undefined | Better HN

story

0 pointsENGNR1y ago0 comments

Open code, inspected and used by a large number of users, hosted on hardware you physically control

0 comments

I think that's fair, but impractical for most users. I have a number of Home Assistant integrations with locally hosted AI models for smart home features, but I wouldn't expect my grandma to set up a server and a few VMs when she could just give her HomePod a prompt that works with AI and have no worries about the implementation. Do you feel like Apple's "independent" auditing is insufficient?

ENGNROP1y ago

> Do you feel like Apple's "independent" auditing is insufficient?

Yeah, pretty much

Also, your grandma might not setup a VM, but it sounds like the off-device processing is essentially stateless, or at most might have a very lightweight session. It seems like the kind of thing one person could setup for their family (with the same tamper-proof signatures, plus physical security), or provide a privacy focused appliance for anyone to just plug into a wall, if they wanted to.

threeseed1y ago

Most open source code isn't inspected though.

There have been many cases recently of compromised code being in the wild for quite some time and then only known about by accident.

spywaregorilla1y ago

100% of closed code is not inspected

theshrike791y ago

I have been involved in security audits for 110% closed code, code that's secret even within the company.

Auditing helps the company writing it, the auditors are usually experts in breaking stuff in fun ways, and it's good for business - we could slap "code security audited by XXX" on the sales pitch.

1 more reply

sodality21y ago

By you. Three comments above references "independent audits". Meaning professional cybersecurity firms

1 more reply

j / k navigate · click thread line to collapse

0 comments

ryr111y ago

ENGNROP1y ago

> Do you feel like Apple's "independent" auditing is insufficient?

Yeah, pretty much

threeseed1y ago

Most open source code isn't inspected though.

There have been many cases recently of compromised code being in the wild for quite some time and then only known about by accident.

spywaregorilla1y ago

100% of closed code is not inspected

theshrike791y ago

I have been involved in security audits for 110% closed code, code that's secret even within the company.

Auditing helps the company writing it, the auditors are usually experts in breaking stuff in fun ways, and it's good for business - we could slap "code security audited by XXX" on the sales pitch.

1 more reply

sodality21y ago

By you. Three comments above references "independent audits". Meaning professional cybersecurity firms

1 more reply

j / k navigate · click thread line to collapse