Then they should speak to legal about fixing the ToS before making public statements about their intentions with it. It won't look good to show up at arbitration and have to explain why your public comms contradict your ToS.
What? Yes they do take shortcuts and hacks. They change the tests case to make it pass. As the context gets longer it is less reliable at following earlier instructions. I literally had Claude hallucinate nonexistent APIs and then admitted “You caught me! I didn’t actually know, let me do a web search” and then after the web search it still mixes deprecated patterns and APIs against instructions.
I’m much more worried about the reliability of software produced by LLMs.
The package management story on Linux is hideously bad. The next generation replacements are all over the place (do I use snaps? Flatpak?). No one is going to learn Nix if it means you need to become a programmer just to install something.
The graphics story on Linux also sucks. I recently tried to convert my Windows gaming machine to Linux (because I hate W11 with a burning passion). It does work, but it’s incredibly painful. Wayland, fractional scaling, 120+ Hz, HDR. It’s getting better thanks to all the work Valve etc are putting in, but it’s still a janky messy patchwork.
MacOS just works. It works reliably. Installing things is easy. Playing games is easy. I’m able to customize and configure enough for my needs. I love it and I hope it sticks around because there is no way in hell I would move my work machines over to Linux full time.
What's wrong with those? I don't have a single screen which does 120 Hz + HDR, but I'm typing this on a 120 Hz laptop, with variable refresh rate, at 125% scaling, and everything works great with Plasma (haven't tried anything else). I also have an external HDR screen, but it only does 60 Hz. It works great, too, doing HDR on it but not on the laptop screen (running at the same time, of course). They also run at different scaling (125% and 100%).
Now I don't know how to confirm that VRR is actually doing anything, but I can tell there's a difference between setting the monitor to 60 and to 120 Hz. HDR on the other screen also produces a clear difference.
This is all running from integrated intel graphics, maybe with other GPUs it's more of a crapshoot, no idea.
I’m not convinced LLMs can ever be secured, prompt injection isn’t going away since it’s a fundamental part of how an LLM works. Tokens in, tokens out.
I’m not exactly sure about ZKPs but for age verification the “proof” can come from the government but in such a way that the web service doesn’t know anything more than whether an assertion is true, and the government doesn’t know anything more than you wanted to verify some assertion.
This is a simplified method for age verification:
I want to buy alcohol from my phone and need to prove I’m over 18. SickBooze.com asks me for proof by generating a request to assert “age >= 18”.
My phone signs this request with my own private key, and forwards it to the government server.
The government verifies my signature against a public key I previously submitted to them, checks my age data in their own register of residents, and finally signs the request with one of their private keys.
My phone receives the signed response and forwards it back to SickBooze.com, which can verify the government’s signature offline against a cached list of public keys. Now they can sell me alcohol.
- the “request” itself is anonymous and doesn’t contain any identifying information unless that is what you intended to verify
- the government doesn’t know what service I used, nor why I used it, they only know that I needed to verify an assertion about my age
- the web service I used doesn’t know my identity, they don’t even know my exact age, they just know that an assertion about being >= 18 is true.
> the government [...] only know[s] that I needed to verify an assertion about my age
This is problematic if a majority of things needing age verification are looked down upon; for example, insurance companies would love to know what people don't do things needing age and therefore don't buy alcohol (at least not online).
The first question is how would the insurance find out that you are doing lots of things requiring age verification? The only body that could tell them is the government, while a distrust in the government can be healthy, I think this is the least thing to worry about, the government typically knows already much more damaging things than how often you ask for age verification.
Moreover, that would only work if there are relatively few things that require age verification and it needs more than just being looked down upon, i.e. while alcohol buying might be interesting information for insurances, watching porn is likely less interesting. Even worse, if the insurance can't distinguish between porn and alcohol (which they can't by design even if the government would give them the information about how often you ask for age verification).
Hilarious and frightening. I don’t want LLMs anywhere near anything remotely important. We’ve already had to remove a few dependencies from our projects because of CVEs caused by careless LLM usage upstream.
GrapheneOS doesnt really proactively attack GNU/Linux. What happens is that there are posts on the internet about GrapheneOS or mentioning GrapheneOS in which or under which completely wrong comparisons between GrapheneOS and GNU/Linux get posted. It makes sense that you care to clarify or correct if you spot people are talking about your project and are (intentionally or unintentionally) spreading wrong information about it by making comparisons based on misconceptions or falsehoods.
The thing you link about restricting network traffic doesnt make much sense. GrapheneOS has a proper network permission which other OSes dont have. The outbound traffic restrictions to certain destinations which are being referred to are just a bad approach. You can send the traffic to one server and just process it there and send out to other servers.
