GitHub: " Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far."
I’m in a location where Apple Maps is significantly better than Google’s. So I’m unsure if you mean ”it’s Apple Maps meme bad” or if you just mean ”it’s rather meh, could be better, could be worse”.
And Google Maps literally did something very similar to me once, just a few years ago. Told me straight ahead when there was a sharp hairpin obscured by overhead bridge (literal mapping issue in unusual motorway adjacent road). Caused a crash with minor injuries I got back up and walked away from (on two wheels, would have been fatal if I didn't brake so well, or didn't get off the road fast enough, a large truck came round the corner). Takeaway is "never make driving decisions based on what the screen shows." There is no platform worth trusting more than your eyes on the road ahead.
And then getting bugs when they use a new version of the AI, just like people occasionally got bugs when they upgraded to new versions of the compiler...
they would get bugs on every invocation of the software, not on a new version of the AI. it's equivalent to your compiler have a RAND function in it where it chooses between a billion different options every time it compiles, it's absolutely not equivalent to a compiler having a bug.
Context is important, the Brazil's President said that about USA investigations with allegations that Pix is a "unfair business practices"[0] he is not at all saying that Pix is "100% powered by Brazil", in his political proselytism he does make clear that Brazil and USA are partners by centuries and should keep being.
Please, he literally went on national TV on Brazil’s Independence day to claim that
“We will defend PIX from any attempt at privatization. PIX belongs to Brazil, it's public, free, and will remain so.”
Lula has been historically hostile to the US for ideological reasons.
He’s done plenty to undermine that relation, stemming from attacking the dollar dominance, ignoring Iran sanctions, to indirectly financing the Ukraine war by becoming the largest buyer of cheap Russian oil — and that’s why we have those investigations going on
Most of these could could be put another way as protecting sovereignty (and that would be the most charitable interpretation IMHO). Examples:
- "being hostile for ideological reasons" becomes entirely warranted when you consider the many CIA regime-change operations in the past.
- "Undermining the relation" (with the US) is just being smart about how much dependency one has on external factors, like exchange rates and infrastructure.
- The "investigations" are political posturing. PIX is not "unfair business practice", its a modern, cheap, state-of-the-art payments system that is better than what private businesses like MasterCard and Visa are willing to offer. I can think of plenty of ways they could offer actual value to customers so they can still be relevant. The fact that they don't, and chose to try and lobby against it tells me that its a lot cheaper to just buy some politicians and manufacture some controversy instead.
> The "investigations" are political posturing. PIX is not "unfair business practice"
Agree
> its a modern, cheap, state-of-the-art payments system that is better than what private businesses like MasterCard and Visa are willing to offer. I can think of plenty of ways they could offer actual value to customers so they can still be relevant.
This is a common misconception. Pix is a form of bank transfer, not a full blown payment infra like MC/Visa. They are different products, Pix doesn't make credit cards irrelevant.
Per BCB statistics:
In 2020, before Pix implementation, credit cards accounted for 2% of the monthly BRL volume transacted (~ 200M BRL)
As of 2025Q4: credit cards still accounted .... for the same 2% (~ 800M BRL)
The main question is: historically, why haven't credit cards been more popular in Brazil, even before Pix?
You'll find your answer looking at structural issues (high interest, delinquency rates, bad credit offerings ...), not technical concerns
Another part also says:
"After Musk announced he was resigning from OpenAI in February 2018, Musk gave a departing speech at an all-hands meeting, Brockman testified. In front of about 40 OpenAI employees, Musk said that he was leaving because the only viable path that he saw forward was for OpenAI to merge with Tesla. However, the other leaders did not think so, Musk said, choosing a different path that Musk would never choose. According to Brockman, the speech was meant to lower morale at OpenAI, as workers understood that Musk was leaving to pursue artificial general intelligence (AGI) at Tesla because he no longer had confidence in OpenAI."
Still his goals was to merge with Tesla... Ain't this also steal a charity?
