Get the top HN stories in your inbox every day.
koprulusector
gotaquestion
> It’s your machine, but the inner workings are this ineffable mystery.
At some point, every machine's software becomes an ineffable mystery. Do you know what is going on in all your 3rd-party Linux drivers, say, from NVIDIA?
grumbel
A system should only be a mystery in so far that you were too lazy to look up how exactly something works. Having "undocumented service" running wild should be unacceptable, even so it has become so common place. Linux isn't free of this, far too many times there is no man-page to tell you what something does, but at least you can dig into the source if you have to.
gotaquestion
Not with 3rd party drivers. I think people fetishize the desire to have complete control, and it is a myth. I've been using Linux since 1997, and all the fighting for transparency has been a tempest in a teapot with no progress made at ALL.
If people wanted to fight for it, stop using NVIDIA products, but do you see that happening? Not bloody likely.
This isn't so much whataboutism as it is about trying to coerce an ecosystem of hundreds of vendors to listen to a small cadre of open source proponents.
If the Linux kernel forces AMD to improve UAI and make it look like LAM, I'd consider that a victory. Let's see what happens.
jancsika
That's certainly a single piece of evidence that every machine-- including all Linux distros-- are ineffable mysteries.
Similarly, all fruits have fat content. Just off the top of my head:
1. avocados (a whopping 15% fat content!)
2. there is no legal requirement for me to list another fruit here
macksd
I'm pretty sure the most common picture of Linus Torvalds is a picture of him giving NVIDIA a rather rude gesture with his finger, and the reason was because of the way they push a proprietary driver and don't work well with an open community.
conradev
As someone who used to work at Apple and have this knowledge at my fingertips…
It really is nice to have, when you want to look it up. Userspace daemons and their behavior should not be a mystery.
At an extreme minimum, most daemons on macOS have at least a man page describing their high level function.
saagarjha
Well, I just filed FB9971057: triald should have a man page explaining what it does ¯\_(ツ)_/¯. Unsure it would help against a person who is dead set at reading logs to figure out what a daemon does, but it might provide some basic insight to the casual reader.
asdff
Where is this documentation? Can you demonstrate how to invoke a man page for a particular background daemon? e.g. an arbitrary process from launchctl list output?
TremendousJudge
What's your point?. That since some software doesn't play nice and doesn't treat its users with respect, we shouldn't value all the software that does? I don't find this agreeable
gotaquestion
I don't think I meant that, although it might sound like it. I think you're accusing me of the fallacy of all or nothing, but to me the original argument sounds like an obsession with purity, but clearly one line isn't enough to explain that.
The replies to my original post seem to me to be arguing for 100% transparency from the keyboard to the atoms on the finfets. I don't think I'm strawmanning that (maybe hyperbolizing a little, but with RISC-V proponents, maybe not!)
That sounds like a noble goal, like world peace, ending starvation, and curing all modern ails. However, the extent to which tribalism and out-grouping emerges from people who don't use the "superior, pure" solution is nonsense: just look at the tone of the first post, snidely declaring that this is proof apple is again such a bad solution. That's not helpful, and after hearing similar tech arguments for nearly 35 years online, it is tiresome (ironic). On top of that, the dream of transparency seems unlikely because every open source hardware project I've ever seen has failed [1], there is zero motivation for it.
Again, not to say it isn't a noble goal, but don't fetishize it to the point of outgrouping others.
[1] This is a broad statement, as there is plenty of gadgetry that is open source hardware. I mean: open source hardware for Linux laptops. Or at least hardware that has open source drivers but doesn't have an "Appendix H".
undefined
e2le
> Do you know what is going on in all your 3rd-party Linux drivers, say, from NVIDIA?
Sadly not because, like OSX, that software is proprietary and us filthy peasants are denied the honour of gazing upon the holy source code crafted by the holiest engineers, anointed by Huang himself.
Of course, that's assuming you don't download the Nvidia leak and gaze upon the source code within. That would be bad, you're bad for thinking it, don't do that. Only bad people would do that. May Huang have mercy on your soul.
josephcsible
I only buy AMD GPUs, specifically because AMD provides open-source drivers and NVIDIA doesn't.
trelane
Same. I bought Intel for a long time because they Just Worked. It looks like AMD will Just Work _and_ have great performance.
jakogut
No, but I'm able to read and modify the code for all of the in-tree drivers, which are the only ones in use on my machine.
There's also a large difference between a closed driver or firmware blob, where the function is known but the workings are not, and large portions of the userspace, including system services and applications, that are entirely opaque.
gigaflop
This reminds me of Windows Search Indexer on my PC. Microsoft's spying aside, it apparently needs 13.5% or more of my CPU at all times. It started after I updated multiple time sin a row, and for the past few weeks, has never stopped. I've killed it via task manager, only to have it come back shortly after.
dmitrybrant
One of my first tasks after a clean install of Windows is to disable any unnecessary services, including the Search Indexer. Not only do I disable the service itself, but I also explicitly remove all folders from the "indexed locations" control panel, and explicitly disable the "Allow files to be indexed" bit on the disk itself.
