| ▲ | Bender 9 hours ago |
| They left out the steps to update it. I made a rough attempt at a document for this. [1] Please let me know if I missed a validation step. I have done this on six machines but they were all Linux. Not tested on BSD. Archive [2] in the event I was too aggressive in blocking bots. [Edit] I should also include this [3] thread for completeness sake. Some people people were playing with a shim work around but it looks like a lot of unnecessary complexity and fragility to me. [1] - https://nochan.net/b/Internet-Crap/20260621-Update-Secure-Bo... [2] - https://archive.is/ml3jv [3] - https://www.reddit.com/r/archlinux/comments/1pvw6td/grub_shi... |
|
| ▲ | 0l 9 hours ago | parent | next [-] |
| FYI your server returns Brotli encoded content, even if the request has only Accept-Encoding: gzip, deflate, zstd - making it unreadable in for me (Firefox on Fedora). |
| |
| ▲ | Bender 8 hours ago | parent [-] | | I actually did that on purpose since all browsers support brotli I risked the possibility someone might have disabled it with an add-on. I wanted to see how many bots that would break. It may not be the most logical process but I just use CanIUse [1] to see what supports Brotli. I ignore the Opera Mini block as they seem to support almost nothing. [1] - https://caniuse.com/brotli | | |
| ▲ | 0l 8 hours ago | parent [-] | | Ah, fair enough. Well Firefox should support Brotli by default, so it's probably something going on on my machine. | | |
| ▲ | Bender 8 hours ago | parent [-] | | Nothing wrong with that. I think people should be able to disable anything they want. I doubt any commercial sites will do what I am doing. I use that little blog to test all manor of unorthodox things. That's why I listed the archive mirror, just in case. |
|
|
|
|
| ▲ | Animats 9 hours ago | parent | prev [-] |
| Found this on one machine. Key expires in 5 days. System runs Linux only and has never booted Windows, ever. Secure boot may be off. SHA1 Fingerprint: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:08:d3:c4:00:00:00:00:00:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
Validity
Not Before: Jun 27 21:22:45 2011 GMT
Not After : Jun 27 21:32:45 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
|
| |
| ▲ | Bender 9 hours ago | parent [-] | | I had to vouch your comment, not sure what happened there. Something in your technical output must have triggered HN. One can use mokutil to see if Secure Boot is enabled after installing it. I assume the OEM installation or update of the BIOS must have included that cert but I am just guessing. mokutil --sb-state
| | |
| ▲ | Animats 9 hours ago | parent [-] | | Thanks. Just checked. Secure Boot is not enabled on any of my machines, which are Linux-only. Whew! (I wonder if any of the ASUS subnotebooks I bought off eBay for minor embedded stuff have this problem. Have to power them up.) | | |
| ▲ | Bender 9 hours ago | parent [-] | | My ASUS laptop had it enabled. I had to disable it as there just wasn't enough non volital memory to hold all the updates even after remove several EFI entries and resetting the BIOS. All my mini-PC's updated fine however. My Linux Protectli routers already had it disabled thankfully. They use Coreboot, unsure if that was a factor. |
|
|
|
