lemmy - Link to source

GrapheneOS version 2025102200 released

Tags:

  • 2025102200 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025100900 release:

  • adevtool: add satellite eSIM overlays to avoid the special Skylo eSIM on 9th/10th gen Pixels being listed as a regular eSIM and being possible to erase with the regular eSIM erase functionality
  • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.111
  • kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.52
  • System Updater: prevent reboot and security preview notifications from timing out after 3 days which is standard behavior since Android 15 QPR1
  • System Updater: mark notification permission as fixed to prevent disabling overall notifications, but enable blocking progress, failure and already up to date notification channels
  • Sandboxed Google Play compatibility layer: add support for overriding BinderProxy transactions
  • Sandboxed Google Play compatibility layer: add support for out-of-band updates to GmsCompatLib
  • Vanadium: update to version 141.0.7390.111.0
  • Vanadium: update to version 141.0.7390.122.0
  • raise emulator super / dynamic partition size due to reaching the limit in some cases
  • adevtool: prefer prebuilt AOSP JDK 21

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102201 security preview release. List of additional fixed CVEs:

  • Critical: CVE-2025-48593, CVE-2025-48631
  • High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.


GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum
GrapheneOS Discussion Forum
#grapheneos
in reply to Philip Johansson 🏴‍☠️💜

mastodon - Link to source

Agnew Hawk

@philip

My understanding is that strcpy in c is one of the traditional "unsafe" functions, because it's easy to cause security issues with it. Since it's so well-known, LLM has likely seen it very often in training data.

However, curl is written according to ANSI C for portability, where only strcpy is available - so there's a trade-off LLM's have no capability to deduce.

@bagder

@daniel:// stenberg:// @Philip Johansson 🏴‍☠️💜

lemmy - Link to source

Vanadium version 141.0.7390.122.0 released

Changes in version 141.0.7390.122.0:

  • update to Chromium 141.0.7390.122

A full list of changes from the previous release (version 141.0.7390.111.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.


Comparing 141.0.7390.111.0...141.0.7390.122.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...
GitHub
#grapheneos

mastodon - Link to source
AI = Absent Integrity

Sensitive content

pleroma - Link to source

It's just my luck that I publish the Stalwart port last night and today they make a new release
RT: friedcheese.us/objects/8eab3ae…

feld

2025-10-22 05:19:40

pleroma - Link to source

The Stalwart Mail Server is now in FreeBSD ports

freshports.org/mail/stalwart/

cc @mWare


FreshPorts -- mail/stalwart: Stalwart Mail Server

Stalwart Mail Server is an open-source mail server solution with JMAP, IMAP4, POP3, and SMTP support and a wide range of modern features. It is written in Rust and designed to be secure, fast, robust and scalable.
www.freshports.org

glitchsoc - Link to source

My wife is away for a few weeks on an elder care visit so I’m wondering: does anybody have any good recommendations for a two player game, ideally that can be played on #iPhone / #iPad or possibly the web?

it can’t be action/arcade because she shrinks from the sight of a video game controller like a vampire reacting to garlic or fire. 

Word games are good. We used to play words with friends, but it became an ad in crusted garbage heap so I’m not particularly inclined to go back to that.

thanks in advance! 

#iphone #ipad

mastodon - Link to source
To #blind people with experience with #PowerPoint, I need help! My school wants me to create a #presentation with speaker notes and graphics, and I'm having extreme trouble even getting started. My info text box with my name, school, and date covers everything up, and I can't figure out moving it or how to get to speaker notes. I normally create assignments with #LaTeX, but I kept running into issues making a presentation that way. I'm on #Windows using #NVDA. Disability services made this sound doable and even easy, but so far that doesn't seem to be the case.
#accessibility #MicrosoftPowerPoint #BlindStudent @mastoblind @main
#Accessibility #blind #Windows #nvda #presentation #latex #powerpoint #microsoftpowerpoint #blindstudent @Blind Main @Group 4 Blind & VI people

mastodon - Link to source
#curl binary builds at curl.se/windows/ started using a fresh public suffix list, and will bump them regularly. (no longer relying on the copy bundled with libpsl, which is almost 2 years old) github.com/curl/curl-for-win/c…

psl: add versioned public suffix list updates [ci skip] · curl/curl-for-win@a987219

