There’s a reason it only supports Pixel phones: none of the other manufacturers produce phones that are suitable for it. All the other ones either don’t let you unlock the bootloader, won’t let you relock it with your own keys, or disables other security featurea. Meaning anyone can just flash whatever code they want to the phone and completely nullify the security model.

For a bit, OnePlus did support this but they quietly removed that feature with the Android 12 bootloader update, and otherwise cut you off from the TEE anyway so the OS can’t even verify the boot chain.

The GrapheneOS team said they would happily support other devices if any met their criterias for support. None do. Pixels are the only phone where you can properly flash a custom OS on, and relock the bootloader and disable OEM unlocking like it’s the official OS with all the security features functional.

For decades, we offshored that stuff there because it was cheaper. Now we’re acting shocked pikachu that the asians that have been producing our chips for the last 30 years are better than us at producing chips. Not just chips, hell of a lot of manufacturing in general too.

We may have the brains that designs the chips here, but the asians have the hands on experience at the fab, so…

I don’t think I’ve ever updated a BIOS from any operating system, always flashed via the BIOS itself. Most can flash the BIOS without even a CPU installed these days.

It’s a good idea to validate the information before being outraged at it.

Avec Trump vraiment, il suffit de dire qu’ils sont détruits, très bien détruits, le gars qui les a détruits c’est un très bon gars. On lui envoie la facture, et puis on livre la marchandise quand-même en prétendant un investissement français, tout le monde est content.

Aside from the other answers, no you can’t offload computations to memory. Memory stores data, it doesn’t compute.

The only way having more memory can possibly improve performance, is by having a cached copy of files so they don’t have to be fetched from disk, and applications potentially caching the results of heavy but reusable computations. (Unless you run out of memory and starts spilling over to disk, then more memory will make it fast again by avoiding swapping).

I mean I guess technically yes you could transcode into H264 into a tmpfs mount, and then play the H264, but you’re still not doing it faster and certainly not fast enough to watch in real time, you’re just decoding the AV1 well in advance before actually watching it.

Nope. Even Qualcomm themselves provide what’s needed to run Linux on the Windows for ARM PCs.

The only one I can’t find for sure is whether there’s any lockdown on the firmware for the Microsoft Surface and Copilot+ laptops, but I’m also not finding any sources pointing that it would be. But at this point you’re buying Microsoft hardware, what do you expect.

It has nothing to do with ACPI whatsoever. And firmwares this broken are the exception not the rule.

That’s bullshit. ARM is an architecture and by itself does not specify secure boot any more than x86 does. Raspberry Pis don’t have secure boot. You can unlock the bootloader on a Pixel, install GrapheneOS, and relock the bootloader just fine. Several other manufacturers allow bootloader unlocks no problem. The main reason you can’t on some popular phones is US carriers, even international Samsungs you can unlock the bootloader and flash whatever you want on it.

I’m literally typing this comment on a phone running a custom OS (LineageOS on a OnePlus 8T). I’m literally 2 versions of Android ahead of the latest supported version. I also have a Galaxy S7 running Android 15, a phone that officially tops out at Android 8 and launched with Android 6. Both you literally just toggle the bootloader unlock option in the settings, no hacks no craziness, it’s literally a feature.

At this point you’re just straight up making shit up.

That’s the whole point of enrolling your own keys in the firmware. You can even wipe the Microsoft keys if you want. You do that from the firmware setup, or within any OS while secure boot is off (such as sbctl on Linux).

That’s a feature that is explicitly part of the spec. The expectation is you password protect the BIOS to make sure unauthorized users can’t just wipe your keys. But also most importantly that’s all measured by the TPM so the OS knows the boot chain is bad and can bail, and the TPM also won’t unwrap BitLocker/LUKS keys either.

Secure boot is to prevent unauthorized tampering of the boot chain. It doesn’t enforce that the computer will only ever boot Microsoft-approved software, that’s a massive liability for an antitrust lawsuit.

