Your comment is a complaint that the submission is inappropriate, why would you write it here?
“Please don't complain that a submission is inappropriate. If a story is spam or off-topic, flag it. Don't feed egregious comments by replying; flag them instead. If you flag, please don't also comment that you did.” --https://news.ycombinator.com/newsguidelines.html
Thanks for the info. I just flagged it. My main complaint is that it is an opinion piece. I actually agree with the content of the opinion piece. I'm also really tired of politics and HN has been a relatively healthy place for me, mentally. I'd like to keep it that way.
Maybe 20 years ago, but considering the combination of surveillance capabilities and llm workflows with the political climate, I don't think that will remain true.
Source? The article doesn't list a speed limit, but highways.dot.gov suggests to me that the speed limit would be 25mph in the school zone, in which case the waymo was going significantly under the speed limit.
Juxtaposing with the quoted passage from the post: “Because vitamin D is potentially toxic, intake of [1000 IU/day] has been avoided even though the weight of evidence shows that the currently accepted [limit] of [2000 IU/day] is too low by at least 5-fold.” --https://www.sciencedirect.com/science/article/pii/S000291652...
According to your own numbers, Clinton and Obama managed to to deport 15 million people, and somehow they managed to do it without executing any citizens in the street.
Like evil maid attacks, this is a vanishingly rare scenario brought out to try to justify technology that will overwhelmingly be used to restrict computing freedom.
In addition, the benefit is a bit ridiculous, like that of DRM itself. Even if it worked, literally your "trusted software" is going to be running in an office full of the most advanced crackers money can buy, and with all the incentive to exploit your schema but not publish the fact that they did. The attack surface of the entire thing is so large it boggles the mind that there are people who believe on the "secure computing cloud" scenario.
It very clearly is restrictive of software freedom. I've never suffered from an evil maid breaking into my house to access my computer, but I've _very_ frequently suffered from corporations trying to prevent me from doing what I wish with my own things. We need to push back on this notion that this sort of thing was _ever_ for the end-user's benefit, because it's not.
This happens much less frequently than the manufacturer of "my" computing device verifies that I haven't tampered with it. On net, it's a wholesale destruction of user freedom.
"it's a wholesale destruction of user freedom." This is ridiculously hyperbolic language for what are basically fancy digital signatures. There is nothing stopping you from using two different systems, one that passes attestation and one that doesn't.
The better question then is why the actual f** can an OTA firmware update touch anything in the steering or powertrain of the car, or why do I even need a computer that's connected to anything, and one which does more than just make sure I get the right amount of fuel and spark, or why on earth do people tolerate this sort of insanity.
If a malicious update can be pushed because of some failure in the signature verification checks (which already exist), what makes you think the threat actor won’t have access to signing keys?
This is not what attestation is even seeking to solve.
Firmware upgrades don't need to use the same protocols. Without secure boot any applet can take a security hole escalate and persist until you take a trip to a zone of interest.
With secure-boot+attestation, the vendors can choose not to let you download the latest map data, report you to the authorities, etc.
“Please don't complain that a submission is inappropriate. If a story is spam or off-topic, flag it. Don't feed egregious comments by replying; flag them instead. If you flag, please don't also comment that you did.” --https://news.ycombinator.com/newsguidelines.html
reply