This feels pretty unsatisfying: something that’s been “considered harmful” for three decades should be deprecated and then removed in a responsible ecosystem.
(PGP/GPG are of course hamstrung by their own decision to be a Swiss Army knife/only loosely coupled to the secure operation itself. So the even more responsible thing to do is to discard them for purposes that they can’t offer security properties for, which is the vast majority of things they get used for.)
It is, in fact, signed by the author. It's just a PKI, so you intermediate trust in the author through an authority.
This is exactly analogous to the Web PKI, where you trust CAs to identify individual websites, but the websites themselves control their keypairs. The CA's presence intermediates the trust but does not somehow imply that the CA itself does the signing for TLS traffic.
Trusted Publishing doesn’t involve any signing keys (well, there’s an IdP, but the IdP’s signature is over a JWT that the index verifies, not an end signature). You’re thinking of attestations, which do indeed involve a local ephemeral private key.
Again, I must emphasize that this is identical in construction to the Web PKI; that was intentional. There are good criticisms of PKIs on grounds of centrality, etc., but “the end entity doesn’t control the private key” is facially untrue and sounds more like conspiracy than anything else.
On my web server where the certificate is signed by letsencrypt I do have a file which contains a private key. On pypi there is no such thing. I don't think the parallel is correct.
With Let’s Encrypt, your private key is (typically) rotated every 90 days. It’s kept on disk because 90 days is too long to reliably keep a private key resident in memory on unknown hardware.
With attestations on PyPI, the issuance window is 15 minutes instead of 90 days. So the private key is kept in memory and discarded as soon as the signing operation is complete, since the next signing flow will create a new one.
At no point does the private key leave your machine. The only salient differences between the two are file versus memory and the validity window, but in both cases PyPI’s implementation of attestations prefers the more ideal thing with respect to reducing the likelihood of local private key disclosure.
No? With let's encrypt the certificate is rotated, but the private key remains the same, and importantly, let's encrypt never gets to see it, and anything is logged.
I said “typically” because Let’s Encrypt doesn’t control key rotation: the issuance managing client (like Certbot) does.
But AFAICT, Certbot has rotated private keys automatically on reissuance since at least 2016[1]. There’s no reason not to in a fully automated scheme. I would expect all of the other major issuing clients to do the same.
I mean, it’s an ephemeral VM that you have root on. You don’t own it, but you control it in every useful sense of the word.
But also, that’s an implementation detail. There’s no reason why PyPI couldn’t accept attestations from local machines (using email identities) using this scheme; it’s just more engineering and design work to determine what that would actually communicate.
It might be worthwhile for someone to do this engineering work; e.g., to make attestations work even for folks that use platforms like Codeberg or self-hosted git.
Yeah, completely agreed. I think there's a strong argument to be made for Codeberg as a federated identity provider, which would allow attestations from their runners.
(This would of course require Codeberg to become an IdP + demonstrate the ability to maintain a reasonable amount of uptime and hold their own signing keys. But I think that's the kind of responsibility they're aiming for.)
Can you provide a source this? To my understanding, the GnuPG project (and by extension PGP as an ecosystem) considers itself very much alive, even though practically speaking it’s effectively moribund and irrelevant.
(So I agree that it’s de facto dead, but that’s not the same thing as formal deprecation. The latter is what you do explicitly to responsibly move people away from something that’s not suitable for use anymore.)
I would be very much surprised if GPG has ever really achieved anything other than allowing crypto nerds to proclaim that things were encrypted or signed. Good for them I guess, but not of any practical importance, unlike SSH, TLS, 7Zip encryption, etc.
