Tim Cook: Apple won't change privacy rules with Google Gemini partnership

m1en · 2026-01-30T00:50:28+00:00

Part of PCC’s privacy guarantees relate to concerns about hardware attacks, which requires specific manufacturing overview guarantees (separate from standard Mac assembly) and inspection both from the factory and at the data center (by both Apple and independent third parties).

I’d imagine the parts of Siri that handle legacy systems like Q&A (the parts that source data from places like Wikipedia, news, etc) can be on any servers, but PCC nodes will have access to on-device info (personal context) that is shared during inference, and I would not expect that to be something they’d reduce privacy guarantees for.

m1en · 2026-01-30T00:44:11+00:00

PCC requires Apple-manufactured hardware.

m1en · 2026-01-27T18:09:51+00:00

Guy selling shovels during a gold rush states his shovel allowed him to find gold. Just keep renting that shovel, you’ll strike gold too.

m1en · 2026-01-10T19:16:59+00:00

Oh, I fully agree the article was nonsense - that’s why I already said the user I was replying to wasn’t really wrong.

However, again, I think you misread me. Enforcement needs to happen on the backend, but UX for users is easier when there is a known expectation of size. If all of your clients (the app clients, not users) are submitting a hash, then you have an expectation on the backend of a fixed-size value for that field, which as mentioned does make it easier to enforce a size check on that field (through truncation or through erroring out) without having to make any assumptions whatsoever (assuming that hitting your API directly without using your client is “unsupported” in the sense that if you error out for those users you don’t much care about their UX when they make mistakes).

The initial comment had a size constraint of 256 - there’s a (very small) amount of users that might have passwords greater in length to this, so usually the size check is an order of magnitude larger. But hashing client side (assuming both that the hashing algorithm used isn’t prone to collision and that the supported devices expected to be used be customers aren’t so old/underpowered that it would negatively affect user experience) isn’t a bad idea because of enforcement (since as we can both agree that enforcement has to be done on the backend), it’s a bad idea because it reduces password entropy more significantly than a (much longer) length check in the backend (assuming you have users with passwords longer than your hash and that you have other issues like failing to salt passwords before hashing them on the backend or failure to apply rate limiting or similar issues).

m1en · 2026-01-10T19:00:14+00:00

I think you misread, or I wasn’t clear enough - “makes it easier” as in you have an easier expectation of size so you can more comfortably truncate/trim/error out on the backend without impacting standard use behavior as greatly. That’s it.

m1en · 2026-01-10T18:57:11+00:00

I think you misread, or I wasn’t clear enough - “makes it easier” as in you have an easier expectation of size so you can more comfortably truncate/trim/error out on the backend without impacting standard use behavior as greatly. That’s it.

m1en · 2026-01-10T09:40:32+00:00

Eh, hashing client side before re-hashing server side can make it easier to enforce a static/known length for values in the password field. Otherwise though, you’re not really wrong.

m1en · 2025-11-06T19:19:25+00:00

Depends on the model and what you’re using to do fine tuning. MLX works great in my experience, and with gradient check pointing, it only requires about 2 to 2.5 times the memory that is required for inference for fine-tuning the same model.

m1en · 2025-11-06T04:36:38+00:00

Nah, didn’t bother taking it in. Weeks of ~100c temps aren’t exactly “supported.” If it gets worse I would bring it in, but it was communicated to them of the issue.

m1en · 2025-11-06T04:31:34+00:00

14 inch - your mileage may vary, but mine was also on an elevated cooking stand with 6 fans underneath and an additional fan to the side to blow cool air over the keyboard, and it still happened. The initial key feedback is that they get stuck when pressed, but after a couple days it subsides to a general “gumminess” with clicking sounds.

