@apicultor Pixels moved away from Snapdragon in 2021 to Tensor. They began using wrapped key encryption support, moved to a custom RISC-V secure element (Titan M2) and an entirely different TEE (TrustZone) implementation (Trusty OS). It's a different platform, not the same one. We've recently posted a lot about this and how we have worked on improving security against recovery of data from After First Unlock devices. Our pinned post is about firmware improvements we got them to add in April.
@apicultor Pixel 5a is the only Snapdragon Pixel that's not end-of-life and will be soon. Our device-specific hardening work is being done for Tensor Pixels.
We have zero-on-free which applies at shutdown/reboot as it does normally, auto-reboot, USB-C port control disabling USB at a low level and our usual exploit protections.
@apicultor Interestingly enough, @thunderbird now offers Matrix as an option in its Chat tab. But yeah, Element has been a trashfire for a while. :dumpster_fire:
Excellent post by @cks regarding how quickly boxes get probed after having their FQDNs included in a Certificate Transparency log (aka having a TLS certificate issued for them):
This is actually why I use only wildcard certificates when possible — not for security by obscurity, but why stick your head out of the trench and call attention to yourself when you don't have to?
Update: Very glad to be able to report that the UNIFE speaker received a chilly reception from many in the crowd re their bullshit position that the Cyber Resiliency Act should not apply in rail, with special resistance to mandatory supply of patches:
@apicultor@jon@PGLux They're probably not the only sector to need a push. Going the route of regulation is the best way forward, even the US is revising their previous position in favour of regulating.
Tomorrow ENISA will publish a report with a deep dive on the transport sector. Our survey found that more than half of transport entities that have been designated under the NIS directive need 1 month to patch a critical vulnerability. And more than a fifth need between 1 and 6 months to patch
@jon@sebwilken@apicultor
Called ÖBB‘s customer service yesterday. They admitted some struggle to open online bookings from December, 10.
I couldn‘t book via nightjet.com and was provided advice to book via https://shop.oebbtickets.at as nightjet.com is just a sort of overlay.
But even there: No bookings available for most connections in early 2024.
@unifiedpush I love the concept of UnifiedPush, and indeed I use it with Element on #GrapheneOS with no Google anything installed (and thus no Google-powered push notifications).
However, Signal's push notifications work flawlessly on this same device, so clearly they handle their own notifications (and do a good job of it).
So, other than #notifications, what's the benefit to the end user of Molly over #Signal?
As Signal itself proved, adding voice and video calls on top of secure text channels is entirely possible.
RCS does already include voice and video calling in the universal profile. I wouldn't be surprised if Google were to announce they are working to encrypt those also in their Messages app in the future.