I don't really want to advocate for Musk, but is it not possible that his goal was to merge with Tesla as an alternative to OpenAI becoming a seperate for-profit. If the option of staying a non-profit was going off the table I'd also probably want to advocate for merging with an existing for-profit I own that had aligned interests.
I mean, the claim here is not that Musk is not an asshole. This is a court case where two assholes fight about who defrauded that other one more successfully. Whoever wins and whoever looses, we know both involved men have pretty non-existent morality.
And in the grand scheme of things, OpenAI being charity was always bullshit too.
> Whoever wins and whoever looses, we know both involved men don't have pretty non-existent morality.
I'm guessing that double negative is a mistake. Do you mean to strike the "don't" to make it "have pretty non-existent morality" or just "both involved men don't have morality"?
Ianal but openais defense seems to actually have spent some time in the hearings showing examples of Musk’s (perceived) hypocrisy (him not giving to charity because he views his companies as societally beneficial), which suggests to me that this stuff is legislatively relevant
Let me play out a scenario, imagine to use a Desktop Hardware like a complete built rig, you would need a specific OS like Windows 11 and you could not run Linux on it, just because it's a vendor lock-in.
Why is this acceptable for phones but would not for the case above?
I know a lot of people don't care, and that's ok, but we should root for an open choice for the users.
> Why is this acceptable for phones but would not for the case above?
PCs happened by accident.
Before the PC, people had TVs - devices not for creating, but for passively consuming content made by big corporations and the state. And we had games consoles - devices not for creating, but for playing games made by a medium-sized company, with strict approval by a huge company (who want a cut). Strictly censored to be age-appropriate, naturally. Pirate radio? Straight to jail.
Before that people had newspapers - media for passively consuming, intended for mass readership, written at the behest of rich newspaper barons with certain political opinions they're keen to push.
And after the PC, we have smartphones - devices not for creating, but for consuming content feeds, curated by big corporations, with rich owners with certain political opinions they're keen to push. A huge company eager to take a cut. A tiny screen, and a keyboard that puts curly braces three keypresses deep. Can't even debug a web page without connecting to a PC. And soon to be strictly censored to be age-appropriate.
Not with the same reach, but some people kinda could! Specifics depended on where you were in the world, but it existed and to some extent still does. In spite of a very rough decade and a half since 2010 culling many of them.
I think this was because of the “IBM PC Compatible” market. IBM was using off-the-shelf components for its PC system and other manufacturers reverse engineered and cloned the system and started selling IBM clones. Interestingly Microsoft who controlled the OS became the monopoly and gatekeeper of that market, not IBM (hardware). MS was making a ton of money by selling OS licenses and online software stores was not a thing since the Internet was nonexistent/limited. “Developers, developers, developers” were the king in that business model so they didn’t need to give a cut to MS or IBM to build on a PC system.
Saying that I think the situation in the smartphones today is less about the business model and more about control and surveillance.
That's really not true at all. Are you aware of the entire home computer industry of the 70s and 80s? Before PCs, you had a beige box you plugged into your TV and typed in games line by line out of a magazine. They DIY scene was enormous as a percentage of total users.
They also blur the line between "computer" and "console", since the NES is practically the same architecture as many contemporary "computers". Homebrew games existed, and weren't that far out of reach. Homebrew has existed on pretty much every console ever.
PCs weren't an accident in any way. They are a direct descendant of "home computers". That's why they were called "personal computers" in the first place.
It’s the same situation as game consoles. Custom built hardware that is only meant to run the one specific vendor OS. There have been many other computing devices like that in the past as well. The general purpose desktop computer that allows a choice of operating systems is actually less common than the other way. Historically, people didn’t expect to run alternate operating systems on a mainframe, 80s and 90s computers like a Commodore 64, Power PC Macs, Amigas and DOS/Windows machines until Linux came along.
That’s odd, because I remember being a user of MUSIC on the university System/360. I imagine it also sounds odd to all those people who ran AT&T Unix on their PDP/11 systems instead of a Digital OS like RTS/11. Or the people who ran Xenix on their PCs. Or the folks like me who installed OS/2 on what was sold as an MS-DOS machine. Then there were the folks who ran A+ on their Atari.
