SDF Chatter

Thought this belonged here.

Notable changes in version 91:

• add support for the Pixel 10a with either the stock OS or future GrapheneOS releases
• update Gradle to 9.4.0
• update Android Gradle plugin to 9.0.0
• update AndroidX Core library to 1.18.0
• update CameraX library to 1.5.3
• update Kotlin to 2.3.10
• update Bouncy Castle to 1.83

A full list of changes from the previous release (version 90) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.

Sorry for not having anything more original to post, but I like how the diff stripes look, like a shimmering. I think it's pretty.

Lovely Art. Inspiring and prayer-friendly

https://removepaywalls.com/https://www.nytimes.com/2026/03/11/world/middleeast/un-security-council-condemns-iran-strikes.html

The United Nations Security Council on Wednesday decisively adopted a Bahraini-led resolution condemning Iran’s regional attacks and rejected a Russian proposal seeking an end to the conflict in the Mideast.

These votes occurred as U.S. and Israeli forces continued bombarding Iran for a 12th day, with Iranian retaliation reverberating throughout the Middle East.

Thirteen out of the 15 member countries of the Security Council, including the United States, Britain and France, supported Bahrain’s resolution, proposed on behalf of six Gulf nations and Jordan. China and Russia abstained.

Russia’s U.N. representative, Vasily Nebenzya, said that his country’s proposal aimed to de-escalate and did not seek to lay blame for causes of the conflict to ensure its adoption. He called it “simple, direct and unequivocal in nature,” and said it urged an end to fighting, condemned strikes against civilians and civilian infrastructure, and called for negotiations.

Four countries on the Security Council voted in favor of it — Russia, China, Pakistan and Somalia. The United States and Latvia opposed, while France, Britain, Bahrain, Colombia, the Democratic Republic of Congo, Denmark, Greece, Liberia and Panama abstained.

We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security & freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.

uattest.net

This 🇪🇺 does NOT make bad practices from 🇺🇲 more palatable. People need to stop flag shagging, good tech is good when open auditable & represents freedom regardless of origin. Those behind this are funded by those pushing Chat Control.

Size of companies and their locale is irrelevant when hardware attestation API exists and is open and freely implementable, these are adversarial solutions looking for a problem. That problem they are 'solving' is the free distributiion and use of apps across the Android eco system.

I didn't know these were a good thing but their proponents in this regard must think they are and which by definition this attestation programme is. It is neither utilitarian nor benevolent. One company Google does it, it is monopolistic, multiple do it they become a...cartel.

Further context: Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.

~@Metr0pl3X@lemmy.ml of Grapheneos

https://inv.nadeko.net/watch?v=zUzd9KyIDrM

We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.

https://uattest.net/

Google's Play Integrity API is a horrible system enforcing using devices officially licensing Google Mobile Services. It permits those regardless of how many years behind they are on security patches. The solution to this isn't another anti-competitive system based in Europe.

Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.

Hardware-based attestation has valid use cases including the Auditor app on GrapheneOS for protecting users. The way these companies are using it serves no truly useful purpose beyond giving themselves as unfair advantage while pretending it has something to do with security.

If banks and governments insist on checking devices for security they should define actual standards. It should be possible for any tiny project to be certified at no cost and the standards should be fairly enforced so a mainstream device without current patches is disallowed.

Volla, Murena and iodé sell products with atrocious security. They fail to provide important patches and protections while misleading users with inaccurate claims about privacy and security. That includes setting an inaccurate Android security patch level despite missing patches.

These companies should not have any say over which devices can be used for European banking and government apps. It will reduce competition and reduce security exactly as the Play Integrity API is already doing. The EU should ban using attestation to determine OS compatibility.

Murena and iodé are extremely hostile towards GrapheneOS. They've spent years misleading people about it with inaccurate claims to promote their insecure products. We'll never work with them. Volla, Murena and iodé should have no say in which OS people can use on their devices.

There's no legitimate purpose for either Play Integrity or Unified Attestation to exist. Both will inherently fail to uphold even basic security standards since otherwise their own products wouldn't be allowed. Root-based attestation is also inherently not a secure approach.

Having a European version of the Play Integrity which permits people to use insecure products from specific European companies participating in it while disallowing using arbitrary hardware or software is the opposite of a solution. It's more of the same anti-competitive garbage

Hey there.

If you loved olive 0.1, it's back. With (a lot) of help from claude, i revived this 7 years old amazing program and brought it back.

Yes oak exists and olive 0.2 is more advanced, but 0.1 workflow was so natural to me i never was able to use anything else. And its back. and the .deb build is 1.3MB. For a full fledged NL video editor.

Have a great day

Changes in version 146.0.7680.111.0:

• update to Chromium 146.0.7680.111
• simplify disable problematic upstream GPU driver workaround via feature flag
• backport fix for DrumBrake WebAssembly interpreter race conditions
• extend workaround for PowerVR GPU driver bug to be active for Pixel 10 devices by raising the maximum OpenGL ES version for the workaround from 3.0 to 3.2

A full list of changes from the previous release (version 146.0.7680.65.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Iran’s sports minister told state television that the country cannot play in this year’s FIFA Men’s World Cup, including its June 26 game against Egypt in Seattle, according to reports from multiple media outlets Wednesday.

archive link

The proposed $410 million levy is around 50% higher than the 2019 library levy, adjusted for inflation. With a focus on maintaining hours and modestly expanding services, the package doesn't include many big ticket items.

Here is a video of Luka playing.

I have never seen an Attorney General take action on a consumer complaint. The best outcome I’ve seen is they make the complaint public record, then do nothing. Other AGs reply to say “not a violation of deceptive trade practices”. And some AGs do not respond at all - they just ignore complaints.

The FTC and CFPB are also options but those are also often deadbeat agencies particularly under republican governance.

What’s the recourse? Who generally oversees a state’s AG?

I just can't catch a break.

https://lemmy.sdf.org/modlog/744855?page=1&actionType=All

@Draconic_NEO@pawb.social

Previously.