This is not how CVEs work at all. You can be pretty vague when registering it. In fact they’re usually annoyingly so and some companies are known for copy and pasting random text into the fields that completely lead you astray when trying to patch diff.

Additionally, MITRE doesn’t coordinate a release date with you. They can be slow to respond sometimes but in the end you just tell them to set the CVE to public at some date and they’ll do it. You’re also free to publish information on the vulnerability before MITRE assigned a CVE.

> The baseband can do a lot, it has dma

There's an IOMMU:

> Is the baseband isolated? > Yes, the baseband is isolated on all of the officially supported devices. Memory access is partitioned by the IOMMU and limited to internal memory and memory shared by the driver implementations. [...]

https://grapheneos.org/faq#baseband-isolation

> GrapheneOS cannot really influence this, but hardened_malloc could conceivably help.

They can and do, see above. But I don't see how hardened_malloc is related to the baseband doing DMA.

Thanks, this is very good information!

To answer your question, I thought it might just be slightly harder to extract secrets or exploit a running process directly. Thats all I was saying.

> Android 16 no longer provides device trees for Pixels as part of the Android Open Source Project. It's important to note it doesn't provide those for any other devices. There are no other OEMs providing similar AOSP support. [...]

by strcat, Graphene OS founder https://news.ycombinator.com/item?id=44679100

Way back before I made the jump to a Nexus S, I was maintainer of a CyanogenMod port. Granted there were other challenges involved with that (bypassing locked bootloaders with kernel module exploits) but I am well aware of what's involved. What Google is doing is a fucking waste of people's time for no reason whatsoever. And it's not just on the AOSP front--it's clearly a strategic platform decision.

I'm done with Google. On every front they are being assholes. The DOJ should have exploded Microsoft into bits and pieces back in the day the way they handled AT&T so that Google would fear the same.

Yeah, so? Pixel becoming no better than the competition isn't exactly the selling point you hold it out to be.

AFAIK the impact of that is overblown, because "device trees" are just files that can be extracted from the stock ROMs. Moreover drivers and kernels are still provided by google, albeit in code dump format (no git history).

The screen is a 16:10 screen with some extra pixels added next to the notch. By default, the system uses a resolution of 1512x982 (14"), which you can change to 1512x945 (16:10) to move the menu bar below the notch and end up with black pixels next to the notch.

"If you go make weird contortions and workarounds you might just find a semi-working non-solution to a problem that didn't exist until Apple introduced it".

Also my response here: https://news.ycombinator.com/item?id=44909996

You don’t have to assume, the docs in the repo tell you that it does run a Linux kernel in each VM. It’s one container per VM.

Good call, thanks for clarifying!

Not trying to argue that this happens regularly, but some recent (last 6 months or so) minted update contained breaking changes.

> a feature that can only be appreciated by a subculture of people (privacy advocates)

Just because it can’t be “appreciated” by all users doesn’t mean it’s only “for” a small sub-group.

It seems to me they’re just trying to minimise the data they have access to — similar to private cloud compute — while keeping up with the features competitors provide in a less privacy-respecting way. Them not asking for permission makes it even more obvious to me that it’s not built for any small super privacy-conscious group of people but the vast majority of their customers instead.

What you write sounds plausible at first, but then there’s this example from the German KSK:

„In 2018, the German Federal Criminal Police Office uncovered a plot involving unknown KSK soldiers to murder prominent German politicians such as Claudia Roth, Heiko Maas and Joachim Gauck among others, and carry out attacks against immigrants living in Germany.[7] Also, earlier that same year in a separate investigation, the State prosecutors in the city of Tübingen investigated whether neo-Nazi symbols were used at a "farewell" event involving members of KSK.[8][9]

In June 2020, German defence minister Annegret Kramp-Karrenbauer announced that the unit would be partially disbanded due to growing far-right extremism within the ranks.[10] The KSK had become partially independent from the chain of command, with a toxic leadership culture. One of the force's four companies where extremism is said to be the most rife was to be dissolved and not replaced.[11]“

https://en.m.wikipedia.org/wiki/Kommando_Spezialkr%C3%A4fte

It’s recommended to have at least two anyway, to still have access to your accounts in case one is lost. That means you can keep one key at your desktop and you’d only need to go up to get your keys when adding them to an account.

Having two in the same house is a pretty bad compromise. Ideally you'll want one of them to be physically somewhat distant (in case of a fire etc.), which makes things even less ergonomic.