I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
I don’t get your comment. They can make a distro secure enough for government use. It’s not like it’s alien technology only the US have, that you need to buy Apple or Microsoft.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
It's not alien tech but it's a basic fact that only the US has it right now.
Yes we could build a serious distro with a massive investment to get Flatpak, systemd, bootc, up to scratch, set up OSS endpoint management software, set up a safe package supply chain, etc. And yes I would love to see it. But I think in the short term the money would be better spent replacing crap like Outlook and OneDrive than Windows. Note this doesn't require building much software it's about figuring out how to run infrastructure in a way that's friendly to the bizarre world of public sector organisations.
Maybe Dunning-Kruger but the latter just seem like much easier problems to solve.
Also totally pointless until we have an OSS web browser that the whole sector can adopt (maybe we already do, but any funding gaps for Firefox should still be addressed before we build our own EuroOS). No point in having a wonderful sovereign OS that just serves as a bootloader for Chrome.
Genuinely interested: does it bring something to say "everything is crap anyway, but given that we must choose between one of them, we may as well choose the least bad" instead of "the best solution we currently have is X"?
Secondly, are you sure that it is impossible to secure a system for a whole department? I have seen relatively big companies having an IT team managing their own Linux flavour. That is, whitelisting the packages that can be installed by the users. Given that most computer users in the administration use a handful of programs, it doesn't seem super hard to audit them?
> Genuinely interested: does it bring something to say "everything is crap anyway, but given that we must choose between one of them, we may as well choose the least bad" instead of "the best solution we currently have is X"
Well I dunno if that's true, that's why I didn't say it. Linux _may_ be the best solution overall I am not sure. It is definitely not the best solution from a security perspective.
> Secondly, are you sure that it is impossible to secure a system for a whole department? I have seen relatively big companies having an IT team managing their own Linux flavour. That is, whitelisting the packages that can be installed by the users.
Just whitelisting packages isn't enough. ChromeOS effectively does this and their whitelist is extremely small, yet they are still only ok with that because they backed it up with the rest of the pieces needed to make a secure Linux desktop, including a fully vertically integrated stack.
> It is definitely not the best solution from a security perspective.
But that's compared to alternatives that virtually nobody uses, isn't it? No public service is using ChromeOS. In Europe they probably all use Windows, I would guess? So the question reduces to: is Linux worse than Windows in terms of security in this context?
The goal here is not to have the perfect system, rather to be sovereign. It's enough to not be significantly worse than Windows.
You know what happened at Google after Operation Aurora and they went full bore on security (BeyondCorp and all that)? They started phasing out Windows laptops for employees immediately.
I'm honestly having trouble taking you seriously, Windows has always been at the butt of security jokes, I guess you maybe didn't grow up with winnuke etc?
But maybe you could elaborate a bit more concretely about what kind of intra-host security boundaries are missing, and why they would be required on single-user computers in this scenario?
I worked at Google on post-Aurora endpoints security. Windows laptops are alive and well at Google. Linux laptops have had one foot in the grave for a while now (it's a bummer). Google historically made gLinux work only with enormous investments in customised distros and D&R.
> But maybe you could elaborate a bit more concretely about what kind of intra-host security boundaries are missing
- no boundaries between applications, everything runs as $USER which can read your browser creds
- no boundary between user and root, everything can trivially escalate privs (maybe we will fix this post Glasswing, let's see)
- no boundary between boots, root can trivially persist a compromise (probably non-root too)
The tech exists to solve all these problems on Linux, but there isn't a distro that strings it all together. (Unless you count ChromeOS/Android which are not really OSS).
> Unless you count ChromeOS/Android which are not really OSS
Wouldn't ChromiumOS and AOSP count? Though I read a lot of people generally complaining about secure boot on desktop (for reasons I honestly don't understand: secure boot seems to be part of the Android security model, and it seems valuable to me).
It's a good technical artifact yeah but it would need to be forked and degoogled, today it is only really useful with Google services as a backend.
Also it's coupled to the device ecosystem which is organised by Google. This coupling with the HW is one of its major technical strengths though, including for the security things I'm yapping about.
