zlacker

[parent] [thread] 7 comments
1. saluti+(OP)[view] [source] 2024-11-27 21:50:19
Yes, ultimately, I want everything to be open. This is not a bag of rice. These are devices packed with sensors, in our homes. As for inspection, I do not have a problem trusting others. I just do not trust big corporations with remotely controlled binary blobs, no matter how much money they put into the safety and security ads. This is a personal opinion, of course.
replies(2): >>perchi+B2 >>kergon+SM
2. perchi+B2[view] [source] 2024-11-27 22:11:10
>>saluti+(OP)
> As for inspection, I do not have a problem trusting others. I just do not trust big corporations with remotely controlled binary blobs

I'll just highlight this excerpt of your own words for you, and usher you to evaluate whether your position is even internally consistent.

replies(2): >>j16sdi+kM >>saluti+uP
◧◩
3. j16sdi+kM[view] [source] [discussion] 2024-11-28 07:10:51
>>perchi+B2
(not OP) Don't think that is inconsistent.

Trusting someone doing the right thing when you purchase is different from trusting them not tampering things remotely in the future. Companies can change management, human can change their mind. The time factor is important

replies(1): >>perchi+mO
4. kergon+SM[view] [source] 2024-11-28 07:15:20
>>saluti+(OP)
> I just do not trust big corporations with remotely controlled binary blobs

Only outstanding individuals such as Jia Tan.

◧◩◪
5. perchi+mO[view] [source] [discussion] 2024-11-28 07:29:55
>>j16sdi+kM
Hardware can be and is implemented such that it changes behavior over time too, or have undisclosed remote capabilities. There are also fun features where various fuses blow internally if you do specific things the vendor doesn't fancy.

There sure is a difference in threat model, but I don't think the person I was replying to appreciates that, which is kind of what triggered my reply.

◧◩
6. saluti+uP[view] [source] [discussion] 2024-11-28 07:42:49
>>perchi+B2
Why do you think my stance is internally inconsistent?

For example, I completely trust Emacs maintainers, as I have yet to see any malice or dark patterns coming from them. The same applies to other free and open source software I use on a daily basis. These projects respect my privacy, have nothing to hide, and I have no problem trusting them.

On the other hand, I see more and more dark patterns coming from Apple, say when signed out of their cloud services. They pour millions into their privacy ads, but I do not trust them to act ethically, especially when money is on the table.

Does this not make sense?

replies(1): >>perchi+KQ
◧◩◪
7. perchi+KQ[view] [source] [discussion] 2024-11-28 07:57:17
>>saluti+uP
Thinking about it, I might have misunderstood what you wrote a bit. What I read was that you trust people, but then you also don't. That's not really a fair reading of what you wrote.

That being said, I have seen "patterns" with open source software as well, so I'm hesitant to agree on trusting it. But that's a different problem.

I also know how little hardware, microcode and firmware can be trusted, so that doesn't help either.

replies(1): >>saluti+pi5
◧◩◪◨
8. saluti+pi5[view] [source] [discussion] 2024-11-30 09:08:52
>>perchi+KQ
Thank you for the clarification. I certainly could have worded my comment better. I agree with you on that we should never trust open-source software blindly. That said, we can at least audit it, along with every new patch, which is impossible with binary blobs. That is why, I personally think, open-source should be preferred, for free and non-free software alike.
[go to top]