Qwexi: If you are interesting in testing or ideally developing there are lots of people to talk too

<plsbrespectfulgu "would you say it renders shelter"> I was wondering the same thing

Shelter has its own uses I think

A little off topic, what could be the reasons VPN-only data consumption app-wise toggle isn't apparently available in GOS?

Is there something that isn't secure in implementing such permission, besides the network toggle itself

furofuro_01: if you want to force traffic through the VPN, you should set it as always-on with the block option

if you want apps to bypass it, use a VPN app with support for that - although it's not generally advisable

furofuro_01: we aren't going to implement misleading features giving a false sense of security

we don't do that, as a general rule

.

Is this on?

angtheephemeral[: Yes, but Matrix has been having a number of quality-of-service issues lately.

From time to time the Matrix to Freenode bridge has been known to silently discard messages from one side to the other and vice versa.

Does anyone else see it perpetually loading (the symbol) when they enter the chat room on Matrix?

The green swirling line

Sometimes, when joining other channels.

Server must be under very heavy load.

This is partially why I sometimes stay on the IRC side but in the end I ended up joining via both Matrix and IRC.

Between a rental VPS running a chatting client so I can remain connected around the clock, and Matrix, I get roughly 70% of the messages sent to me here :D

TheJollyRoger / JollyRoger Yeah I assume that's probably because your bridge is using matrix.org homeserver, really poor latency

Yes.

I don't really feel like changing it at this moment though, so in the end I just join via IRC and call it a day.

You good bro.

why dont you just use IRC?

Since when one goes down I just fall back to the other and vice-versa :P.

does matrix.org have good funding?

renlord The problem is mainly just the userbase.

I personally just self-host

It probably does have good-enough funding if I just had to guess

matrix is incredibly challenging to self-host

the issue is rich media

I haven't bumped into obstacles with Synapse yet

i assume you have a pretty beefy server for this

Uses quite a bit of my memory but everything else is mostly fine

renlord have you ever tried Dendrite btw? It's still in a beta stage but I heard it was worth to try out

Oh yeah there's also Maelstrom I just remembered

ok, this is interesting

thanks for sharing

i will check this out

the writing is abit dissapointing with references to the web3 bs

Hey concat[m] awesome.

has anyone went to the effort of removing microphones from pixels? 3&3a specifically

Don't think so. The whole "remove the microphone" approach is sort of overrated. If the phone is compromised to the point where you'd need to physically excise hardware, the battle's largely lost.

If you're removing the microphone to earn extra Nerd Credit, by all means be my guest, it's your phone and your money. But if you're doing it to meet a threat model, it requires a lot of extra thought: have you considered that the speaker is essentially a reverse-polarity microphone? Or the sensors?

Which is better browser for android, Vanadium or Bromite? And how to install uMatrix Add-on on any of them? Thanks

rioot[m]: Just use Vanadium. It can take advantage of the hardening and sandboxing and memory safety improvements specific to GrapheneOS.

<rioot[m] "Which is better browser for andr"> Vanadium, made to mimic chrome

<TheJollyRoger "If you're removing the microphon"> what about cut wired headphone?

> <@freenode_TheJollyRoger:matrix.org> If you're removing the microphone to earn extra Nerd Credit, by all means be my guest, it's your phone and your money. But if you're doing it to meet a threat model, it requires a lot of extra thought: have you considered that the speaker is essentially a reverse-polarity microphone? Or the sensors?

* what about cut wired headphone? adapter part only

How can I install my add-ons like umatrix on Vanadium?

proof_jr[m]: Again, what are you trying to threat model for/prove?

<TheJollyRoger "If you're removing the microphon"> i have considered that actually. almost every sensor can screw you

proof_jr[m]: Not sure what you're doing with just inserting a plug...

read about it, not sure if it works

proof_jr[m]: it doesn't.

<proof_jr[m] "read about it, not sure if it wo"> it partially works, but it only works until you switch the microphone. try a call, then switch to speaker and you can hear yourself on the other end

but does malicious code respect that?

proof_jr[m]: no, malicious code won't respect it.

so you're screwed if using not hardened device?

Malicious code doesn't respect anything.

<proof_jr[m] "so you're screwed if using not h"> basically.. but im not so sure anything is hardened enough

* so you're screwed if using not hardened device and os?

plsbrespectfulgu: While I can appreciate the psychological reassurances provided by hardware off switches, in the real world I'm far less convinced that they would contribute meaningfully to what we've already got; if the phone is compromised to the point where you need to actually excise functionality with a soldering iron, you've got bigger problems, namely what happens when you need your

phone to do things like say /have a private conversation with another person via an E2EE voice chat/?

