It doesn't even link to an ad, it links to a weird parody attempt of the ad on the same site as the article. Which makes little sense for people unfamiliar with the original ad it parodies.
> If the summary has the info, why risk going to a possibly ad-filled site?
I can usually tell if the information on a website was written by somebody who knows what they're talking about. (And ads are blocked)
The AI summary on the other hand looks exactly the same to me regardless if it's correct. So it's only useful if I can verify its correctness with minimal effort.
What's reasonable is: "Set reserved fields to 0 when writing and ignore them when reading." (I heard that was the original example). Or "Ignore unknown JSON keys" as a modern equivalent.
What's harmful is: Accept an ill defined superset of the valid syntax and interpret it in undocumented ways.
Good modern protocols will explicitly define extension points, so 'ingoring unknown JSON keys' is in-spec rather than assumed that an implementer will do.
Funny I never read the original example. And in my book, it is harmful, and even worse in JSON, since it's the best way to have a typo somewhere go unnoticed for a long time.
The original example is very common in ISAs at least. Both ARMv8 and RISC-V (likely others too but I don't have as much experience with them) have the idea of requiring software to treat reserved bits as if they were zero for both reading and writing. ARMv8 calls this RES0 and an hardware implementation is constrained to either being write ignore for the field (eg read is hardwired to zero) or returning the last successful write.
This is useful as it allows the ISA to remain compatible with code which is unaware of future extensions which define new functionality for these bits so long as the zero value means "keep the old behavior". For example, a system register may have an EnableNewFeature bit, and older software will end up just writing zero to that field (which preserves the old functionality). This avoids needing to define a new system register for every new feature.
I disagree. I find accepting extra random bytes in places to be just as harmful. I prefer APIs that push back and tell me what I did wrong when I mess up.
To have a significant impact SSRF needs to be combined with a second worse vulnerability: An endpoint that trusts unauthenticated requests just because they come from within the local network. Sadly several popular clouds have such a vulnerability out of the box (metadata endpoint).
The circle allows you to put an arbitrary "price" on those services. You could say that the bathroom and table are $100 each, so your combined work was $200. Or you could claim that each of you did $1M work. Without actual money flowing in/out of your circle, your claims aren't tethered to reality.
Their shares will be based on the client's valuation, which in public markets is externally priced. If not in public markets it is murkier, but will be grounded in some sort of reality so Nvidia gets the right amount of the company.
It's a soft version of money printing basically. These firms are clearly inflating each other's valuations by making huge promises of future business to each other. Naively, one would look at the headlines and draw the conclusion that much more money is going to flow into AI in the near future.
Of course, a rational investor looks at this and discounts the fact that most of those promises are predicated on insane growth that has no grounding in reality.
However, there are plenty of greedy or irrational investors, whose recklessness will affect everyone, not just them.
For Nvidia shares: converting cash into shares in a speculative business while guaranteeing increasing demand for your product is a pretty good idea, and probably doesn't have any downsides.
For the AI company being bought: I wouldn't trust these shares or valuations, because the money invested is going on GPUs and back to Nvidia.
reply