Apple's Spatial Scene in the Photos app shows similar behavior, turning a single photo into a small 3D scene that you can view by tilting the phone. Demo here: https://files.catbox.moe/93w7rw.mov
It turns a single photo into a rough 3D scene so you can slightly move the camera and see new, realistic views. "Photorealistic" means it preserves real textures and lighting instead of a flat depth effect. Similar behavior can be seen with Apple's Spatial Scene feature in the Photos app: https://files.catbox.moe/93w7rw.mov
FYI, you don't even need browser translation. The piece already has an English version available. There's a language toggle in the navigation bar, and the English version is here: https://type.today/en/journal/spaces
8 for Windows 11? An OS that includes ads in the Start menu, made with React. I'm not even mentioning right-click, which has basically two views: you open it and see some uselessly chosen tools, and you still need to open the old version (with the old design, breaking design consistency) to access actually useful things. Viva Windows XP!
It's not made in React, only the "recommended" section is made with React Native which compiles to native XAML. No web technologies involved. And yes I will debunk this every time I see it :) .
Here's the problem: your reply is factually correct, but it doesn't address the GP's overarching complaint - the start menu is simply not performant. And since the code powering the start menu is closed source, it is not possible to perform a benchmark to see if the react native portion of the start menu is to blame or if it is something else.
It's slower. It's laggy. The taskbar and menus need to be native code of the highest optimization. Anything less than instantaneous means that PMs, managers, coders and everyone there should not have a job working on OSes if they can't get this simple idea through their thick skulls.
I've shared this on HN before, but starting with Windows 11, they seemingly started making the new UI essentially a separate process that runs on top of the existing Windows 10 UI and just modifies it.
I learned this from a video where a guy was seeing how much of the Program Files folder you can delete before Windows breaks, and at some point it reverts to the Windows 10 UI.
They also don't run animations in a separate process since Windows 10 which means that under high load everything lags. In Windows 8.1 everything was buttery smooth thanks to DirectUI. macOS and iOS also run animations separately.
I got so frustrated with how slow the file explorer got after my work laptop updated. Turns out the new UI is just shell extensions, if you add registry keys to redirect them to non-existent paths you get the old file explorer back.
Isn't this how pretty much every evolution of windows design has worked? at least from what I remember the windows 10 ui is built on top of aero (though admittedly I don't use windows and have never interacted with it for anything serious)
This is even more insane than I thought. Truly madness. Everybody involved with that should be fired and sent to the moon as an experiment on how long does the human body survive naked on both the dark side and the bright side of the moon. At least we will learn something from those experiments.... (it's a joke but the point stands. Those people shouldn't ever be allowed to touch computers.)
Lying to "prove" a point and basing discourse on lies gets us nowhere. Windows start menu is not slow because of React. We should correct common misconception more often.
As someone who as attempted to use React Native for Windows, I can tell you that the "native" XAML doesn't make things any better. If it was using web technologies I wouldn't need to manually modify RNSVG to fix segfaults when an SVG goes offscreen.
Whatever product manager team decided to jump into React Native with both feet for the Windows experience needs to be ejected from the industry permanently. Think of how many thousands of human hours per day are now spent waiting on React Native jank, all in order to save the Windows developers from having to program in Windows using Microsoft products.
Most likely saving Windows developers from learning programming. They are just javascript monkeys because that is what Microsoft is hiring these days and you can't trust monkeys with native C++. The thing would leak memory and explode immediately if those idiots tried to write native code. So in the name of hiring cheap idiots that can't program we all have to put up with this slow, bloated garbage.
There is no universe in which I should see lag between a click and a menu appearing in File explorer, taskbar or anywhere in the OS. Not on a machine with 8 idling cores.
MS could/should have just made other XAML/MAUI options a better experience in general over the React Native thing... It might be different if they actually embrace web as a whole and at least gave a consistent UX, more like say WebOS or ChromeOS, but that's not what they're doing here.
What MS really needs to do is create a really long checklist of all the UI defained configurations and options, along with a connected list of all the relevant API interfaces they connect to... then come up with a consistent, complete and competent component library to do a ground up re-implementation of all the things in a consistent way.