I've literally never needed to search my disk for a file (using the Windows search interface), and if I ever do, I'd rather wait a few more seconds that one time for my search to complete, rather than have the indexer consume my CPU at all times.
patentatt
It would be acceptable if windows search worked well and was fast -- but it's not. I search for something and it still churns the file system looking for my search query. What is the point of all that indexing if it still seems to always traverse the fs for each search!? By comparison, a third party search application [1] gives me results as soon as my key lifts and doesn't excessively index (at least for me). [1] https://www.voidtools.com/
gigaflop
My PC had been fine before the updates (hence not updating until I needed some other thing to work), and I'd never seen Search Indexer pop up in Task Manager in any notable way. something tells me that I might just have a broken version of it, and since Windows Update also looks to be a bit broken, I may just be SOL for the near future.
This set of problems may be obviated by actually getting Manjaro to cooperate. It's on the todo list.
Isthatablackgsd
You need to go in the Search Indexing setting to remove the directory for indexing. And only tick the directory that you want to index.
Also to completely disable it, you needs to disable the service and remove the entry from schedule tasks. It keep coming back because of the service and scheduled tasks are not disabled. This is how Google Chrome keep starting up their updater and bypassing my disabled startup entries for Chrome. Because of scheduled tasks is not removed, Chrome uses that to reactivate their updater and recreate a startup entry. Managed to completely neutered Chrome updater through Sysinternals AutoRuns.
legalcorrection
Windows Search Indexer and Windows Update are probably the worst two components in Windows, though at least Windows Update has gotten noticeably better in the last few years.
smoldesu
Even worse is the Mac search indexer. Ever wonder why your CPU temps are pinned at 90c in low-power mode? Open activity monitor, cmd+f for mdworker, and you found your culprit. It's insane that they enable thay be default...
rootusrootus
I've never had spotlight hog things for more than a few hours, and only after a fresh install. It's generally well behaved. And it's very useful and fast for searching.
cafed00d
> - Apple can double speak all they want about digital privacy, but their actions tell the truth. As a paying Apple customer, you’re not deemed worthy enough to even understand how your own machines work, less even to “tamper” with their working, and who knows what data is actually being shared?
> - Personally, I say no thank you. I’ve been on Debian or a variant for almost 10 years now, and haven’t looked back. It’s only gotten easier, as software generally moves more and more to SaaS web apps and the intrinsic cross-platform nature of the browser.
Personally, all the paying Apple customers in my family have been able to understand how the systems works to make video calls and talk to their grandchildren.
10years ago we tried installing Linux on an HP laptop we paid for and could barely get a picture opened up because... (do I really need to spell this out?) of unreliable display drivers means that the screen blacks out on whim.
I find it so odd, Linux users overlooking the fact that people who don't tinker with computers all their life do not have the time to get Linux up & running.
c22
I've been using "linux on the desktop" exclusively for the last two decades and it's always curious to me when people complain about having to be a techno wizard to operate it because for at least the last 10 years I've pretty much had to configure nothing and everything from fancy displays to networked printers has worked without a hitch. I can honestly say that I'm not even sure where I would look to configure or troubleshoot some hardware on my modern linux system because that's just not something I ever have to do.
One thing I did do while I was building that first linux pc, and for every computer I've bought or built since then, was a tiny bit of research on driver compatibility. Just something as simple as typing '<laptop model> linux compatability' into google. Or, if while configuring a new system there is a choice of wifi cards or hard drives or whatever, I just look each one up and check before I buy. It is a minor hassle compared to the on-going benefits I derive from a linux system.
Sure, in a perfect world all manufacturers would produce high quality open source drivers for all systems, but we are just not that well coordinated. It is getting better, though.
philjohn
> One thing I did do while I was building that first linux pc, and for every computer I've bought or built since then, was a tiny bit of research on driver compatibility. Just something as simple as typing '<laptop model> linux compatability' into google
And that's the reason you don't have problems - you're going for hardware/laptops that are well supported in Linux.
Do you expect mom and pop to do the same? Versus buying something off-the-shelf with Windows, or MacOS and it just working, without needing to undertake that step?
ricardobeat
> having to be a techno wizard
> while I was building that first linux pc
> for every computer I've bought or built since then
> bit of research on driver compatibility
This is pretty self explanatory. Your expectation of what basic computer skills should be is way too high.
brimble
My trajectory was ~2000-2011 as a heavy Linux-on-the-desktop user (and Windows, for gaming), but quickly converted to Mac when was issued one at work after that, and that's where I've stayed ever since. I didn't even realize how much time I was wasting and how used I'd gotten to working around shitty, broken stuff, mostly by just avoiding doing things. Once I saw what life was like on the other side, it was a no-brainer to switch.
I try Linux again every couple years, and have every time been quickly reminded why I stopped using it (on the desktop, anyway).
switchbak
I think Linux to many is a hobby much like woodworking, one that can also help feed their identity. I've been there myself.
I don't think you can expect deep empathy and a strong desire to simplify things down to the grandparent level if much of the reason for using the system is for geek cred and a landscape for such endless tuning/tweaking.
I'd even put myself in the latter camp, I like tuning things!
