

Right
Right
So you’re saying, that a private key within the TEE expired… So they probably had to write a custom TEE program in-order to rotate it? Along with actually securely delivering it.
So… Did we (someone) manage to capture it? Ultimately though each device is going to have to request a new key, so even with a jailbroken TEE you’re still only going to be capturing the key for that specific device. The key would be how they implemented the verification that an expired device was allowed to get a new key and that verification… Idk not an expert in widevine keys and such but I assume that cert chain expired.
Edit: sounds like it wasn’t the factory key that expired, just a system level intermediate CA but updating it was still a PITA because of all the cert expiration checks by all the apps. I.e. Google home. Feel free to correct me if I’m incorrectly summarizing. (https://www.reddit.com/r/Chromecast/comments/1j8wtxa/heres_why_a_fix_is_taking_so_long/) Obligatory 🖕 reddit.
I actually can’t believe how long this took them to fix.
No. It is supportive. You are normalizing removing a gender stereotype. I.e. instead of saying my wife/husband which inherently brings a gender, and then also stated sexuality, you say partner, removing the gender statement. In so doing, you both help defend others to also be able to say it without forcing them to share their sexuality while also normalizing the removal of an over emphasis on gender with something that doesn’t fucking matter.
I really haven’t seen any details. Most comments I’ve read indicate they think you already have to have access to the device and that this is just undocumented opcode calls. I.e. not a remote Bluetooth stack issue or remotely exploitable.
Given an opcode, as noted in the article (vague on details) and yes, I did read it. This doesn’t give me much cause for alarm.
Yes but, have you ever rooted a Xiaomi device. it’s VERY hard. not impossible, but very hard. Requires iirc a 28 day waiting period, and you can only do one per year. (I imagine they enforce by phone number) Here’s a guide I found with a quick google search, it requires running their super sketchy windows only utility, etc… etc… https://www.reddit.com/r/PocoPhones/comments/1bsb2ce/how_to_root_your_phone_whatever_your_xiaomi_phone/
And yes, everything you have read is true about how bad it is. Did you know by default every app is set to debuggable? it’s something the OS does, and no, you can’t turn it off from the apps perspective. The whole system is just not secure, by design.
That means you’re clear and don’t have any offending apps.
Had no idea Textra was on here. I guess back to stock graphene OS messenger.
I agree, but enshitification marches on.
It seems that there may come a point where screenless and disconnected cars become more and more valuable. That and jailbreaking cars is going to become a requirement.
Graphene OS says no
Hard to maintain. I.e. Nvidia will now try to break intentionally.
Yeah and with everything thats happening. It will be the usual slowly boiling the frog approach all the inflation / price gouging / shrinkflation has taken this far.
Currently they’re already doing it, it’s just a little bit slower and less dynamic: Goal, increase price by 25%
Step 1. Reduce package contents by 33% and provide a coupon for a reduced price by 25%
Step 2. Slowly oscilate the coupon from not available to being a less reduction in price.
Step 3: profit – Increasing the total profit to vary between 8% and 33% more depending on the day.
This example was taken from the new 8 can la croixs, but plenty of other examples. It’s just items that have a fixed size / quantity are harder to shrinkflate. Other stuff just reduce the weight a little at a time.
Rotisserie chicken for only $16.99*
*Surge pricing may apply. (At 6pm we add $4 to the price of our rotisserie chicken because…we can.)
Yeah, the writing is on the wall when it comes to digital pricing of grocery store products. The only way to fight this will be to refuse to shop at places that do it. Or get legislation to regulate it, but good luck getting that to happen, or even enforcing it. Especially with the current administration being bought and paid for by corporations… Sadly it’s doubtful we’ll get enough people boycotting it, especially since at first they’ll just keep the prices the same, when we need to be boycotting the store the moment it happens.
Then when they start switching to changing the pricing dynamically the digital price tags will already be installed across all their stores and there won’t be any way to protest against it besides going to a completely different retailer that doesn’t do it. If that’s even an option, which for the poorest or least capable people, it likely won’t be.
Surge pricing, coming to your dozen eggs at a corporate grocery store near you.
👍🏻 Roger Roger thanks for the correction
Yep. I was using ddg but just spun up 2 sear instances for myself. (One on vpn one off)
What are your favorite searxng customizations / bangs?
Duckduckgo is bing. They route their searches there afaik. It’s just a privacy layer, like startpage is a privacy layer on Google.
I don’t think the government should get to control what apps, websites, etc… we can and can’t use to communicate with our fellow humans.
Strengthen data privacy laws. Algorithm transparency laws. Look at gdpr and TikTok being sued for sending their data back to China. Etc…
Just such a bad precedent though.
Google continues to do everything they can to close android down and force everyone to use their os directly. Imo this is a direct attack on graphene OS and anyone based on aosp. Now for every release developers will have to manually merge basically an unusable mess of changes.
Edit: https://discuss.grapheneos.org/d/21231-google-will-develop-the-android-os-fully-in-private Might not change anything actually.
Seems like graphene is already merging based on tags vs individual commits. It’s also not like google is letting anyone (graphene) merge commits into android.
Iirc the graphene developers have basically given up on up streaming some changes because google doesn’t actually want many of the security fixes/ changes graphene devs make. Their faq still says they’ll try to upstream stuff, I wonder if this will impact that. https://grapheneos.org/faq#upstream