Replacing the public suffix list bundled with libpsl. The original promise / expectation was that libpsl sees regular updates, and a psl update with it, but the latest release is soon to be 2 year...
GitHub
#curl
This entry was edited (1 week ago)

mastodon - Link to source
The only thing that Ring (and their deal with local law enforcement to share videos) accomplishes is riling up the racist lookie loos in a neighborhood.
theverge.com/tech/804052/ring-…

Ring’s CEO says his cameras can almost ‘zero out crime’ within the next 12 months

Jamie Siminoff’s new book, Ding Dong, explores how his video doorbell startup turned into a home security behemoth.
Jennifer Pattison Tuohy (The Verge)

mastodon - Link to source

OK. Takže po migraci dat z NB s W10 na NB s W11 mě česká instalace linuxu místo těch W10.

Jenže kterou distribuci? Chci něco s Plasmou 6 a delší podporou ať nemusím řešit upgrade každý půlrok. Takže tentokrát ne Kubuntu - LTS má Plasmu 5 a 25.10. je až moc experimentální.

Takže po krátkém hledání jsem stáhnul #openSUSE Leap 16.

Bude fungovat? Splní očekávání? Zjistíme v následujících dnech 😎

#win10eol #win10toLinux

#opensuse #win10eol #win10tolinux

mastodon - Link to source
Vispero adding user accounts

Sensitive content

in reply to Jack-Frostodon

mastodon - Link to source

Pitermach

Vispero adding user accounts

Sensitive content

@Alex Hall @Jack-Frostodon

mastodon - Link to source
*ALL* tech should default to this mode! I should not have to go out to the internet and back to control local settings on something. Some automatic cloud processing is one thing, as their autopilot mode might do, but controlling settings with the app over the local network or bluetooth should just, be the default? Is it because bluetooth is such a pain in the ass to keep working? Would it actually be inconvenient for users that way? Or is it purely for harvesting?
Eight Sleep adds ‘outage mode’ to smart beds after AWS problems left them frozen
theverge.com/news/804289/eight…

Eight Sleep adds ‘outage mode’ to smart beds after AWS problems left them frozen

Eight Sleep devices were bricked by Amazon’s server issues on Monday, with users reporting smart bedsstuck at high temperatures and inclined positions.
Jess Weatherbed (The Verge)
in reply to x0

mastodon - Link to source

Mikołaj Hołysz

Local network is even more inconvenient.

To most people, a router is just "that thing that turns cable internet into wirelesss internet." According to them, the internet in my router is exactly the same as the internet in your router (maybe faster or slower). If they have a some kind of cursed WiFi setup to get reception in a different room that's actually two networks inside one another, they expect all smart tech to still keep working.

Anyway, none of this would have been a problem with IPV6, working UPNP and less security paranoya.

in reply to Jack-Frostodon

mastodon - Link to source

Mikołaj Hołysz

@jackf723 It's P2P as long as it can punch through, but it still relies on centralized servers for coordinating the punching-through part, and as a fallback for when P2P and/or UDP (which is the only protocol you can realistically use over P2P in most network conditions) is unavailable.

