I never got too far with prompt injection, but one thing I wonder is if you overload the llm, repeatedly over context, repeatedly over its context trimming tricks buffer … can it fail open?
It's also possible the update manifest contained an url that the updater blindly trusted, and by modifying that file you could change what got downloaded.
systemd solved/improved a bunch of things for linux, but now the plan seems to be to replace package management with image based whole dist a/b swaps. and to have signed unified kernel images.
this basically will remove or significantly encumber user control over their system, such that any modification will make you loose your "signed" status and ... boom! goodbye accessing the internet without an id
pottering recently works for Microsoft, they want to turn linux into an appliance just like windows, no longer a general purpose os. the transition is still far from over on windows, but look at android and how the google play services dependency/choke-hold is
im sure ill get many down votes, but despite some hyperbole this is the trajectory
> the plan seems to be to replace package management with image based whole dist a/b swaps
The plan is probably to have that as an alternative for the niche uses where that is appropriate.
This majority of this thread seems to have slid on that slippery slope, and jumped directly to the conclusion where the attestation mechanism will be mandatory on all linux machines in the world and you won't be able to run anything without. Which even if it would be a purpose for amutable as a company, it's unfeasible to do when there's such a breadth of distributions and non corpo affiliated developers out there that would need to cooperate for that to happen.
Nobody says that you will not have alternatives. What people are saying, is that if you're using those alternatives you won't be able to watch videos online, or access your bank account.
That's so far down the slippery slope and with so many other things that need to go wrong that I'm not worried and I'm willing to be the one to get "told you so" if it happens.
Immutable, signed systems do not intrinsically conflict with hackability. See this blog post of Lennart's[0] and systemd's ParticleOS meta-distro[1].
I do agree that these technologies can be abused. But system integrity is also a prerequisite for security; it's not like this is like Digital "Rights" Management, where it's unequivocally a bad thing that only advances evil interests. Like, Widevine should never have been made a thing in Firefox imo.
So I think what's most productive here is to build immutable, signable systems that can preserve user freedom, and then use social and political means to further guarantee those freedoms. For instance a requirement that owning a device means being able to provision your own keys. Bans on certain attestation schemes. Etc. (I empathize with anyone who would be cynical about those particular possibilities though.)
Linux is nowadays mostly sponsored by big corporations. They have different goals and different ways to do things. Probably the first 10 years Linux was driven by enthusiasts and therefore it was a lean system. Something like systemd is typical corporate output. Due it its complexity it would have died long before finding adoption. But with enterprise money this is possible. Try to develop for the combo Linux Bluetooth/Audio/dbus: the complexity drives you crazy because all this stuff was made for (and financed by) corporate needs of the automotive industry. Simplicity is never a goal in these big companies.
But then Linux wouldn't be where it is without the business side paying for the developers. There is no such thing as a free lunch...
> this basically will remove or significantly encumber user control over their system, such that any modification will make you loose your "signed" status and ... boom! goodbye accessing the internet without an id
Yeah. I'm pretty sure it requires a very specific psychological profile to decide to work on such a user-hostile project while post-fact rationalizing that it's "for good".
All I can say is I'm not surprised that Poettering is involved in such a user-hostile attack on free computing.
P.S: I don't care about the downvotes, you shouldn't either.
Does this guy do anything that is user-friendly and is as per open source ethos of freedom and user control? In all this shit-show of Microsoft shoving AI down the throat of its users, I was happy to be firmly in the Linux camp for many many years. And along come these kind of people to shit on that parade too.
P.S: Upvoted you. I don't care about downvotes either.
The proposals apply to “providers” of “hosting services“, of “interpersonal communications service”, and of “software application stores” (you can look up the definitions for yourself in the published texts). It’s hard to see how that would apply to purely P2P systems, except that distributing an app for it via app stores would likely require user age verification.
Flathub, the snap store, gnome software, etc. all technically meet the definitino of software application store.
Makes me wonder (and worry) if they can stretch the definition to apply to standard package repos as well. Are we going to be entering an era where you have to verify your identity & age to apt-get software?
I think that real danger is a very real possibility with legislation like this. Not in the way that you won't be able to buy "unlocked" devices, but that web services and government services just flat out won't be accessible to you if you aren't on a sanctioned device (with the sanctioned spyware).
Think things like requiring play integrity attestation to access banking, or an equivalent service baked into macOS, Windows, iOS. If you aren't on one of those proprietary and spied on OSes, you can't access most of the web.
So technically the hardware will remain relatively open, but they'll make it so you can't interact with the rest of society with it.
That would still be the relatively benign outcome. You can have one device for all the official stuff, and another device for your own software, “free“ OSs and the “free” internet. However, I could see a future where anything that accesses the internet is required to be an iPhone-like clamped down device.
the worst (and the only) way possible: hold authors or distributors of the said software responsible: Order apple and google to remove apps, Order ISPs to block domains that host PWAs, Issue arrest warrants for authors of software that does not or cannot comply.
I did not sell PIA. I entered into a merger agreement to create a publicly owned privacy company. Without getting into detail, I left the company on principle receiving only 1/3rd of the value for the shares.
Used to love? What changed? PIA hasn't always had the best performance but they are on the list of VPNs who were subpoenaed and had no data to give the court.
my $.02 : I tried them, but found their "we support Wireguard" a bit misleading. They only did so via their app. No way to get a stable configuration for a router (other than run a python script to get one from the app, without any guarantee how long is that config valid for).
I appreciate the engagement, but it’s become clear that this particular user has been repeatedly following my posts to respond negatively - a stalker if you will [1]. I’d prefer to keep the discussion focused on facts, not personalities.
The key point, you don’t have to trust us, and we don’t want you to. Trust code, not people. That’s the foundation of the entire effort.
1. The so-called “takeover” was being organized long before my involvement, as shown by domain registration dates and internal meeting notes. I was a more convenient target than Christel, which might explain why she asked me to buy it from her.
2. False narratives were already being circulated to open source projects before any administrative changes occurred. The subsequent channel topic changes were a reaction to those actions, though I’ve acknowledged those decisions weren’t ideal in hindsight.
On broader context, much of what’s now called “funding FOSS” doesn’t reach active developers. It tends to reward organizers and promoters rather than those writing meaningful code. Supporting individual developers directly remains a better way to sustain real innovation.
Ironically, several of the ex-staff I defended for years against serious allegations (search “OldCoder” if you’re unfamiliar) went on to form Libera, attempted to seize the freenode IRC domain, and created a false narrative about events. It’s disappointing, but not surprising given the leftist politics at play.
If you want to understand the larger trends affecting open source today, I recommend Lunduke’s Journal and similar analyses. Most major FOSS projects are no longer developer run… just look at Mozilla for an example.
reply