S
@pwnsdx.bsky.social
Pinned
S
@pwnsdx.bsky.social
· Apr 27
Goodbye iOS
Hello @grapheneos.org
Hello @grapheneos.org
Reposted by S
Many companies and individuals are trying to mislead people about the future of GrapheneOS to promote their insecure products and services. GrapheneOS is not going anywhere. We've made it clear we're shipping Android 16 soon and that the supported devices will remain supported.
June 21, 2025 at 1:48 PM
Many companies and individuals are trying to mislead people about the future of GrapheneOS to promote their insecure products and services. GrapheneOS is not going anywhere. We've made it clear we're shipping Android 16 soon and that the supported devices will remain supported.
Reposted by S
We're looking into using github.com/k2-fsa/sherp... to provide built-in text-to-speech and speech-to-text to greatly improve the out-of-the-box accessibility of GrapheneOS for blind users. We already have a screen reader included via our fork of the open source variant of TalkBack.
GitHub - k2-fsa/sherpa-onnx: Speech-to-text, text-to-speech, speaker diarization, speech enhancement, and VAD using next-gen Kaldi with onnxruntime without Internet connection. Support embedded system...
Speech-to-text, text-to-speech, speaker diarization, speech enhancement, and VAD using next-gen Kaldi with onnxruntime without Internet connection. Support embedded systems, Android, iOS, HarmonyOS...
github.com
May 26, 2025 at 4:19 PM
We're looking into using github.com/k2-fsa/sherp... to provide built-in text-to-speech and speech-to-text to greatly improve the out-of-the-box accessibility of GrapheneOS for blind users. We already have a screen reader included via our fork of the open source variant of TalkBack.
Reposted by S
Apps coming from the Play Store doesn't make them trustworthy, safe or secure. Most malware apps on Google Mobile Services devices are installed from the Play Store. Similarly to the Play Integrity API, it's Google reinforcing their monopolies with security as an excuse for it.
May 17, 2025 at 2:26 PM
Apps coming from the Play Store doesn't make them trustworthy, safe or secure. Most malware apps on Google Mobile Services devices are installed from the Play Store. Similarly to the Play Integrity API, it's Google reinforcing their monopolies with security as an excuse for it.
Reposted by S
Similar to iOS lockdown mode, Android 16's Advanced Protection feature is misguided. It adds security features exclusive to it which require using all of the other features. This prevents people using new security features if they need to avoid 1 feature.
security.googleblog.com/2025/05/adva...
security.googleblog.com/2025/05/adva...
Advanced Protection: Google’s Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing com...
security.googleblog.com
May 17, 2025 at 1:49 PM
Similar to iOS lockdown mode, Android 16's Advanced Protection feature is misguided. It adds security features exclusive to it which require using all of the other features. This prevents people using new security features if they need to avoid 1 feature.
security.googleblog.com/2025/05/adva...
security.googleblog.com/2025/05/adva...
Reposted by S
We still need help getting early access to Android 16 sources prior to the stable release in June. Every mainstream Android OEM has it. We're currently spending significant time on reverse engineering Android 16 Beta releases. It's a huge waste compared to having what we need.
May 22, 2025 at 2:22 AM
We still need help getting early access to Android 16 sources prior to the stable release in June. Every mainstream Android OEM has it. We're currently spending significant time on reverse engineering Android 16 Beta releases. It's a huge waste compared to having what we need.
Reposted by S
Multiple prominent banking apps in Europe have already implemented support for GrapheneOS via hardware attestation. The pace of apps adopting the Play Integrity API is unfortunately currently faster than apps adding support for GrapheneOS. This is due to Google marketing it.
May 23, 2025 at 1:39 AM
Multiple prominent banking apps in Europe have already implemented support for GrapheneOS via hardware attestation. The pace of apps adopting the Play Integrity API is unfortunately currently faster than apps adding support for GrapheneOS. This is due to Google marketing it.
Reposted by S
Google Play Integrity permits highly insecure devices with years of missing High/Critical severity security patches. They pretend any device licensing Google Mobile Services is secure while running the stock OS and anything else is insecure. This is a lie to lock out competition.
May 23, 2025 at 1:13 AM
Google Play Integrity permits highly insecure devices with years of missing High/Critical severity security patches. They pretend any device licensing Google Mobile Services is secure while running the stock OS and anything else is insecure. This is a lie to lock out competition.
Reposted by S
We're going to add a secure way of working around this without breaking the app source security model. We'll be adding support for having the OS automatically verify the Play Store signing metadata and then inform Play services those apps were installed from the Play Store.
