That makes sense, because JWT is base64 encoded, and those base64 tokens are bigger and more expensive. JWT has 3 parts, so it's 3x more expensive, obviously.
It has been up and down today, specifically with authentication breaking. I also saw an error message with backend SQL in it (in my 6 years of Meta bug bounty security research, I have never once seen backend SQL before).
I suspect it is because they also refactored Meta AI entirely to use Next.js instead of their normal stack they use for literally everything else. Not sure why they would do this, but I guess it works (...or maybe not) for them.
I guess this means the listener for Hey Siri requests has to be inside of the exclave/conclave to avoid triggering the mic indicator light 24/7 or leaking microphone data? I assume this means the code has to be able to be updated through various macOS/iOS updates and is not immutable, so I do wonder how the code signature verification for that works (since I assume the code signing checks would have to be done at a hardware/bootloader level above the kernel)
I also assume this means you can't put the mouse cursor over the camera indicator as well since that can be controlled by the kernel/host (if someone here has a Macbook Neo pls confirm).
What happens when you screen share - does those pixels show as active or the kernel cannot read the state of those pixels and the capture has the video memory state?
reply