I imagine it’s like everything else, you can only realistically verify against a random sample. It’s like trucks passing a border, they should ALL be checked but in practice only few gets checked and punished with the hope that punishment will deter others.

Here if 1 chip is checked for 1 million produced and there is a single problem with it, being a backdoor or “just” a security flaw that is NOT present due to the original design, then the trust in the company producing them is shattered. Nobody who can afford alternatives will want to work with them.

I imagine in a lot of situations the economical risk is not worth it. Even if say a state actor does commission a backdoor to be added and thus tell the producing company they’ll cover their losses, as soon as the news is out nobody will even use the chips so even for a state actor it doesn’t work.

They asked for an alternative to airtags. I provided one.

And even though I’m not OP I’m genuinely grateful for that.

Doesn’t matter if they were compromised because like I said, everyone is eventually.

No! That’s the whole point of this Privacy community! If someone is using, using home automation as an example, Apple HomeKit or Roomba or Google Home they will eventually get compromised BUT if they are using something local, e.g Zigbee with HomeAssistant they WILL never get compromised because by the very local only architecture of that solution no data is leaving the home and thus can NOT be compromised.

The ENTIRE reason d’etre of this community is not to say “Oh well… the default solutions are imperfect, we have to shrug and accept the statu quo” but rather provide genuinely alternative.

I understand a lot of people can enter into a learned helplessness mindset imagining that only poor solutions exist and thus, better pick the least worst one, but by doing that we are giving power to Big Tech, surveillance capitalism, etc.

Please do NOT say that “everybody gets compromised” when you actually mean that “the vast majority of people who accept to use a popular solution with trade offs that are not good for privacy”. It sounds like a finicky difference but it’s actually totally different because it shows that it’s not inevitable.

By taking shortcut in your language you limit what’s conceived as possible by others who are asking for help, again, in a Privacy focused community.

True yet still not OK.

That’s also why a lot of us do try to avoid, as much as is realistically feasible, to provide any data to any company that should store it. Hence why a lot of questions here are about self hosting, no cloud, etc. It’s not paranoia, it’s because companies cut corners and as you correctly point out, fail to keep us safe. So it’s not about Tile specifically, they are just yet another poor example. Let’s not defend them nor this kind of practices. If people in the Privacy community are OK with that, we have a rather deep problem.

The same way you would do it with a black box while optionally taking as many shortcuts as one is comfortable with by virtue of assuming having a better understanding of it’s been built?

Get it audited by tools, e.g OneSpin, or people, e.g Bunnie, that one trusts?

I’m not saying it’s intrinsically safer than other architectures but it is at least more inspectable and, for people who do value trust for whatever, can be again federated.

I assume if you do ask the question you are skeptical about it so curious to know what you believe is a better alternative and why.

Buying other hardware that you (well… not me ;) can inspect and verify, e.g RISC?

For now the performances are pretty terrible BUT one can imagine, assuming they have the right discipline and mental model doing what’s actually personal on a verifiable processor, e.g browsing and reading emails, and what’s not, e.g watching a TV show on another machine with CPU/GPU with an unverifiable architecture.

PS: I have a Precursor and a Banana Pi BPI-F3 with SpacemiT K1 8 core RISC-V chip and that’s the main idea behind them both, i.e knowing, as a community, how it works all the way down.

Thought the same, then tried a Corne-ish Zen and … I’ve been on a strange path from normal keyboard to split kbd to Ergodox to Moonlander (so more and more) down to Corne-ish Zen (3x6) and my hands/wrist thank me daily. Even today I edited my keymap https://github.com/Utopiah/zmk-config-zen-2/blob/main/config/corneish_zen.keymap thinking “Wow… so much keys left still, I could do with less”.

I… agree but isn’t then contradicting your previous point that innovation will come from large companies if they only try to secure monopolies rather than genuinely innovate? I don’t understand from that perspective who is left to innovate if it’s neither research (focusing on publishing, even though having the actual novel insight and verifying that it does work), not the large companies… and startups don’t get the funding either. Sorry if you mentioned it but I’m now confused as what is left.

They just provide the data. They can question the methodology or even provide another report with a different methodology but if the data is correct (namely no fabricated) then it’s not up to them to see how it’s being used. The user can decide how they define startup, i.e which minimum size, funding types, funding rounds, etc. Sharing their opinion on the startup landscape is unprofessional IMHO. They are of course free to do so but to me it doesn’t question the validity of the original report.

