| ▲ | userbinator 10 hours ago |
| In 1999, Intel received an absolutely massive amount of opposition when they decided to include a software-readable serial number in their CPUs, so much that they reversed the decision. Then the "security" and Trusted Computing authoritarians continued pushing for TPMs and related tech, and contributed to the rise of mobile walled gardens. Windows 11's TPM requirements were another step towards their goal. The amount of propaganda about how that was supposed to be a good thing, both here and elsewhere, was shocking. It turns out a significant (but hopefully decreasing) number of the population is easily coerced into anything when "security" is given as a justification. The war on general-purpose computing continues, and we need to keep fighting. Stallman was right, as always. Time to give his "Right to Read" another read. (If it hasn't been done already, an AI-generated short film of it would be a great idea...) "Those who give up freedom for security deserve neither." |
|
| ▲ | jorvi 5 hours ago | parent | next [-] |
| Weird rant. TPMs are great. The modern computing landscape needs a safe place to put secrets. It's what made the iPhone (Secure Enclave is effectively a TPM) years ahead of Android in terms of security. The problem isn't the TPM, but attestation. As soon as the TPM is required to not be under your control to get access to Y, bad things happen. Hell, in actuality, the problem isn't even attestation, its policy. The EU Parliament (the one the people vote for, the Commission are cronies) might eventually force corporations into something more citizen-friendly. Neither Apple, Google or Microsoft is going to drop a market that big. |
| |
| ▲ | nananana9 4 hours ago | parent | next [-] | | Requiring "tokens" stored in "trusted modules" and 7-factor-auth for everything is not progress, it's theater. The biggest achievement of the security orthodoxy was locking me out of my email, by requiring me to read a code sent to my email to log into my email. I -- literally -- do not care about a single "account" in any "service" I use aside from my email and bank account. Most people would add a few social media accounts to that list. You don't need a "place to put secrets". Your iPhone app does not do anything important enough to require a "trusted chain" of cryptographic bullshit, just use a password and Google/Apple login. | | |
| ▲ | EtienneK 6 minutes ago | parent | next [-] | | Passkeys are better passwords. They need a TPM. | |
| ▲ | JambalayaJimbo 2 hours ago | parent | prev [-] | | What about Apple Wallet? The reality is that there is software dependent on the user being unable to modify it. This safeguards the server against fraudulent users. |
| |
| ▲ | pretzel5297 4 hours ago | parent | prev | next [-] | | Agreed. Trying to limit progress because it may be misused is attacking the wrong part of the problem and will not work. | |
| ▲ | jojobas 4 hours ago | parent | prev [-] | | TPMs add security against a narrow case of evil maid attacks. They might be useful for corporate computing (for cargo cult compliance purposes more than actual security) but they trojan horse more of "not owning the device you bought" with it to people that don't and shouldn't care about evil maid attacks at all. | | |
| ▲ | fsflover 27 minutes ago | parent [-] | | TPMs can also be based on free software and our own keys. It works well with Heads and Librem Key. |
|
|
|
| ▲ | krupan 10 hours ago | parent | prev | next [-] |
| Totally with you until you brought in AI, a completely centralized and proprietary tool. |
| |
| ▲ | userbinator 10 hours ago | parent | next [-] | | Local models exist, but there's also irony in using the tools to spread the message of the opposition. | | |
| ▲ | krupan 10 hours ago | parent [-] | | The local models are still centralized and proprietary. They are basically closed source software. | | |
| ▲ | userbinator 9 hours ago | parent | next [-] | | Closed or open source doesn't matter; it's the ability to control them that's important. People have been cracking and patching for decades without source, but they have that control. Contrast this with remote attestation, where they might show you the source code for everything but you're still powerless to do anything. | | |
| ▲ | Rohansi 5 hours ago | parent [-] | | > Closed or open source doesn't matter; it's the ability to control them that's important. People have been cracking and patching for decades without source, but they have that control. You have no idea what has been baked into the weights in the training process. In theory you could find biases and attempt to "patch" them out, but its a vastly different process vs. patching machine code. Consider what would happen if Google's open weight models were best at writing code targeting Google's services vs. their competitors? Is this something that could be patched? What if there were more subtle differences that you only notice much later after some statistical analysis? | | |
| ▲ | narrator 5 hours ago | parent [-] | | People are already patching these models using abliteration to prevent them from refusing any request, so it is possible for end users to change them in meaningful ways. You can download abliterated models right now from Hugging Face that will respond to all kinds of requests that frontier models refuse. | | |
| ▲ | hparadiz 4 hours ago | parent [-] | | Yup there's a ton of people on HN sleeping on this new tech because they refuse to look at anything AI. We now have jail broken models but the average person on here doesn't even know how to download and try a model. | | |
| ▲ | CableNinja 4 hours ago | parent [-] | | It doesnt help that guides ive seen have been pretty handwavy or are not specific enough to the individual situation (i have z hardware, heres how its done). It also doesnt help when every post on HN i see is like 'oh waow i did x on a mac mini with 128gb ram'. That spec is beyond many, running on generally available resources (such as hardware one might have laying around their house) do not seem fit for the purpose, so its back to building a new machine (gl when ram is worth 2x its weight in gold), or buying a $1000+ mac mini, or other device. Any low end system cant turn out tokens fast enough, or doesnt have the resources for context or processing. Local ai is not ready, and if you think it is, prove me wrong with a detailed guide running commodity hardware with complete setup steps that can use a decently sized model. I spent 2 weeks trying to get anything running - 8gb RX550XT, 12gb ram, 8core cpu. I even tried turboquant to lower memory utilization and still couldnt even get a 3B or 4B model loaded, and anything lower wont suit my needs (3/4B are even pushing it). | | |
