Some providers in the UK issue debit cards with limited interest-free overdraft and charge back features. So they are basically credit cards if you squint your eyes enough.
Nix also needs the build output to be deterministic to calculate the hash. It also has the problems of timestamps etc. The build environment tries to be hermetic by setting the time to be epoch among other things.
In his later years (late 1980s), he also advocated for AI and human superpower research.
The superpower thing turned out to be pseudoscience later. As a result of being lumped together, for a long period of time, AI was regarded as pseudoscience in China as well.
Although to be fair, during the same period, the US and the USSR were researching superpowers as well.
Another angle is that most donations to Linux kernel are in the form of paid employees doing kernel work. I wonder how much the kernel need besides that.
I didn't find anything particular, but in general it should apply to anyone under the jurisdiction. I think it's illegal to drink underage in the US, even if the person is a tourist and they are allowed to drink by their own country's law.
Unfortunately, the discussion focused on the somewhat click baity title "proved this program correct". It's unclear what "this program" is. If it refers to the core algorithm with a proof, then there's no bug. If it includes the runtime and the header parser, then Lean didn't prove it correct.
That being said, using a coding agent to direct fuzzying and find bugs in the Lean kernel implementation is the big news here. (After all the kernel's implementation is not proved.)
The moral of the story is to push for more verified code not less and try AI bug hunting.
Even alternatives like GrapheneOS relies on AOSP. I wonder if it's possible for regulators in certain countries to pressure Google to kill it in the future.
Even if that's not the case, I'd imagine attestation apps like banking apps would require some kind of identity verification in exchange for trusting Graphene's keys.
In principle it doesn't make sense to leave any escape hatch, but I guess as always, it boils down to economy.
In theory, it's possible to have a third party (other than Google or Apple) to provide attestation on third party hardware.
You can have a separate core and kernel to run such code. They don't have to be powerful, but they'll need to be small enough to be verified by the said provider. For most of the code that doesn't need attestation, they can be executed on normal hardware.
The provider also has to convince the regulator or banks to trust them. However, if that's solved, the user should feel no difference between pure Android and alternative platform plus attestation.
(comment itself: https://www.reddit.com/r/space/comments/1usdigz/comment/owna...)