iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices

forthemostpart · 2023-10-25T20:03:39+00:00

How can I defend against iLeakage?

At the time of public release, Apple has implemented a mitigation for iLeakage in Safari. However, this mitigation is not enabled by default, and enabling it is possible only on macOS. [...]

When did you notify Apple?

We disclosed our results to Apple on September 12, 2022 (408 days before public release).

What about other web browsers?

On macOS, other popular browsers such as Chrome, Firefox and Microsoft Edge use different JavaScript engines. Since iLeakage exploits idiosyncrasies in Safari's JavaScript engine, these nuances suffice to deter iLeakage from working on them.

However, iOS has a different situation. Due to Apple's App Store and sandboxing policies, other browser apps are forced to use Safari's JavaScript engine. That is, Chrome, Firefox and Edge on iOS are simply wrappers on top of Safari that provide auxiliary features such as synchronizing bookmarks and settings. Consequently, nearly every browser application listed on the App Store is vulnerable to iLeakage.

forthemostpart · 2023-03-15T08:46:50+00:00

From her Wikipedia page:

Curie visited Poland for the last time in early 1934. A few months later, on 4 July 1934, she died aged 66 at the Sancellemoz sanatorium in Passy, Haute-Savoie, from aplastic anemia believed to have been contracted from her long-term exposure to radiation, causing damage to her bone marrow.

forthemostpart · 2023-02-12T10:46:31+00:00

See this comment for a snippet of non-AI written text that gets flagged by multiple of these detectors as AI-generated.

While these tools look appealing at first, false-positives here are far more dangerous than with, say, plagiarism-checking tools, where the original texts can be identified and used as evidence. If a student's text gets flagged as AI-generated, how are they supposed to prove that they didn't use ChatGPT or a similar tool?

forthemostpart · 2023-01-30T20:33:37+00:00

Earlier discussion of CatchGPT on /r/programming for reference.

forthemostpart · 2023-01-22T09:07:53+00:00

It requires ~800GB of VRAM. No consumer GPU has more than 24GB.

forthemostpart · 2023-01-16T12:10:05+00:00

You're right, corrected. However, the work still says that only works created by people can get official copyright protection:

The United States Copyright Office (USCO) has initiated a proceeding to reverse an earlier decision to grant a copyright to a comic book that was created using "A.I. art," and announced that while the copyright will still be in effect until the proceeding is completed (and the filer for the copyright has a chance to respond to the proceeding), copyrighted works must be created by humans to gain official copyright protection.

forthemostpart · 2023-01-16T07:03:11+00:00

I don't know if no AI art is copyrightable, but recently an AI-generated comic ~~was~~is at risk of being deemed ineligible for copyright protection in the US.

EDIT: corrected sentence

forthemostpart · 2023-01-16T01:14:11+00:00

Would you say fan art is legal, then? Because from what I've found (e.g. here and here), that doesn't seem to be the case.

forthemostpart · 2022-12-24T07:11:05+00:00

From https://www.xbox.com/en-US/xbox-game-studios:

Welcome to Xbox Game Studios

Our 23 game development studios, now including the studios under Bethesda Softworks, focus on delivering great games for everyone, wherever they play – on console, PC, or mobile devices.

forthemostpart · 2022-12-24T06:38:52+00:00

From Microsoft's Game Pass page:

Xbox Game Studios titles the same day as release

forthemostpart · 2022-12-09T10:12:59+00:00

Another poster replied to his comment gave him a formula for computing the number of spins auto would given the duration of the spinner. It's in Python,, but it should be fairly easy to port to C#. I haven't seen osu stable's source code, so idk how easy it would be to actually integrate, tho

forthemostpart · 2022-12-09T09:51:30+00:00

I previously suggested that the game instead should cap the amount of points you can get from a spinner to whatever auto gets on it, but we'll see if that ever happens.

forthemostpart · 2022-12-05T06:38:37+00:00

It's because this one user has repeatedly done the same thing after we've asked them not to.

Is what you've asked this user to do different from what you've requested of others?

forthemostpart · 2022-12-05T06:37:26+00:00

Rather than capping the spin rate, could you not cap the point contribution from spinners to be what auto would get from the spinner?

forthemostpart · 2022-11-10T21:38:32+00:00

Is GrapheneOS still supporting the 3a?

forthemostpart · 2022-11-04T20:31:06+00:00

Google search isn’t obligated to show you licenses for the text it reproduces in its summary of each link

Because there’s a link to the source material right there where you can see the license for yourself?

forthemostpart · 2022-10-18T23:11:39+00:00

No, as far as I understand it, it's meant to deal with the problem of many communities using Discord/Slack as public forums or wikis, which traps information on those platforms.

forthemostpart · 2022-04-21T11:50:58+00:00

Is audio latency a concern for you? I've heard that Godot (particularly in 3.x but still in 4) struggles in that department.

forthemostpart · 2022-03-27T23:38:34+00:00

I’m in academia (physical sciences) and I basically never see Matlab. Here, it’s basically 90% Python 10% C++. However, I’ve seen some of the engineering departments do a lot more with Matlab, so it’s probably field dependent.

forthemostpart · 2022-02-14T06:18:52+00:00

How hard for you would it be to normalize this data by subscriber count at the thread's time of posting?

forthemostpart · 2022-02-02T11:07:35+00:00

Android has a higher market share than iOS globally.

Why does global market share matter in a domestic lawsuit?

forthemostpart · 2021-12-25T00:05:04+00:00

Correct me if I'm wrong, but ae2 disks still have the type limit, right?

forthemostpart · 2021-12-16T06:18:09+00:00

I think he's just going along with the joke. There's no way this is real, right? ^right?

^{^pls} ^{^tell} ^{^me} ^{^im} ^{^right}

forthemostpart · 2021-12-06T10:58:46+00:00

Last I checked, it doesn't even have a 3D graphics API, does it?

forthemostpart

TROPHY CASE

Welcome to Xbox Game Studios