May 23, 2025 at 12:57 AM
We're going to add a secure way of working around this without breaking the app source security model. We'll be adding support for having the OS automatically verify the Play Store signing metadata and then inform Play services those apps were installed from the Play Store.
Reposted by S
This is being done alongside Google recommending app developers forbid installing their apps from the Play Store on operating systems not licensing Google Mobile Services. The combination of these feature ends up blocking users from easily using the apps without modifying them.
May 23, 2025 at 12:56 AM
This is being done alongside Google recommending app developers forbid installing their apps from the Play Store on operating systems not licensing Google Mobile Services. The combination of these feature ends up blocking users from easily using the apps without modifying them.
Reposted by S
A growing number of apps are using the Play Integrity API to enforce installation from the Play Store. This is clearly highly illegal anti-competitive behavior. It doesn't impact GrapheneOS users installing apps with the sandboxed Play Store but does impact other install sources.
May 23, 2025 at 12:52 AM
A growing number of apps are using the Play Integrity API to enforce installation from the Play Store. This is clearly highly illegal anti-competitive behavior. It doesn't impact GrapheneOS users installing apps with the sandboxed Play Store but does impact other install sources.
Reposted by S
If this person sat next to you on a bus or train and started ranting about Bruce Springsteen in this way, you would get up and move to a different seat.
In the United States, we have him the nuclear codes.
In the United States, we have him the nuclear codes.
May 16, 2025 at 2:47 PM
If this person sat next to you on a bus or train and started ranting about Bruce Springsteen in this way, you would get up and move to a different seat.
In the United States, we have him the nuclear codes.
In the United States, we have him the nuclear codes.
I have created a Docker Compose file to launch open-webui exposed as a Tor hidden service. This way, you & your friends can discuss with your AI models on your main computer, 100% privately, from any device, anywhere in the world, without having to open any ports.
Interested? I'll share it soon.
Interested? I'll share it soon.
April 29, 2025 at 11:06 PM
I have created a Docker Compose file to launch open-webui exposed as a Tor hidden service. This way, you & your friends can discuss with your AI models on your main computer, 100% privately, from any device, anywhere in the world, without having to open any ports.
Interested? I'll share it soon.
Interested? I'll share it soon.
Reposted by S
It's normal for many third party apps to have bugs uncovered by hardware memory tagging which is why we don't yet have it enabled for user installed apps by default.
It isn't normal to have frequent crashes for the OS if that's what you're referring to. The OS itself should be quite stable.
It isn't normal to have frequent crashes for the OS if that's what you're referring to. The OS itself should be quite stable.
April 29, 2025 at 4:36 PM
It's normal for many third party apps to have bugs uncovered by hardware memory tagging which is why we don't yet have it enabled for user installed apps by default.
It isn't normal to have frequent crashes for the OS if that's what you're referring to. The OS itself should be quite stable.
It isn't normal to have frequent crashes for the OS if that's what you're referring to. The OS itself should be quite stable.
A thread about my first personal impressions on GrapheneOS:
- The OS is not as polished as iOS, but I expected that, of course. There is a lot of work to be done, but I believe AI will significantly increase development on that side, for Android, Graphene, and the wider app developer community.
- The OS is not as polished as iOS, but I expected that, of course. There is a lot of work to be done, but I believe AI will significantly increase development on that side, for Android, Graphene, and the wider app developer community.
April 29, 2025 at 3:03 PM
A thread about my first personal impressions on GrapheneOS:
- The OS is not as polished as iOS, but I expected that, of course. There is a lot of work to be done, but I believe AI will significantly increase development on that side, for Android, Graphene, and the wider app developer community.
- The OS is not as polished as iOS, but I expected that, of course. There is a lot of work to be done, but I believe AI will significantly increase development on that side, for Android, Graphene, and the wider app developer community.
Reposted by S
We started deploying RANDSTRUCT for the kernel, which will eventually be used to have multiple possible struct memory layouts for each device model chosen randomly at boot. Our work on reducing kernel attack surface also continued.
We plan to focus more on Linux kernel security going forward.
We plan to focus more on Linux kernel security going forward.
February 7, 2025 at 6:24 AM
We started deploying RANDSTRUCT for the kernel, which will eventually be used to have multiple possible struct memory layouts for each device model chosen randomly at boot. Our work on reducing kernel attack surface also continued.
We plan to focus more on Linux kernel security going forward.
We plan to focus more on Linux kernel security going forward.
Reposted by S
We replaced our decade old feature for blocking new USB peripherals while locked with a greatly expanded and far more secure feature. The new approach blocks USB-C connections and USB-C data at a hardware level with expanded software-based blocking as a fallback (grapheneos.org/features#usb...).
