Yeah, this is actually a pretty great application for AI. It’s local, privacy-preserving and genuinely useful for an underserved demographic.

One of the most wholesome and actually useful applications for LLMs/CLIP that I’ve seen.

Tbf 500ms latency on - IIRC - a loopback network connection in a test environment is a lot. It’s not hugely surprising that a curious engineer dug into that.

Zsh is a nice balance of modern features and backwards compatibility with bash.

Crostini is an official feature built by Google that allows you to run Linux on a tightly integrated hypervisor inside Chrome OS. You keep a lot of Chrome OS’ security benefits while getting a Linux machine to play with.

That said, no, it’s not illegal to install a different operating system on your Chromebook hardware. They are just PCs, under the hood. You might lose some hardware security features though, e.g. the capabilities provided by integration of the Titan silicon.

If you had a job at Google, corporate IT would definitely not be happy if you wiped the company-managed OS and installed an unmanaged Linux distro :)

Tl;dr: TPMs are very unlikely to make your privacy better or worse, but they could definitely be abused by a company like MS to make end users’ experiences worse. They could also be used for significant security and privacy gains… they’re a tool.

The TPM can be used to provide a cryptographic binding between aspects of your system’s configuration and a unique key which is resident within the TPM (a process called “attestation”). It can also generate secondary keys that are associated with the base key, and use those to do cryptographic operations like encryption/decryption and authentication.

Telemetry wise, the TPM’s only utility might be to “prove” that the data sent from your PC wasn’t tampered with. That said, I don’t think MS is actually doing that, and they don’t need to in order to be incredibly invasive in their telemetry.

The (imo) worst way in which a TPM might be abused in a user-hostile sense is to detect if the OS has been modified by the user, or if an installation isn’t legitimate, etc. That could be used to disable certain features if you try to install unauthorised software, dual boot Linux or whatever. This would be similar to the smartphones of today, which can for example disable access to banking apps if jailbroken/rooted.

TPMs (>2.0 at least) otherwise have the potential to realise a significant improvement in security and privacy for users, if used correctly. They can be used for encryption and credentials that are bound in hardware and therefore practically impossible to steal. And can detect hardware tampering and potentially foil Evil Maid attacks. Imagine if your login sessions for various websites were bound to your hardware, such that a dodgy extension could never steal your cookies.

Of course they do, but it isn’t the ISP’s job to do so. I believe that is the point that the EFF is making here.

Censorship sometimes needs to happen to protect people, but it should be conducted by website owners/platforms and government authorities – on each end of the information transaction, not in transit by an ISP.

Surprised I had to scroll this far down to see this!

I use OTP Auth. Syncs via iCloud and has an Apple Watch app. Plus allows export which is convenient for if I ever want to switch platforms back to Android.

Discovered that the credentials for the library computers (which were helpfully printed on stickers for the forgetful librarians), were in fact domain admin credentials.

Gave myself a domain admin account, used that to obtain access to some sensitive teacher-only systems (mostly for the challenge, but also because I wanted to know what was going on my school report ahead of time).

My domain admin account got nuked, but presumably they didn’t know who had created it. Looked up the school’s vendor (“Research Machines Ltd.”) and found a list of default account credentials. Through trial and error, found another domain admin account. Made a new account (with a backup this time) and used it to install games on my classroom’s computers.

Also changed the permissions on my home directory so that the school’s teachers (who were not domain admins) couldn’t view my files, because I felt that this was too invasive at the time.

That last bit got me caught proper, and after a long afternoon in the principal’s office I left school systems alone after that for fear of having a black mark on my “permanent record”.

Yeah, like shake-to-undo. I was dumbfounded when I discovered that the ability to undo was not implemented on Android.

Most of those things are deliberate restrictions on Apple’s part, rather than technical ones (it is really shitty though).