Pup Biru

i think the latest is that china has managed to create a GPU that’s ~7 years behind. i’m not sure that’s “a GPU from 7 years ago” or “it will take them 7 years, acknowledging that there’s a known path so will take less time”

AFAIK they’ll have to figure out EUV or some other method of lithography at that scale, which they’re trying really hard at but it’s one heck of a difficult thing to do which is why only TSMC currently actually has it working

given the complexity of doing in hardware, and the simplicity of doing it software, you’d hope yes (in which case perhaps there will be firmware hacks) but you can never truly account for the stupidity of hardware companies

new ones sure but there are a bunch of these broken machines out there now: far more than there otherwise would be, because microslop forced the upgrade for windows 11

i guesssss if they do it soon enough the existing models will still be in their support period and they’d kinda be forced to update, assume it’s a software or firmware fix

well that’s what they should have done but now that it’s implemented there are a lot more parties that need to come to the table to fix the mess… some hardware might not be able to fix the mess, but i’d be surprised if this shit show were implemented on hardware rather than firmware

well see when you’re too lazy to design a schema and just want to throw broken data into a black hole where you may or may not be able to retrieve it and deal with the repercussions in production - or better yet let the ops team handle it at 3am - then that’s when you’d choose mongodb

since GDPR came in TBH i haven’t heard of any EU data leaks… like sure they happen in the US all the time, but where the fines actually happen

same with australia: we’ve had pretty good privacy laws since like the 90s, and really we haven’t had a whooooole lot of breaches. there have been some high profile ones, but security is never a 100% kinda thing yknow

well then they get massive fines for any data they leak

yeah… here we are: Europeans with right to be forgotten and opt out of data collection

i’m certain all of us that haven’t bought into any of this will be fine and rich hedge funds won’t buy up property and stock from people with no options forced to sell at prices far less than what they paid

that’s correct. they want modern business video conferencing, which is a very different prospect than 1:1 messaging, or even personal group messaging. i’d argue that there are more of these available than there are business conferencing!

please don’t lump signal in with whatsapp 🤮 that kinda talk makes people think they’re largely the same (especially with the bullshit muddy water of whatsapp using signals encryption), and we have enough trouble trying to convince people to use secure alternatives already… between the open client, reproducible builds, and local key integrity they are truly not even remotely in the same league

these are different problems now though… sure you can make calls to existing VOIP endpoints and PSTN devices, but that’s not what they’re trying to implement: they’re trying to implement group video conferencing, which WebRTC was built for

to use SIP, in a web browser, you need to use wrapper of some kind (probably WebRTC-based)… you can not directly use SIP in a web browser. given that web browsers are likely a hard requirement, it makes no sense to use 2 separate standards

SIP is the wrong choice for this project, and any greenfield project wishing to integrate web browsers with no hard requirement to support SIP devices

thankfully our southern states aren’t particularly humid: equator to our north, antarctic to our south

yes but you need a server in the middle which is just a huge waste of resources when you could just use webrtc with basically no down side

it is not. meta controls the keys. that’s how they’re accessing the messages

the article says they can access any message, from any user, from any time period, even deleted, instantly

to make this a client-side exploit would mean that messages would need to be constantly sent in the clear (not targeted per user) for years now… and someone would have noticed that

we know meta holds the encryption keys: that’s a known fact… it’s much much easier for them to simply decrypt everything they store

simpler than that in most likelihood… meta is the key holder so login and password recovery is simpler (or at least that’s the excuse they give): you login, they send you your key, which they can also access (and decrypt your messages) whenever they like

this isn’t a client-side exploit. this is the fact that meta controls the encryption keys. the mention “widget”, but that’s not a widget on your device; they say it’s a widget on their workstation - whatever that means. i’m thinking it’s something akin to raising a ticket which triggers a workflow to remote install an app on a work device (a process common at large enterprises)

worker need only send a ‘task’ (i.e., request via Meta’s internal system) to a Meta engineer … the worker’s workstation will then have a new window or widget available that can pull up any WhatsApp user’s messages based on the user’s User ID number … Once the Meta worker has this access, they can read users’ messages by opening the widget; no separate decryption step is required

that’s incorrect. with whatsapp, your keys are stored on meta servers (the same as things like imessage). they can simply decrypt them whenever they like, just like being signed in as you. it’s completely invisible to your client

it’s not even that: they just hold the keys so can simply decrypt your messages with out your clients intervention any time they like

people probably said the same about seat belts once upon a time

helmets should be mandatory, just like seat belts

(and they are in australia)