February 7, 2025 at 6:19 AM
We replaced our decade old feature for blocking new USB peripherals while locked with a greatly expanded and far more secure feature. The new approach blocks USB-C connections and USB-C data at a hardware level with expanded software-based blocking as a fallback (grapheneos.org/features#usb...).
Reposted by S
We made massive improvements in GrapheneOS to defend against these attacks since January 2024.
For ARMv9 devices, we greatly improved our hardware memory tagging implementation in hardened_malloc, deployed it for the Linux kernel allocators and greatly expanded the use of PAC and BTI across the OS.
For ARMv9 devices, we greatly improved our hardware memory tagging implementation in hardened_malloc, deployed it for the Linux kernel allocators and greatly expanded the use of PAC and BTI across the OS.
February 7, 2025 at 6:14 AM
We made massive improvements in GrapheneOS to defend against these attacks since January 2024.
For ARMv9 devices, we greatly improved our hardware memory tagging implementation in hardened_malloc, deployed it for the Linux kernel allocators and greatly expanded the use of PAC and BTI across the OS.
For ARMv9 devices, we greatly improved our hardware memory tagging implementation in hardened_malloc, deployed it for the Linux kernel allocators and greatly expanded the use of PAC and BTI across the OS.
Reposted by S
Several other improvements were made based on our January 2024 vulnerability reports and proposals including an implementation of wiping data before rebooting when a wipe is triggered. We shipped an improved version of this for our duress PIN/password feature before the feature shipped for Android.
February 7, 2025 at 6:02 AM
Several other improvements were made based on our January 2024 vulnerability reports and proposals including an implementation of wiping data before rebooting when a wipe is triggered. We shipped an improved version of this for our duress PIN/password feature before the feature shipped for Android.
Reposted by S
In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protection. Fastboot mode now zeroes RAM before enabling USB. This successfully wiped out the After First Unlock state exploit capabilities of two commercial exploit tools.
February 7, 2025 at 6:00 AM
In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protection. Fastboot mode now zeroes RAM before enabling USB. This successfully wiped out the After First Unlock state exploit capabilities of two commercial exploit tools.
Reposted by S
It seems the GPU usage is proportional to the size of the window.
This means it's probably related to their usage of requestAnimationFrame to draw something on the screen.
Would be cool though to see a company use end-user devices to do large scale AI compute (w/permission).
This means it's probably related to their usage of requestAnimationFrame to draw something on the screen.
Would be cool though to see a company use end-user devices to do large scale AI compute (w/permission).
March 19, 2025 at 7:40 PM
It seems the GPU usage is proportional to the size of the window.
This means it's probably related to their usage of requestAnimationFrame to draw something on the screen.
Would be cool though to see a company use end-user devices to do large scale AI compute (w/permission).
This means it's probably related to their usage of requestAnimationFrame to draw something on the screen.
Would be cool though to see a company use end-user devices to do large scale AI compute (w/permission).
Reposted by S
What's even crazier, is that after a question has been answered, it remains at like 80% GPU usage even though nothing is happening.
This eliminates the possibility of a bug in Chrome, IMO.
Need someone to reverse engineer their JS. /cc @pwnsdx.bsky.social @teambi0s @x0rz.bsky.social #infosec
This eliminates the possibility of a bug in Chrome, IMO.
Need someone to reverse engineer their JS. /cc @pwnsdx.bsky.social @teambi0s @x0rz.bsky.social #infosec
March 19, 2025 at 6:48 PM
What's even crazier, is that after a question has been answered, it remains at like 80% GPU usage even though nothing is happening.
This eliminates the possibility of a bug in Chrome, IMO.
Need someone to reverse engineer their JS. /cc @pwnsdx.bsky.social @teambi0s @x0rz.bsky.social #infosec
This eliminates the possibility of a bug in Chrome, IMO.
Need someone to reverse engineer their JS. /cc @pwnsdx.bsky.social @teambi0s @x0rz.bsky.social #infosec
Reposted by S
La France condamnée par la CEDH dans une affaire de consentement sexuel dans un divorce
La France condamnée par la CEDH dans une affaire de consentement sexuel dans un divorce
La Cour européenne des droits de l’homme a rappelé, jeudi, que « tout acte sexuel non consenti est constitutif d’une forme de violence sexuelle ».
www.lemonde.fr
January 23, 2025 at 10:25 AM
La France condamnée par la CEDH dans une affaire de consentement sexuel dans un divorce
Reposted by S
Reposted by S
