Most active commenters

    ←back to thread

    Private Cloud Compute Security Guide

    (security.apple.com)
    295 points djoldman | 15 comments | 06 Nov 24 13:48 UTC | HN request time: 1.488s | source | bottom
    Show context
    solarkraft ◴[06 Nov 24 15:40 UTC] No.42063965[source]
    Sibling comments point out (and I believe, corrections are welcome) that all that theater is still no protection against Apple themselves, should they want to subvert the system in an organized way. They’re still fully in control. There is, for example, as far as I understand it, still plenty of attack surface for them to run different software than they say they do.

    What they are doing by this is of course to make any kind of subversion a hell of a lot harder and I welcome that. It serves as a strong signal that they want to protect my data and I welcome that. To me this definitely makes them the most trusted AI vendor at the moment by far.

    replies(10): >>42064235 #>>42064286 #>>42064293 #>>42064535 #>>42064716 #>>42066343 #>>42066619 #>>42067410 #>>42068246 #>>42069486 #
    1. chadsix ◴[06 Nov 24 16:00 UTC] No.42064293[source]
    Exactly. You can only trust yourself [1] and should self host.

    [1] https://www.youtube.com/watch?v=g_JyDvBbZ6Q

    replies(2): >>42064538 #>>42065335 #
    2. 9dev ◴[06 Nov 24 16:16 UTC] No.42064538[source]
    That is an answer for an incredibly tiny fraction of the population. I'm not so much concerned about myself than society in general, and self-hosting just is not a viable solution to the problem at hand.
    replies(2): >>42064839 #>>42065533 #
    3. chadsix ◴[06 Nov 24 16:35 UTC] No.42064839[source]
    To be fair, it's much easier than one can imagine (try ollama on macOS for example). In the end, Apple wrote a lot of longwinded text, but the summary is "you have to trust us."

    I don't trust Apple - in fact, even the people we trust the most have told us soft lies here and there. Trust is a concept like an integral - you can only get to "almost" and almost is 0.

    So you can only trust yourself. Period.

    replies(4): >>42065107 #>>42065178 #>>42065410 #>>42069651 #
    4. dotancohen ◴[06 Nov 24 16:50 UTC] No.42065107{3}[source]
    I don't even trust myself, I know that I'm going to mess up at some point or another.
    5. lukev ◴[06 Nov 24 16:54 UTC] No.42065178{3}[source]
    The odds that I make a mistake in my security configuration are much higher than the odds that Apple is maliciously backdooring themselves.

    The PCC model doesn't guarantee they can't backdoor themselves, but it does make it more difficult for them.

    replies(1): >>42070748 #
    6. remram ◴[06 Nov 24 17:02 UTC] No.42065335[source]
    Can you trust the hardware?
    replies(2): >>42065435 #>>42066950 #
    7. killjoywashere ◴[06 Nov 24 17:06 UTC] No.42065410{3}[source]
    There are multiple threat models where you can't trust yourself.

    Your future self definitely can't trust your past self. And vice versa. If your future self has a stroke tomorrow, did your past self remember to write a living will? And renew it regularly? Will your future self remember that password? What if the kid pukes on the carpet before your past self writes it down?

    Your current self is not statistically reliable. Andrej Karpathy administered an imagenet challenge to himself, his brain as the machine: he got about 95%.

    I'm sure there are other classes of self-failure.

    replies(1): >>42067431 #
    8. killjoywashere ◴[06 Nov 24 17:07 UTC] No.42065435[source]
    There's a niche industry that works on that problem: looking for evidence of tampering down to the semiconductor level.
    replies(1): >>42065691 #
    9. talldayo ◴[06 Nov 24 17:14 UTC] No.42065533[source]
    Nobody promised you that real solutions would work for everyone. Performing CPR to save a life is something "an incredibly tiny fraction of the population" is trained on, but it does work when circumstances call for it.

    It sucks, but what are you going to do for society? Tell them all to sell their iPhones, punk out the NSA like you're Snowden incarnate? Sometimes saving yourself is the only option, unfortunately.

    replies(1): >>42067377 #
    10. sourcepluck ◴[06 Nov 24 17:22 UTC] No.42065691{3}[source]
    Notably https://www.bunniestudios.com/blog/2020/introducing-precurso...
    11. blitzar ◴[06 Nov 24 18:30 UTC] No.42066950[source]
    If you make your own silicon can you trust that the sand hasnt been tampered with to breech your security?
    12. ◴[06 Nov 24 18:55 UTC] No.42067377{3}[source]
    13. martinsnow ◴[06 Nov 24 18:58 UTC] No.42067431{4}[source]
    Given the code quality of projects like nextcloud. Suggestions like this makes the head and table transmugify into magnets.
    14. commandersaki ◴[06 Nov 24 21:24 UTC] No.42069651{3}[source]
    > "you have to trust us."

    You have fundamentally misunderstood PCC.

    15. astrange ◴[06 Nov 24 22:46 UTC] No.42070748{4}[source]
    You also don't have a security team and Apple does have one.