So yeah I think the two options for a EuroOS are:
- Fork and degoogle ChromiumOS/AOSP
- Invest in a Silverblue/bootc/Flatpak style system and just keep filling the gaps there
Hard to say which would be the better option. Both require at least tens of millions in investment over 5+ years.
>why they would be required on single-user computers in this scenario?
Because the single user does not write all the software running on the system. The proprietary software the user downloads could have its own agenda contrary to the user. The open-source software has security holes so that for example if the OSS is being used to inspect a repo downloaded from the net, the repo might contain files specially crafted to exploit the open-source inspection software. Of if the OSS is a file viewer, a file downloaded from the net might be able to exploit the file viewer.
I think that SUSE and RH can definitely work well in a fairly secure setting as needed. I certainly don't think it's any less secure than your typical corporate windows setup.
Sounds like the Linux is still the least worst? There is at least possibility of having secure and quite independent machine. The question is not about distro, it's who does the support and how it's all put together. There are big vendors who sell linux to enterprises that for sure have to be highly secure.
> There is no distro that meets the security requirements.
The CLOUD Act, in conjunction with Trump's behavior and the Snowden disclosures, shows that the US cannot possibly a trusted partner. That every operating system is controlled by Washington. Who can turn things off if they want.
I work for a stage agency. Our current state constitution was adopted in 1891. Does a digital file format exist that will work for 135+ years? We've adopted PDF/A because supposedly that's open-sourcey enough to last, but I'm not sure that it is safe enough from legal disputes to stand the test of time. Our state legislature has banned certain state stuff from being hosted in the cloud.
SELinux is a framework not a solution. Main places that gap is closed are Android and ChromeOS, not normal distros.
MacOS has:
- Serious integrity story
- Actual kernel hardening
- No reams and reams of garbage in their kernel (wouldn't have equivalents to the recent AF_ALG vulns coz they don't have dumb stuff like AF_ALG).
- Filesystem security boundaries retrofitted onto the Unix model (interesting user data, browser creds etc are gated by special permissions that are tied to the application build, backed by the integrity story - a `curl | bash` command cannot dump your ~/Documents)
When people escalate privileges on MacOS it's news, when they do it on Linux it's Tuesday (you might think the recent spate of privesc vulns on Linux was unusual but that is totally normal).
I say this as someone who works on Linux security every day (I am a kernel developer) and uses Linux on every computer I have, both at work and at home, BTW. I am not a Linux hater or Apple fanboy by any means.
These are all solvable problems at EU scale too. Just, I think they should solve other problems first in the priority list of delivering sovereign IT.
If actors in the EU are serious (I have my doubts, as so far I see nothing more than riding recent anti-Trump sentiment in a hope to win popularity contest) they cannot rely on volunteer effort and gluing bunch of unrelated FOSS projects.
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
My "I saw this very early" claim deserves some skepticism, but...
Don't y'all remember GPT2? When they published that AI-generated unicorns-in-the-Andes article, my jaw was on the floor. I remember very clearly thinking "oh, history is now divided into the time before this moment and the time after it".
There's been a long series of "oh holy shit this is USEFUL NOW" moments in the last 2 years but none of them compare to that first moment. The day before, I didn't know if real AI was possible. Then one day it was suddenly clear that it was. And if you'd been thinking about AI at all it was obvious that if the technology was at all possible, it was gonna be a really fucking big deal sooner or later.
I think Conway's law is more interesting. It seems natural that networks of human relationships would mirror each other when the same groups of humans translate themselves into a new context.
Whereas the structure of technological products is a "different thing" than the human relationships that created it, it's less obvious that it would translate across that boundary.
Unless the technology is glued together with ad-hoc systems using email, slack, Dropbox, and the like. At least that’s my experience in small businesses.
As well as rational vs irrational they are also just different types of spending.
Hiring someone vs paying a vendor for a service:
- different level of commitment
- might tie your org to a physical location
- different legal risks
- shows investors a different picture (probably this would even influence a bank loan)
- manager has to fight a different bureaucracy
Not to mention that comparing the cost of a hire by looking at their salary is pretty dumb. ISTR hearing at Google that the overall estimated cost of employing a SWE is like 4X their compensation? Can't remember the exact figures though.
Ultimately I think the only way you can trust benchmarks is if you build them yourself and keep them secret from the AI labs.
