Secure boot is...insecure?
Researchers recently discovered that over 200 device models are compromised due to a leaked cryptographic key from a GitHub repository in 2022. This key, which underpins Secure Boot, was protected by a weak password, making it easy to crack.
Additionally, 21 test keys meant for internal use were found in production devices from major manufacturers, further compromising security. This was named PKfail by Binarly.
• Total no. devices that use the compromised key: 215
• Vendors: Acer, Aopen, Dell, Formelife, Gigabyte, Intel, Supermicro
Are you affected? Here's how you can check:
🔗 arstechnica
🧑💻 @agamtechtricks
Researchers recently discovered that over 200 device models are compromised due to a leaked cryptographic key from a GitHub repository in 2022. This key, which underpins Secure Boot, was protected by a weak password, making it easy to crack.
Additionally, 21 test keys meant for internal use were found in production devices from major manufacturers, further compromising security. This was named PKfail by Binarly.
• Total no. devices that use the compromised key: 215
• Vendors: Acer, Aopen, Dell, Formelife, Gigabyte, Intel, Supermicro
Are you affected? Here's how you can check:
Windows:
In PowerShell, run:> [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI
PK).bytes) -match "DO NOT TRUST|DO NOT SHIP"
True
Linux:$ efi-readvar -v PK
Variable PK, length 862
PK: List 0, type X509
Signature 0, size 834, owner 26dc4851-195f-4ae1-9a19-
fbf883bbb35e
Subject:
CN=DO NOT TRUST - AMI Test PK
Issuer:
CN=DO NOT TRUST - AMI Test PK
🔗 arstechnica
🧑💻 @agamtechtricks
👏21😁3🖕1🆒1
Stripe acquires payment processing startup Lemon Squeezy
Stripe has acquired the payment processing startup Lemon Squeezy, a four-year-old company serving SaaS and software businesses by managing global sales tax for digital products. The deal's terms remain undisclosed. Stripe CEO Patrick Collison and Chief Product Officer Will Gaybrick praised Lemon Squeezy’s merchant of record (MoR) capabilitie and plan to scale these services.
Lemon Squeezy’s CEO JR Farr noted that the startup, which launched in 2021 and surpassed $1 million in annual recurring revenue within nine months, has been using Stripe for payment processing from the start.
🔗 Lemon Squeezy | TechCrunch
🧑💻 @agamtechtricks
Stripe has acquired the payment processing startup Lemon Squeezy, a four-year-old company serving SaaS and software businesses by managing global sales tax for digital products. The deal's terms remain undisclosed. Stripe CEO Patrick Collison and Chief Product Officer Will Gaybrick praised Lemon Squeezy’s merchant of record (MoR) capabilitie and plan to scale these services.
Lemon Squeezy’s CEO JR Farr noted that the startup, which launched in 2021 and surpassed $1 million in annual recurring revenue within nine months, has been using Stripe for payment processing from the start.
Please open Telegram to view this post
VIEW IN TELEGRAM
👎5
Windows 11 to Introduce Wireless Android File Management
Microsoft is rolling out a new feature for Windows 11 that allows wireless access to Android smartphone files via File Explorer. This update, currently available to some Windows Insiders, enables users to view, manage, and transfer files between their PC and Android device without a physical connection. The feature supports Android 11+ devices and requires the "Link to Windows" Beta app.
Users can enable this function through Settings > Bluetooth & Devices > Mobile Devices. While some minor issues exist, such as discrepancies in file deletion periods, Microsoft is working on fixes to improve the experience.
🔗 Winaero
🧑💻 @agamtechtricks
Microsoft is rolling out a new feature for Windows 11 that allows wireless access to Android smartphone files via File Explorer. This update, currently available to some Windows Insiders, enables users to view, manage, and transfer files between their PC and Android device without a physical connection. The feature supports Android 11+ devices and requires the "Link to Windows" Beta app.
