Don't trust these guys.

> Bringing “manufacturing back to the US” is a fool’s errand. The future of manufacturing is automation, not jobs.

That’s probably correct. But the current trajectory means that China will have the robot-operated factories, not the US. What do you anticipate the US will do to obtain goods from those Chinese factories? Especially when AI stands poised to obsolete a lot of the white collar jobs where the US still retains a competitive edge?

You can’t treat the reserve dollar as something that will perpetually defy physics. The pound used to be the world’s reserve currency not too long ago. There’s no reason for the world to continue flocking to dollars when other economies surpass the US.

It's not snark, in your reply you for whatever reason cut out the context at the end of the sentence. "Lucky 10k" is referring to this xkcd comic [0] which I thought was a pretty good one and I've tried to take to heart. I was genuinely surprised, but that's the point, what one thinks is "common sense" or "everyone knows" is always going to be brand new to someone every single day. It's happened to me lots, and is one of the delights of HN, to learn about a whole new set of use cases you've never considered before. In this case maybe it will lead them to consider how it might be useful in their own offices or homes for that matter. Making a powerful machine run quietly is both challenging and can be fairly expensive. But if you have the physical space available, then you may be able to just use powerful, cheap loud fans by virtue of putting it in an area of a basement or the like away from living space/home office and accessing it remotely. Depending on how you do so the quality can be the same as if you were sitting in front of it.

----

0: https://xkcd.com/1053/

>How would it not require an internet connection lmao, it's a remote connection tool

I'm kinda surprised you've managed to be on HN for 5 years and never come across the concept of a "LAN" or "VPN" before, but I guess you're one of today's lucky 10000. To the first, sometimes you have machines (or VMs) local to your own network but in another physical location that you'd like to be able to access from your own system. It's a fairly significant use case, and one where no internet connection is involved whatsoever. For example it's generally desirable to locate powerful (and in turn generally loud) servers and associated gear (including environmental control, redundant power etc) in physically isolated locations from where the humans are working for noise reasons if nothing else, though security and efficiency are important as well. While it's possible to pipe raw video over IP, a quality remote desktop solution will generally be more flexible/scalable and doesn't require special (expensive) extra hardware and potentially additional fiber.

And for systems located on other LANs remote from your own, you can use a VPN to link them securely as if they had a direct physical (though higher latency/more jittery) link, again avoiding any exposure to the public net. That then reduces to the above. In both cases it's desirable to have zero unnecessary 3rd party dependencies.

That makes sense. Where I live the large flea markets always have 1 or 2 local cops, and maybe a fireman to handle any emergency.

Until basic features like cloud backup/restore[1] works on GrapheneOS, they are irrelevant when talking about sophisticated targeted attacks. Your random journalist uncovering corruption in Saudi Arabia doesn't have the time to figure out how to flash a new ROM image, sideload Google apps, etc. GrapheneOS is great for privacy conscious technical users who wishes to use Android. For everyone else, iOS is far more secure OOB than popular Android phones and iOS with Lockdown mode beats GrapheneOS and is a single journo friendly toggle.

[1]: https://discuss.grapheneos.org/d/15370-restore-from-google-c...

For all the drones in the replies repeating the same talking point over and over again you fail to address the criticism: GrapheneOS is not usable for non-technical users.

Now in terms of security/privacy, anyone who is talking about "look at the public exploits" is missing the point because nobody is attacking GrapheneOS for the same reason why nobody attacks macOS. Yes there is some marginal security difference but it's mostly because nobody who matters uses it. (I'm sorry but you, random SV tech worker who knows about GrapheneOS doesn't count.)

If you want some examples of just a _few_ things iOS does that nobody else does:

1. Secure nonvolatile storage[2]: On the most recent iOS devices there is an off chip custom dedicated smart card like device that manages passcode attempts. It's set up in a way that even if you completely hack the storage IC + SEP you cannot get any info on the passcode and still need to brute force on device. The only comparable feature is the StrongBox implemented either with an off the shelf SE (huge attack surface) or Titan M on latest Pixel phones which if hacked + TEE hack (also huge attack surface) gains you offline brute force.

2. Trusted Execution Monitor[3]: Even if you get kernel data rw access via exploit, you cannot kernel code execution because of hardware locks. You cannot even get EL0 userland execution because of the dedicated TXM which monitors the page tables. The only comparable feature is Samsung Knox which does monitor based page table management but done much worse and is full of holes. Pixel has nothing. Neither of them have any hardware locks on kernel code.

3. kalloc_type[4]: in addition to the standard slab based heap isolation that Linux also provides, XNU also promises never to reuse a virtual address for objects of different type completely defeating cross-cache based attacks. Types are also tagged with metadata showing which fields in a struct are pointers and which are numerical data such that the two will never overlap in random cases of slab sharing.

There's tonnes more but there's no point listing them all. As someone who've researched both iOS and Android attacks (and you can ask anyone in the industry who've done the same), iOS security is far ahead. GrapheneOS only provides mitigations that bring Android up to par in many areas (caveat: MTE is coming soon on iOS but is current shipped in a performance regressive way in GrapheneOS and a don't-enable-me-but-we-technically-shipped-it developer toggle on Pixels).

Also: Android attacks are far and plenty. You don't hear about most of them because they're not newsworthy because they're just dumb vendor bugs and nobody expects Android to be more secure because they don't market it that way. If you want a glimpse of what in-the-wilds are publicly disclosed for both iOS and Android, look at P0's list[5] especially for recent years (2024-2025).

Again none of this matters because the bigger argument is that GrapheneOS is not user friendly and therefore it's irrelevant how powerful they defend against the 0.01% attacker who targets specific people.

[2]: https://support.apple.com/guide/security/secure-enclave-sec5...

[3]: https://support.apple.com/guide/security/operating-system-in...

[4]: https://security.apple.com/blog/towards-the-next-generation-...

[5]: https://googleprojectzero.blogspot.com/p/0day.html?m=1

Statistics never give you certainty. You get probabilities.

Or they can also not be related at all and just happen by pure coincidence.

The best practical benchmark I found is asking LLMs to research or speak on my field of expertise.

It ends its research in a few seconds. Can this be even thorough? Chatgpt‘s Deep Research does its job for five minutes or more.