There are different levels of "cheating" on benchmarks. The worst would be just literally putting them in the loss function during RL, I assume the major labs are not cheating at that level. And I am sure they are making a genuine effort to keep the benchmark content out of the training data.
But, ultimately it seems implausible that they completely abstain from benchmarking their model until they are about to release it. Even if they did do that, the benchmark is still ultimately a part of the outermost feedback loop. So these models are all, to _some_ degree, benchmark-solving machines.
I think all we can really do is live with the model for a while and develop a subjective feeling about its quality. This shouldn't be surprising, nobody believes that coding interviews work, we all know that you just have to work with someone to figure out if they're a good programmer. As AIs become more human like it's natural they should get harder to evaluate.
This is a bit awkward, it puts us in quite a weak position as consumers.
Maybe to some extent you can get a meaningful signal from sentiments on HN etc, but:
- There must be some amount of manipulation going on of this
- Even if it was fully organic, it's highly likely that your experience will differ materially from the median online nerd, because AIs are bizarre things that respond in unpredictable ways to intangible things.
> Ultimately I think the only way you can trust benchmarks is if you build them yourself and keep them secret from the AI labs.
I agree.
At the same time, one of the first things we see in the HN comments when a new model is released are pelicans on a bike. Makes you wonder where the priorities of the AI "community" lie when karma farming is the main motivation for model "evaluation".
Yeah I actually advocate for dropping to assembly quite a lot in BPF:
- portability isn't a concern
- BPF ASM syntax is quite readable
- it can often let you write simpler code by directly doing what the verifier needs instead of dancing around trying to make Clang do it for you.
I think the most exciting alternative BPF language would be one where the compiler interacts with the verifier. E.g. if the program included a logical proof of correctness that the verifier could check more efficiently than its limited builtin analysis.
I wonder does it mean that ublock origin has anti-anti-adblock functionality? (My guess is yes but I wanted to take the opportunity to spell that word)
I think his agenda here is to point out that your probability distribution for AI outcomes should be broad (what you said), but most importantly: this means you must take seriously the possibility that we are gonna get superintelligence quite soon.
Basically a lot of people say "but isn't it also pretty likely that we DON'T get superintelligence?" And, yes, it is. But superintelligence being even a remotely plausible outcome is a big fucking deal. Your investment choices in that context are not important.
People really struggle to think rationally in the face of this shape of uncertainty.
You want to go to the store to get ice cream. Ice cream is delicious and the value of eating ice cream is a small positive, let's say x. There's a one in ten million chance you'll get hit by a car on the way and die, and your life is infinitely precious, therefore the expected value of going is x times 1 = x, and the one of not going is 1/10m times negative infinity which is negative infinity. You are a rational person, so you don't go. In fact you don't do much of anything. Your value model of every activity has collapsed to a single value.
That's the problem with 'singularity' arguments. The people making them ignore the fact that the mathematical definition of the word means 'the model of outcomes collapses to a single value' therefore the model stops being useful, yet they somehow claim to be able to make predictions beyond the singularity. It's like those shitty Facebook math posts where they divide both sides of the equation by 0 (the fact hidden by some sleight of hand), to 'prove' that 2=1.
The formulation of the singularity involves putting outrageous values into the parameters of the model of reality, and denominator ignorance, and then claiming 'rationally' determining that the consequences are too severe to ignore.
The singularity framing is really tough here, right? It comes from black hole physics. Essentially, at the event horizon, the way we know how to do physics stops working, and we rightly conclude that we can't currently say anything about the other side of the event horizon. It is not saying that nothing is occurring there. Matter, time, space, energy, whatever, that still is there (maaaaybe?) and is still undergoing something. It's just that we don't know what that is.
The same is true with using these tech singularity arguments. Like, in the age of superintelligence (if that happens), there will still be thing happening, the dawn will still come every day and the dusk will still too. It's just that we say our current ideas about that new day aren't that applicable to that new age (God, this sounds like a hippie).
However, unlike with black hole physics where we aren't even sure time can exist like we know, we are likely all going to be there in that new superintelligence age. We're still going to be making coffee and remembering bad cartoons from our youth. Like, the analogy to black hole physics breaks down here and maybe does a disservice to us. It's not a stark boundary at the Schwartzchild radius, it is a continuous thing, a messy thing, a volatile thing, and very importantly for the HN userbase, a thing that we control and have the choice to participate in.