Users can enable this function through Settings > Bluetooth & Devices > Mobile Devices. While some minor issues exist, such as discrepancies in file deletion periods, Microsoft is working on fixes to improve the experience.
🔗 Winaero
🧑💻 @agamtechtricks
👍19🔥7🖕1
Instagram starts letting people create AI versions of themselves
Meta is opening up the ability for anyone in the US to create AI versions of themselves with AI Studio.
Creators can customize their AI based on things like their Instagram content, topics to avoid and links they want it to share. Creators will be able to toggle things like auto-replies from their AI and dictate which specific accounts it’s allowed to interact with.
AI Studio also allows for the creation of totally new AI characters, similar to Character.AI. You will be able to try AI characters made by others as well, similar to GPT store.
🔗 Meta | TheVerge
🧑💻 @agamtechtricks
Meta is opening up the ability for anyone in the US to create AI versions of themselves with AI Studio.
Creators can customize their AI based on things like their Instagram content, topics to avoid and links they want it to share. Creators will be able to toggle things like auto-replies from their AI and dictate which specific accounts it’s allowed to interact with.
AI Studio also allows for the creation of totally new AI characters, similar to Character.AI. You will be able to try AI characters made by others as well, similar to GPT store.
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
😐17🔥2💩2😱1🖕1
Canva acquires Leonardo.ai to boost its generative AI efforts
Canva has acquired Leonardo.ai, a generative AI content startup, to enhance its AI technology. Leonardo.ai, founded in 2022 and known for its advanced user control in AI art creation, will continue operating independently but benefit from Canva’s resources. All 120 employees, including the executive team, will join Canva.
The acquisition aims to integrate Leonardo’s technology into Canva’s Magic Studio suite, expanding its generative AI capabilities. Leonardo.ai is Canva’s eighth acquisition overall and its second acquisition of the year.
🔗 TechCrunch
🧑💻 @agamtechtricks
Canva has acquired Leonardo.ai, a generative AI content startup, to enhance its AI technology. Leonardo.ai, founded in 2022 and known for its advanced user control in AI art creation, will continue operating independently but benefit from Canva’s resources. All 120 employees, including the executive team, will join Canva.
The acquisition aims to integrate Leonardo’s technology into Canva’s Magic Studio suite, expanding its generative AI capabilities. Leonardo.ai is Canva’s eighth acquisition overall and its second acquisition of the year.
🔗 TechCrunch
🧑💻 @agamtechtricks
😢6🖕1👀1
MapMyIndia accuses Ola Electric of copying data; sends legal notice
CE Info Systems (MapMyIndia) has sent a legal notice to Ola Electric for allegedly copying the former’s data as Ola launched its own mapping service in India.
MapMyIndia accused Ola of violating their 2021 license agreement by attempting to reverse engineer or copy the source code from MapMyIndia's API. MapMyIndia alleged that Ola Electric improperly cached and saved their data for use in Ola Maps.
The Delhi-based company warned that it will pursue both civil and criminal legal actions against Ola Electric for these infringements.
🔗 Entrackr
🧑💻 @agamtechtricks
CE Info Systems (MapMyIndia) has sent a legal notice to Ola Electric for allegedly copying the former’s data as Ola launched its own mapping service in India.
MapMyIndia accused Ola of violating their 2021 license agreement by attempting to reverse engineer or copy the source code from MapMyIndia's API. MapMyIndia alleged that Ola Electric improperly cached and saved their data for use in Ola Maps.
The Delhi-based company warned that it will pursue both civil and criminal legal actions against Ola Electric for these infringements.
Please open Telegram to view this post
VIEW IN TELEGRAM
🤣38❤1👍1🖕1
Firefox and Meta develop a mechanism that promises to keep the user's data private in an unyielding ad world
Mozilla recently received backlash after shipping an experimental feature — Privacy-preserving attribution, enabled by default, which collects data for advertisers, in Firefox 128.