Certainly Linux on the desktop has gotten dramatically better over the last few years, but I don't see it ever getting to appliance level without really cutting out what we typically associate with the flexibility of Linux (more like Android or a set top box)
shrimp_emoji
I feel more like it's analogous to driving a stick shift or baking your own bread. "This is superior; everyone should be doing it!" The problem with that sentiment is that it's 100% true yet totally unrealistic (for reasons unknown -- I don't know why every grandparent out there can't learn to use the command line, from a neurological perspective), and the dissonance erupts like steam from a geyser when those people see the folly of not doing those things.
fartcannon
Linux users probably skew more ethical than the average Mac user. Otherwise, Apple wouldn't make so much money locking down future generations freedoms.
seanw444
Try again. Linux Mint is fantastically simple to use, and legitimately "just works" for average-Joe uses cases.
Linux, and its various distros, are an ever-evolving tech. Linux 10 years ago was so much less capable than Linux in 2022. Just because it didn't work then, definitely doesn't mean it won't work now.
30367286
On what laptops does sleep/hibernate work correctly when you close the lid, with Mint?
Seriously, swear to fucking god, every time someone says “oh Linux just works”, the next comment is “oh? I tried that distro on the recommended hardware and had trouble with…”
Next response is ALWAYS: “Oh yeah that’s broken but I don’t use that feature.” Usually about hibernate. As in, apparently everyone using a laptop plugged into a wall and never closes the lid. Or uses a desktop. I don’t even know, it doesn’t make any goddamn sense.
I just don’t believe you guys any more. Everyone who says Linux just works has adapted their workflows to be hyper specific to the things they do, and have just decided that basic-ass features present and working on mainstream OSes are just gimmicks that the rest of us should forgo out of moral purity.
Also with this “try again” noise. Good lord, happy y’all are blessed with the patience to try again until you find the right Goldilocks set of hardware and tweaks that doesn’t give you a migraine but there exists a large contingency of the population that doesn’t spend every waking moment staring at glowing rectangles. Spare us a fucking thought, and spare a thought for our relatives who took years to learn how to double click.
teknopaul
Re: "I find it so odd, Linux users overlooking the fact that people who don't tinker with computers all their life do not have the time to get Linux up & running."
Statement is a bit out of date, apart from a good PC, most Linux users don't even know they are using it.
I find it crazy people have apps running on their Macs and windows desktops that they can't even find out what it is doing, let alone how it works.
Thankfully we have a choice, each to their own.
Animats
I find it crazy people have apps running on their Macs and windows desktops that they can't even find out what it is doing, let alone how it works.
Have you looked at a Linux syslog lately? This is 20.04 LTS on desktop. It does a lot on its own. Probably too much.
Mar 31 00:33:18 Nagle-LTS whoopsie[1278]: [00:33:17] Cannot reach: https://daisy.ubuntu.com
Mar 31 02:17:42 Nagle-LTS snapd[503370]: storehelpers.go:721: cannot refresh: snap has no updates available: "bare", "blender", "brackets", "chromium", "core", "core18", "core20", "demo-curl", "gnome-3-26-1604", "gnome-3-28-1804", "gnome-3-34-1804", "gnome-3-38-2004", "gnome-system-monitor", "gtk-common-themes", "gtk2-common-themes", "inkscape", "remarkable", "snap-store"
Mar 31 02:17:42 Nagle-LTS snapd[503370]: autorefresh.go:536: auto-refresh: all snaps are up-to-date
Mar 31 02:30:09 Nagle-LTS systemd[1]: Starting Ubuntu Advantage Timer for running repeated jobs...
Mar 31 02:30:11 Nagle-LTS systemd[1]: ua-timer.service: Succeeded.
Mar 31 02:30:11 Nagle-LTS systemd[1]: Finished Ubuntu Advantage Timer for running repeated jobs.
Mar 31 03:05:03 Nagle-LTS systemd[1]: Starting Firmware update daemon...
Mar 31 03:05:04 Nagle-LTS systemd[1]: Started Firmware update daemon.
Mar 31 03:05:05 Nagle-LTS fwupd[1434387]: 10:05:05:0005 FuPluginPciMei ME family not supported for 0:9.0.1.1333
Mar 31 03:05:05 Nagle-LTS fwupd[1434387]: 10:05:05:0007 FuEngine failed to record HSI attributes: failed to get historical attr: json-glib version too old
Mar 31 03:05:05 Nagle-LTS systemd[1]: fwupd-refresh.service: Succeeded.
Mar 31 03:05:05 Nagle-LTS systemd[1]: Finished Refresh fwupd metadata and update motd.
The Ubuntu "snap" system is busy, although it didn't update anything today. Two independent systems seem to be updating "snaps", which are part of Ubuntu's container system for remotely updated applications.
Mar 31 06:36:49 Nagle-LTS systemd[1]: Starting Daily apt upgrade and clean activities...
Mar 31 06:37:11 Nagle-LTS dbus-daemon[936]: [system] Activating via systemd: service name='org.freedesktop.PackageKit' unit='packagekit.service' requested by ':1.11660' (uid=0 pid=1437238 comm="/usr/bin/gdbus call --system --dest org.freedeskto" label="unconfined")
Mar 31 06:37:11 Nagle-LTS systemd[1]: Starting PackageKit Daemon...
Mar 31 06:37:11 Nagle-LTS PackageKit: daemon start
Mar 31 06:37:11 Nagle-LTS dbus-daemon[936]: [system] Successfully activated service 'org.freedesktop.PackageKit'
....
Mar 31 06:38:52 Nagle-LTS systemd[1]: apt-daily-upgrade.service: Succeeded.