We are not passively falling into the AGI world like the gnawing grinding gravity of a black hole.
I don't know, are we actually going to be making coffee in the case of the AGI singularity?
If you listen to the hardcore doomers, the misaligned superintelligence will curl a finger on its monkey paw and turn the planet into paperclips or something. If you listen to the most depraved boosters, AGI will remove the need for 99.999% of human workers and so we all get turned into biofuel to churn out more tokens.
Yes those are really extremely scenarios but that's how I think of the singularity. It's so alien that we cannot rule out anything.
The event horizon = singularity metaphor is a little off. There is no breakdown in the laws of physics at the event horizon. It's just that there is no light or matter that escapes from the event horizon. But the laws of physics don't break down until you reach the center of the black hole (which will happen in finite time after you cross the event horizon).
So there are a couple interesting and meaningful changes at the event horizon, but it's not a mathematical singularity.
There's an objection here when you get to tiny numbers, but surely you wouldn't get ice cream if there was a 10+% chance to get hit by a car?
I think he's saying that >1% or even >10% chunk of your probability mass should be on superintelligence, otherwise you're implicily >99% confident of stalled progress, which seems overconfident. We're not talking about not some infinitesimal fraction here.
And yet sometimes the consequences ARE too severe to ignore. Nuclear war is a serious concept and it's carefully investigated and attempted to be controlled by a lot of powerful people. Why is this situation different? Because it's unlikely? So is nuclear war.
That's literally the singularity though - the point past which predictions are meaningless.
My "plan" is hope for a benevolent intelligence that establishes a post-human government and then enjoy poat-scarcity society doing wood working or something.
On our present trajectory, any new super intelligence will be the billionaire’s plaything. Hope is indeed needed to see how it would benefit the common person.
I mean I could structure an argument as to why that might be unlikely but that's exactly the point: it's all speculation. We don't know what super intelligence would do. It's meaningless to try and plan for.
I think his agenda / point is that, viewed from Lindy's Law, given the SOTA in 2026, superintelligent AI arriving soon is vastly more probable than not, right? To make the case that "sure, AI capability and intelligence have grown exponentially over the past several years, but don't worry, they're about to abruptly level off and in fact won't blatantly surpass human-level intelligence within the coming decades" seems to have a high burden of proof unless your model is less "sigmoid" and more "abrupt plateau".
>I think his agenda / point is that, viewed from Lindy's Law, given the SOTA in 2026, superintelligent AI arriving soon is vastly more probable than not, right
Why would that be? Nothing about Lindy's Law makes that promise. And even the SOTA in 2026 is over-estimated thanks to a trillion dollar industry trusted to not influence benchmarks.
You’re 100% correct, which is why I opted for a broad investment approach rather than trying to pick “winners”.
My thought process RE: superintelligence/AGI is generally this:
* I personally don’t believe it’s likely to happen with silicon-based computing due to the immense power and resource costs involved just to get to where we are now; hence why I invest broadly to capitalize on what gains we actually attain using this current branch of AI research across all possible sectors and exposure rates
* If we do achieve AGI using silicon-based computing, its limited scale (requiring vast amounts of compute only deliverable via city-scale data centers) will limit its broader utility until more optimizations can be achieved or a superior compute platform delivered that improves access and dramatically lowers cost; again, investing broadly covers a general uplift rather than hoping for a specific winner
* If AGI is achieved, nobody - doomer or booster alike - will know what comes next other than complete and total destruction of existing societal structures or institutions. The stock market won’t explode with growth so much as immediately collapse from the disintegration of the consumptive base as a result of AGI quite literally annihilating a planet’s worth of jobs and associated business transactions. In this case, a broad spread protects me from harm by spreading the risk around; AGI will annihilate the market globally, but not all at once barring a significant global catastrophe instigated by it
* Which brings me to the worst outcome, where AGI follows the “if anybody builds it everyone dies” thought process: investment is irrelevant because we’re all fucked anyway.
And that’s just my investment approach. I’m too pragmatic to believe we’re at the bottom of the sigmoid curve, but too wise to begin guessing where we actually exist on it at present or how much is left in the current LLM-arm of AI research; I’m an IT dinosaur, not an AI scientist.