This would, of course mean stabilizing the released version of windows to mostly bug fixes for a couple years while frantically generating and dog-fooding the new UX... starting with a re-revamped task manager, and launcher/file-picker. Just a bare desktop and a hotkey that opens task manager as the first and only UI elements then working out from there.
You do have to wonder what the hell the people in charge of the Windows UI are thinking. They seem to have got it so badly wrong. But so has Apple in macos.
I'm not sure the cost would be significantly worse than all the half-assed abandoned efforts so far... and it would result in the first consistent UX in Windows since Win2k.
one thing I think windows 11 does well is the icon design. The kinda glassy look they have is the perfect middle ground between the glossy hyperrealistic icons of yesteryear and the bland lifeless minimalist icons that became common after ios 7
Fair point, but the article praises Windows 11 for "cohesion" while the right-click menu literally has two different visual styles, and many system apps still use old UI. Even judging purely on aesthetics, that's inconsistent.
On the surface, Explorer looks more modern on Windows 11. But when you use it, you can "feel" it's still based on old Win32 APIs with just a layer of paint on top.
When you hit print screen, it takes a screenshot, waits a blatantly visible number of frames while you type more letters or stuff keeps moving on screen, and then eventually rewinds time by overlaying the now outdated screenshot for you to select a target area
Pressing escape can sometimes cancel out of this overlay (in case you bumped print screen by accident). But sometimes it doesn’t, because the full screen overlay in front of everything has managed to lose keyboard focus, and you need to click on it before it can respond to keyboard input.
Godawful trash OS and I hate that I’m stuck working on it.
On my very rasonably spec'd laptop it often takes 20 seconds for the snipping tool selection to pop up. Video recording is very nice though, definitely my favorite feature.
New Notepad had a broken typematic that took them 2 years to fix, but they added Copilot at the same patch. Resizing its window still rapidly still flickers and can max the CPU.
If you're using labels in the taskbar the buttons aren't fixed width, they resize to fit the window title - except that until recently they didnt, so if you cd from C:\ to a longer path you got the label "C...". That one is fixed, but not the one where I switch desktops with Ctrl+Alt+arrows and the entries have no icons.
If you have a folder with lots of audio files, sometimes explorer.exe will hang for 30 seconds while it dutifully extracts artist metadata (no way to disable). Possibly an old issue, but I've never hit it before.
Search is even worse than before, I have "alacrity.exe" both in PATH and as a shortcut on desktop, but when I type "alacr" I get a web suggestion until I fully type it out. "Visual..." toggles between VSCode and fat visual studio on every keypress.
I can't express my opinion on the Task Manager changes without using language inapropriate for this forum.
Those are my issues off the top of my head, if I record every single broken thing I see for a week this list would be way longer.
That's just the stuff that doesn't work, there's a similarly long list of things that work but are evil.
To add to your list, if you open the start menu and type “add or remove” it will not bring up the add or remove programs section in the settings menu. It will only give an internet search. To uninstall a program you have to literally open the settings menu and search for the right section. In win 10 all you had to do was type “add” and it was the default selection.
I'm glad it's not just me struggling with the screenshot functionality. I've encountered the bugs you're describing, and recently, I've been encountering an incredibly frustrating one where hitting print screen just...doesn't do anything. The only way I've found to temporarily fix it is to manually open the Snipping Tool (via the Start menu) - then the print screen key starts working again for some indeterminate period of time.
Does the end user care that the system is made with React? What is the tangible negative impact?
My start menu doesn’t have ads, it really isn’t hard to manage that sort of thing.
OneDrive is fully uninstalled, Copilot is fully uninstalled, I find my system to be quite clean.
And if you don’t like the start menu, there are ways to replace the start menu entirely with something else. Good luck replacing entire major elements of the macOS UI.
In contrast, Apple puts advertisements at the same urgency level as critical system updates in the settings. There’s no setting to disable them and they sometimes come back with a new version release, you just have to know the magic actions to get them dismissed.