Oh yeah, odd. Anyway, I’m aware of alternate mainframe OSs but I’m not sure how common using one was. Other than OS2, alternate OSs for other systems were rather rare, though it is worth noting that they were not forbidden or blocked.
> I’m aware of alternate mainframe OSs but I’m not sure how common using one was.
Extremely common at major universities and research centres. CTSS, ITS, TENEX, Multics, Unix and even VM/370 were all alternate operating at some point.
> Other than OS2, alternate OSs for other systems were rather rare,
You weren't there, were you? A lot of people replaced MS-DOS with DR-DOS before Microsoft deliberately broke it with Windows. A little later, a number of people were running Unix System V on their PCs, to the extent that there was a regular column about Unix in Byte.
Didn’t Microsoft somehow ruin Dr DOS? Not technically, but didn’t they sue them or something? Which would mean this is the same issue, 40 years later. Yes, I was there on the 80s, but I had a Commodore 64. We did use GEOS, if that counts. I was not present for the 70s.
That was a huge fraction of computing at the time. Before 1992 or so, the only people I was aware of that was into computers were all associated with a University. Typewriters were still actually very common.
I went to a regional state university. We had an older IBM mainframe with a hypervisor and the students and faculty were all users on MUSIC/OS. This was in the early/mid 1990s.
They perform the specific functions that they were programmed to perform, and do not allow arbitrary execution of calculations on the underlying hardware.
Many people, mostly folks who adopt the Apple ecosystem, see this as a positive thing that allows them to delegate undifferentiated decisions on security and ways of working to the vendor.
I am one of those people and hope that Android remains open so that people don't expect Apple open up their hardware, which will result in fragmentation.
> They perform the specific functions that they were programmed to perform
That's the thing. You may have bought a device that was meant to perform a task but after some time the company decides that now it should do a different task. I think that's what stops making you the owner. You can't really choose what to do with it.
You _can_ run other OSes on Macbooks. They're not locked in at all, it's simply that the drivers aren't open source and the hardware is undocumented, but with enough effort (e.g. Asahi) you can run technically anything on it.
all appliances used to come with schematics and repair manuals, there was no prevention of modification or repair. We're talking cars, washing machines, dryers, radios etc.
Separate from computers and phones locking down devices is a much wider issue, usually it is only implemented to reduce liability of the manufacturer or to allow for planned obsolescence.
Because phones aren’t computers first and foremost. It can be hard to see it at this forum, but phones aren’t computers, they are intended to be general purpose devices to solve a set of problems for the vast majority of people on the planet. And a subset of those problems involve things like money and personal information. So the device needs to be secure, even (perhaps especially) from the end user themself because it needs to try to withstand compromise even when the user is drunk or sad or in a rush.
I am not arguing you need to like where this has led, but you have people in sibling comment threads here arguing we need to push back on things assuming you will use a phone when the whole revolution has been getting most of the world online by making phones widely available.
I think historically it has existed like this due to regulation regarding radio sending equipment and the integration between the platform (CPU) and modem in phones.
Due to this the equipment manufacturers where never incentivized to have a "open" ecosystem for the CPU+modem combo. That's why there is no OS war on a per device basis, most phones supports 1 OS officially.
The vendor lock-in scenario for desktop hardware already exists with the latest x86 generation of gaming consoles. Gaming consoles are locked down because the hardware is subsidized with the expectation of revenue from the digital marketplaces they provide.
The yet-to-be-released Steam Machine is not subsidized and is unlocked. Steam is a OS agnostic digital marketplace, so it doesn't matter what OS you install on the machine.
Microsoft doesn't see a threat in allowing other OSes on their Surface hardware because the majority of their revenue comes from M365.
It's just market forces really. In the end, phones provide enough utility for the majority of users while being locked down. There's nothing stopping you from buying a fully-open phone, but there's just very little utility in it for the majority of users.