See this for more details on what's going on under the hood tailscale.com/blog/how-nat-tra…

How NAT traversal works

Here we cover how we can get through NATs (Network Address Translators) and connect your devices directly to each other, no matter what’s standing between them.
David Anderson (tailscale.com)
@Jack-Frostodon
in reply to Jack-Frostodon

mastodon - Link to source

x0

@jackf723 @miki Huh? We're talking about controlling smart devices without going through cloud infra so AWS going down doesn't brick your smart appliance, not file sharing. Although I think I did hear something about the EU wanting to have an interoperable standard, a la air drop, between all the phones, and hopefully computers can get it too at some point...
@Mikołaj Hołysz @Jack-Frostodon
in reply to Jack-Frostodon

mastodon - Link to source

x0

@jackf723 @miki Still needs a coordination server, though. I also still need to figure out whether it's capable of completely avoiding relaying when I'm talking to devices that are actually on my LAN, can it just, resolve the LAN IP address and beam directly at it, or go through the router? I never saw an article on that one. I'm behind a Spectrum NAT.
@Mikołaj Hołysz @Jack-Frostodon
in reply to Mikołaj Hołysz

mastodon - Link to source

x0

@miki @jackf723 Well the first time it came back via a 2603:... IPv6 address, but then it appears to have found the internal one, 192.168.1.x. The IPv6 ping was 70 ms, then the internal one was 6, but then it was 30ms and 1.2 seconds? These ping times are nuts. Same address though so it seems after a few packets through it figured out the best route and is now sticking with it. For reference, I pinged my phone.
@Mikołaj Hołysz @Jack-Frostodon

mastodon - Link to source
I'm just genuinely trying to have fun the last little bit I'm here :) I'm volunteering to do tours, volunteering to help people or do things that people are asking for volunteers to do, trying to be more social and relaxed and fun. I have my final meal on Friday and honestly, I'm not stressed about it. It's gonna be fun. I'm excited about it and excited to see what my travel assignment for next week will be.

mastodon - Link to source

Nuclear and Hydro Linked to Lower Electricity Prices. Wind and Solar are Not.

I often hear the phrase “Wind and solar lower electricity prices", but is that really true? I decided to plot the data.

Looking at the average spot market price (no taxes or tariffs) across 30 European countries in 2024, wind and solar seem to have no effect on electricity prices. The weighted regression actually shows a slightly positive slope, meaning prices go up as the share of wind and solar increase, but it is far from statistically significant (R2 = 0.03, p = 0.4).

In short: wind and solar explain nothing about a country’s electricity price.

On the other hand, when looking at clean firm power sources like hydro and nuclear, the explanatory power becomes much stronger.

Using a Weighted Least Squares (WLS) regression across 30 European countries, weighted by total electricity production, there is a clear and statistically significant relationship (R2 = 0.4, p < 0.001). Countries with more hydro and nuclear tend to have lower electricity prices. Of course, this does not explain all the variation, since plenty of other factors matter too.

But it sends a clear signal: hydro and nuclear are linked to cheaper electricity, while wind and solar are not having any measurable effect in either direction.

[Original text by Johan Christian Sollid, as posted on X]

Scatterplots show 2024 electricity prices in 30 European countries; more hydro/nuclear correlates with lower prices, wind/solar show no clear effect.

mastodon - Link to source
Markdown support is coming to #LibreOffice! And a new dialog to edit table styles, Python and BASIC code auto-completion, Rust UNO language bindings, and more - all thanks to participants in the Google Summer of Code: blog.documentfoundation.org/bl… #foss #OpenSource
Image of raw Markdown text on the left, and it being rendered in LibreOffice on the right

LibreOffice and Google Summer of Code 2025: The results - The Document Foundation Blog

This year, LibreOffice was once again a mentoring organization in the Google Summer of Code (GSoC), a global program focused on bringing more developers into free and open source software development. Seven projects were finished successfully.
Ilmari Lauhakangas (The Document Foundation)
#foss #opensource #libreoffice

reshared this

mastodon - Link to source

Some languages (American English): "Okay so we're just going to keep the legacy spelling and everyone will be tortured in school to learning how to spell it when we don't pronounce it that way any longer."

Other languages: We're just going to update the spelling, really, there's no sense in keeping the legacy spelling around when no one pronounces anything that way any longer.

Then there's Irish: ¿por qué no los dos?