<plsbrespectfulgu "basically.. but im not so sure a"> part of it is user side, avoid clicking random links and install shit ton of apps

then hope no 0-day gets abused

> install shit ton of apps

Are you advocating for this or saying to avoid it? Your sentence is ambigious.

proof_jr[m]: "ask the user to exercise good judgement" and putting the responsibility onto them is what got us into the mess of not preemptively mitigating exploits and not building in security as a part of the operating system.

avoid it

<TheJollyRoger "phone to do things like say /hav"> i just prefer total control of my device. no extra calling home or acting as a wiretap. i still dont say anything too sensitive but id rather my ideas not be heard by certain adversaries

<TheJollyRoger "proof_jr: "ask the user to exerc"> aka apple route, good security, questionable privacy if closed source

Apple has great privacy if you change a few settings

and force fed unwanted stuff

GrapheneOS doesn't include telemetry or phoning home, and you can verify that for yourself if you want. Mitigating exploits and having strongly restrictive environments to prevent apps from exploiting the operating system is GrapheneOS' raison d'etre.

<cn3m[m] "Apple has great privacy if you c"> for most part, except when they ask for device passcode to authenticate a different device

<proof_jr[m] "for most part, except when they "> Could you rephrase that?

sign in to apple id on new device, get prompt asking for a different device's passcode for Keychain access

and get spam messages from apple asking to verify phone number used for apple id

<proof_jr[m] "sign in to apple id on new devic"> End to end encryption bad? Okay good to know. I'll ask ProtonMail to get rid of it

Thanks

but why ask for my other device passcode? I'm not using any other feature of icloud except for App store

<proof_jr[m] "but why ask for my other device "> They don't need to know your passcode (and don't I've verified that)

comes up time to time, gets annoying after a while

App Store payment is e2ee

Your WiFi keys

Around a dozen things

Not at all surprising or bad

<cn3m[m] "Your WiFi keys"> why would they store that? isn't that the opposite of privacy if they're gathering info about you?

<TheJollyRoger "proof_jr: Not sure what you're d"> Most probably blocking the way for it to record sounds... Not sure if there's a way out of it

I've considered that as well, but it seems that it doesnt work in blocking off sound recognition

furofuro_01[m]: THe microphone plug doesn't switch off the microphone plug, likely it just tells the operating system "hey something's plugged in, could you recognize that?" and leaves the rest to the host to determine.

probably only works if physical switch happens when headphone connected

like a switch in an electrical circuit

Yeah, that makes sense. Sadly, I can't really block it off...

(Welp. If only sites stop recording voice without permissions...)

It's my plan soon on GrapheneOS, for closed source app reasons on other profiles, to block off voice recording (esp. Zoom)

when running in background

Not sure how to deal with that threat model of mitigating sound recording being used as identification on some sites.

I had confirmed from my other account that it still records sounds even without permission toggled.

progressive web apps?

Will try that... I'm using web app wrappers and Bromite for those sites

Will never use social media sites app though

furofuro_01[m]: switch off microphone permission to your web browser.

If you don't trust Vanadium's permission to deny audio.

The permissions on Android are enforced by SELinux Mandatory Access Controls. Breaking them would require /breaking the entire Linux Kernel/.

<TheJollyRoger "The permissions on Android are e"> Hmmm, should I assume that this works in any Android with SELinux in Enforcing mode?

Maybe the problem was caused by my browser before in an older Huawei phone... or on an offical LineageOS

Not sure how they still got a voice recording

* It's my plan soon on GrapheneOS, for closed source app reasons on other profiles, to block off voice recording (esp. Zoom).

Edit: I don't have GrapheneOS yet, in the near future I'll have a Pixel for it.

Unless you do something like say... install some dodgy "Kustum ROM!!1shift+1" that rolls back the SELinux policies in the name of increased user permissiveness for people who want to play sysadmin with their phones, or some other Android OEM vendor that doesn't care about security and doesn't do what Google says (and then lies about it), the permissions toggles in Android are enforcing.

^ Reason I'm itching to switch on GOS soon.

Yep, you'll like life onboard this ship.

<TheJollyRoger "GrapheneOS doesn't include telem"> im aware of that, just wish i could only use mic when i plugged in external headset. and remove gyrometer, speakers, etc

plsbrespectfulgu: in that case if you'd like to do this for a thought experiment or just for a matter of personal curiosity or to score Opsec points, the best I can suggest for you is to likely go look on YouTube for a complete Pixel 3a teardown.

<TheJollyRoger "plsbrespectfulguys: in that case"> ive watched some teardowns and have the equipment. ill look into it some more

Good luck!

thanks!

<proof_jr[m] "why would they store that? isn't"> End to end encrypted it's a nice touch. I think it's fine

seedvault backs up and restores your wifi keys too, its a convenience thing when you switch phones and everything just works

What do you use en GOS to encrypt files?

What do you use in GOS to encrypt files?

<nickcalyx[m] "seedvault backs up and restores "> Where is it available!