You also say :
> Also, if I explicitly don't trust Google with anything, GOS is extraordinarily insecure for me until a new vendor
If thats the case, dont opt for GNU/Linux either given the large code contributions made by Google. Also avoid any software built with LLVM, written in Go, written in Flutter, using Angular, ...
The two "problems" you link arent really huge security issues. How is GrapheneOS having access to the embargoed patches and being able to ship them a security issue? Also the planned sideloading restrictions dont even apply to GrapheneOS. It would only apply to certified OS that license Google Mobile Services. Also, that isnt even a security issue. Its a freedom issue.
> How is GrapheneOS having access to the embargoed patches and being able to ship them a security issue?
This is not the actual issue. The actual issue is that existing patches for a known vulnerability become unavailable, because Google decided so, making GOS potentially insecure. Patches without the source code shouldn't be trusted.
> It would only apply to certified OS that license Google Mobile Services.
Until Google alters the deal.
> Also, that isnt even a security issue. Its a freedom issue.
There is no security without freedom. If you're protected by a steel door, but you don't have the key, you aren't safe: You're imprisoned. You can't protect yourself from Google without having freedom to run what you want on "your" device.
Im not trolling. You say you dont trust Google at all. Thats your position. Then my argument is to not trust their code, regardless of which project its submitted to. How is that unreasonable. Your argument is the unreasonable one. You somehow think contributions by other companies to Linux would balance out or erase your trust issues with the Google code? Why would that make any difference.
> This is not the actual issue. The actual issue is that existing patches for a known vulnerability become unavailable, because Google decided so, making GOS potentially insecure. Patches without the source code shouldn't be trusted.
The issue gets patched. Whether the code is published doesnt change the code... People can also sti reverse engineer the code. Its not a black box. Its often just Java code. You can easily decompile Java, bytecode maps easily to the source code. Its an effort you have to do, yes, but so is reading and properly auditing the source code as well. You seem to think publishing the code somehow magically makes it more secure. While that isnt true. People would still need to properly audit it. It barely happens in practice. And it can also perfectly be done with compiled code.
> Until Google alters the deal
If Google were to put the restriction in AOSP, GOS can simply remove it from the code... And if its not in AOSP than it doesnt impact GOS.
> There is no security without freedom. If you're protected by a steel door, but you don't have the key, you aren't safe: You're imprisoned. You can't protect yourself from Google without having freedom to run what you want on "your" device.
This metaphor doenst make any sense in relation to the planned sideloading restrictions. I suggest reading the blogposts from Google about what the process will look like.
> You made a general statement about attacks from GOS on GNU/Linux.
No, I provided two specific examples, one quoted and another linked to. None of them happend in the context of wrong comparisons being made.
> You say you dont trust Google at all. Thats your position. Then my argument is to not trust their code, regardless of which project its submitted to. How is that unreasonable.
Your argument is completely unreasonable. Google has full control over Android and therefore GrapheneOS. It has very little control over Linux. All their contributions to Linux are carefully verified by many independent
parties and suspicious things not accepted by community are rejected. The latter doesn't happen in Android, see my examples above.
> The issue gets patched. Whether the code is published doesnt change the code...
Only if you 100% trust Google. I see you do and promote them. I wonder why you would defend a trillion-dollar, monoppolistic megacorp hostile to its users.
> People can also sti reverse engineer the code.
This takes huge effort and time. One can't rely on it to be secure.
> If Google were to put the restriction in AOSP, GOS can simply remove it from the code...
The effort to keep a hard Android fork up-to-date will grow exponentially. I don't expect that GOS team will manage to do it for long.
> This metaphor doenst make any sense in relation to the planned sideloading restrictions.
This is exactly what is happening with Android right now. Users are constantly loosing their control over the device in the name of the false sense of security.
> I suggest reading the blogposts from Google about what the process will look like.
This is not even funny. Are you working at Google? I suggest you to read blog posts by a non-profit instead: https://eff.org.
> No, I provided two specific examples, one quoted and another linked to. None of them happend in the context of wrong comparisons being made.
You made a general statement here ("being known for"). You put a link there indeed with a quoted example and another link.
> Indeed the GrapheneOS community is known for attacking the GNU/Linux mobile with false claims, https://news.ycombinator.com/item?id=45562484.
You have to look at the parent replies of what you link. Read the thead properly, please. Like I said , "What happens is that there are posts on the internet about GrapheneOS or mentioning GrapheneOS in which or under which completely wrong comparisons between GrapheneOS and GNU/Linux get posted". Replies that were literally mentioning GrapheneOS got a reaction. Thats not an unfounded attack. The statements that those other options are less secure are clearly backed up with technical information.
> All their contributions to Linux are carefully verified by many independent parties and suspicious things not accepted by community are rejected. The latter doesn't happen in Android, see my examples above.
