That's exactly what I do with mine but apparently more and more manufacturers are putting the modem unit behind the same fuse that powers something essential.
For what it’s worth, the authors note that since this is installed on a phone, by the time CellGuard has detected a rogue base station, it’s too late anyway.
These spying devices often do permit network traffic to flow through, so if deployed widely these apps could be used to report on where large-scale messing with cellular communications is taking place. The only way to stop this technology is to turn off your phone completely (and opt out of any low-power "find my" networks built into Android and iOS, of course).
That's my point. Apple and Google are using local BLE broadcasts that get uploaded to servers for locating devices. That means ICE can detect/count people in the vicinity by just monitoring the location network signals your devices will emit. For some devices, the location beacon feature will keep working even if you turn them "off".
My Raspberry Pi some time ago had a setup where only public key auth was enabled for LUKS unlock, so I only had to have an authorized_keys file unencrypted.
> I used an LLM for wording. The research, traces, and AML decomp are mine. Every claim is verified and reproducible if you follow the steps in the article; logs and commands are in the repo. If you think something's wrong, cite the exact timestamp/method/line. "AI wrote it" is not an argument.
I got an HP Pavilion laptop in 2011 with an intel i5-2540m, I believe, and a Radeon 6750 or thereabouts. For the first year I owned it, GPU switching was utterly broken and the dedicated GPU was basically dead silicon. Sometime in 2012, they released an updated BIOS that allowed changing the GPU switch logic from "dynamic" to "fixed dedicated", and that allowed you to actually use the builtin dGPU. That being said, the documented issue in TFA arises specifically when trying to exclusively use the dGPU...
If working in a Kubernetes environment you can use cert-manager that basically manages certificate lifetime for you, just need to make the crt/key available to your services using secret references as volumes.
If you're not using k8s certbot is also an option, you get your certificates under /etc/letsencrypt/live/$domain.
Yes, because you want to know what certificates you're issuing. You could be automatically issuing and deploying certs on a system where the actual app was decommissioned. It's probably mostly a risk for legacy systems where the app gets killed, but the hardware stays live and potentially unpatched and is now vulnerable to a hacker taking it over.
With manual renewals, the cert either wouldn't get renewed and would become naturally invalid or the notification that the cert expired would prompt someone to finish the cleanup.
This is what Certificate Transparency is for. If you want to know what publicly trusted certificates are being issued for whatever domains are of interest to you, that's how you find out. It has the important advantage of always working no matter how heterogeneous your stack is; the clients that request certificates do not need to be connected to any particular notification system.
That’s not a switch chip. Still great that we’re finally getting cheap NICs tho
reply