* Where is it available?

it's built into Graphene and CalyxOS

Sad, guess cant backup my stuffs from a random phone

go to Settings/System/BAckup

<jalb66 "What do you use in GOS to encryp"> Are you asking about seedvault's encryption? Or just asking for an app that does encryption

unfortunately no it's not a regular app that you can install on stock android, it has to be a system app

overheadscallop[, an app that does encryption in files

To upload them to the cloud later

you can encrypt files with openkeychain

that's one option

nickcalyx[m], can I decrypt the files later with Linux or Windows?

Which program?

Thanks

Yes, using GPG.

TheJollyRoger, ah, openkeychain uses gpg

You can also use EDS Lite to encrypt USB drives and open them on the desktop with Veracrypt or cryptsetup.

TheJollyRoger, I'm looking something easier to only encrypt and upload to some cloud, I know gpg is not safe but at least it's better than nothing

Hi, is it possible to install mapbox in GOS as an alternative for google map ?

Or maybe a safe program to send files to my PC from GOS, I don't know if synthing is safe or not, or maybe a sftp program like primitive ftp

But opening a server....

What do you think about it or what do you use?

I just plug my phone into the computer and drag and drop files via MTP the same way I always have.

TheJollyRoger, good point!

Thanks

MTP used to be rather buggy in the past iirc. Be curious to how well it works now

MTP is on by default?

Works well enough.

<nickcalyx[m] "go to Settings/System/BAckup"> Not on LOS for odd reasons...

When you connect your phone to the computer, you will need to pull down the notifications on the phone and select "Allow File Transfer."

If I don't use developer options

That's all.

Ok

No developer options required.

Thanks!

Have you tried it in Linux?

MacOS, most "common" and "easy" Linux distributions, and Windows all support MTP by default.

Yes.

Fedore has it out of the box.

I'll try then, thx

*Fedora

TheJollyRoger: Uh. I seem to recall MTP needed a seperate "Android File Transfer" application for OS X, and atleast with older devices ~4 years ago it was rather buggy

Don't know how things work now

Worked just fine on Fedora 31 :)

Fair enough

> Not on LOS for odd reasons...

We are working with people in the lineage community to try to get them to adopt seedvault

we hope it will be great for the ( for lack of a better term ) de-googled android community on many levels

especially now that adb backup is being deprecated.. and regular users can't or won't want to do that kind of backup anyway, and it just isn't elegant or straight forward

Good work

dq[m]: we don't support root on GrapheneOS.

Also, those default connections are made to camouflauge your device as any other Android device on the network. Disabling the default connections will make your device stand out because it's no longer making them, increase the uniqueness of the device's fingerprint and make it easier for your network provider to track your device.

<TheJollyRoger "Also, those default connections "> TheJollyRoger: My DNS server blocks all these DNS request anyway. And the grapheneos time server clearly shows its grapheneos. That's why I am okay to just disable connectivity check.

Ok, your device. Root's not supported though.

I read on FAQ but still want to disable connectivity check. I have done this on Replicant and Lineages. Thanks TheJollyRoger for your in info.

How do I stop app from starting at startup on Grapheneos? I want some of my app not to start by itself on each boot.

is that even possible without root? i would like to know also because not using grapheneos atm but i have some apps that always start and i dont want them to start without me launching them

i see some apps on the gplay wich allow that but they require admnistrator permission and are closed source + ads

maybe there is something on fdroid

"SuperFreezZ" on fdroid maybe

For me it lacks several vital features in GrapheneOS to be perfect, here they are:

1) In LineageOS, I can selectively allow or block the use of the network for Wifi, cellular data, and VPN. That means I can limit an application to use the internet ONLY THROUGH THE VPN. Without VPN enabled the application can never connect to the network.

I know there is a setting in Network - Advanced - VPN - Block all connexion without VPN, but this block all system wide connexion to the 'network without VPN rather than selected app

2) GOS doent include permission control to block application launching on startup

3) GOS doenst have other unlocking method than fingerprint like pattern or weaker pin code (alongside my long and complex encryption password)

If these issues were adressed, GrapheneOS would be absolutely perfect

prisonplanet: Yes, I am experimenting with NextDNS VPN app. Internet doesnot work at all if I enable Block connection without VPN. and even if I just enable Always-on VPN and disable the Block connection without VPN, it still leaks DNS.

<dq[m] "prisonplanet: Yes, I am experime"> Yes, the setting "Block internet without VPN" is good but its block all system wide network acces to all application. It would be much better to add the possibility to block network without VPN to app permission level

the screensht is not leaks, it's normal behavior

dq: Internet doesnot work at all if I enable Block connection without VPN after reboot or startup.

yolotro: this is my DNS server(Pihole) at home, but it should have gone to nextdns server instead of my home dns server.