It aims to balance advertiser needs and user privacy. Mozilla is collaborating with Meta on the project to ensure it meets both privacy standards and advertiser utility.
The development, ongoing for several years, utilizes a secure multi-party computation (MPC) system called DAP/Prio. Its privacy properties have been analyzed to identify loopholes. Currently, the prototype is limited to a few test sites and only functions in Firefox.
🌐 r/firefox
🔗 Windows Central
🧑💻 @agamtechtricks
Mozilla recently received backlash after shipping an experimental feature — Privacy-preserving attribution, enabled by default, which collects data for advertisers, in Firefox 128.
It aims to balance advertiser needs and user privacy. Mozilla is collaborating with Meta on the project to ensure it meets both privacy standards and advertiser utility.
The development, ongoing for several years, utilizes a secure multi-party computation (MPC) system called DAP/Prio. Its privacy properties have been analyzed to identify loopholes. Currently, the prototype is limited to a few test sites and only functions in Firefox.
Please open Telegram to view this post
VIEW IN TELEGRAM
👎44🌭5👍4🖕1
Spotify expands lyrics access for free users
In May, Spotify limited free users to viewing lyrics for only three songs per month to encourage subscriptions. After numerous complaints, Spotify is now increasing this limit, allowing more free users to see lyrics globally. The exact new limit wasn't disclosed but is expected to be higher.
The paywall for lyrics, tested since September 2023, didn't significantly boost paid subscriptions. In Q2 2024, Spotify reported 626 million monthly active users, including 246 million premium subscribers.
[From 9to5Google] The new monthly limit is higher than anyone would ever reach, and higher than any single user has even neared.
🔗 TechCrunch
🧑💻 @agamtechtricks
In May, Spotify limited free users to viewing lyrics for only three songs per month to encourage subscriptions. After numerous complaints, Spotify is now increasing this limit, allowing more free users to see lyrics globally. The exact new limit wasn't disclosed but is expected to be higher.
The paywall for lyrics, tested since September 2023, didn't significantly boost paid subscriptions. In Q2 2024, Spotify reported 626 million monthly active users, including 246 million premium subscribers.
[From 9to5Google] The new monthly limit is higher than anyone would ever reach, and higher than any single user has even neared.
🔗 TechCrunch
🧑💻 @agamtechtricks
😁29🤣15👍4🤡1🖕1
GrapheneOS may take legal action against Google regarding Play Integrity API
- Shawn Willden (X)
GrapheneOS users found that Authy, a 2FA manager, won't work on their devices due to Play Integrity, which verifies Android device security. GrapheneOS, which doesn’t include Play Services by default, allows users to install a sandboxed version.
GrapheneOS criticized LineageOS for disabling verified boot and reducing security, leading to misconceptions about custom ROMs.
Most certified Android devices don't comply with Google's standards. Play Integrity API lacks a minimum security patch level, and most apps using it have weak software-based checks that attackers can easily bypass.
The project plans to take legal action and has begun discussions with regulators.
🌐 X/Twitter
🔗 Ars Technica
🧑💻 @agamtechtricks
If it's not an official OS, we have to assume it's bad.
- Shawn Willden (X)
GrapheneOS users found that Authy, a 2FA manager, won't work on their devices due to Play Integrity, which verifies Android device security. GrapheneOS, which doesn’t include Play Services by default, allows users to install a sandboxed version.
GrapheneOS criticized LineageOS for disabling verified boot and reducing security, leading to misconceptions about custom ROMs.
Most certified Android devices don't comply with Google's standards. Play Integrity API lacks a minimum security patch level, and most apps using it have weak software-based checks that attackers can easily bypass.
The project plans to take legal action and has begun discussions with regulators.