Neat.

Warning disclaimer : I’m not a cryptographer.

I actually tinkered with https://github.com/open-quantum-safe and it’s actually quite simple to become “post-quantum” whatever. The main idea being that one “just” have to switch their cryptographic algorithm, what one uses to encrypt/decrypt a message, from whatever they are using to a quantum-resistant (validated by NIST or whomever you trust to evaluate them) and… voila! The only test I did was setting up Apache httpd and querying that server with Chromium and curl, all with oqs, while disabling cryptographic algorithms that were not post-quantum and I was able (I think ;) to be “safe” relative to this kind of attacks.

Obviously this is assuming a lot, e.g that there are not other flaw in the design of the application, but my point being that becoming quantum-resistant is conceptually at least quite simple.

Anyway, I find it great to demystify this kind of progress and to realize how our stack can indeed, if we do believe it’s worth it now, become resistant to more threats.

Please clarify, as I asked in https://lemmy.ml/post/20245112/13688624 I don’t see how that’s relevant. They are sharing opinions from startup CEO or numbers that are about large “old” (much earlier than the boom, e.g Ant, Shein, ByteDance). That’s certainly interesting but does not contradict figures from the article.

Research happens through university, absolutely, and selling products at scale through large companies, but that’s not innovation. Innovation is bringing new products, that is often the result of research yes, to market. Large companies tends to be innovative by buying startups. If there are no startups coming from research coming from universities to buy, I don’t see how large companies, often stuck in the “innovator dilemma”, will be able to innovate.

Thanks for linking to criticism but can you highlight which numbers are off? I can see things about ByteDance, Ant group, Shein but that’s irrelevant as it’s not about the number of past success, solely about the number of new funded startups. Same as the CEO of ITJUZI sharing his opinion, that’s not a number.

Edit: looks totally off, e.g “restaurants, in a single location, such as one city, you could immediately tell that there were large numbers of new companies.” as the article is about funding, not a loan from the bank at the corner of the street.

RPi with minidlnad, all devices at home from computers, phones, tablets, video projector, even VR HMD, can play content with e.g VLC.

Very quick to install (basically have a media directory with your videos inside) and still very flexible, e.g new content is added simply by copying from any other device with access, e.g scp which itself can be a script after downloading something.

OK… unable to argue, blocked.

Thanks for the in depth clarification and sharing your perspective.

this is a good development

Keeping finance in check is indeed important so I also think it’s good.

What about the number of funded startups though and the innovative products they would normally provide customers? Do you believe the measures taken will only weed out bad financiers or will it also have, as a side effect, to bring less products and solutions out? Does it mean research will remain academic but won’t necessarily be commercialized or even scaled? If you believe it will still happen, how? Through state or regional funding and if so can you please share such examples that grew for the last 5 years?

I keep track of parts of such a solution at https://fabien.benetou.fr/Content/SelfHostingArtificialIntelligence namely TTS, STT, LLM, etc. There is also a recent HomeAssistant article https://www.home-assistant.io/blog/2024/06/07/ai-agents-for-the-smart-home/ which is quite interesting… but also concludes that they don’t believe it’s ready for prime time for most.

If you have specific use cases in mind, happy to give more pointers for solutions I believe might fit. That being said I’m not personally convinced as I don’t use any assistant on a daily basis. Still I believe FLOSS alternatives are interesting to consider for any topic.

Founded in 2019, right after the peak according to the very graph I highlighted.

Neither I nor the article is saying there are no more startups nor innovation from China. What the article is saying is that it’s radically less than 7 years ago. You can still list few amazing Chinese startup from 2023 or 2024 and it would still not make the article “nonsense”.

Just ran a VR game for Windows just this morning, worked like a charm, didn’t tinker one minute (using Proton and SteamVR, Valve with NVIDIA, just for context).

Then you also read things like https://www.forbes.com/sites/jasonevangelho/2024/08/21/linux-scores-a-surprising-gaming-victory-against-windows-11/ on non technical websites… and can’t help but wonder if it “will” be easier or… if it’s already done.

plain old Konsole

Come on now, it’s pretty active! Cf https://invent.kde.org/utilities/konsole/-/commits/master/?ref_type=HEADS 13hrs ago, a new feature weeks ago and https://konsole.kde.org/changelog.html

I believe that’s precisely the point of the article, that there will be no new BYD which was funded 29 years ago.