Mar 31 06:38:52 Nagle-LTS systemd[1]: Finished Daily apt upgrade and clean activities.
Mar 31 06:43:56 Nagle-LTS PackageKit: daemon quit
Mar 31 06:43:56 Nagle-LTS systemd[1]: packagekit.service: Succeeded.
trelane
Put Mac in the same laptop and compare.
dpedu
You're using a different definition of "understand how the systems works". Your grandmother doesn't understand unix signals.
stonemetal12
>It’s only gotten easier, as software generally moves more and more to SaaS web apps and the intrinsic cross-platform nature of the browser.
What is the difference between not knowing what the software on your system is doing and not knowing what any of your software is doing and it is not running on your system?
undefined
sjg007
How's the battery life on linux laptops these days?
asciimov
It's not the battery life that's the issue on Laptops these days, as it is typically better than windows.
The biggest issue is getting all the hardware supported out of the box. For example, there is a certain amount of mucking about you have to do to get any off the shelf laptop running Linux. On rare occasion system updates change something that the laptop doesn't like, hunting down that change can become tedious.
rglullis
The solution for that is easy: don't buy the absolute-latest-generation of any hardware.
I've owned Samsung laptops, HP laptops, Thinkpads. I've built my own work desktops. I've never had any issues, as long as the hardware is ~6 months out on the market.
That's about the time it takes for linux devs to catch up with companies that focus on windows drivers.
dralley
Still not as good as Windows but much better than it used to be, especially if you're using well tested hardware like a Thinkpad
trelane
My experience with ThinkPads has been terrible. I've lost faith in ThinkPads. Too bad we can't get working Linux hardware at work.
Fortunately, I can buy my personal hardware from whomever I wish, and it certainly will not be Lenovo.
LooseMarmoset
Pretty good, especially if you install TLP for power management. I get at least a full workday and a half out of my Dell 9375.
vaidhy
Not OP, but my laptop lives long enough for me to get to a plug point if needed. I have power at work and home and I have suspend turned on when I close the lid. I can live with a few seconds of wake up time, when I have no accessible power for long periods of time. It is really not that complicated.
hdjjhhvvhga
I dual boot Windows and Linux and I found out I can actually work longer in Linux. Maybe it's related to the fact that Windows services consume more CPU.
undefined
throw10920
It varies, like it does for literally every other combination of hardware and software on the market, but mine gets between 8 (light web browsing) and 12 (terminal programming, no web browser running, wifi disabled) hours on a single charge.
For reference, Windows on the same laptop gets about 6 hours while just sitting there.
callamdelaney
good enough, especially with optimisations.
noufalibrahim
My thoughts exactly. A machine that I paid money for and bought shouldn't have these kinds of mysteries from me. A binary driver is one thing. I can uninstall it albeit at the cost of impaired functionality but I had the option of buying another graphics card, OS whatever at the beginning. Here, I buy hardware, OS and everything else from one vendor and I can't uninstall, delete or kill a process that's running on my own machine? If it's something malicious on Linux, I can deny it access to parts of the drive, I can kill it or make it non executable. I can even find the executable and corrupt it so that it won't run.
jmull
The existence of a Mac OS service you don't immediately understand really has nothing to do with Apple's stance on digital privacy. There's no logical connection here.
philjohn
I'd argue that's not a helpful take.
This appears to be downloading and executing new code, and potentially returning results back to the mothership.
That there is no explicit opt-in, or even much information about WHAT this is doing, is sadly what I've come to expect from Apple.
pilif
I looked at one of the files:
`~/Library/Trial/Treatments/SIRI_DIALOG_ASSETS/factorPacks/6242008c0f185b3e2ef6bf8e/assets/com.apple.siri.dialog.socialconversationfl#d5b431b/dialog/SocialConversation.catfamily/dalWhoIsYourValentine.cat/en.cat.bin`
the file is gzip compressed and the decompressed data reveals some strings that are probably related to the question asked in the `cat` file:
tag:valentine";Only localize if Valentine's Day is relevant to your localeJ2�SS[If I could have a Valentine, it would be all 7.5 billion people on Earth. That is<sub alias=",">…</sub> a lot of heart-shaped lollipops.]:�SS[If I could have a Valentine, it would be all 7.5 billion people on Earth. That is<sub alias=",">…</sub> a lot of heart-shaped lollipops.]
So this isn't just about a/b testing but also about feeding current data into Siri to allow some local processing of timely events.
Do note though, that I have Siri disabled on my Mac, so this is of questionable value
dx034
Maybe they need to store that much locally if they want to train models locally? In the end, I guess many folks on HN would give up a few GB of their disk space if it means all ml related stuff can run locally. And as far as I'm aware, Apple is the only one at least partly doing that.
Would be much nicer if they stated the purpose and allowed for some configuration, though. And verification by third parties is obviously still important.
dan1234
I've also disabled Siri and my ~/Library/Trial directory is only 3.6M (with no SIRI_DIALOG_ASSETS dir - so no valentines for me).