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤56🔥10❤🔥4👍4🐳1🖕1
DuckDuckGo blocked in Indonesia over NSFW, gambling search results
DuckDuckGo has been blocked in Indonesia due to complaints about pornographic and online gambling content in its search results. This reflects Indonesia's, a Muslim country's cultural and religious norms, where gambling is prohibited and porn is viewed as morally unacceptable. Google Search remains accessible.
Indonesians are turning to VPNs to bypass restrictions. However, the government plans to block free VPNs, making accessing blocked sites costly.
🔗 BleepingComputer
🧑💻 @agamtechtricks
DuckDuckGo has been blocked in Indonesia due to complaints about pornographic and online gambling content in its search results. This reflects Indonesia's, a Muslim country's cultural and religious norms, where gambling is prohibited and porn is viewed as morally unacceptable. Google Search remains accessible.
Indonesians are turning to VPNs to bypass restrictions. However, the government plans to block free VPNs, making accessing blocked sites costly.
Yesterday, Mr. Hokky (Ministry's Director General of Informatics Applications) had a meeting with Mr. Wayan (Ministry's Director General of Postal and Information Technology Operations), and we will shut down free VPNs to reduce access to networks for the general public to curb the spread of online gambling.
Please open Telegram to view this post
VIEW IN TELEGRAM
🤡47👍8👎3🤣3🆒2🖕1
Turkey blocks access to Instagram for failure to comply with laws
Turkey blocked access to Instagram on Friday after the platform failed to comply with the country's laws and regulations. The ban was implemented following accusations from Fahrettin Altun, Turkey's presidency communications director, that Instagram blocked condolence posts after the assassination of Ismail Haniyeh.
Turkey's Minister of Transportation and Infrastructure, Abdulkadir Uraloglu, stated that the ban would be lifted if Instagram complied with the law.
The decision was announced by Turkey's Information Technologies and Communication Authority (BTK).
🔗 ThePrint
🧑💻 @agamtechtricks
Turkey blocked access to Instagram on Friday after the platform failed to comply with the country's laws and regulations. The ban was implemented following accusations from Fahrettin Altun, Turkey's presidency communications director, that Instagram blocked condolence posts after the assassination of Ismail Haniyeh.
Turkey's Minister of Transportation and Infrastructure, Abdulkadir Uraloglu, stated that the ban would be lifted if Instagram complied with the law.
The decision was announced by Turkey's Information Technologies and Communication Authority (BTK).
Please open Telegram to view this post
VIEW IN TELEGRAM
🤡35👍11🔥8🥰1😁1🤔1🖕1
Google Chrome warns uBlock Origin may soon be disabled
Google Chrome is encouraging uBlock Origin users to switch to other ad blockers as it phases out support for Manifest v2 (MV2) extensions in favor of Manifest v3 (MV3). Since uBlock Origin is an MV2 extension, users see warnings suggesting alternatives. uBlock Origin Lite (uBOL) is a pared-down MV3-compliant version.
Chrome will disable MV2 extensions over the coming months, with users directed to MV3 alternatives. Enterprises using the ExtensionManifestV2Availability policy are exempt until June 2025.
🔗 BleepingComputer
🧑💻 @agamtechtricks
Google Chrome is encouraging uBlock Origin users to switch to other ad blockers as it phases out support for Manifest v2 (MV2) extensions in favor of Manifest v3 (MV3). Since uBlock Origin is an MV2 extension, users see warnings suggesting alternatives. uBlock Origin Lite (uBOL) is a pared-down MV3-compliant version.
Chrome will disable MV2 extensions over the coming months, with users directed to MV3 alternatives. Enterprises using the ExtensionManifestV2Availability policy are exempt until June 2025.
🔗 BleepingComputer
🧑💻 @agamtechtricks
🖕60🫡5😁1😢1
Internet Archive "Glitch" Causes Massive User Data Loss
The Internet Archive recently experienced a significant "glitch" resulting in the deletion of numerous user accounts and years of associated data. This issue, occurring around mid-July, has affected accounts dating back to at least 2015.
