Blaze

joined 7 months ago
sorted by: new top controversial old
30
What the fuck is an SBAT and why does everyone suddenly care (mjg59.dreamwidth.org)
 

cross-posted from: https://lemmy.ndlug.org/post/1014669

Follow up to: “Something has gone seriously wrong,” dual-boot systems warn after Microsoft update

SBAT was developed collaboratively between the Linux community and Microsoft, and Microsoft chose to push a Windows update that told systems not to trust versions of grub with a security generation below a certain level. This was because those versions of grub had genuine security vulnerabilities that would allow an attacker to compromise the Windows secure boot chain, and we've seen real world examples of malware wanting to do that (Black Lotus did so using a vulnerability in the Windows bootloader, but a vulnerability in grub would be just as viable for this). Viewed purely from a security perspective, this was a legitimate thing to want to do.

...

The problem we've ended up in is that several Linux distributions had not shipped versions of grub with a newer security generation, and so those versions of grub are assumed to be insecure (it's worth noting that grub is signed by individual distributions, not Microsoft, so there's no externally introduced lag here). Microsoft's stated intention was that Windows Update would only apply the SBAT update to systems that were Windows-only, and any dual-boot setups would instead be left vulnerable to attack until the installed distro updated its grub and shipped an SBAT update itself. Unfortunately, as is now obvious, that didn't work as intended and at least some dual-boot setups applied the update and that distribution's Shim refused to boot that distribution's grub.

...

The outcome is that some people can't boot their systems. I think there's plenty of blame here. Microsoft should have done more testing to ensure that dual-boot setups could be identified accurately. But also distributions shipping signed bootloaders should make sure that they're updating those and updating the security generation to match, because otherwise they're shipping a vector that can be used to attack other operating systems and that's kind of a violation of the social contract around all of this.

161
Linux desktop market share climbs to 4.45% (ostechnix.com)
150
“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update (arstechnica.com)
21
Gentoo drops IA64 – and Funtoo fork is faltering (www.theregister.com)
Weekly discussion thread - discuss anything related to Android - 20 August 2024 in c/android@lemdro.id
[–] Blaze@lemmy.zip 3 points 2 days ago

Posting this from my alt as the previous didn't appeared pinned on other instances, let's see if this one works better

A big commitment in c/baldurs_gate_3@lemmy.world
[–] Blaze@lemmy.zip 8 points 6 days ago

One year later, still busy on my first run with two friends

On the next Dragon Ball Z-- in c/comicstrips@lemmy.world
94
The Open Source Computer Science Degree (github.com)
Which is your favorite Firefox fork? in c/opensource@programming.dev
[–] Blaze@lemmy.zip 9 points 6 days ago

I have Firefox, Floorp and Librewolf. They all have their perks and are solid options

15
Fellowship for Maintainers | Sovereign Tech Fund (www.sovereigntechfund.de)
 

cross-posted from: https://lemmy.ndlug.org/post/988335

The Sovereign Tech Fund is piloting a fellowship program to pay open source maintainers, aiming to address structural issues and support open digital infrastructure in the public interest.

Over the past two years, STF has successfully contracted over 40 FOSS projects, enhancing their technical sustainability through targeted milestones. While some contracts are with individual maintainers, most involve software development companies or foundations. Despite this success, a new and innovative program is needed to acknowledge the lived reality of how many maintainers work: stretched across multiple technologies, multi-faceted, and often behind the scenes.

Most maintainers are unpaid, working in their spare time, which both impacts projects’ stability and can lead to stress and burnout. The Tidelift Open Source Maintainer Study found that 59% of maintainers have quit or considered quitting, posing a risk to the digital infrastructure we all rely on. To even begin to mitigate this risk, it's crucial to understand the role of maintainers, who typically lead and oversee project development, review changes, manage community interactions, release updates, and fix security issues.

The application phase will start by the end of the third quarter of 2024, and with the goal that selected maintainers can begin the fellowship in the fourth quarter. The first fellowship pilot will run throughout 2025, and we will evaluate it on an ongoing basis. Based on these evaluations, our experiences running the fellowship, and feedback from participants, we’ll determine how to expand and grow the program for a stronger and healthier open source ecosystem.

69
Which is your favorite Firefox fork? (lemmy.zip)
 

There are a few nowadays

Which one is your favorite, and why?

64
Baldur's Gate 3: If you decided happily ever after wasn’t for you, there’s an assortment of evil ending cinematics new to Baldur’s Gate 3, arriving with Patch 7. (x.com)
 

cross-posted from: https://sh.itjust.works/post/23713897

Let's give it a try - Weekly discussion thread - discuss whatever you want about Android! in c/android@lemdro.id
62
Do you know anyone who wants an AI phone? (lemmy.zip)
 

Asking as it seems nobody wants one based on the reception of the Pixel 9

Google introduces compact Pixel 9 Pro and Pixel 9 Pro XL in c/android@lemdro.id
[–] Blaze@lemmy.zip 1 points 1 week ago

Thanks for clarifying!

Let's give it a try - Weekly discussion thread - discuss whatever you want about Android! in c/android@lemdro.id
[–] Blaze@lemmy.zip 2 points 1 week ago

Good question, I have it too

Google introduces compact Pixel 9 Pro and Pixel 9 Pro XL in c/android@lemdro.id
[–] Blaze@lemmy.zip 5 points 1 week ago (4 children)

Not sure if helenslunch means the standard iPhone 15, or the iPhone minis.

Even the iPhone 15 is a tiny bit smaller than the Pixel 8, but not by a wide margin

https://phonesized.com/compare/#2301,2314,2313,2346

Google introduces compact Pixel 9 Pro and Pixel 9 Pro XL in c/android@lemdro.id
[–] Blaze@lemmy.zip 0 points 1 week ago

all these OEMs copy all the dumb shit Apple does but they can’t copy their truly compact phones…

Very true

Let's give it a try - Weekly discussion thread - discuss whatever you want about Android! in c/android@lemdro.id
[–] Blaze@lemmy.zip 1 points 1 week ago (2 children)

Hello @ijeff@lemdro.id and @Paradox@lemdro.id , could you please help with this?

17
Google introduces compact Pixel 9 Pro and Pixel 9 Pro XL (m.gsmarena.com)
1
Why Elixir is one of the hottest programming languages to learn (leaddev.com)
Let's give it a try - Weekly discussion thread - discuss whatever you want about Android! in c/android@lemdro.id
[–] Blaze@lemmy.zip 1 points 1 week ago (4 children)

I have an alt here, @Netrunner@lemdro.id, if you want I can use it to pin the post and ensure that it federates.

18
Google Tensor G4 explained: Everything you need to know about the Pixel 9 processor (www.androidauthority.com)
 

cross-posted from: https://lemmy.world/post/18624890

cross-posted from: https://lemmy.world/post/18624888

The Google Pixel 9 series sports a new Tensor G4 processor. Here's everything that you need to know about it.

Let's give it a try - Weekly discussion thread - discuss whatever you want about Android! in c/android@lemdro.id
[–] Blaze@lemmy.zip 1 points 1 week ago (7 children)

Thanks!

Seems like as your account is not local, the pin didn't go through

😔

view more: next ›