Few interested hardware vendors, discontinued after 4 years. "mixed reviews at launch, while critics and analysts deemed it to be commercially unsuccessful"
Windows 10 S was another attempt that "Similarly [restricts] software installation to applications obtained via Windows Store." Cancelled after one year.
Exactly the fate I wish upon closed ecosystems. The only question is why iOS is different. I am inclined to say it's the brand status that overpriced luxury goods have that draws rich people initially, making it lucrative and perhaps even a tad prestigious to be there, but surely it's more than that?
I think it’s because the Microsoft Store barely has any apps that users use. The Microsoft Store didn't support the Win32 API, so developers had to rewrite their apps.
Wait, you lost me somewhere. The MS store didn't support the old way of doing things, people had to rewrite their software; yet iOS was... new as well? People had to start from scratch and so that worked?
iOS existed before the Microsoft Store. The apps developed were brand new. No backlash from a new SDK and platform.
Windows RT is closer to iPadOS though. For iPadOS, apps just worked since it’s based off of iOS.
The Microsoft Store only supported a new half-baked SDK that limited what applications were capable of. Developers already had Win32 apps and rewriting them with the new SDK seemed pointless just to support what seemed like a needless limitation.
I see what you did there... and agree completely. If you don't have root, it's not yours. All my Androids (none from this decade) are rooted and I plan to keep them that way.
But they didn't have technology yet to do it properly, so it was trivial for people to sever the tie and install alternative OSes - trivial enough that it was also easy to teach others how to do it.
Now, the tech to make that tie near-unbreakable exists.
You could if someone made one, presumably. OS is just a program, after all - and 20th century hardware couldn't stop you from completely rewriting the software on it.
The problem today is that modern computers are designed to prevent this, by means that can provide mathematical proofs you won't be able to defeat the protection in any useful sense before the Sun burns out. You have tamper-proof fuses embedded in microchips, and some systems have cryptographic hashes in every major component to prevent you from replacing something too hard to reprogram, etc.
We're yet to see a fully locked down computer (smartphones are close), but the tech for it is there.
The Librem 5 uses a bottom of the barrel, standard industrial CPU from 2017 with no updates. It is no more open than a Google Pixel or any other mobile device. it lacks proper updates, isolated radios, and any form of hardening.
The kill switches are also useless if your device is fully compromised and turned into a spying device, all of your data is already gone. The only thing the switches do as a last resort is block voice recording, which is an improper way of doing it since speakers are essentially just microphones in reverse.
This is false. Please stop writing false statements without any links. NXP promises to produce the i.MX 8M Quad until Jan. 2033. The support will be even longer.
> it lacks proper updates
This is FUD.
> isolated radios
They are isolated with USB. This might be slightly weaker than IOMMU, but for me the benefit of freedom is worth it. There is no shared memory.
> it lacks proper updates, isolated radios, and any form of hardening
FUD and false information. Please stop this.
> The kill switches are also useless if your device is fully compromised
This is false again. It doesn't matter how much my device might be compromised. The attacker will not get any access to the shut down sensors, radios or voice/video, if I use the three kill switches.
> since speakers are essentially just microphones in reverse
> This is false. Please stop writing false statements without any links. NXP promises to produce the i.MX 8M Quad until Jan. 2033. The support will be even longer.
I think they meant that the processor itself is old. It supports ARMv8 and is lacking the enhanced memory protection and execution features of the ARMv9-A processors on newer phones.
> This is false again. It doesn't matter how much my device might be compromised. The attacker will not get any access to the shut down sensors, radios or voice/video, if I use the three kill switches.
The problem is that your device can be compromised quite easily and without you knowing. The kill switches are moot at that point.
> Kill switches only work as a security feature when you activate them before you know you're compromised. But that's impossible.
Indeed, if you use the kill switches in a stupid way, you get no benefit from them. I use them whenever I want to be sure that I can't be tracked or listened to, either because of a potentially compromised device or closed modem that can connect to towers without my knowledge. In other words, they are a proactive feature. I can get 100% privacy whenever I want, independently on any software, which in principle might always get secretly compromised one way or another. Even the amazing, secure GrapheneOS!
