Daniel Micay
Daniel Micay
> They also excluded certain hooks for Android from Clang CFI for performance reasons We're considering undoing this. The issue is that as part of GKI, they moved scheduler customizations...
We've also determined that enabling BTI is broken with CONFIG_UNWIND_PATCH_PAC_INTO_SCS enabled for the Pixel 8 kernel but his issue is **likely** fixed in mainline already or may not have ever...
It would be nice if the recommendation to use this was at least removed since it's encouraging downgrading security if you have both SCS and PAC enabled. It considers it...
It has nothing to do with GrapheneOS beyond the fact that we fully enable the location indicator and location permission history compared to Android 13 and 14 still not enabling...
I don't think you should close it.
> What things specifically cause the indicator to show up? Using APIs which obtain location data via the location permission. > I do not see anything else that could be...
@rgacogne > I wonder how the HTTPS world deals with that kind of issues. It would be very useful to know what kind of mitigations exist in haproxy and nginx,...
Since Linux TCP SYN cookies are now based on SipHash, the only real downside is a tiny bit of overhead for legitimate connections and more importantly clients without TCP timestamps...
Having a very efficient authoritative resolver with an efficient in-memory backend able to efficiently handle incremental updates to the static configuration rather than needing a database seems like the best...