Readit News logoReadit News
tiberious726 commented on Sam Altman now says AGI, or human-level AI, is 'not a super useful term'   cnbc.com/2025/08/11/sam-a... · Posted by u/EvgeniyZh
moi2388 · 15 days ago
Didn’t OpenAI sign a deal with Microsoft that Microsoft gets full access to all their IP until OpenAI claims they have established AGI?

So it would be in OpenAIs best interest to at least try to work and claim towards it

tiberious726 · 15 days ago
Didn't the terms of that deal define AGI as "an AI that generates at least 1 billion in annual revenue"?
tiberious726 commented on Managing EFI boot loaders for Linux: Controlling secure boot (2015)   rodsbooks.com/efi-bootloa... · Posted by u/CaliforniaKarl
jeroenhd · a month ago
While the commands and procedures on this page still work fine (the screenshots are a welcome addition!), I find the Arch Linux wiki to be a bit more up to date: https://wiki.archlinux.org/title/Unified_Extensible_Firmware...

The Arch wiki also adds some additional warnings that you may want to check into. For instance, my Thinkpad with an Nvidia GPU will be bricked if I use the normal API to load secure boot keys, because on boot certain firmware is executed before the setup utility, which means that if that firmware fails verification, the entire laptop becomes unbootable. The workaround (load keys through the UEFI setup utility instead of any other tools) doesn't let me get rid of the manufacturer keys and take full control, unfortunately. I'll keep Lenovo's choices here in mind next time I buy a laptop.

Thanks to updates to sbctl, you can create keys with `sbctl create-keys` rather than typing out complex openssl commands. sbctl's `enroll-keys` should also make the key enrollment procedure easier.

Your distro probably also comes with an optional package manager hook so you don't need to repeat the sign commands every time your bootloader updates.

tiberious726 · a month ago
If you use the -m flag with enroll-keys, won't that also load the MS keys, which the Nvidia firmware should be signed by, allowing verification to pass?
tiberious726 commented on Linux and Secure Boot certificate expiration   lwn.net/SubscriberLink/10... · Posted by u/pabs3
somat · a month ago
MS did not "Have" to be involved. The problem is that doing it right is hard, not hard as in "it was tricky to figure it out but once we did everything works" but hard as in "every single user now has an additional impossible to remember key they have to keep track of or they get locked out of their system", basically the mother of all support nightmares. so Microsoft took the easy(perhaps realistically, the only) way out. they said "we are not going to have the end user own their keys, we will own the keys"

Honestly I wish they(where they is them that designed this whole broken system) did it it right. On first boot you would set up some keys, now you are your own trust root, and when you you want Microsoft to manage your system, perfectly reasonable, managing systems is scary, you sign their keys and add them to the store. The problem is at a low level it all sort of just works, but nobody want to design that user interface. nobody wants to write the documentation required to explain it to joe random user. Nobody wants to run the call center dealing 24/7 walking people through a complicated process, patiently getting them unstuck when they loose their keys, explaining what a trust root is and why they now have to jump through hoops to set one up.

I like to believe that had they done it right initially, the ui would have been molded into something that just works and the client base would also get molded into expecting these key generations steps. But I am also an optimist, so perhaps not and it is exactly as scary and thankless a task as I described above. But we will never know, Microsoft took the easy way out, said we will hold the keys. And now you are a serf on your own machine. Theoretically there is a method to install your own keys, and it may even work, but the process is awkward(never really being meant for mass use) and you are dependent on the vendor to care enough to enable it. Many don't.

tiberious726 · a month ago
Eh, that's basically what we have now with boards where you can delete the MS keys and enroll your own. Just with different defaults and no support nightmare
tiberious726 commented on Firefox is fine. The people running it are not   theregister.com/2025/07/0... · Posted by u/LorenDB
tiberious726 · 2 months ago
Firefox is not fine. If you think it is, please tell me how to disable BASIC http auth in it. (This is a serious problem, as it will send passwords unencrypted over a non SSL connection, and my users have been trained to type their sso password into every box they see (I know.... Not my doing)).
tiberious726 commented on Has the decline of knowledge work begun?   nytimes.com/2025/03/25/bu... · Posted by u/pseudolus
ngneer · 5 months ago
There is no sequence of steps that takes us from where we are to the society depicted in Star Trek, or at least none has been outlined so far. If it were to happen, the world would need an abrupt phase change (e.g., First Contact). You may be tempted to call me a pessimist, but I am a realist. To convince a realist, one must show a sequence of steps.
tiberious726 · 5 months ago
Step 1) world war 3