<prisonplanet[m] "Yes, the setting "Block internet"> This feature is integred in LOS, adding this in GOS should not be difficult I think

the screeenshot it's the feature that check if you have internet on the device, i think that it's normal that it don't pass through vpn

but i'm not expert, maybe someone else knows better about this

i think it's related to the feature that display a little X on the signal bar if internet is not working

Try ipleak.net

It's run by the good folks over at airvpn :-)

but not sure

Speaking of which, I have never had a single issue with their app. And I ALWAYS have block connections outside VPN on

Hi

I'm looking for some advice on where to look or how to go about developing a feature for Graphene that would allow a dummy key to be used. For example, depending on the key entered a different profile would be loaded and have the other profiles on the device remain hidden

* prisonplanet: Yes, I am experimenting with NextDNS VPN app. Internet doesnot work at all if I enable Block connection without VPN. and even if I just enable Always-on VPN and disable the Block connection without VPN after reboot or startup, it still leaks DNS.

^good idea

<marquisderad[m] "I'm looking for some advice on w"> That wouldn't be safe

If anybody can point me in the right direction of what needs done to accomplish this or a roadmap for developing this feature securely I would appreciate it

Why not?

Please entertain my ignorance, I want to understand the concept better

The keys for the profiles are stored encrypted on the Titan M. It encrypts that generated key with your profile passcode. The OS never knows your password(and the Titan M doesn't store it)

Okay, so the profile itself is required to be available then yes?

To do what you are suggesting the system would have to store the password. Unless you are going to try every user with the same passcode which might be problematic

<marquisderad[m] "Okay, so the profile itself is r"> Could you rephrase?

For example, the profile needs to be available to switch to and attempt a login

What about a method of obscuring the other profiles available on device so that the apps installed etc are not discoverable and changing profiles is not accomplished in the regular manner ?

Could that be accomplished securely?

User profiles can't (practically) detect installed apps

Yes but the admin account can see

Many people have enough plausible deniability just having multiple profiles

When you say it would be problematic to attempt using the same password for each account. If there were only 2-3 accounts on the device, would it be a security concern to do this way?

I am referring to your response above

Yes I am thinking of ways to take the plausible deniability further

You can do that

I could do what I originally suggested and have the system attempt the password on each account until it logs in? Yes?

but it require to manually switch to a user profile, it would bebetter to be able to do that easily

It's pretty easy imo yolotro

What more are you looking for?

to be able to do that by inputtig the probile password

* to be able to do that by inputtig the profile password

Well my idea is to have the user profiles made invisible, even on the admin profile and then have a discreet way of switching between them

<marquisderad[m] "I could do what I originally sug"> You could do that.

Could I do it without manually switching user profiles? So for example by providing the key for one profile and have it appear normal

Like a dummy key in TrueCrypt

But if the other key is used then a different profile will be initiated

I appreciate the help thank you

Where do I need to look at to consider having this feature developed or what kind of roadmap should I be considering?

<marquisderad[m] "Could I do it without manually s"> Yes, it would be a bit of a rewrite

I am not a developer personally but have some developer friends that would be willing to help if I can explain better what I want to accomplish with the code

Users are accessible from the lock screen

<cn3m[m] "Yes, it would be a bit of a rewr"> Would it be enough of a rewrite to cause major conflicts with updates?

Not sure what the point of this is

<marquisderad[m] "Would it be enough of a rewrite "> I'm not sure

<cn3m[m] "Users are accessible from the lo"> I would like to obscure the other users and have them only accessible depending on which key you input

You could have the passcode to be the only way to select profiles, but that wouldn't work since people couldn't use pins and passcodes

Mixed

Exactly

What if I locked down the ability as only passcode ?

<cn3m[m] "Not sure what the point of this "> same as the dummy password in truecrypt, that would be very suspicious to switch users profile

> <@cn3m:privacytools.io> Not sure what the point of this is

* same as the dummy password in truecrypt, that would be very suspicious to use the button to switch users profile

<yolotro[m] "same as the dummy password in tr"> Yes I want to be able to provide the device and a key which opens a dummy profile and have the other profiles not viewable unless you input a particular passcode for example

The main profile is noticeably different to any other. With main profile you turn on adb and you can then, via computer, get to shared storage of all profiles

What's your threat model on this?

<marquisderad[m] "Yes I want to be able to provide"> oh that's even better! hidden profiles, nice

<dazinism "The main profile is noticeably d"> This is my concern and would like to be able to provide the device to border patrol and have only a dummy profile viewable

I guess that is my threat model

I want a way for the device to go directly to a user profile and not have the main profile or any other profiles visible

If someone knows what they are doing, they'd know that they were not in the main profile

<marquisderad[m] "This is my concern and would lik"> Then say the Angela profile is your girlfriend's profile

It's a false sense of security and privacy and adds needless complexity

Two things this project tries to avoid

Yes I understand. I am thinking more for a cursory inspection and also plausible deniability. I can deny knowledge of any other profiles on the device

<cn3m[m] "Two things this project tries to"> Okay, I understand. Would even the idea of selecting a profile purely by passphrase complicate it more than necessary?