Maybe you should check that Siri is still disabled on your Mac?
cjbconnor
I've had Siri disabled the entire time I've owned my mac (just checked, still disabled), and my ~/Library/Trial dir is 180M, 136530 files.
klohto
Interesting, I have it off but still have the folder. Did you do any "extra" steps to disable Siri?
ratww
My guess is the data was put there before disabling, and disabling doesn't automatically remove the data.
lwkl
I just checked and for me it's the same. Siri is disabled and the folder is only 3.6 MB.
nonameiguess
Same for me. Siri is disabled and there is nothing in these folders.
skygazer
I trust that Apple isn't doing anything nefarious here, but at the same time, I'm quite grateful that others aren't so trusting. I want the "white hat" suspicious and skeptical rooting through everything. In fact, I don't think I'd trust Apple so much if it weren't for those that don't trust them. Their constructive distrust enables my trust.
smcn
What's the phrase? "Trust but verify"?
fer
Yes, the Russian proverb.
It's even better in Russian: доверяй, но проверяй, doveryay no proveryay
It's better because it displays both words are semantically related. In fact, "verify" is cognate with their root, vera/veryat', probably a common Indoeuropean root but I'm too lazy to verify (pun intended).
bmn__
You spoke true.
pstoll
Interesting - so more like “verity but verify”. Very cool.
sneak
Why do you trust that? Apple has specifically admitted to having a nefarious plan to scan your local files without consent and further use your computer (also without consent) to report on you to law enforcement. This may well be that implementation.
The latest desktop and mobile OSes are quietly shipping code to enable this, despite the uproar that happened when Apple announced it. They let people believe they were stopping the project, but it nonetheless proceeds quietly.
Apple is not trustworthy.
https://en.m.wikipedia.org/wiki/MacOS_Monterey
(Edit for clarity: enable above is used in the "to support" sense. I do not know if such clientside scanning is enabled (in the activated sense) yet, only that Apple has explicitly stated at least twice that it will be. It appears imminent. Some or all of the code has already shipped and is on your machine(s).)
boredtofears
Every cloud provider does CSAM scanning or they'll be chased down by certain three letter gov agencies and/or US senators looking to score easy political points.
sneak
This thread is about local file scanning and has nothing to do with the cloud. Apple refers to all photos on Apple devices under the "iCloud Photos" brand name.
Apple is within their rights to scan files on their servers. They already do this now, as you note. This thread is about something else: Apple OS bundled malware that scans files on non-Apple-owned machines without consent, even files that have not left the user's own device. This turns your own local hardware into a snitch against your will. What it scans for is also not within your control.
They do not do this today, but they have stated at least twice that they intend to begin.
rootusrootus
> Why do you trust that?
Not OP, but I'll throw my two cents in. While some people on HN were hyperventilating about the CSAM thing, I was digging into the docs to see what was actually happening. In every instance, I found myself a bit more impressed with how much engineering the folks at Apple clearly put into making it work without compromising privacy. Contrary to what people kept saying here on HN. It made me a lot more suspicious of randos on HN and a bit more willing to give Apple the benefit of the doubt.
I'm always amenable to more actual evidence, but as of yet that seems completely lacking. If I were more conspiracy minded I'd wonder if there was an orchestrated effort.
sneak
People are rightfully upset about it because there is precisely zero amount of clever engineering that makes using my own hardware to spy on me and potentially report me to the police okay, morally or socially or technically. Literally no one would willingly opt in to such a thing on their computer if prompted. This appears to be the US government exercising an extrajudicial, extralegislative mandate (aka functioning as a dictatorship) with regards to a software publisher, and Apple unilaterally forcing this on users via updates.
This is an authoritarian, tyrannical end run around basic human rights to due process, and if indeed it is an essential prerequisite (per the government) to Apple deploying e2e crypto, then we don't actually have freedom of expression (as Apple would presumably be punished by the federal government for publishing software that supports e2e encryption WITHOUT such literal spyware).
The fact that this is even being discussed is a giant blinking red warning light about the lack of freedom in our society. Both for millions like us, who want the availability of quality tools that don't work against our personal interests and human rights, as well as Apple, who appears to not be allowed to publish software unless it contains backdoors for the cops.
https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...
That should worry you a lot.
PS: Any clientside scanning whatsoever that the user did not consent to, that reports its results to a remote party (even if only positives) is a privacy violation. You cannot scan local files in any way whatsoever (for a purpose that is explicitly against the user, that is, reporting on suspected illegal activity) without compromising privacy, even if Apple's system works perfectly as described. Clientside nonconsensual scanning is inherently a privacy violation.
jtbayly
Do you have any evidence this is what’s happening?
Why should I trust your declarations?
sneak
https://web.archive.org/web/20210903214920/https://www.apple...
(linked from the above-linked wikipedia article as citation for the clientside scanning feature documentation on wikipedia)
https://web.archive.org/web/20210903214920/https://www.apple...
Apple said they were doing it.
Apple never subsequently said they were not doing it. (They did say some things that implied that they MIGHT not do it, designed to make you stop being mad at them ("Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.").)
They did, however, reiterate that this was going to be released.
What more evidence do you want than the vendor's direct affirmative statements?
When people plainly tell you who they are: believe them.
oefrha
I just looked into ~/Library/Trial on my main machine (macOS 12.2.1). I got 380MB spread over 584 files (while TFA's author got 300k???). Most if not all of them are related to com.apple.siri.asr.dictation.en_US. Close to 100% of the space is taken up by .fst files, e.g.
