1. if your government decides google has to put spyware on your phone, you wont be able to remove it, unless your device is reprogramnable.
It's actually the other way around, the only way to garantue that your device is free of spyware is you reprogramming it. You shouldn't have to trust the potentially compromised manufacturer.
True, but it's turtles all the way down. There is lots of non-reprogramable firmware in what you call "hardware". The recent article here pointed out the 8087 (an old floating point co-processor) had so much firmware (for the time) Intel had to use a special type of transistor to make it fit. Modern CPU's have many such tiny CPU's doing little jobs here and there. I'm being you didn't even know they exist. They not only exist, they also have a firmware programmed into ROM's you can never change. The bottom line is you have to trust the manufacturer of the silicon, and that isn't much different to trusting someone else who loaded firmware into the device.
The fact that there is always something you must trust in a device, as opposed to being able to prove it's trustworthy to yourself by just looking at it is so well known it has a name: is called the root of trust.
The interesting thing is it can ensure the root of trust the only thing you need to trust. The ability to do that makes your statement factually wrong. In fact it's drop dead simple. The root of trust only need let you read all firmware you loaded back, so you can verify it is what you would have loaded yourself. TPM's and secure boot are built around doing just that. Secure boot is how the banks and whoever else know you are running a copy of Android produced by Google.
Hey pabs, think about it. You know this doesn't work.
It doesn't work for the same reason the electricity company doesn't let you reprogram your electricity meter. Unlike the raucous response here as far as I far as I can tell, no one complains about that arrangement, despite the fact the meter is on your property, on land you own, and you effectively pay for it. They put up with it because of want the electricity, they know the electricity can't trust all their customers with metering it, and when it's all said and done putting a small box on their property the electricity has absolute control over is hardly a big deal.
It's exactly the same deal with your computer, or should be. There is a little area on a device you own that you have no control over. Ideally visible and running open source software with reproducible builds, so you can verify it does what it says on the box, and yes neither you nor anyone else can change it, so it meets your condition.
But it's purpose doesn't. It's purpose is to load the equivalent of electricity meters, which are software other people can change and you can't. Thus this area on the your device carves out others areas it can give ironclad guarantees to a third party they solely control, you can not reprogram, and you can't even see the secrets they store there (like encryption keys). These areas don't meet your definition. The third party can reprogram them, but you can't, you can't even see into them.
These areas can do things like behave like a credit cards, be a phones eSim, house a FIDO2 key that some their party attests is only ever stored securely.
Currently we depend on the likes of Google and Apple to provide us with this. I'm not sure Apple can be said to provide it, as they insist on vetting everything you can run that doesn't live in a browser. Google does better because you can side load, if you are willing to jump through hoops must people can't. Wouldn't it be great if debian could do it too? But to pull that off, debian developers would have to be believe allowing users to hand over control of a space on their computer they can't see or alter, to a third party debian didn't trust somehow works open source. It's not a big jump from the current firmware policy.
I can see that some verification is necessary. However i still think stuff that I can't be reprogramm should be heavily regulated. I want it to be kept at minimum.
Samsung already installs very suspicious auto updating, can't be removed without root, apps and ads. This is the natural consequence of locking out the users capabilities. If you want to get rid of them completely, youd have to root it, breaking compatibility with banking apps. Thats the world you are rooting for.
It's the same Kevin Dahlgren. I don't know the complete story, but he allegedly wrote off transactions under fake names when doing work for the municipality of Gresham. I did remember reading somewhere that the goods he bought were given to the homeless but I don't remember where I read it.
Regardless I still really enjoy reading his blog.
> also this seems a really entitled take to say, "there is no homelessness" when there clearly is.
He's never said that and that's not the point of the article I linked either. Kevin has dedicated his life to recording the life of homeless people so he's clearly aware of it's presence. I think his work is quite important. There doesn't appear to be many people researchig homelessness who actually spend time on the street interviewing them. His posts and videos have given me a whole different view of homelessness, most of which in more vein of what the first commenter here was talking about. But it has also taught me that homelessness can be quite diverse.
If you're interested in the life of the homeless at all you should definitely read some of his blog. His collaborations with Tyler Oliveira on YouTube are also extremely interesting.
what advantage does gitlolite over gitea? If i wanted to replace GitHub my intuition would be to replace it with gitea. It seems to have similar interface, pull requests, workers etc to gh.
Gitolite is a bare bones git server. Gitea is a forge. They’re not remotely in the same class of software. Gitolite doesn’t even have a web view for the repos, you need a separate package like cgit for that; never mind project management features.
Project 2025 is a radical plan organized by The Heritage Foundation, an extremist political organization in the United States that has gained immense power through subversion of constitutional governance.
Trump repeatedly disavowed any knowledge or alignment with Project 2025 during his campaign.
Tracking Project 2025 does not serve to "hold governments to account," Project 2025 is a dramatic and dangerous attack on American Constitutional governance. Given the President's open deception and the sworn oath of all employees of the US Government to uphold and defend the Constitution, Project 2025 clearly represents an attack on American sovereignty, the betrayal of our allies, and a threat to global stability. Thus, tracking Project 2025 enables an understanding of the extent of implementation of this extremist agenda and facilitates more effective response to future destabilizing events (regardless of one's alignment).
Microsoft developed and trained Phi-4. How can there be bugs in their official implementation? Does this mean they trained und evaluated it on their own completly different code and then ported it to the huggingface library for compatibility?
The chat template adding an assistant prompt by default for example is also shown in the technical report - so they did this during training. The issue is inference workloads should not have this, otherwise inference workloads might inadvertently append extra assistant prompts or forget about it - so hence I removed it.
The rest I'm not sure - for eg the EOS token should be im_end and not endoftext - it could be a small mistake
> Integral to the Court’s decision was the conclusion that Section 1201’s ban on circumvention of access restrictions is a regulation of “conduct” rather than “speech.”
Ah yes I remember that now, I had forgotten about that!
Funny, especially now that I see Apple are now going the other way with a dedicated "Passwords" app on iOS 18 and macOS 15. And for Apple to do this - against their instinct for featureless simplicity and implicit integration - to give passwords their own "shop front" as a dedicated app I think really does acknowledge the first-class importance that passwords now have, even for a broad audience.
It's a shame as I think Mozilla could really compete well in this space. They are both cross-platform, have their their own browser and have a good reputation on privacy. It's a killer combo. Bitwarden is evidence you can make it work and you don't need massive big-tech budgets to make a difference.
reply