They left out the steps to update it. I made a rough attempt at a document for this. [1] Please let me know if I missed a validation step. I have done this on six machines but they were all Linux. Not tested on BSD.
Archive [2] in the event I was too aggressive in blocking bots.
[Edit] I should also include this [3] thread for completeness sake. Some people people were playing with a shim work around but it looks like a lot of unnecessary complexity and fragility to me.
FYI your server returns Brotli encoded content, even if the request has only Accept-Encoding: gzip, deflate, zstd - making it unreadable in for me (Firefox on Fedora).
I actually did that on purpose since all browsers support brotli I risked the possibility someone might have disabled it with an add-on. I wanted to see how many bots that would break. It may not be the most logical process but I just use CanIUse [1] to see what supports Brotli. I ignore the Opera Mini block as they seem to support almost nothing.
Nothing wrong with that. I think people should be able to disable anything they want. I doubt any commercial sites will do what I am doing. I use that little blog to test all manor of unorthodox things. That's why I listed the archive mirror, just in case.
I've seen commercial sites hard-code gzip content in all their responses regardless of the Accept headings. Probably just as fair to use Brotli these days.
Similarly, I've been using zopfli (gzip/unzip compatible) for png compression after quantization for db storage from 2-color (B/W) scans as it's directly compatible to the browser but winds up about 1/6 the original sized tiff. Not the best compression, had a discussion for a better compression, but required a wasm renderer to decompress as it isn't in the browser box.
I had to vouch your comment, not sure what happened there. Something in your technical output must have triggered HN. One can use mokutil to see if Secure Boot is enabled after installing it. I assume the OEM installation or update of the BIOS must have included that cert but I am just guessing.
My ASUS laptop had it enabled. I had to disable it as there just wasn't enough non volital memory to hold all the updates even after remove several EFI entries and resetting the BIOS. All my mini-PC's updated fine however. My Linux Protectli routers already had it disabled thankfully. They use Coreboot, unsure if that was a factor.
Archive [2] in the event I was too aggressive in blocking bots.
[Edit] I should also include this [3] thread for completeness sake. Some people people were playing with a shim work around but it looks like a lot of unnecessary complexity and fragility to me.
[1] - https://nochan.net/b/Internet-Crap/20260621-Update-Secure-Bo...
[2] - https://archive.is/ml3jv
[3] - https://www.reddit.com/r/archlinux/comments/1pvw6td/grub_shi...