$ file /path/to/msg-bigG.squeezed_quantized_acceptor.fst
/path/to/msg-bigG.squeezed_quantized_acceptor.fst: OpenFst binary FST data, fst type: squeezed_quantized_acceptor, arc type: standard, version: 3, num states: 1237632, num arcs: 7376910
BluSyn
I checked mine, and I see lots of mention of "Siri" (TEXT TO SPEECH, FIND MY, etc). Seems most likely this is A/B testing for ML models, such as those for Siri and Photos analysis?
That's my best guess. Since Siri and Photos now processes more locally (especially on M1's dedicated ML cores), all the training improvements and testing probably happen locally as well.
It makes sense it would regularly download updates for ML models. I'm more curious about what data gets uploaded back to Apple...
londons_explore
I think apple is pretty invested in distributed ML training. Ie. your PC will go through your photo gallery/siri audio data, and use the labels and stuff to fine-tune an apple-provided ML model. The fine-tunings are then re-uploaded to apple, added up, and distributed to other users in the next update.
The privacy implications of this are dubious. There is as-yet no good research showing how these finetuned models can be used to reveal exactly what photos you have in your photo library, but many experts believe that won't be the case for long.
secondcoming
> The privacy implications of this are dubious.
Really? Apple can essentially be asked by Law Enforcement for answers to questions like "Give me all the IMEIs of people in location X, radius 10 miles, that appear to have pictures of cats"
rootusrootus
> The fine-tunings are then re-uploaded to apple, added up, and distributed to other users in the next update.
IMO this is the kind of statement that should have something to back it up.
reaperducer
I checked mine, and I see lots of mention of "Siri" (TEXT TO SPEECH, FIND MY, etc). Seems most likely this is A/B testing for ML models, such as those for Siri and Photos analysis?
My guess is dictation.
My Trial folder is about 500MB. I've never enabled Siri on my computers declining the option during the setup at first boot. But I do use dictation quite a bit.
If 500MB is the cost of having dictation work solely on my laptop without hitting the internet, I'm OK with it.
The problem is that people love to invent conspiracy theories about Apple because they have an axe to grind.
They get opportunities to do so because of two things: Many of Apple's daemons and other services are not publicly documented. And because it's running a flavor of Unix, it is a lot easier for amateur computer sleuths to poke about and discover what's running that people outside of Apple don't know about.
Operating systems of the past were more opaque, so we just had to blindly trust the manufacturer. But people can see things better now. It would help rebuild trust if Apple would have a standard reference online explaining all of its OS bits.
Hamuko
I get "56 961 719 bytes (567,5 MB on disk) for 147 851 items" on my work laptop, which is definitely not enrolled in any kind of beta programs, and "56 157 910 bytes (566,4 MB on disk) for 147 806 items" on my home computer, which I unboxed yesterday.
lathiat
I have a big directory here too (100s of thousands of files) however I am enrolled in the beta program. Perhaps the super large versions of the directory is only for the beta program but the non beta participates have the small version.
kergonath
It could also well be the daemon not cleaning up after itself properly in some obscure circumstances. These things happen way too often.
klohto
Macbook Pro M1 Pro, 12.3, Siri completely disabled as most of the daemons (the ones that are possible) and I also have ~333MB across 303k files.
ziml77
MBP M1, 12.2, Siri enabled (though I haven't actually used it)
> du -hs ~/Library/Trial
2.6M /Users/___/Library/Trial
> find ~/Library/Trial | wc -l
160clairity
i have siri off and my numbers are 16 and 2.2M (16" intel MBP, 11.4). fwiw, all of my triald's (outgoing) connections are blocked via lulu, but i don't think that makes a difference here.
for folks with siri on and extra bloat, i'd guess they could reduce it some by turning off "Show Siri Suggestions in App" and "Learn from this App" for each app in the "Siri Suggestions & Privacy" section of siri's system prefs (for the apps they don't care about having siri integration).
pram
"Trial" will gather and store the voice samples if you have "Improve Siri & Dictation" turned on in the Privacy settings. This showed up in Big Sur and is probably the exact same thing from iOS. If you have Siri and that disabled the folder should be pretty small.
bartvk
Howard Oakley is such a prolific writer on newly appearing macOS issues. Take for example this piece. It's collecting new information and trying form a picture, and that's how the community starts learning. Awesome content.
kergonath
Indeed. He deservedly get to the homepage here regularly these days. His coverage of the M1s has been very useful.
sdfjkl
Open source is where you don't have to apply guesswork to find out what a suspicious looking piece of software is doing on your computer.
AussieWog93
Nope, instead you have to apply guesswork to figure out why an apt-get call accidentally uninstalled your desktop environment. :P
oynqr
Pretty sure there was no guesswork involved in finding out why that happened, since it was resolved so quickly.
kop316
I'm confused. `apt-get upgrade` doesn't remove packages. `apt-get dist-upgrade` tells you what packages it will remove and has you confirm that you want those packages removed before you proceed.
https://www.debian.org/doc/manuals/apt-guide/ch2.en.html
What guesswork is needed?
AussieWog93
It was a reference to an infamous incident where Linus Sebastian accidentally removed his DE when trying to install Steam via APT.
npteljes
I'll take that every day. Because it's not like proprietary doesn't fuck itself up. For an anecdote, I had a laptop with Win8 preinstalled, and Update just wasn't working one day. The solution? Scouring the internet to find a Microsoft executable that fixed update. How? We'll never know. Because we're not meant to.
jthrowsitaway
Ah yes, gotta love the mystery .exe "fixers" that are sometimes associated with KB articles.
dylan604
Or the MS update that nuked people's Documents folder?