The organization has not reached out to affected users, instead relying on them to create new accounts. Only uploads are being silently relinked, and only if the new account uses the same email as the old one. The extent of the data loss and number of affected accounts is currently unknown.
🔗 Gingerbeardman
🧑💻 @agamtechtricks
The Internet Archive recently experienced a significant "glitch" resulting in the deletion of numerous user accounts and years of associated data. This issue, occurring around mid-July, has affected accounts dating back to at least 2015.
The organization has not reached out to affected users, instead relying on them to create new accounts. Only uploads are being silently relinked, and only if the new account uses the same email as the old one. The extent of the data loss and number of affected accounts is currently unknown.
🔗 Gingerbeardman
🧑💻 @agamtechtricks
👍17😢5😱1🖕1
Game Informer is shutting down
Game Informer, a prominent video game magazine, is shutting down after 33 years, with its entire staff laid off. The magazine, owned by GameStop, announced the closure without specifying reasons, though GameStop's CEO had previously emphasized cost-cutting. The magazine had recently offered direct subscriptions, but industry-wide challenges impacted its sustainability. Game Informer expressed gratitude to its readers and bid farewell with a heartfelt message.
🔗 The Verge
🧑💻 @agamtechtricks
Game Informer, a prominent video game magazine, is shutting down after 33 years, with its entire staff laid off. The magazine, owned by GameStop, announced the closure without specifying reasons, though GameStop's CEO had previously emphasized cost-cutting. The magazine had recently offered direct subscriptions, but industry-wide challenges impacted its sustainability. Game Informer expressed gratitude to its readers and bid farewell with a heartfelt message.
🔗 The Verge
🧑💻 @agamtechtricks
💔17🤯3❤1👍1🎉1🍾1🖕1
GitHub Roaster: Roast a GitHub Profile
GitHub Roaster is a fun web app designed to roast GitHub profiles. All you have to do is enter your username, and it will generate a pretty funny and I'd say, a pretty accurate roast. Currently, it's running using GPT-4o-mini because it is way cheaper than GPT-4o.
This has been developed by Rubi, the developer of Lokal.so.
Share your profile's roasts in the comments!
🔗 Try now!
🌐 Source Code
🧑💻 @agamtechtricks
GitHub Roaster is a fun web app designed to roast GitHub profiles. All you have to do is enter your username, and it will generate a pretty funny and I'd say, a pretty accurate roast. Currently, it's running using GPT-4o-mini because it is way cheaper than GPT-4o.
This has been developed by Rubi, the developer of Lokal.so.
Share your profile's roasts in the comments!
Please open Telegram to view this post
VIEW IN TELEGRAM
❤22🤣7👍3🔥3👏3🥰2🖕1
This media is not supported in your browser
VIEW IN TELEGRAM
Using Your Kindle as an E-Ink Monitor
Adhityaa turned his Kindle into an e-ink monitor, achieving 3-4 fps on a Paperwhite 3. Here’s a quick guide:
1. Jailbreak your Kindle, you can follow the instructions from the LanguageBreak thread.
2. Write a program to receive files on port 8000 and then invoke
3. Use
🌐 X/Twitter
🌐 GitHub Gist
🧑💻 @agamtechtricks
Adhityaa turned his Kindle into an e-ink monitor, achieving 3-4 fps on a Paperwhite 3. Here’s a quick guide:
1. Jailbreak your Kindle, you can follow the instructions from the LanguageBreak thread.
2. Write a program to receive files on port 8000 and then invoke
eips to draw the images on the screen. He had written a Go program but lost the source code. [Eips Wiki]3. Use
screencapture on macOS or something similar on other OSs to repeatedly capture the screen. Process these images with ImageMagick to match the Kindle’s display requirements. Then, transfer the images to the Kindle using netcat.Please open Telegram to view this post
VIEW IN TELEGRAM
🔥14👍2😁2❤1🥰1🖕1🦄1