What I can point to is the continued demand destruction of consumer compute through higher costs and limited availability due to rampant AI speculation as proof that the harm is already here in a manner most weren’t predicting, while at the same time actual job displacement by AI is limited to the empty boasting of executives using it as a smoke screen for layoffs after RTO mandates failed to thin headcount sufficiently.
In the USA in particular, we’re facing a perfect storm of:
* consumer confidence collapse leading to a decline in spending on all goods, especially luxury ones, by all but the most monied demographics
* data center-driven cost increases (energy) and resource destruction (land, water, fossil fuel use)
* the eradication of government support for renewable energy that would’ve kept these costs in check
* the widening wealth gaps creating a new underclass not seen since before WW2
In other words, most of the discourse continues to revolve around hypotheticals of tomorrow rather than realities of today. That would be the lesson I’d hope more people take away from something like this, so we can finally begin addressing issues themselves rather than empty online circle jerking about who is right or wrong.
I think this is a bit too pessimistic. Progress in algorithms has matched or exceeded progress in hardware, so the same number of FLOPS spent training GPT-3 years ago would produce a much better model today. Ditto for energy use, and hardware is more efficient at delivering FLOPS.
> the widening wealth gaps creating a new underclass not seen since before WW2
I go back and forth on this. I think the reality is that "underclass" is a moving target. AI and automation makes things so cheap that today's underclass lives better than kings ever did.
> similar to a macOS experience but built on a standard Linux foundation.
From a security perspective, this cannot exist. MacOS is fundamentally superior to classical GNU/Linux distros. Android/ChromeOS are the only Linux systems that make a serious attempt to close that gap.
I think the closest thing I can imagine is a system that goes all in on a Snap/Flatpak type platform (basically, like Fedora Silverblue, plus throw ~50 million dollars at fixing all the sandboxing, improving the SELinux policies or whatever, cranking up the system integrity story, getting some kernel hardening in place, stuff like that). With Google's funding I do think that's technically viable, I would love to see it. But, I dunno if it would count as "standard Linux foundation". And, kinda a weird thing to do for a company that's already spent billions over the last 20 years to build several existing Linux OSs.
(BTW, this is a totally security-brained take. I do actually run classical GNU/Linux on all my personal computers, the fact that it's a fundamentally insecure OS doesn't actually bother me that much. But I don't think Google can realistically ship a "product" like that. If it really took off and gained the kinda adoption they are presumably hoping for, it would honestly be quite irresponsible of them).
I once had a job interview where they wanted to evaluate my C knowledge. They showed me a printout of some pointer arithmetic and said spot the bug. (It may actually have been the old puzzle where it turns out that /* is always a comment opener and never a division by the referent of a pointer).
I said "well first, this is a mess, I'm putting parentheses here, here, here and here". They said "well you've fixed the bug but can you tell us where it was?"
I gave them a hypothesis but I said my "real answer" was that it's not worth our brain cycles to figure it out, you just shouldn't write code that requires knowing operator precedence. It's just such desperately boring information that I can't hold it in my head.
Interviewing such an insufferable smartarse was probably quite annoying but they did give me the job and I do stand by the underlying principle!
> I gave them a hypothesis but I said my "real answer" was that it's not worth our brain cycles to figure it out, you just shouldn't write code that requires knowing operator precedence. It's just such desperately boring information that I can't hold it in my head.
this is exactly how I think. and it goes for a lot of stuff in general, we have limited bandwidth and wasting it on useless stuff like this has no real purpose.
yet sometimes I see people show off about how they know how to deal with it but I just don't see the point.
Your response was more correct in a professional sense than producing the piece of knowledge you've been asked for. I'd prefer to work with people who value everyone's time and write programs accordingly. If the interviewer was looking for a valuable expert, they were lucky to get you on board.
It's very common, I believe all the Big Tech firms have you write code.
I think the example from my story was the only one I've had where I had to _read_ code. (I have heard of people doing "code review interviews" though).
I've also had a job interviews with no code though. For startups or non-FAANG type companies.
Literally all of them, for at least the past decade, afaik. Obviously it'll vary a lot outside those though, the field employs all kinds in all kinds of ways.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
reply