Comment by shit_game

Comment by shit_game 5 days ago

What is the endgame here? Obviously "heightened security" in some kind of sense, but to what end and what mechanisms? What is the scope of the work? Is this work meant to secure forges and upstream development processes via more rigid identity verification, or package manager and userspace-level runtime restrictions like code signing? Will there be a push to integrate this work into distributions, organizations, or the kernel itself? Is hardware within the scope of this work, and to what degree?

The website itself is rather vague in its stated goals and mechanisms.

storystarling 5 days ago

I suspect the endgame is confidential computing for distributed systems. If you are running high value workloads like LLMs in untrusted environments you need to verify integrity. Right now guaranteeing that the compute context hasn't been tampered with is still very hard to orchestrate.

Reply View 2 replies

yencabulator 5 days ago

That endgame has so far been quite unreachable. TEE.fail is the latest in a long sequence of "whoever touches the hardware can still attack you".
https://news.ycombinator.com/item?id=45743756
https://arstechnica.com/security/2025/09/intel-and-amd-trust...

Reply View | 0 replies
LooseMarmoset 5 days ago

No, the endgame is that a small handful of entities or a consortium will effectively "own" Linux because they'll be the only "trusted" systems. Welcome to locked-down "Linux".
You'll be free to run your own Linux, but don't expect it to work outside of niche uses.

Reply View | 0 replies

mariusor 5 days ago

Personally for me this is interesting because there needs to be a way where a hardware token providing an identity should interact with a device and software combination which would ensure no tampering between the user who owns the identity and the end result of computing is.

A concrete example of that is electronic ballots, which is a topic I often bump heads with the rest of HN about, where a hardware identity token (an electronic ID provided by the state) can be used to participate in official ballots, while both the citizen and the state can have some assurance that there was nothing interceding between them in a malicious way.

Does that make sense?

Reply View 8 replies

c0l0 5 days ago

No.

Reply View | 7 replies
- mariusor 5 days ago
  
  Why not? Being terse does not make one right...
  
  Reply View | 6 replies
  
  mzajc 3 days ago
  
  Off the top of my head, because
  - You're just moving your trust elsewhere, this time to a private corporation (whoever makes the CPU / TPM / other "trusted" component).
  - This doesn't guarantee voter anonymity the way paper ballots do. Considering the analog hole and the complexity of computers, I can think of a billion ways a motivated and resourceful Mallory could to connect someone to their ballot.
  
  Reply View | 1 reply
  
  mariusor 3 days ago
  
  > This doesn't guarantee voter anonymity the way paper ballots do.
  You're saying that with a lot of assurance, but in my opinion that's still to be debated. We can build something that will keep at least a degree of separation between the identity that points to a specific individual and the identity that casts the ballot.
  
  Reply View | 0 replies
  
  fragmede 5 days ago
  
  https://xkcd.com/2030/
  
  Reply View | 3 replies