Does this mean we will be able to embed private keys and API keys in deliverables? (i.e. to cryptographicaly sign artifacts, APIs tokens, and other niceties).
Sucks that DRM and user rights violations is about to get much much worse.
Trust on first use is absolutely a valid use of PGP signatures that is being used in many real world systems (ask me how I know). You finding that PGP isn't being used they way you think it should does not justify removing it without providing a replacement.
Why on earth wasn't the community asked before you implemented this change?
> Given all of this, the continued support of uploading PGP signatures to PyPI is no longer defensible. While it doesn't represent a massive operational burden to continue to support it, it does require any new features that touch the storage of files to be made aware of and capable of handling these PGP signatures, which is a non zero cost on the maintainers and contributors of PyPI.
That quote doesn't make any sense even if we stopped at the first part. I PGP-sign my packages and my key is not on any public key server. It's on my website. This reasoning lacks rigor and seems to only serve as an excuse to remove a feature that some pypi devs didn't like without offering an alternative for security guarantees that it provided.
Doesn't 5G share some of the frequencies used by normal wifi? IIRC devices implementing one standard even cooperate with devices implementing the other to coordinate frequency use.
There is CBRS, which some phones are equipped to use. However, I believe it’s used only in conjunction with licensed bands rather than independently. It’s more of a capacity thing rather than a way to have a carrier using unlicensed spectrum (carriers are quite happy with the license barrier to entry).
short answer is no, but the frequencies aren't far off
wifi operates at 2.4Ghz most typically and also at 5Ghz (shorter range but faster)
5G will be ranges of frequencies, depending on jurisdictions, but typically between these two frequencies which are the sweet spot for domestic usage
in the US, 5G carries AFAIK have ranges between 2.5Ghz and just under 4Ghz
in the UK we have EE, O2 and Three operating ranges around 700Mhz besides also having ranges around 3.4Ghz and 3.6Ghz were Vodafone operates too, and those work a lot like US 5G
4G in the UK operates under 2.6Ghz, which is pretty close to wifi also, and LTE is just over 850Mhz or so
basically wifi, 4G and 5G are not strictly higher or lower frequency to each other, it depends on local operators
It always amazes me how pulsing some electricity into a wire at a specific frequency can get you arrested lmao. I really don't understand why there's any legislation at all covering anything above 1GHz where there's enough bandwidth for literally everyone to do whatever they damn well want and not enough range to do any damage at all.
Doesn't matter. An echo-chamber that your target demographic frequents can be just as damaging to your overall reputation if not more.
Source: Someone currently working in government IT procurement who is literally in charge of evaluating cloud-based products (hi, google!).
Also funny you mention Paypal and Stripe: At my last job, we chose to go with traditional payment processors in large part because of how frequent stories about Paypal and Stripe screwing legitimate companies pop up.
Exactly. Even if we assumed for the sake of argument that wifi cards have complete access to the system, that in and of itself does not excuse CPU vendors to broaden the attack surface and prevent owners from narrowing it back down.
I can't wait for riscv systems to take off. Hopefully we'll get more than the two horrible choices we have now and, hopefully, they won't be able to abuse the market in the same way.
Screw both intel and amd for deliberately putting us all at risk.
>Screw both intel and amd for deliberately putting us all at risk.
Keep in mind, if these are government backdoors, it's likely Intel and AMD were compelled to put them in, there's a gag order on the existence of the program, and there's a gag order on the first gag order. It could be a situation where Intel and AMD really had their hands tied, so to speak.
That's why I'm rooting for riskv processors, so that we can get the equivalent of reproducible openSSL binaries. US chips that are found to be irreproducable can be rightfully ignored.
What's special about RISC-V? How does companies not having to pay for using an ISA in a processor having anything to do with whether they implement other processors inside of their processor?
It's not that RISC-V guarantees truly transparent firmware and microcode; as you correctly point out, it does not.
What RISC-V offers is the possibility of truly transparent firmware and microcode. This comes as a refreshing alternative to x86, which guarantees that firmware and microcode, including those of security coprocessors (e.g. Intel CSME & AMD ST, formerly ME and PSP) will not be transparent.
I am not as well-versed in the specifics of ARM's TrustZone as I am with Intel CSME and AMD ST, but I understand many of the people uncomfortable with the latter two are uncomfortable with the former as well. I do not believe it comes with the same capabilities as CSME or ST (PSP), but I do know that earlier versions of PSP were implemented using an ARM TrustZone core. That said, I need to do a lot more reading and research on it before forming more substantial positions on it.
It's not that they don't understand it, it's that they don't want the average user to have a convenient way to control this setting. Prompting the user for permission would give the user a very convenient way to keep it disabled for most websites. It's as simple as that.
Think about it this way: Which is more tedious: going into the settings and enabling and disabling webGPU every time you need it or a popup? Which way would see you keeping it enabled?
Sucks that DRM and user rights violations is about to get much much worse.