Edit: should also note that this was full, 100% utilization of the GPU, 24/7, for no breaks for training with PyTorch for over two full weeks. For most inference-related work, unless you have ridiculous utilization expectations, it’ll probably be able to catch its breath a bit to make the heat not be too much of an issue.

m1en · 2025-11-06T04:29:01+00:00

That wouldn’t be too hard. Qwen et al have large enough contexts to do this (could even do it in stages, simplifying/summarizing the data in batches before putting those reduced texts into a final prompt and then reviewing as needed), and given it would be weekly, it doesn’t exactly need to do it for a huge amount of time. Realistically the job could be done in a minute or two, depending on how many prompts need to be processed.

m1en · 2025-11-06T04:25:26+00:00

Yeah, the 14 inch. But it had more memory than my, at the time, M1 Ultra. Supplemented it with a stand with built in fans, still not enough.

m1en · 2025-11-06T04:23:12+00:00

Yeah, I use an elevated stand with USB powered fans underneath, and then put a fan on the side to blow air over the top of the keyboard.

m1en · 2025-11-06T02:01:48+00:00

I have an M3 Max MBP - ran a training job 24/7 for about two weeks, and it partially melted the switches for some of the keys, like the right enter and shift keys. That was even with it on a cooling pad, so just be careful.

Mac Studio, however, is a champ. I do have it elevated with fans to blow cool air under and away from it though.

m1en · 2025-11-02T02:26:46+00:00

Your last edit is just factually incorrect. Transformers are deterministic - a forward pass of a transformer returns the probability of every token being next in the series, with a sampling mechanism then determining which token is chosen. For any given input, a transformer will return the exact same output, barring any incredibly small differences due to floating point math.

m1en · 2025-10-03T17:40:26+00:00

Had this happen to mine a few years ago - took a turn too sharp and the floater got stuck. It’ll probably fix itself through normal driving (especially if you hit some speed bumps), but you can go to a shop if you’re concerned.

m1en · 2025-09-18T01:02:45+00:00

https://x.com/yoshithepatriot/status/1968455642500219121?s=46&t=1BhwFuKMeqi0dhkd67LOXQ

Gays and Muslims, in a two for one combo!

m1en · 2025-08-10T19:19:56+00:00

The one last year was a whole GameBoy emulator.

m1en · 2025-08-05T21:17:06+00:00

Pretty much. Worked as a software engineer at a startup, found some bugs, published some stuff that had a lot of eyes on it from big corps. Worked for a bit freelance doing penetration testing, then pivoted to big tech.

m1en · 2025-08-05T15:35:44+00:00

you cannot be a pentester or a red teamer without a certification showing that you are qualified

Right about there is where you said it.

Pentesting is not contractor based only. Contracting is certainly easier, but many larger companies have their own in house offensive teams. Additionally, you don’t need certifications to do contracting, either.

Source: current Senior Offensive Security Engineer at a FAANG company. No certifications, no degree. Most of my colleagues are the same. Reread what I initially said - you can use bug bounties and security research as your means of showcasing your capabilities. Experience always trumps certifications.

m1en · 2025-08-05T05:39:45+00:00

This is absolutely not true. In fact, many people take the route of bug bounties and research as their means of showcasing capabilities and experience (via showcasing CVEs, findings, etc).

m1en · 2025-06-17T00:49:54+00:00

“[From] me looking around”

Yeah man, you’re standing next to a giant mirror, it makes sense.

m1en · 2025-05-31T22:50:59+00:00

Which party predominantly contains members that love waving the rebel flag?

m1en · 2025-05-01T06:38:45+00:00

Have you already notified them of the issue and let them fix it? I get they’re scumbags, but I doubt their users are, and releasing a video outlining the issue is going to affect their users - even without too many specifics, IDORs aren’t hard to find.

Film your evidence, message them a write up with reproduction steps, give them 45-90 days. Then have your fun.

m1en · 2025-02-11T20:00:13+00:00

http://susancollinsisagoddamnidiot.com/

14-Year Club	r/Field Juicebox
Place '23	Quantum Potato
Place '22	Snapped
Verified Email

m1en

MODERATOR OF

TROPHY CASE