<marquisderad[m] "Okay, I understand. Would even t"> That's my perspective yes

Though you could talk to the developers. What I would love to see added that much simpler is scoped apps

Okay, even with access to the main profile it is my understanding that if the other user profile is protected by a strong passphrase it remains secure no?

Yes

<cn3m[m] "Though you could talk to the dev"> Yes that's why I joined the community. As said I'm not a developer myself but want to put some of my resources towards the project and have friends that are developers willing to work with me if given direction

Yeah just jump in

That's how everyone learns

<cn3m[m] "Though you could talk to the dev"> How do scoped apps work? You mean like they have limited access to other parts of the storage or profile?

Right essentially would be like running it in its own profile access wise

Yes that is a good feature, I think I misunderstood some of what I read in that I presumed this was already implemented to an extent

Like the apps being sandboxed essentially

Even iOS isn't entirely scoped and those permissions are tight

<dazinism "If someone knows what they are d"> In ADB I'm aware the other profiles can be viewed, would it be possible to also extract information about the amount of use each profile receives? Or only the amount of storage used for example?

<cn3m[m] "Even iOS isn't entirely scoped a"> This is something that's being implemented in Android 11 possibly? Am I thinking correctly. I vaguely remember reading something about this, possibly on the sub reddit

<marquisderad[m] "This is something that's being i"> Just storage

The app access is pretty strange how they are doing it

Overall Android 11 is moving that way, but not a lot

Why is it strange? Is it particularly difficult to implement?

<marquisderad[m] "Why is it strange? Is it particu"> They made a ton of exceptions, but it will be less identifying. Should help privacy, I don't think it will help security much if at all

lmao cn3m did u saw it

Yes, if it's going to help privacy they're not going to implement it well in Android for things like Chrome

Yes, I've been saying don't trust random extensions or stupid news articles on security and privacy for the past 2 months

<marquisderad[m] "Yes, if it's going to help priva"> Chrome is one of the better privacy and security browsers

32millions downloads

Chrome has the only good differential privacy, it has the best security, it's got the best privacy documentation. Hell it's got the best documentation

Night y'all

Really? I thought there were lots of proprietary blobs of code

Okay thanks for your time

Good night

<jalb66 "Or maybe a safe program to send "> How about Cryptomator and Syncthing?

* If I wasn't mistaken, it will not be implemented due to it having a false sense of security and privacy that the project is trying to avoid. I asked the similar question earlier or yesterday, and strcat has answered it already

brenneke[m], thanks but I finally decided to use a pendrive with the USB OTG, it works perfect

Even 128 GB pendrives work

> A little off topic, what could be the reasons VPN-only data consumption app-wise toggle isn't apparently available in GOS?

This was the question earlier

> Is there something that isn't secure in implementing such permission, besides the network toggle itself

Continued

> furofuro_01: we aren't going to implement misleading features giving a false sense of security

And this was the answer for it

Replying to prisonplanet

> furofuro_01: we aren't going to implement misleading features giving a false sense of security

And this was the answer for it earliwr

* .

* Better read the logbot next time to find the desired info before asking again. It was recent enough which is why I brought it up again.

<cn3m[m] "Chrome has the only good differe"> Still not trusting that telemetry being sent to Google though

* Still not trusting that telemetry being sent to Google though, or the closed code source that's being used for data monetization.

it have the best privacy to ensure that only google is getting your data 😅

also i think he mnea chromium rather than chrome

* also i think he mean chromium rather than chrome

<yolotro[m] "also i think he mnea chromium ra"> At least ungoogled chromium should minimize the data collection they do ^^

We dont have much options I guess. Ironically, it is actually thanks to the money they earn in privacy invasion that we had some good privacy protection options (Pixel w/GrapheneOS, Ungoogled Chromium and some open-source contributions)

* We dont have much options I guess. Ironically, it is actually thanks to the money they earn in privacy invasion that we had some good privacy protection options, with good security as well (Pixel w/GrapheneOS, Ungoogled Chromium and some open-source contributions)

* We dont have much options I guess. Ironically, it is somehow thanks to the money they earn in privacy invasion that we had some good privacy protection options, with good security as well (Pixel w/GrapheneOS, Ungoogled Chromium and some open-source contributions)

I wasn't here for the microphone conversation and I just want to talk about it. Based on Edward Snowdens tweet he states I will desolder the microphones. In a phone there is multiple microphones. In older phones they used to have microphones hidden in plain sight. One of my phones had a microphone in the battery wrapper.

<jalb66 "brenneke, thanks but I finally d"> How are you encrypting on USB?

brenneke[m], I don't, it's only to move files from the smartphone to the PC. But you can use EDS lite and it's compatible with Veracrypt and others. Ii learnt this from TheJollyRoger today

USB OTG works great in my Nokia 7.1 and Pixel 3a with the devide contained in the box.