| ▲ | hparadiz 2 hours ago | parent | next [-] | | "Local AI is not ready" > proceeds to run a 7 year old budget GPU You're like the kid showing up to a test without a pencil. It's ridiculous for you to suggest that an advanced AI model needs to run on your budget 7 year old graphics card that is already out of date for even today's gaming. My parents spent $2500 on a computer in 1995 and that was a 166Mhz Pentium 1. If they spent that money today it would be $5261. Think of what you can get for amount of money. Then you're over here trying to say a budget graphics card needs to somehow compete with the bleeding edge of computer innovation. You do, in fact, need to spend money on appropriate gear if you expect to participate. | | | |
| ▲ | narrator 3 hours ago | parent | prev [-] | | When Stallman was getting started writing emacs in the early 80s, Unix machines were vastly out of reach price wise for the common home user, but he did his open source work anyway, and eventually the 386 came along. |
|
|
|
|
| |
| ▲ | nullc 9 hours ago | parent | prev [-] | | RMS found it acceptable to use SunOS initially to create GNU. Open weight models can be a big boost to building Open AI (cough). Progress comes from incremental improvements, -- and open weight models are a big advance in privacy, security, and autonomy over relying on hosted closed systems. Source vs not is only one (important!) dimension, moreover in FSF land they define source as being the preferred form for modification, at at least for some kinds of modifications the weights are the preferred form. | | |
| ▲ | pabs3 7 hours ago | parent | next [-] | | > the weights are the preferred form This can never be the case. Both the licensing and source aspects of the Free Software movement are aspiring to create high level of equality of access to a [software] work between both the original author and far downstream recipients. Obviously full and universal equality is impossible because part of the work is only in the author's mind and not everyone can obtain and use computers, but approaching that as closely as possible is important and it is important to think about how to achieve a high level of equality for each work in each context. What is "source" in any given context is a choice the author makes about what level of access they want to pass on to others. In the case of AI, weights can never be the preferred form for modification because of the equality of access issue. The people who trained the AI (and hide its training data/code but published the weights) will always have more access than the people who only have the weights. Just like a binary can almost never be the preferred form, because the authors have access to the source but we don't. There are also many ways to bias the model and insert backdoors or other suboptimal behaviours into it during training data selection etc. | |
| ▲ | manytimesaway 8 hours ago | parent | prev [-] | | >RMS found it acceptable to use SunOS initially to create GNU. Any source on that? | | |
| ▲ | nullc 7 hours ago | parent [-] | | I know it from personal experience using GNU tools on Sun early on (really Solaris in my case, I wasn't quite that early a user), and I think from a talk or essay by RMS but for a moment I worried it might have been personal correspondence. Finding a citation seemed like a fun challenge: https://www.gnu.org/gnu/thegnuproject.html > [...] the easiest way to develop components of GNU was to do it on a Unix system, and replace the components of that system one by one. But they raised an ethical issue: whether it was right for us to have a copy of Unix at all. > Unix was (and is) proprietary software, and the GNU Project's philosophy said that we should not use proprietary software. But, applying the same reasoning that leads to the conclusion that violence in self defense is justified, I concluded that it was legitimate to use a proprietary package when that was crucial for developing a free replacement that would help others stop using the proprietary package. > But, even if this was a justifiable evil, it was still an evil. Today we no longer have any copies of Unix, because we have replaced them with free operating systems. If we could not replace a machine's operating system with a free one, we replaced the machine instead. Still leave open the the question of RMS personally using SunOS (as opposed to some other proprietary unix) but I think at this point I'd just go dig up very old GNU sources for evidence of that, but I suspect your question was primarily about RMS' ethical reasoning which is well answered above. |
|
|
|
| |
| ▲ | SchemaLoad 8 hours ago | parent | prev [-] | | Especially considering AI bots are the whole reason google is pushing this new recaptcha. | | |
| ▲ | userbinator 6 hours ago | parent [-] | | "AI bots" are as stupid an argument as "think of the children". It's just a convenient distraction to restrict freedom and push their narrative. |
|
|
|
| ▲ | mmooss 8 hours ago | parent | prev [-] |
| > In 1999, Intel received an absolutely massive amount of opposition when they decided to include a software-readable serial number in their CPUs, so much that they reversed the decision. > It turns out a significant (but hopefully decreasing) number of the population is easily coerced into anything when "security" is given as a justification. The people who opposed Intel are now telling each other how hopeless and powerless they are. You can see it on HN, in this thread: No drive, outrage, and self-organizing response to these issues, but despair - 'nobody cares', 'there's nothing we can do', etc. Quitting is a sure way to lose. |
| |
| ▲ | userbinator 5 hours ago | parent [-] | | The people who opposed Intel are now telling each other how hopeless and powerless they are. I don't think those are the same people. I, for one, will continue this fight by telling everyone I know about the fact that Google is going for absolute control of the Internet, and by extension, everyone's lives. They have already become an unelected global government. | | |
| ▲ | mmooss 4 hours ago | parent [-] | | I'm not talking about individuals - where is the overwhelming pushback that Intel faced? | | |
| ▲ | userbinator 3 hours ago | parent [-] | | There can't be pushback without awareness. At this point it's still something that most people don't know about yet, so do your part and spread the word. Get well-known YouTubers (Loius Rossmann is the first one to come to mind) to do so too. |
|
|
|