Haters dog on Windows 11 for various things but it really is the best version of the OS since 7. It has some of the best updates to traditional Windows tooling in years: tabs in notepad, git preinstalled, finally the settings pane is in a good place, brand new command line interface, and Microsoft has had a great habit of putting new features in separate apps that can be installed optionally. (E.g., you can’t uninstall Apple News on a Mac, but you can uninstall ClipChamp on Windows)
I haven’t given Microsoft a dime since Windows 7. Users who buy a computer have the OS preinstalled. Millions of people never activate it. The product is effectively free.
It’s a commercial OS but people can’t get over it. There isn’t a single commercial OS out there that doesn’t try to sell you something at some point.
Maybe that is unacceptable to you and I respect you for that. But it’s a commercial OS and always has been.
What gets annoying is when these aspects conflate it to being a bad OS or some monstrously unethical system. Seeing some ads that are easily disabled is treated by a certain community like the Microsoft is selling blood diamonds. The ferver doesn’t match the magnitude of the crime.
The software on the computer would cost more if it was ad-free and consumers have made the clear choice that they prefer not to pay for OS updates. We know this because the updates used to cost money. Apple was charging over $100 just for a point release, and they charged hundreds for updates to bundled software like iLife and iWork.
Everyone would love it if the NFL had zero ads but most NFL fans wouldn’t pay $XXX/month to watch the games.
OEMs pay pennies on the dollar for Windows and in some cases $0, the retail license is $200 but you can buy a mini PC for the same cost with a legitimate Windows license.
I dislike ads as much as the next person and use Linux myself for my main machine, but I’m not completely lacking in pragmatism on this subject. Commercial operating systems fund their development through paid services and App Store revenue sharing.
I think the status quo is relatively reasonable and, again, I find the commercialization to be very easy to dismiss and disable.
We are spending more time debating this subject than it took me to disable all forms of advertising in Windows.
Windows 11 is much slower for me than Windows 7 or 10. A noticeable sub-second delay to bring up the start menu and respond to typing, about 3 seconds for file explorer to load, 5-20 seconds to start a screenshot. I wouldn't be surprised if antivirus is to partially to blame (only use Windows at work where it is required), but it is the same antivirus we used on Windows 10 and it wasn't this bad.
“A noticeable sub-second delay” lol. I guess you never ran Windows 98 on a pentium 2 like I did. If I had a dime for every sub-second delay I experienced on that machine…
Settings > Accessibility > Animation Effects > Off
5-10 seconds to start a screenshot, yeah man now you’re just lying. You sure you didn’t leave the delay timer on?
Are we going to gloss over the fact that the screenshot interface in old windows versions basically didn’t exist? There was no keyboard shortcut to open snipping tool by default in Windows 7. You had to know to use your print screen key correctly and to paste the image into Paint, and there was no visual feedback. Of course that performed fast because there was no UI!
> I guess you never ran Windows 98 on a pentium 2 like I did.
If you have to compare to a 20+ year old processor to look good, your system has problems. But since we are comparing old computers, Finder opens quicker on a 30 year old Macintosh 512k than Explorer opens in Windows 11.
> 5-10 seconds to start a screenshot, yeah man now you’re just lying.
Nope. I actually just updated that number up to 20 seconds after testing, because I thought my memory was exaggerating. This started in Windows 10 when they introduced "Snip & Sketch" to replace the old Snipping tool, but it was easier to go back to the old one in Windows 10.
Edit: Oh, and I just remembered another detail. Our library folders are mapped to network shares at work. Again, this has been the case for 15+ years now, and performance has just recently cratered. It would not surprise me if most Windows developers today assume everything is on SSD, and don't think about slapping low-importance file I/O in critical sections.
After this discussion I looked it up and the original sources that made a claim that the Windows 11 start menu is written in react aren’t even confirmed accurate, and allegedly the components involving react are using react native for windows and are therefore compiled to native code - no web views are involved: https://news.ycombinator.com/item?id=44124688
So even this base assumption that a slow heavy bloated experience is on offer is just hearsay. The only section that uses React is the allegedly recommended section, the one that can be disabled entirely with a single settings toggle.