StreamBright
Or how Exim ended up on my system when I wanted to install a command line tool that does not require email sending (even if it required why on earth would anybody build such package dependencies).
prmoustache
Unless you blindly launch all apt-get call with the -y command it will ask you for confirmation before uninstalling anything.
If you say yes, it is not an accident but 1. your own decision 2. it is easily reversible.
_Algernon_
You only have to guess if you ignore the obvious warning and type "Yes, do as I say" indiscriminately.
I think that's fair.
SanderSantema
Although you could make this argument in this context I don’t think it is valid. I’m quite certain that someone who’s trying to figure out what some obscure service is doing on their machine would be able to use `apt-get` perfectly fine and wouldn’t ignore any all-caps warnings.
smoldesu
Sure thing, Linus...
superasn
Definitely right about that.
Maybe some user can be unaware of what is happening with OSS, but the community as a whole will always have accurate information of what is what (unlike this case where everyone is guessing).
dmitriid
> but the community as a whole will always have accurate information of what is what
OpenSSL audit would like to have a word with this mythical community. log4j vulnerability, too.
BeefWellington
There are a few big problems with these examples.
For starters, the obvious implied suggestion is that these types of vulnerabilities don't exist in commonly used closed-source systems. That's been proven hilariously false time and again.
Secondly, commercial vendors have seen fit to adopt opensource where it suits them in order to take advantage of (and offload responsibility for) what these components do. You're effectively saying "Open Source community doesn't have accurate information because look at X and Y" and ignoring that "X and Y" were also not discovered to have problems by any closed-source using dependent commercial entities.
undefined
dmitriid
Except it's been proven again and again that this is not even remotely the truth.
The number of people who can properly analyse complex software to uncover what it actually does is a line asymptotically approaching zero. While OpenSSL is an overused example, it still remains a good one.
rosndo
And the people who can do so are usually the same people who’d be perfectly capable of analyzing binaries directly.
Besides, you’ll never know if the code you’re looking at abuses some compiler quirk without studying the binary.
vaylian
> And the people who can do so are usually the same people who’d be perfectly capable of analyzing binaries directly.
I doubt that. And even the people who are good at analyzing binaries probably prefer to have the source code available to save a lot of time.
bee_rider
Somebody should tell the folks designing high-level languages that their code is no easier to analyze than a binary, I guess.
rootusrootus
On the other hand, you alone are responsible for all the little pieces of software that are part of your Linux system. People running MacOS have willingly given over to Apple the guarantee that Apple-provided MacOS software is not doing anything nefarious. The assumption being that 1) there are enough people capable of detecting malicious behavior that it will get caught, and 2) Apple has a very strong vested interest in maintaining their cred as a privacy-focused company.
It is certainly a trade off, and everyone will have their own reasoning. There is no objectively correct answer.
sdfjkl
> given over to Apple the guarantee that Apple-provided MacOS software is not doing anything nefarious
That depends on your definition of nefarious.
rootusrootus
I will grant that many (I would go so far as saying most, and to a very rough approximation, all) users do not have the same purist attitude towards privacy that is common on HN. Metrics on app usage and such would be seen as nefarious here but the average user doesn't care at all.
pjmlp
Indeed, only to learn about all the programming languages, libraries and communication protocols used in the system, and then they might understand what is happening.
SanderSantema
Whereas on closed source you’d have to do all of that and probably a good deal of reverse engineering on top of that. That’s unfortunately not something which it necessarily makes any easier, but rather a lot harder.
canadaduane
The difference here is "[Apple] authorized people who are skilled in the art" vs "anyone skilled in the art" of programming can tell others what it does.
dangerface
Linux package managers are great I haven't had to build a program from source in years.
But how do I know the source code I check is the binary my machine runs? Even if I build from source I could have a malicious gcc that takes clean source and outputs a malicious binary.
Unless you are running jit or something you can't really know what your computer is running even if you use open source.
ben-schaaf
You can check whether the binaries you have are produced by the source if you have reproducible builds, see https://wiki.debian.org/ReproducibleBuilds.
rosndo
You know, you don’t need the source code to tear a binary apart in IDA.
saagarjha
You do know that you can peek at closed source binaries and figure out what they do? It’s not even all that hard in this case and it would quickly tell you what the software does, assuming it’s not intentionally trying to cloak its behavior, which it is not in this case.
SanderSantema
Either way, it’s easier if you’ve got the source code as well.
Cockbrand
I was never aware of this, and while poking around I came across
~/Library/Trial/Treatments/<NUMBER>/factorPacks/<OTHER_NUMBER>/assets/com.apple.siri.asr.dictation.*/etiquette.json
These files do contain an impressive amount of swear words, some of which I had never heard.
petercooper
The en_GB one on my machine includes words like smeg, squits, and argie – all of which are mild yet anachronistic terms at worst. And, curiously, "poe" – I know Apple doesn't like power over Ethernet, but really..
dx034
Only in one language or in all languages supported by Siri? Would be great when learning a new language :)
But probably needed for Siri to process speech locally, as they'd likely want to filter out those words.
lizardactivist
I keep wondering if my Macbook is really mine, or if it's theirs.
dannyw
Remember when operating systems didn't have multi-gigabyte binary blobs performing cryptic actions with an extremely chatty online connection?
sneak
With Little Snitch (and thorough abandonment of iCloud, iMessage, Siri, FaceTime, and the App Store) you can have this once again.
