Generally speaking, they auto update, and the latest firmware is always patched to not be jailbreakable. However airplane mode easily dodges the auto update process, and new vulnerabilities are found to enable jailbreaking eventually.
When I bought mine, it was updated to the latest firmware. I wanted to jailbreak mine, the method was “there isn’t one yet” so I set it in airplane mode. For a bit I manually copied all books over usb to the kindle, or disabled airplane mode to read new books if there wasn’t a new firmware version out yet anyway. A few months later, there was a jailbreak method. Now ive jailbroken. I can even connect it to the internet, and auto updates are prevented.
If the kindle is old enough it doesn’t recieve updates anyway though, then it should be very easy.
It’s infuriating when I do a search and get an entire page of AI slop articles, “helpfully” prefixed with the search engines’ own AI summary of the AI slop articles
I searched for a specific niche product the other day. Second result down was AI blogspam “what to buy now that product X has been discontinued. We reviewed these 9 alternatives now that the company shut down.”
The company didn’t shut down. The 9 alternatives were the same product by the same company in different sizes and quantity counts. How kind of them to hallucinate so many glowing reviews for me after they hallucinated a problem into existence first.
At least the search engine can summarize all the slop for me. It even cites sources! The sources directly contradict the summary almost every time, but why would you click through?
Usually the Anubis anti-bot things only take a second. But I stared at one for more than 30 seconds the other day when I tried to access one of the Linux kernel websites. Literally just a progress bar with a hash counter. I was on a modern iPhone, I don’t know why it took so long. maybe because my phone had low battery? But it’s infuriating that this is what the web has become.
The web is becoming more and more unusable every day. If your data is easy to access, it gets stolen and scraped, your site effectively DDOSed. If your site is hard to access nobody will visit.
The people I follow on mastodon come from a wide variety of instances. While mastodon.social is the largest instance, most of the accounts I follow are elsewhere.
Granted, all the smaller instances are likely easier to DOS as they are small instances. But mastodon is actually decentralized. If any one instance goes down, everything else keeps working. Unlike Bluesky and ATProto which is more of a theoretical “could be” decentralized.
I think windows has a feature built in on some adaptive refresh rate displays to dynamically shift the frame rate down (to 30, on my screen) or up to the cap, depending on what’s actually happening.
I remember playing with it a bit, and it would dynamically change to a high refresh rate as you moved the mouse, and then drop down as soon as the mouse cursor stopped moving.
I had issues with it sometimes being lower refresh rate even when there was motion on screen, so the frame rate swings were unfortunately noticeable. Motion would get smoother for all content whenever the mouse moved.
1hz is drastically fewer refreshes. I hope they have the “is this content static” measurement actually worked out to a degree where it’s not noticeable.
Every day users? Probably not many. It forcibly disables lots of nice-to-have features.
But users who need a highly secure phone? It’s entirely possible to use the phone without media embeds in iMessage, or shared photo albums, or websites loading in 900 fonts. It’s a trade off likely worth making in some situations.
You can make a shared photo album with family members. It’s everyone else that is problematic with the feature enabled. In my case I only want to share with my wife and son so it wasn’t a detractor for me.
The same thing occurred on the trivy repo a few days ago. A GitHub discussion about the hack was closed and 700+ spam comments were posted.
I scrolled through and clicked a few profiles. While many might be spam accounts or low-activity accounts, some appeared to be actual GitHub users with a history of contributions.
I’m curious how so many accounts got compromised. Are those past hacks, or is this credential steeling hack very widespread?
Are the trivy and litellm hacks just 2 high profile repos out of a much more widespread “infect as many devs as possible, someone might control a valuable GitHub repository” hack? I’m concerned that this is only the start of many supply chain issues.
Edit: Looking through and several of the accounts have a recent commit "Update workflow configuration" where they are placing a credential stealer into a CI workflow. The commits are all back in february.
Update: It looks like the accounts have all been deleted by github, including their repos. They are 404 pages now. Their repos + recent malicious commits are all just 404 pages now.
I'm curious what the policy is there if the accounts were compromised. Can the original users "restore" their accounts somehow? For now it appears the accounts are gone. Maybe they were entirely bot accounts but a few looked like compromised "real" accounts to me.
Yep my coworker hnykda, first reply confirming the report, got his account deleted for a while earlier. Definitely not the best way of handling this...
I run NixOS and the number of times ive been able to install something 'normally' (not via nixpkgs/flake) is approximately zero. You cant go to a website and download a binary and just run it. Almost every program references a shared library and wont be able to find it.
Nixpkgs is very complete in my experience, and in the instances where its not, someone usually has made a flake. The only times ive had to custom-make a flake were extremely new programs, or extremely old ones. Often the newer programs had PRs waiting on nixpkgs anyway, and were only a few days away from building properly in nixos-unstable.
They said Nix, so I was thinking about macOS + nix-darwin when I wrote that.
You're right. When I tried using NixOS as my main desktop experience for a few months, I ended up with a custom derivation for various apps I used. That's probably why I made the claude code and cursor modules in the first place.
But I'm also remembering I made my own keepassxc module because keepassxc wants to be able to write to its config file, but I also want to configure it from nix, so I had to make my module use an activation-time script to merge nix config into the keepassxc config file.
I lost interest in NixOS for day to day personal computing, though vibe-coding modules like that wasn't as big of a dealbreaker as there being almost zero laptops that compete with a Macbook.
The other pain is Linux desktop environment stuff in general like dealing with interactions between a Steam game, wayland, and wayland-satellite. Though NixOS helped there since it was easy for an AI agent to investigate the issue, inspect the nix config, and make a targeted, commented patch that shows up in git.
> the number of times ive been able to install something 'normally' (not via nixpkgs/flake) is approximately zero. You cant go to a website and download a binary and just run it
When I bought mine, it was updated to the latest firmware. I wanted to jailbreak mine, the method was “there isn’t one yet” so I set it in airplane mode. For a bit I manually copied all books over usb to the kindle, or disabled airplane mode to read new books if there wasn’t a new firmware version out yet anyway. A few months later, there was a jailbreak method. Now ive jailbroken. I can even connect it to the internet, and auto updates are prevented.
If the kindle is old enough it doesn’t recieve updates anyway though, then it should be very easy.
https://kindlemodding.org/kindle-models.html
reply