kitonthenet

Ok, so I can come change your locks then

To exfiltrate the login password from a keylogger on a macbook, for example, you need to have some software running on the cpu as well as the keyboard itself. This makes it very difficult to do in reality, as you have to infect both devices and if you do not have physical access, your exploit needs to be done across the keyboard interface, which makes it very hard to do in practice. Swapping any random keyboard in that could potentially be malicious introduces two issues, as now the keyboard itself may have a keylogger, as well as opening the possibility of exploiting some vulnerability in the cpu from the keyboard itself. You therefore open two attack surfaces that were previously closed, which is highly significant.

people have different levels of risk acceptance and that’s ok

Except it is the editorial agenda of ifixit to promote legislation that requires this lesser level of security, which makes it not ok. Outlawing verification in software requires all devices to have the same vulnerability at the interface, it would even affect users who want to buy OEM.

I’m not saying it has to be absurd, but no one is acknowledging that the security risks are real, and requiring a lesser standard of security is a cost of legislating this stuff, which it is the editorial stance of ifixit to support

It absolutely could, if the processor trusts that the data coming from the faceid sensor is accurate, the faceid sensor can simply lie. You’re removing a layer of defense, which necessarily impacts security

So then you’ll let me change the locks on your front door to one I choose?

No, give me the argument that you can secure these interfaces, some of which provide biometric security, without verifying vendor origin in software

often are genuine, but Apple makes features not work unless paired

Because unless you pair the screen, the device has no way to know it’s genuine. If it’s not, it could implement any number of attacks, including keyloggers, screen stealers, etc

don’t believe

Why shouldn’t I? No one has given an argument that you can actually secure these peripherals without software locks, I bought my iPhone and MacBook because they offer security, even when I run Linux on it my MacBook has far superior boot security (the only thing apple has engineering control over in that use case) than any intel machines I’ve used

Also lol that article, you know the difference between one incident and a pervasive effort to mine your privacy for profit

Mfs out here want to install their bootleg faceid in my phone at their sketchy self repair place so they can sell my data and break its security. Let’s not pretend ifixit isn’t the exact same rent seeking that apple is, they just want to be the middle man

This is revisionist, that sequence of events was what caused him to start to play footsie with the idea of buying Twitter, the SEC saying that’s a big no-no is what made him actually make the offer to buy it and then he was forced by a court to finish the deal after a long legal battle to not buy it

It could mean anything, the same code used in production in new ways, slightly modified code, newly discovered cobol where the original language was a mystery, new requirements for old systems, seriously it could be too many things for that to be a useful metric with no context

Without a requirements doc stamped in metal you won’t get 1:1 feature replication

This was kind of a joke but it’s actually very real tbh, the problems that companies have with human devs trying to bring ancient systems into the modern world will all be replicated here. The PM won’t stop trying to add features just because the team doing it is using an LLM, and the team doing it won’t be the team that built it, so they won’t get all the nuances and intricacies right. So you get a strictly worse product, but it’s cheaper (maybe) so it has to balance out against the cost of the loss in quality

He still says he founded PayPal!

Soldered in SSDs

Git gud at smd soldering dingdongs

I am too and it can write boilerplate. It can’t do anything at a systems level, and I can’t even trust it to write something that can handle edge cases. I still have to do all the real work, it just writes the boilerplate, which is something I almost never do anyway. The legal side of it is almost exclusively IP rights, and I can’t risk putting GPL3 code in my project, and I certainly can’t risk putting IP in that it will regurgitate somewhere else

I would seriously kill for an e-newspaper ngl

Does it have a frame rate of like 5? I can’t see any info in the article abt it

If it’s supposed to be the labor extinguisher of the future, yes I expect something in the order of months

Start revolutionizing, we’ve been waiting for months now…

I bet the prison cells and the fines feel all the same, AI or no