Very easy

I don't know if there is a microphone in the battery today but there is multiple. If you disconnect one then there is a few more. He goes to the extreme in my opinion when he talks about removing microphones but most of us aren't in his same position. So I think he has a right to go extreme.

Just now I moved all my photos from the smartphones to my PC

I agree with his Ethernet adapter cause he basically states WiFi is insecure. Has too many vulnerabilities compared to an Ethernet cable. It just adds another protection layer. I am not saying you can't hardened WiFi. But it will be better in the long run if you switch to Ethernet cables.

<defconanon12[m] "I agree with his Ethernet adapte"> True.

* True. Not only that, it is also way faster than wifi.

Yes, which makes me wonder why the people who I guess aren't that technically experienced. Want to switch to WiFi.

(I'm not too sure if it's because of convenice or norm...)

<defconanon12[m] "Yes, which makes me wonder why t"> Because not everyone got a threat model level paranoid.

brenneke[m], then I encrypt the files with Age

Daniel recommend me this program

Why do always assume?

(Just curious though, is only the esim the hardware-related feature not implemented in GOS in 3a?)

wow, do you guys are targets of the CIA or the FSB? otherwise just keep your mic and wifi

> > <@defconanon12:matrix.org> Yes, which makes me wonder why the people who I guess aren't that technically experienced. Want to switch to WiFi.

> Because not everyone got a threat model level paranoid.

Pretty much the case

-sighs-

* Why do you always assume?

Many people think they are Mr. Snowden

(RiotX is quite buggy on quoting and typing messages)

There Snowden fanboys that would like to be Edward Snowden.

You're not a target like him now

That's what I mean

Running Grapheme OS and then on desktop run Qubes OS + Whonix.

Snowden posted about what HE would do using a smartphone because his situation

<yolotro[m] "wow, do you guys are targets of "> Well yeah, some other people ask me the same (my threat model), and I couldn't just speak it outright that they, along with administration/government powers are some of my threat model

* Running Graphene OS and then on desktop run Qubes OS + Whonix.

<jalb66 "Snowden posted about what HE wou"> Truly. It's not like we are being chased or in the watchlist of national investigation or something...

Snowden posted about what HE would do using a smartphone due to HIS situation

Seriously, privacy should be about stopping mass surveillance and not sharing data you care about.

Of course no one besides seriously targeted individuals should stop using WiFi. Go to r/privacy if you're that paranoid, cause they're too.

Hapssmak you are missing the point.

I never said stop using WiFi.

<defconanon12[m] "I never said stop using WiFi."> You asked why non-tech people would use WiFi over Ethernet.

I'll take the back seat and watch for now. -eats popcorn-

hapssmak: Cause it makes sense to use Ethernet over WiFi to me. I am not saying everyone should switch back to it.

The thing that annoys me r/privacy etc is that they think privacy is a 1 or a 0.

Seriously it's not. You can eat junk food every now and then and still be healthy.

You can care about privacy and still use Google services. It's not black and white.

Yes, I find it an extreme when people remove all they're Google accounts myself.

I use Stadia etc, cause I don't care if Google know what I game. I doesn't use the Google search engine though, only when my personal choice fails.

Doesn't matter if Google get a search for me every now or then. The point of that they shouldn't get all of my searches.

I think that does make them more of an interesting person if you just mass delete your social media accounts and Google accounts.

i think you mean THEIRS, they're is a contraction of "they are"

yolotro: Excuse me. Thanks for the correction.

<defconanon12[m] "I think that does make them more"> If they should target everyone who delete their SoMe they're gonna hire a lot

<defconanon12[m] "I think that does make them more"> Quite an interesting take. It's discoiraging when people ask for mitigating measures in using privacy-invasive social media sites, and all they get is delete it or bust, it's your choice if you can't delete it

What discourages people from caring about their privacy is the 1/0 privacy concept, instead of it being a spectrum. (Sorry kinda joined in a bit...)

* Quite an interesting take. It's discoiraging when people ask for mitigating measures in using privacy-invasive social media sites, and all they get is delete it or bust, it's your choice if you can't delete it.

Not everyone has the luxury to do so when necessity asks for it sometimes.

Think about it if people think that they are being targeted then the adversary would see that they just mass delete personal accounts. Thus, the adversary would have more of a chance to go after them. You could argue that I will just space out the time I delete my personal accounts. Sure, if you want to go that route. If your goal is to delete your online life I am not going to stop you.

There are lots of reasons to delete Facebook etc besides you think you're targeted

Facebooks disregard for user data is one

The 1/0 comes from TV and movies. I think people mixed reality with shows all the time. I do agree that there is a lot more than 1/0.

In some third world country, facebook is their internet, and not everyone had a choice for an encrypted communication. It's either SMS/Sim call or Facebook Messenger, which makes it quite discouraging...

* In some third world country, facebook is their internet, and not everyone had a choice for an encrypted communication due to limited internet access. It's either SMS/Sim call or Facebook Messenger, which makes it quite discouraging...

