Hacker News new | ask | show | jobs
by sebzim4500 1178 days ago
How is this a security flaw? Recently I made a browser extension to change the theme of a website. I discovered from the html that there was already a (work in progress) dark mode that could be enabled by adding a css class to the root element.

Did I hack the site by using this unreleased feature?
2 comments
travisjungroth 1178 days ago
It's an indication of their ability to keep things secret they mean to keep secret. It's very reasonable for anyone but the absolute biggest sites to think "who cares if someone sees our WIP dark mode?". On the other hand, it really seems like OpenAI wouldn't have wanted this out yet and just half-assed hiding it.
link
nomel 1178 days ago
> It's an indication of their ability to keep things secret they mean to keep secret.

This is a fairly large assumption, that the secret was important to them. Sometimes a curtain in front of the stage is all that’s needed, until things are ready.

link
throwanem 1178 days ago
> This is a fairly large assumption, that the secret was important to them.

One would reasonably consider that the secret should be important to them, given their express concern over safety considerations in particular.

link
BoorishBears 1178 days ago
It feels like you're trying to be just vague enough that you won't be called out on being wrong.

The plugin system is completely open. It's a manifest file like a robot.txt. You can hook up the API to those endpoints yourself with minimal technical skill.

Many people had already integrated Wolfram and that was before there was an open format specifically designed to be easily integrated into ChatGPT.

At the end of the day for how overused the term "FUD" is on this site, this is the first time I've actually seen it in action.

link
dragonwriter 1178 days ago
> It's an indication of their ability to keep things secret they mean to keep secret.

Leaving aside OpenAI’s intention, its an indication of OpenAI’s failure to restrict access via their system to something to which they have represented to plugin suppliers that their system will restricted access to only a small, supplier-identified group of testers.

link
lp0_on_fire 1178 days ago
Changing the color of a site in your own browser is not comparable to accessing server-side resources that have yet to be released.
link