How can you be sure your modem on GrapheneOS doesn't send your location to the mothership all the time, even in an "airplane mode"?
Good links, thank you. I agree that my protection is not perfect in general. Fortunately I do not open random websites on my phone; I have my laptop with Qubes OS for that.
> Adding an extension that can access all your browsing data doesn't seem very secure either.
> Fortunately I do not open random websites on my phone
That's the main use for almost everyone. You're suggesting people use a less secure device and are stating that it's more secure if they don't use it in the way it's mostly used?
That doesn't sound like freedom. That sounds like living in paranoia. You bring up FUD in so many comments, but you seem to be living it. Ironically though, you choose to use systems that enable FUD when there are systems that let you not worry.
There are people building secure software and hardware, so people don't have to live in fear when using their devices. That's the freedom that many people care about.
There's the freedom to shoot yourself in the foot. Most people don't care about that.
You missed that I do not recommend Librem 5 to "almost everyone". We are not on a normies forum but on HN.
Also, I do not recommend Librem 5, when somebody asks for a secure device. I mention it, when somebody asks about alternatives to the duopoly, a possibility to have a full, general-purpose computer in a pocket allowing you to tinker with it, or wants to run GNU/Linux baremetal. Such people aren't the audience of GrapheneOS anyway.
And I'm not against GrapheneOS. I never said it was less secure than Librem 5 for typical tasks. I only say, that if you want to have a third option, you can have it today. There will be compromises, which can be dealt with by technical users.
Being on HN does not mean that you are familiar with the intricacies of hardware and low-level software.
> I only say, that if you want to have a third option, you can have it today. There will be compromises, which can be dealt with by technical users.
I think it’s irresponsible to promote it as an alternative device without noting that it’s less secure and full of footguns. Also, disingenuous to promote it as FOSS when it only fits that definition under FSF technicalities. And lastly, to promote it as more open than phones with AOSP distros that utilize the same set of proprietary hardware, just with different communication mechanisms/boundaries.
This is not a forum with legal advises. I inform people about an option, which they asked for. GNU/Linux phones have a similar security approach to GNU/Linux on desktop. People explicitly seeking GNU/Linux should know this. They can also ask or search the Internet.
> I think it’s irresponsible to promote it as an alternative device without noting that it’s less secure and full of footguns
I disagree with you here. Informing about options is better than not informing. "Less secure" depends on a threat model. GNU/Linux on desktop is working well enough for millions of people. So it is a viable security approach for many. Saying that your threat model is the only one that should exist and be promoted is crazy.
> only fits that definition under FSF technicalities
This is one of the strictest definitions there is. By which definition does GrapheneOS run FLOSS?
> same set of proprietary hardware, just with different communication mechanisms/boundaries
More choice is always good, isn't it? If it is not for you, you are free to use and promote the duopoly. (Yes, I consider AOSP obeying Google's development strategy long term. It will not end well. See: this topic.)
Though with a username of fsflover, I think you'll be biased.
Also, another relevant thread (that you were even a part of!) discussing the pointlessness of what Purism did to fit the technicalities: https://news.ycombinator.com/item?id=29841267
It's actually worse than I thought. There's the initramfs /lib/firmware loading workaround for the FSF certification of the OS.
But even before that there is code run by the main CPU that loads instructions for the secondary core to load a blob from separate flash memory to pass to the memory controller to initialize it.
All that just to attempt to fit the technicalities of the FSF RYF hardware certification while still loading a blob like every other phone microprocessor.
---
It's interesting that I could make a device that burns efuses to make it obsolete and it could still be considered FSF Respects Your Freedom certified.
Quite frankly, the whole Librem ecosystem is significantly less "open" than GrapheneOS or any desktop Linux variant to anyone who look at things objectively instead of using weird FSF semantics.
Instead of loading firmware in sensible manner like GrapheneOS or desktop Linux distros with the linux-firmware package, they keep PureOS "free of blobs" by having the bootloader inject all of the blobs into memory in an extremely shady manner. Since when was having the bootloader tamper with system memory about freedom and openness?