Well yeah but in my opinion if you have a Facebook account then just add fake info about yourself and leave the account forever. If you access it again Facebook knows your IP. More than just that. Every time you are in location. It is a false sense of security when there is data breaches that happen a lot on that platform alone.

People should think about their privacy, what they share and what services they use. Almost nobody should go extreme lengths

My IP isn't personal stuff.

It has probably changed several times before a breach happens

Well there is some IPs that don't change.

Yes, static. Rare for the average consumer to have that.

True I see your point.

Yes Facebook etc is following you around. But IP is far from their nr. 1 method.

* True, I see your point.

Let's be real. We don't need systems that has zero telemetry. We just need to stop making mass surveillance accepted and people should learn that services aren't free.

If you use free services, you probably pay with your data. For most people it's not clear. My friends never really believe when I tell them how much Google collect until they check their account. After that most of them disable the tracking and switch to Signal

Yeah collectively I don't think that will happen unless the majority people wake up per say.

I agree. The government will probably never stop it as long as the possibility is there. Therefore everybody should he encryption

Signal etc make mass surveillance really hard.

The internet will go off the rails when E2EE is gone. Which I hope never happens.

Can't be stopped really. Services will just love to the EU.

They have strong privacy laws and actually care about life quality, privacy and such

<hapssmak[m] "If you use free services, you pr"> For google it is easy to pull them off

<furofuro_01[m] "For google it is easy to pull th"> Disable tracking, yes indeed.

Facebook, however... They throw so many reasons like

"you aren't targeted, why care?"

"So what if they collect your data?"

If it was my personal account, would have deleted it in a heartbeat

The other owner of the account is unwilling to delete it tbh... -sighs-

<jalb66 "brenneke, then I encrypt the fil"> OK cool, just curious. I do a similar thing except use Cryptomator as can then open on any platform. I like the new USB-C drives, no adapter required for Pixel.

I think it's because they don't get how much data they get. Google makes it really easy to see (location, apps use time and when etc, every search since day 1 of the account). Make most peopæe freak out.

Facebook just tells you what it has but it's not as visual.

People don't seem to understand that Facebook etc is a private company. Why do you give them all your messages, pictures, location and browsing habits? You for sure wouldn't give them to the pizza man. That's also just a random company.

* I think it's because they don't get how much data they get. Google makes it really easy to see (location, apps use time and when etc, every search since day 1 of the account). Make most people freak out.

Facebook just tells you what it has but it's not as visual.

People don't seem to understand that Facebook etc is a private company. Why do you give them all your messages, pictures, location and browsing habits? You for sure wouldn't give them to the pizza man. That's also just a random company.

It's honestly a dead horse for me sadly. I'll just give up the ownership of that account.

And delete as much as possible

For instance

I just deleted it and told my friends and family they could contact me on Signal. Some switched and other just send me a text when something's up.

<furofuro_01[m] "> <@hapssmak:matrix.org> I think"> Never said that

Welp, there is one way I knew for sure... VPN

They probably know where you live anyways if you have ever used Facebook.

Well yeah sadly

I wanna wipe that shit badly

* .

It's my biggest regret in life

RiotX freeze up again. Huh I wish they added a refresh button but I am fine with doing it manually.

If only I knew 11 years ago that it would cone to this... I won't have let them make that account

<furofuro_01[m] "It's my biggest regret in life"> Nothing in your life would have been different if they didn't know you address. Relax

Depending on the VPN they also track when you are using a VPN and block you when they find out. Netflix is notoriously for doing this.

* Depending on the VPN they also track when you are using a VPN and block you when they find out. Netflix is notorious for doing this.

It depends how you setup a VPN account and what your threat model was.

<hapssmak[m] "Nothing in your life would have "> It's not only that though.

Your home address. Relax

There are lots of people probably knowing it

Well a lot more than Facebook yeah.

Well to be fair yeah, my point was I was a victim of consuming this crap social media when I wasn't privacy aware...

Retroactively, they knew a lot. Now, they would more or less know not so much as before

I think a good bit of us were and the platforms themselves program people in a certain way of not being self aware and accept it. In my opinion.

Pretty much

Lucky for those who never used it

Facebook acts like they are the authority and news. A lot of people depending where you at around the world. You get your news from Facebook.

Yeah

We're getting a little off-topic.

I need mitigating measures since my university uses it as platform of dissemination because many uses it

Most probably I'll use something like Frost on GrapheneOS in the future

> <@furofuro_01:matrix.org> We're getting a little off-topic.

> I need mitigating measures since my university uses it as platform of dissemination because many uses it

In the future though, it's desirable to avoid myself being linked from that account.

wait you're just a student but previously u said government agencies is your threat model lol

Well...

You know one of my instructors in a cyber security course advised me to use only Chrome and broadcast our full names on Twitch without making the stream private. furofuro_01 So I know where you are coming from.

