other elementary OS applications like Plank (a dock), Midori (the default web browser) and Scratch (a simple text editor). This distribution uses Gala as its window manager..."
http://en.wikipedia.org/wiki/Elementary_OS
A browser that's not Firefox or Chrome scares me slightly, considering the amount of resources that go into securing them, yet they all fall at cansecwest.
WebKit isn't the only possible source of insecurity in an app that uses it. It may not even be in the top 10 versus things like image and font rendering libraries.
Yes, it's not surprising and not limited to them either. But seeing all the similarities in a non fanatic context also makes Apple work a tad less amazing.
