I certainly find it fascinating that the majority of those in favor come from signal intelligence agencies, while the majority of those against are PhD cryptographers.
I was happy to see the lead of Europe’s PQC team also voted with the cryptographers.
I agree hw attestation is net negative when forced upon end users. OTOH, when service providers use it, it results in transparency to end users [1] so it's really about how it is used.
Great question! We rebuild if there's a security update or otherwise every few weeks. We're working on a better method, but right now a few templates can be kept warm so users aren't forced to reboot.
We're working on a similar solution at UnixShells.com [1]. We built a VMM that forks, and boots, in < 20ms and is live, serving customers! We have a lot of great tools available, via MIT, on our github repo [2] as well!
Use latch to ssh, mosh or web into your machine. latch multiplexes terminal windows (like screen or tmux).
We built this for use on UnixShells [1].
All remote connections are verified against the authorized_keys and are, of course, end to end encrypted.
This is MIT licensed. There is also a relay that lets you connect to your latch sessions that are behind NAT - this has a small cost to it for infrastructure. However, you can use tailscale/ngrok or your own external IP for free.
I don't know if I agree or not with his views, but the fact that he's moving from complaining about something, to doing something about his beliefs, has convinced me to move from a negative to a significantly positive view of him, as a person; to reiterate, regardless of whether I agree with said views.
The will to fight for what one believes in - I think we can all agree that is an admirable human trait that would result, for those who do follow his views, in him being labeled as a hero and defender of people's rights.
We are introducing Verifiably Private AI [1] which actually solves all of the issues you mention. Everything across the entire chain is verifiably private (or in other words, transparent to the user in such a way they can verify what is running across the entire architecture).
My comments are my own and do not reflect any of the organizations, or nations, I belong to unless I specifically clarify as such in a comment.