There are about 30 Apple processes to which you need to deny all network access. Then a Mac is relatively quiet. (By default Apple stuff is whitelisted in Little Snitch, you have to go and manually uncheck built-in allow rules.)
Apple built something called the ContentFilterExclusionList that bypassed Little Snitch and VPNs for Apple apps, which was thankfully disabled rapidly (and without an announcement) after a big backlash. Hopefully it will not resurface.
If it does it will still be possible to alter the system boot security level setting and tamper with the signed system volume (and modify the exclusion plist) and the system will still work (and so will the firewall), but it will take some hacking. This (and the work by marcan and the Asahi team) is the sole reason why I just dropped eight large on that chonky mac mini with the twenty cores.
The escape hatch remains. For now. (You still can't buy them anonymously.)
SamuelAdams
I just put this list in /etc/hosts. Seems to work well enough. I don’t use any apple services on my Mac. This will probably break those.
LooseMarmoset
You can't buy a Mac anonymously?
sneak
Not the maxed out BTO ones, at least not at present for the Mac Studio.
cabirum
No, I don't remember a time when users were in control and actually owned Apple-made hard- and software.
However, linux is alive and well, despite some flavours attempting to force autoupdating snap stores and the like onto users.
csmattryder
Linux can be chatty, but I'd recommend installing OpenSnitch to get a handle on the few phone-home calls from programs like snapd (if you choose to not neuter it, immediately) and distro-specific upsells like "ubuntu-advantage".
The biggest pay-off for OpenSnitch is if you're going to be installing and using third-party programs like VSCode and Unity, who love to talk to analytics providers.
dx034
Can't that be filtered on a dns level with a list in pihole? Probably much nicer not having to keep it on all devices.
zibzab
vscode lets you turn off analytics in the settings (IMO it should be off by default, untill a crash is detected).
Isn't that enough?
okamiueru
Purging snap has so far been a 5 minute do-and-forget operation, all the way to 21.10.
jeroenhd
Sadly, Ubuntu is moving Firefox to snap in the upcoming 22.04 release. I think I'll be switching to either Manjaro or plain Arch before 21.10 becomes unsupported.
undefined
Ensorceled
> Apple-made hard- and software.
Not sure why are a singling out Apple here. Windows is worse as are many (most?) hardware vendors; there is a reason everyone REALLY should fresh install vanilla Windows over the vendors OEM version.
mouzogu
thanks for the laugh
L-four
The drop cap at the start of the article, is capturing pointer-events. Adding pointer-events: none; will make people who read by selecting text with the mouse happy.
.single .entry-content:before { pointer-events: none; }
Cyykratahk
I suspect that the browser you are using is not spec-compliant. Pseudo-elements (like ::before and ::after) are not actually present in the DOM and are therefore not selectable.
edit: I see that you are probably referring to the z-index of the ::before element overlapping the text, preventing selection.
jannikarndt
Uuhhh these contain the "custom" Siri responses. For example look at
~/Library/Trial/v6/AssetStore/assets/82/623873afd8fba430d4f4a45e/content/dialog/SocialConversation.catfamily/dalAprilFoolsSiri.cat
category: Social
description: For when users say 'April fools' to Siri without any other words.
listenafterspeaking: false
readyforloc: true
subcategory: Daily Rituals
It's April 2nd. April Fools! <break time="300ms"/> If you want to play some tricks of your own, say, 'Tell me an April Fools prank.'Get the top HN stories in your inbox every day.
>Over the last year or so Mac users have run into problems that appear related to a background service named triald. Some report it stealing huge amounts of CPU, others associate it with various glitches, and a few have noticed gigabytes of disk space apparently being taken up by its folder at ~/Library/Trial, and in their Time Machine backups. This article explains as much as I know about this mysterious new service, and ponders what’s going on.
- I find it so odd, Apple users fascination of their own operating system, this sort of voyeur or wildlife documentarian attitude. It’s your machine, but the inner workings are this ineffable mystery.
>I’m not aware of any control over or opt-out from Trial, although it could be covered in Apple’s general request to share data including panic logs, if you can remember where to control that.
>I first noticed Trial when studying Visual Look Up in the log. At the start of each Look Up, the subsystem com.apple.trial enters the following into the log:
>Initializing TRIClient. Trial version: TrialXP-292.18
>_PASEntitlement: Entitlement "com.apple.private.security.storage.triald" is not present.
>Found entitlement: "com.apple.trial.client" --> <private>
><private> 0x12d9547e0 (no container): using Trial root dir <private> >This suggests that Trial is recording information about Visual Look Up, although nothing more explicit appears in subsequent log entries.
- Apple can double speak all they want about digital privacy, but their actions tell the truth. As a paying Apple customer, you’re not deemed worthy enough to even understand how your own machines work, less even to “tamper” with their working, and who knows what data is actually being shared?
- Personally, I say no thank you. I’ve been on Debian or a variant for almost 10 years now, and haven’t looked back. It’s only gotten easier, as software generally moves more and more to SaaS web apps and the intrinsic cross-platform nature of the browser.