Oh, and they even have the audacity to market this as the "firmware jail" as if it is any more contained than the linux-firmware package too. Truly impressive stuff.
> Quite frankly, the whole Librem ecosystem is significantly less "open" than GrapheneOS or any desktop Linux variant to anyone who look at things objectively instead of using weird FSF semantics.
You will have a point when your Google phone runs Replicant. Now this is just empty words, i.e., FUD. Which blobs are running on the Librem 5 CPU? Which blobs are running on GrapheneOS CPU?
Which blobs are running on the Librem 5 CPU? Which blobs are running on GrapheneOS CPU?
Both the Pixel and Librem 5 have firmware baked into the SoC that is executed.
On GrapheneOS, the firmware is signed and updated along with the OS.
On the Librem 5, the firmware for Wifi/Bluetooth is stored on a NOR chip, which is read from and mounted into the OS by the initramfs into /lib/firmware.
Not-withstanding the above, Librem 5 components such as the USB controller, touch screen controller, radios, battery, etc simply have closed-source firmware baked in (stored on some flash chip on these components), but it doesn't mean that they are not there or in use.
In both cases, components either do not get proper firmware updates from the OS, or they are too old/low quality to get any firmware updates from the vendors to begin with. Storing firmware on the component is also a less secure approach than having signed firmware loaded by the OS, as it now means that these components have persistent storage which can be attacked.
Aside from all of the above, they also use a dedicated CPU core to run firmware blobs for things like memory training.
In essence, what the Librem 5 has achieved is shuffling proprietary firmware storage around instead of eliminating their existence or execution. It is not any more "free" or "open" than anyone else while also being less secure.
Depends on the phone. Arguably though, GrapheneOS has the legacy of years of thousands of security researchers working to secure Android from third-party network and GNSS modules.
---
Just so you know, I'm not using Librem or GrapheneOS. I'm looking at this objectively and have no skin in the game.
In this case I do not understand why you are ignoring the words of a Librem 5 developer saying that no blobs are running on the main CPU: https://news.ycombinator.com/item?id=47943487
I'll take his word that no blobs are running on the main CPU. But the process itself is error prone. It's mounting flash storage with blobs into the filesystem of the OS. The OS can load modules directly from the storage.
> There is not a single non-free blob in the OS that runs there once the bootloader is up (unless you put some there by yourself, which you're of course free to do).
"unless you put some there by yourself, which you're of course free to do" also means unless someone else puts one there.
---
I think the "firmware jail" loader also uses Smart Direct Memory Access (SDMA)?
---
You can run blobs on the main CPU with strong isolation with TEE and other hardware security features.
And the firmware for Bluetooth/Wifi is loaded in by having the initramfs read it from the NOR flash, mount it in /lib/firmware, then it is business as usual like a desktop Linux distribution.
It's not something special. It's just a hackjob. They shuffle the files around and made it much harder to update.
Can I buy a Librem 5 here in Brazil? (Unless it has ANATEL certification, which I doubt it has, buying online from outside the country is not an option, since it will be rejected by customs.)
Yes? Modern portable computing enables counter-surveillance of police, better communication and knowledge access for dissidents, and interface with institutional computer systems for any number of ends. The George Floyd protests don't happen if the bystanders didn't have smartphones, or if protestors had to carry around an Alienware tower; the Snowden leaks don't happen at the magnitude they did without memory miniaturization. There are international examples, too, and commensurate crackdowns on computing freedom (particularly in Hong Kong).
You've got a supercomputer and a library and a set of video production equipment in your pocket, among other things. The capabilities of such a device are fundamentally different from something that's tethered to a desk or that's conspicuous when out-and-about. The idea of it being open and untrackable is exciting for some and terrifying for others.
Out of all the things that have computational power, PC is pretty much the only one that comes with a built-in way to replace its own system. Xbox, PlayStation, Telsa, Smart Fridges, etc. don't have this ability from the beginning.
So yeah, the society has largely accepted this. PC is the exception.
reply