Step 2) some drunk invents FTL

Step 3) the Vulcans show up

tiberious726 commented on Offline PKI using 3 Yubikeys and an ARM single board computer   vincent.bernat.ch/en/blog... · Posted by u/todsacerdoti
GauntletWizard · 5 months ago
This is a pretty nice guide, though it misses some steps I'd consider important. If you're making a CA for internal use today, I would highly encourage you to use Name Constraints. Name Constraints allow you to specify that your CA will only be used to sign domains you pre commit to. This means you can add your internal CA to your system trust stores on all of your corporate systems and not worry about it being abused to MITM your employees connections to the wider internet. (If that is a feature you'd like to have, I would be happy to expound further on why that's a bad idea)

I'm giving a workshop in a few weeks at Bsides Seattle[1] about this - Pick up a Yubikey and come play with PKI with me.

[1]https://www.bsidesseattle.com/2025-schedule.html

tiberious726 · 5 months ago
If the client actually supports the optional name constraint extension. Is it acceptabley widespread nowadays?
tiberious726 commented on The DOJ still wants Google to sell off Chrome   wired.com/story/the-doj-s... · Posted by u/hydrolox
qwerty456127 · 6 months ago
In my opinion Firefox is better in all the ways except speed - Chrome still feels faster on old computers. And I prefer the browser market to still have some technical diversity no matter who actually runs it.
tiberious726 · 6 months ago
Eh, I tried using Firefox again for a few months when manifest v3 was announced, nothing worked quite right, then I ran into this: https://madaidans-insecurities.github.io/firefox-chromium.ht...
tiberious726 commented on IBM completes acquisition of HashiCorp   newsroom.ibm.com/2025-02-... · Posted by u/ahurmazda
cyberpunk · 6 months ago
We don’t run anything on bare metal anymore it’s all containers (90k employee very large enterprise).

Of course I can’t speak for all the teams, but all new projects are going out on kubernetes and we don’t care about rhel at all, typically it’s alpine it Debian base images

tiberious726 · 6 months ago
So Red Hat Openshift.
tiberious726 commented on IBM completes acquisition of HashiCorp   newsroom.ibm.com/2025-02-... · Posted by u/ahurmazda
thisisnotauser · 6 months ago
I've had the incredible displeasure of having to maintain multiple massive legacy COTS systems that were once designed by promising startups and ultimately got bought by IBM. IBM turned every last one into the shittiest enterprise software trash you can imagine.

Every IBM product I've ever used is universally reviled by every person I've met who also had to use it, without exaggeration in the slightest. If anything, I'm understating it: I make a significant premium on my salary because I'm one of the few people willing to put up with it.

My only expectation here is that I'll finally start weaning myself off terraform, I guess.

tiberious726 · 6 months ago
Everyone I know who works with IBM i (used to be system i, as/400 before that) absolutely adores it. Gods do they every nickel and dime you tho.
tiberious726 commented on GrapheneOS: Private and secure mobile OS with Android app compatibility   grapheneos.org/... · Posted by u/saikatsg
mystified5016 · 7 months ago
Graphene is pretty cool in theory, but I found it to be a huge pain. The Play sandboxing is great, again in theory, but it leaves too much broken.

You should install Graphene if and only if you have zero need for steam, discord, or anything not in F-Droid AND you actively want to use your phone less. It makes your device drastically less desirable and useful.

If all you ever do on your phone is open a web browser and SMS AND you don't rely on voicemail, Graphene is pretty sweet.

I love the concept, I just found it incredibly impractical. I switched to lineage after six or eight months.

The real thing that made me switch was multiple OS updates per week. The incessant forced updates from Samsung is why I switched phones and installed Graphene. It got so bad that I had to block the persistent update notification and just went without for several months. Lineage is a little more respectful in this regard.

tiberious726 · 7 months ago
> The real thing that made me switch was multiple OS updates per week

You're complaining about timely security updates?

t

u/tiberious726

KarmaCake day225June 17, 2022View Original