As commenters on the LWN thread said, I doubt that many firmwares even bother to check anyway. My motherboard happens to have had a bug where you can corrupt the RTC and end up in 2031 if you overclock it wrong. I didn’t use secure boot then though so I don’t know if it would have still booted Windows. But I imagine it would.

That said, I’ve always just enrolled my own keys. I know some other distros that make you enroll their keys as well like Bazzite. At least that way you don’t depend on Microsoft’s keys and shim or anything, clean proper secure boot straight into UKI.

Sounds more like a rolling release than a mess to me. Makes sense for development and users that want to try out new features as they get developed.

From a developer’s perspective that sounds like a good idea too, no need to rip out features that weren’t ready in time and no need to rush a feature because it was in the developer preview therefore it has to ship.

There’s YaCy. I’ve run a node for a while but it ended up filling up my server’s drive just indexing german wikipedia and the results were terrible.

And it’s still not private because you have to broadcast the query across the network.

The main issue you’ll run into is nicher proprietary software being hard to install, but that’s what containers are for. The main one I see is if you need to install some proprietary VPN client it gets annoying, but since you’ll be running a VM anyway you can do some network trickery. My work’s antivirus only works on Ubuntu and RHEL, proprietary kernel modules so it’s got to be at least one of those kernels.

Linux is Linux, nothing’s impossible to solve even with Bazzite’s immutability. Worst comes to worst you make your own images and it’s not that hard, you basically just fork it on GitHub and let the CI do its thing.

But do you have time to fiddle to make it work and take the risk, or do you want to play it safe? How confident are you with Bazzite’s more advanced topics?

It’s been a while, but I believe you do need the annoying new XML/SVG thing as it also doubles as the splash screen animation when you open an app as well. You can embed a PNG in those but vector is preferred because of screen resolutions.

Wishing you great success with your app, disabilities are wildly underserved especially in open-source.

Wine has always done that, last seen on Plasma 5 (I switched to Wayland with Plasma 6), and I remember that being a thing way back in 2007 too. Valved patched the scaling in Proton as well I believe so that might be why it didn’t do that.

It behaves how fullscreen apps work on Windows, takes over your whole display and messes with the resolution and all.

It’s supposed to scale correctly, but otherwise Gamescope will take care of that particular issue.

Kinda annoying on Xorg when the game just decides my screen should be 800x600 and then proceeds to crash and leave me at 800x600 on a 4K display with scaling set to 200%.

It depends on your overall energy use but generally that would be negligible when compared to heating and hot water, especially during winter when the furnace runs 24/7.

In particular, during the winter, all excess energy from the oven is heat the furnace doesn’t have to provide so it’s basically free: you’d use that energy anyway.

Generally the economy of scale should technically favor the prebaked bread, at least before the store slaps its value added surcharge for it. The store still needs to pay for the energy (but probably gets it cheaper than you), but also needs to pay to maintain a factory, equipment, employees. So you kinda need to factor in the price of your oven too and its wear and tear.

I just buy the loaf because one thing I know for sure is if I factor in the value of my time, it’s way better and easier to work an hour than spend an hour baking a loaf of bread. The time to bake the bread costs more than if I used that time to work the equivalent time and buy 5 loaves of bread with the money.

That kind of makes sense? Aren’t the labs when they’re A/B testing or benchmarking new features before general release and toggle random people’s settings doing so? I vaguely recall some drama around that.

If I turn off telemetry I want those off too, it makes sense they’re linked. It you want a new feature there’s always nightly+about:config, but I don’t want it downloading random config toggles especially if it’s not reporting back that it broke my stuff. The code should be what I installed, not some random lab blob downloaded off their servers at runtime.

It seems to have picked up “circle” as the distro. You’ll need to replace that with the matching Ubuntu or Debian version of what this version of ElementaryOS is.

It’s derived by both a key from the TEE and the PIN/password.

The reason for that is so you need both the user’s correct password, and the TEE to agree to hand out the key, which it may refuse to do if there’s been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.

It’s still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It’s not a lot of tries. Then you better hope you had a good password.