That's really not how it works in practice. There is a ridiculius amoumt of code and code changes. Systematic proper exhaustive auditing doesnt happen. Also, you distrust Google and think they are malicious. Google can do their best to hide bad stuff in their code so quick reviews wont notice it. Do you think malware developers write functions called doTheBadStuff()?
> I see you do and promote them. I wonder why you would defend a trillion-dollar, monoppolistic megacorp hostile to its users.
I am not promoting Google. I am just countering your posts critizing Google using bad arguments. Google is a multi-faceted compamy some of the things they do are good for end users, some aren't, most things will be liked by some and disliked by others.
> This takes huge effort and time. One can't rely on it to be secure.
Reading and properly understanding source code also takes huge effort and time. And like I said, if you dont trust the devs, you cant trust function names, variables names and code comments to give a faithful portrayal of functionality anyway. So do you really lose that much if you decompile Java bytecode and mainly just miss naming and comments? It can even be argued it will remove preconceptions and let you read the code with a more open mind. Its a hurdle and annoying for sure, though. I would prefer Google to lower the embargo as well. But, public source availability just isnt the magic silver bullet you think it is.
> The effort to keep a hard Android fork up-to-date will grow exponentially. I don't expect that GOS team will manage to do it for long.
You dont need a hard fork for that. If the sideload restriction were to be put in AOSP you can remove that in a soft fork.
> This is exactly what is happening with Android right now. Users are constantly loosing their control over the device in the name of the false sense of security.
I agree Googles plans arent a good approach. But it isnt a false sense of security either. Registering app IDs and associated public keys is a usefil thing. There are other, begger approaches though, tbat dont have the downsides of what they planned.
> This is not even funny. Are you working at Google? I suggest you to read blog posts by a non-profit instead: https://eff.org.
Based on what you were saying and your bad metaphor it is just clear you arent accurately informed or up to date about what the sideloading restrictions will be. The best place to read what the procedures will be is in Google's blog posts and documentation. I am not saying you have to go read that to make a value judgement on the merits. You just need to read that to understand what is actually being talked about. I dont like Google's plans either but I am aware of what they are.
Something being a non-profit doenst automatically mean all posts they write are of good quality. EFF does many good things but I dont see why their posts about things are somehow automatically good and authoritative because of their non-profit model. Best to judge individual posts on their merit.
Google has implemented lots of privacy and security features in AOSP over time. The app sandbox and permission model has evolved a lot, in a good direction. The codebase is also modernized with the increasing adoption of memory safe code. At least Google seemes to have a thought out development strategy to enhance security and privacy, contrary to the projects you mentioned elsewhere in this Hacker News thread.
Also, what you link doesnt prove what you think it does. Manifest V3 is a very good thing for privacy and security. It restricts and controls the access of extensions much more. With MV2 you have much less control over your data.
> It restricts and controls the access of extensions much more.
You mean, it restricts users even more and gives to websites the freedom to track you? I won't engage in further discussion with you, you're just trolling.
You link three things, that doesnt equate to "every independent organization". One of your links is a post by Brave and Brave isnt independent in this. The unsubstantiated fear of people for MV3 is beneficial for them, it could grow their userbase because they keep the support for MV2.
Content blocking (ad and "tracker" blocking) are convenience features, they dont foundationally improve security. Defining what a tracker is is difficult and you cant list them exhaustively. Also smart businesses and organisations can just shift to sending all data to the main domain and handling it server side to send it onwards to other domains, including third-party domains. If you dont trust a site to not send data to third party domains directly, why do you trust it to not send it indirectly?
No, I meam it restricts extensions because it does. Vouching for MV2 is like vouching for an Android OS without a proper permission model. MV3 helps against tracking, its good for privacy and security. If you want the convience of content blocking, uBlock Lite still works good enoough for many people. Though, you still lose on security and meaningful privacy (again, define a tracker and list them all, impossible) because extensions in general hurt site isolation and increase your fingerpint.
> You link three things, that doesnt equate to "every independent organization".
Seriouslu, is this the only counter-argument you could invent? I didn't have the goal to list all independent organizations in the world. Now, you have to find one saying the opposite to EFF.
> If you dont trust a site to not send data to third party domains directly, why do you trust it to not send it indirectly?
Against tracking by whom? By FLOSS add-ons intentionally installed by user and verified by the community? In contrast to random, untrusted websites running megabytes of proprietary JS?
Ad blocking is necessary to avoid malware and spyware which is spread by google adsense all the time. It's not just convenient, most trackers won't go out of their way to improve their tracking if a few users start blocking it. Get real and stop parroting
I do agree that each company's influence in case of the kernel is much lower, than Google's relevance in Android, but there are other big-ish players in the space as well, like Samsung.
reply