Archive for December 5, 2022

Monday, December 5, 2022


OpenAI (Hacker News):

We’ve trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer followup questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests.


We are excited to introduce ChatGPT to get users’ feedback and learn about its strengths and weaknesses. During the research preview, usage of ChatGPT is free. Try it now at

Ben Thompson (Hacker News):

It happened to be Wednesday night when my daughter, in the midst of preparing for “The Trial of Napoleon” for her European history class, asked for help in her role as Thomas Hobbes, witness for the defense. I put the question to ChatGPT[…] This is a confident answer, complete with supporting evidence and a citation to Hobbes work, and it is completely wrong.


What has been fascinating to watch over the weekend is how those refinements have led to an explosion of interest in OpenAI’s capabilities and a burgeoning awareness of AI’s impending impact on society, despite the fact that the underlying model is the two-year old GPT-3. The critical factor is, I suspect, that ChatGPT is easy to use, and it’s free: it is one thing to read examples of AI output, like we saw when GPT-3 was first released; it’s another to generate those outputs yourself; indeed, there was a similar explosion of interest and awareness when Midjourney made AI-generated art easy and free[…]


There is one site already on the front-lines in dealing with the impact of ChatGPT: Stack Overflow. Stack Overflow is a site where developers can ask questions about their code or get help in dealing with various development issues; the answers are often code themselves. I suspect this makes Stack Overflow a goldmine for GPT’s models: there is a description of the problem, and adjacent to it code that addresses that problem. The issue, though, is that the correct code comes from experienced developers answering questions and having those questions upvoted by other developers; what happens if ChatGPT starts being used to answer questions?

josh (via Hacker News):

Google is done.

Compare the quality of these responses (ChatGPT)

Gaelan Steele (via Hacker News):

For fun, I had ChatGPT take the free response section of the 2022 AP Computer Science A exam. […] It scored 32/36.

Susannah Skyer Gupta:

Thus far, Jacob and I have hand-crafted (meaning written with just our own brains), the Apparent Software App Store descriptions. That said, I would definitely consider an AI-assisted approach to get started.


Some indie developers reporting good luck with this approach thus far include Noam Efergan, author of the upcoming Baby Wize app and Johan Forsell, author of BarTab[…]


Update (2022-12-14): Dare Obasanjo:

Google employees explain why we haven’t seen ChatGPT like functionality in their products; the cost to serve an AI result is 10x to 100x as high as a regular web search today plus they’re too slow relative to how quick search results must be returned.

Michael Nielsen:

Curious: have you found ChatGPT useful in doing professional work?

If so, what kinds of prompts and answers have been helpful? Detailed examples greatly appreciated!

Steve Worswick:

Apparently it can cite sources, but just makes them up!

Swift Set Intersection Bug

Dave DeLong:

It turns out, there was a bug in Set.intersection(_:), but it had only been discovered this past June, and the fix only applies to macOS Ventura and later (my machine is running Monterey still). The scope of the bug is fairly limited: it only showed up if you were using the general intersection method, and the sequence had “exactly as many duplicate items as items missing from self”. As it turned out, Advent of Code happened to provide me with exactly the right input to hit this multiple times.

Mac Cryptexes

Howard Oakley:

In practice, a cryptex is a sealed Disk Image containing its own file system, which is mounted at a randomly chosen location within the root file system during the boot process. Prior to mounting the cryptex, macOS verifies it matches its seal, thus hasn’t been tampered with.


A cryptex can contain a wide range of different contents, typically including command tools, system executables, libraries, man pages, apps and frameworks. Many of the system components that used to be stored on the Data volume are now loaded by Ventura in cryptexes, including Safari and all its supporting components, the JavaScriptCore framework, some AMD graphics drivers, and most importantly dyld shared caches (which had been a heavy burden for Big Sur updates).


Late in the preparation phase of a macOS update, changed cryptexes are installed by ‘ramrod’. These are referred to as Splat, the internal name for the cryptex subsystem. Unlike the rest of a macOS update, these don’t require the full ‘Update Brain’ needed to build a new System snapshot, nor should they require macOS to be rebooted.


Powerdir macOS TCC Vulnerability

Juli Clover (in January):

Microsoft’s 365 Defender Research Team this morning published details on a new “Powerdir” macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.

Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update[…]

Jonathan Bar Or:

We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests. If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data.


First, Apple protected the system-wide TCC.db via System Integrity Protection (SIP), a macOS feature that prevents unauthorized code execution. Secondly, Apple enforced a TCC policy that only apps with full disk access can access the TCC.db files.


While the solution indeed prevents an attack by environment variable poisoning, it does not protect against the core issue. Thus, we set out to investigate: can an app programmatically change the user’s home directory and plant a fake TCC.db file?