Anyway, again, the 5-10 second screenshot thing, I’ve been testing it live and could never get it to be slower than 2 seconds between invoking the shortcut key to file on the disk. Keeping in mind that this includes me physically reacting as quickly as possible to click after the shortcut keys to initiate the capture. It’s about one second between clicking capture and observing the file appear in file explorer. My CPU is 5 years old, my RAM is DDR4, and I use an off brand nvme SSD, for your reference.
I will also add to this that the main competitor to Windows, macOS, adds an intentional delay to their screen capture where the screenshots aren’t added to disk until after the little preview disappears or is manually dismissed. In Windows the preview notification and file being written to disk happen simultaneously, and the system automatically copies the image to clipboard which Apple doesn’t do, saving further time.
Your network share issue could be something misconfigured at your work, I have no way to verify whether that’s something your IT department messed up. My personal Windows and Linux systems are both connected to my SMB shares at all times through their graphical file managers and I don’t notice any difference in performance.
Last rebuttal: your finder experience in Macintosh classic (System 3.0 when the 512k debuted) is fast because there’s no multitasking, when you are at the desktop of a Macintosh the only application open is Finder and it’s already in RAM. Open any other application and then close it. You’ll notice a relatively long delay (10 seconds in my testing, although I don’t have real hardware) after closing the application before the desktop and finder are responsive again. You can try this on your preferred Macintosh emulator online.
I care that it's made with React/React Native or other garbage web frameworks. By definition adding layers between native C/C++ Native Win32 will make it slower and use more RAM.
Stop justifying laziness and mediocrity. Microsoft does this just so they can hire cheap javascript monkeys out of colleges. AKA people who shouldn't be writing code and the reason a chat application now uses 1GB of RAM and nobody seems to care or understand why such waste is both bad and stupid.
It is supposedly still mostly Windows native XAML. Allegedly, even the components that use react are using react native for windows and are therefore not rendering any sort of resource-wasting web view.
I wrote my own react native phone app and it’s only a 30MB download. Your random comparison to a bulky chat app with an extensive feature list (the most popular culprits like Slack and Discord are not written in React Native, by the way) consuming a GB of RAM is irrelevant. Have you measured the start menu consuming 1GB of RAM? Unless you have, your argument is a whataboutism.
If you think it’s bad that Microsoft is using stuff that makes it easy for them to develop windows you should explain to me how it would be better for them to have extreme difficulty in making improvements like how the old control panel basically couldn’t be updated with any reasonable development cadence for decades while macOS ran circles around Windows for their clean settings experience, versus the new settings pane that Microsoft can actually iterate on and improve.
You can criticize the new settings panel for maybe not having 100% of what you want in it but you can’t criticize being a scary nightmare for novice users like the old version.
It is in the users’ benefit if Microsoft can actually hire people who are real humans and not just myths.
I am wasting my time, you are arguing in bad faith. I have installed windows 7 in a VM and everything takes less RAM not just the start menu and for most things it performs much much better. Start menu actually searches my files instantly, not with delay, not presenting web results, not presenting wrong results. It's doing its job.
Task manager opens immediately. Windows Explorer the same.
Those applications and the OS were written by real humans, not by myths. With your terribly bad argument it seems those OSes never happened since it required "extreme difficulty". No, it didn't require Einsteins. It required non-monkey coders.
You say you wrote your own react native phone app and it only takes 30MBs. So what? You forgot the most important part: what does it do? If it's a basic text editor then yes it's extremely bloated garbage.
IMHO the right-click menu these days seems to get better, at least I can find "Open with Code" or "Open in Terminal", etc. Except that I need the old menu to create a desktop shortcut occasionally.
The new context menu is so awful. There is zero reason in this day and age for a context menu to take multiple seconds to pop up. They didn't even really improve on it in any meaningful way.
