at Basic and Enterprise adds the lower option

Ah, I forgot about that

I'd be curious to see an audit of some sort

How are audits carried out?

what audits

<zaxxa[m] "How are audits carried out?"> I run a lot of MITMs both privately and I used to do them professionally. You want to do the monitoring not on the device. mitmproxy to another device and make sure you can decrypt all communications. "privacy" companies like Apple can make this hard since e2ee will bypass this. If there's something I can't read that's my main focus. I just have to look around a lot

Wireshark is a great tool as well. I also monitor the device in the wild to make sure it doesn't act wildly different. Malware is usually what changes when you try to audit it so companies are extremely careful to not do that. Things like VM and MITM while mostly detectable are not going to generally abuse that, it's very likely you'll catch them doing it too. Try it on malware analysis

that's what I'd do to test Windows 10

I see, thanks

cn3m[m]: do you share your results publicly?

Cripes, one family problem after another... I get back and the threads seem to have vanished.

madaidan[m]: win10 seems to be moving towards that direction with UWP applications

but momentum seems to have died.

:(

<renlord "cn3m: do you share your results "> I don't since it's too much work to organize.

developers for windows dont seem to want to develop UWP apps

it's a lot of work to just setup. Sorting and explaining the data and filtering out some things that are needed for OS functions that are not things I want shared publicly

it's just not feasible

fair enough

maybe just sharing the dump without an interpretation piece?

I could find a way to do that. Just redact some info

I'll do that the next time I test a Windows machine

<renlord "madaidan.: win10 seems to be mov"> You mean the mobile stuff?

There's W10S

they seem to have pivoted to calling them 'universal' for both desktop and mobile

but ya -- they look tablet-ish

but the windows store is pretty shitz

if i want something like win10s, i'd probably just shell out for an ipad

I might try a Windows 10 Enterprise MITM at some point

are huawei devices supported by grapheneOS?

<emucla "are huawei devices supported by "> no

Check the FAQ

in fact read the whole site in it's entirety

ok

thanks

The rest of the FAQ and at least the Usage Guide should help you understand what this project is about

emucla: grapheneos.org/usage

7list

lmao

analog what are you doing

Chrome duet Home-Search-TabSwitcher variation not working for anyone else in Bromite (83)? Any fix? Tried everything uninstalled it, cleared storage etc.

can confirm bt is broken

for calls

Bluetooth calls are broken

renlord (@freenode_renlord:matrix.org): hey how do you set Edge in the virtualization to have sane privacy settings everytime?

Running cts.

thelearner: bromite/bromite #580

josh.man: have you tried rebooting

with bt calls, its random

sometimes it works, sometimes it doesnt

Is there a CTS test plan I could run that might give us more information?

My phone is back on the rack now. One emergency lead to another and I didn't get back until friggin' late.

zoraver: thank you :)

<strcat[m] "josh.man: have you tried rebooti"> Yes sir. Various Times

I just tried again. And it worked. Weird. Will test it more during the day

i haven't been following along with the bluetooth issues very closely; why is stock aosp not experiencing this? i'm assuming it's hardening related?

iirc it's an issue exposed by hardened_malloc

JTL: gotcha

Crazy to think how upstream probably has this bug but like... not realized it because they haven't figured out the potential for that being an exploit.

Makes me nervous thinking about what other kinds of bugs could be lurking down below, that don't get found by upstream.

Not in like Android specifically, but other things.

Oh sure

Like the uh... kernel >_<.

85-90% of exploits in Android are memory related iirc

Oh jeez.

I tried to do the math on what percentage of exploits GrapheneOS would stop

My guess is effectively 40% of all exploits should be thwarted by GrapheneOS

Wow.

When will armv8.5 hardware be available? It has MTE.

A14 would probably use armv8.5

<TheJollyRoger "Wow."> TheJollyRoger: the tough part is vendor images are different every time

You also have to ask if they are trying to exploit GrapheneOS or just stock Android

Got it.

May if I recall correctly was all vendor for the pixels

Which would be very unlikely to be effected by GrapheneOS hardening

Though all of those were medium severity

btw let me know if you have issues with the clock app

an issue was reported with that

it is expected that there's a warning about the API level on first launch though

I am not sure the issue is correct

there may be no new issue

post-updated, phone rebooted and alarm rang on time to wake me up for a very important meeting

dont seem to have an issue

this was 2 days ago

Though all that said the hardening and especially on the webview is very helpful so looking at what I did specifically would be misleading

cyredanthem[m]: what sort of privacy settings? i just keep everything on default

and have dns-level ad blocking

A few random privacy settings and DuckDuckGo

I don't remember I'll check

meh, i gave up using DDG, i sometimes use startpage.com if i have the patience

otherwise just load google.com

DDG gives me very subpar search results for very specific things i look for

cyredanthem: we do harden the vendor components

just not firmware

I doubt Google is doing much effective tracking with a temporal browser any way

strcat (@strcat:matrix.org): oh thanks I stand corrected. Does it effect it if the vendor is partially built from source or not?

as we build more it applies stuff like zero-on-init for stack variables to more code

but most of the hardening applies to it already

Gotcha thanks good to know

strcat[m], yes, I received a warning (but only the first time and the apps work) in Messages, Clock and Conversations (xmpp), but they work ok and no more warning after that.

g2g for now

really need help with the bluetooth stuff

we need to figure out the order it gets in stock aosp and make sure this matches

In the code or on a live system?

both

Ah it's just the Pixel 3? If it's bonito as well I can boot the GSI(I think the AOSP May from Google is out with no gapps)

gist.github.com/Peter-Easton/ab0333677b1ee1b3e22a3231bfdd84a7 Current test of the beta release. Looks like the CTS is just being dumb again.

I think it's that CTS testing app not being installed/uninstalled properly which is responsible for the one "fail" result.

If I can help let me know. I should be able to do without my phone for a day or so

DSI Loader can't come soon enough

Dsi?

It allows you to run stock images in a live boot on any phone

At least potentially it's uncertain if bootloader will need to be unlocked