I could be taking masters and still be in university

I'm telling that being in university != just a student

Government and private administrations are threat model due to untrustworthiness

of them handling the data in a rational way

Also, university's surveillance

Back when I was in my institution they relied too much of letting Google and Microsoft do all the work for them.

They don't have much of an infrastructure.

If only a security and privacy expert would stand and step up to them and change the system -sighs-

It was supposed to be a "freedom"-type of university, but we aren't really in control of our data.

Let Google or Microsoft handle it, not banning Facebook or Zoom as studying platform, etc

They always get you on something.

(Or rather, forcing students to join some fb group)

<defconanon12[m] "They always get you on something"> It's more or less mitigation and compromises at this point.

* Let Google or Microsoft handle it, not banning Facebook or Zoom as studying platform, etc

Edit: Not fully blaming them though, our country has poor internet access.

In one of my prior institutions they pushed fingerprinting for getting and paying for lunch. Then we used in one of my earlier institution a social media education platform that had a massive data breach.

I had a hunch that they (government) rather keep this to have their people in control, thus I always treat them as threat model.

* I had a hunch that they (government and oher agencies) rather keep this (poor internet access, bad privacy and security protection laws) to have their people in control, thus I always treat them as threat model.

Thankfully, they (university) have their own education platfom website, although I'm not too fond of their hosting server, nor too sure about its security against data breaches.

Huh I wonder if they are protected of even the basic attacks?

I'm not even sure lol, I am curious and wanting to try, but I rather not get kicked out if I knew how to do it

They use third-party scripts (including google(dot)com)

That is the problem you shouldn't get kicked out you should be congratulated for finding a vulnerability.

Mainly by the IT staff.

Sadly, there is still politics over rational decisions...

It's easier said than done

Though I might try on legally contributing on such thing if I had the knowledge

If you are afraid of being kicked out and you ever find a vulnerability then you shouldn't give yourself the credit. Just say someone told you. That is just my advice. They might ask you questions on who and where but act like you don't know. Play dumb.

Thanks for the advice

Or use a random string of characters for your pseudonym and make sure to always connect over tor

then you could take credit with drastically lowered risk of being caught or it linked back to you in any way

Heh or that. Use Tor correctly and learn from prior mistakes.

When using Tor it is all about knowing and proving you aren't leaving behind digital footprints.

going to be dropping the experimental Pixel 4 and Pixel 4 XL support and cancelling any plans to support the Pixel 4a soon due to lack of progress

people need to step up and help rather than it always devolving into me doing all the work

another week left and then scrapping this

I wish I could help.

<defconanon12[m] "I wish I could help. "> Go study Java for now?

I am pretty sure it more than just Java right? I want to know how I can help. Do I just need to learn programming languages? Which ones? I want to at least be at an intermediate level to contribute more than I am currently.

paintedman: none of the workarounds for the Wi-Fi issues are correct or working so I rolled them back

doesn't appear that this is going to be properly resolved

I'll be moving the Pixel 4 repos to GrapheneOS-Archive and reverting changes elsewhere at the end of the month

don't see progress being made

<defconanon12[m] "I am pretty sure it more than ju"> (I cant speak for that for sure, but guess Java for Android Development is a good start)

the changes to the kernel driver aren't right

and don't make sense

and they don't have commit messages explaining why that would make sense

there's supposed to be this wlan_boot sysfs entry

boot_wlan

anyway it's becoming me doing all the work which is unacceptable and therefore it will all be reverted / removed on the 30th

* (I cant speak for that for sure, but guess Java for Android Development is a good start)

Edit: Please ask somebody else who is an expert or better on android development (to those who have experience)

few thousand dollars wasted on test devices and a lot of time wasted

but don't want to waste any more

what?

if you're talking about graphene

why have you "wasted a few thousand dollars"

He is though. He's the lead developer if I'm not mistaken

* then why have you "wasted a few thousand dollars"

whattt

hes stopping developement for graphene or whats going on

<faxing[m] "hes stopping developement for gr"> just read the messages

it will probably lead to that, the lack of help extends everywhere

Dropping the experimental support for Pxel 4 because of lack of contributions.

oh support for pixel 4 ok

i got super super worried because I just bought a pixel 3a for the sole purpose of flashing with graphene like 3 days ago

there are no device maintainers for the Pixel 3a

it will be dropped soon if that doesn't change

3a xl i meant but im guessing the same story goes

well ****

I'm also in the process of getting one soon (3a). If my laptop can handle it, and me studying how to do android development... (Can't give any promises sadly)

Pixel 4 was supposed to be different where others would help but in the end all of the hard work is being done by me

and it takes weeks to spend 5 minutes cherry picking some commits

if I don't do it

don't see the point of pretending it's going to work

If I knew coding I'd try to help/contribute but I don't know the first thing about it

* I'm also in the process of getting one soon (3a). If my laptop can handle it, and me studying how to do android development... (Can't give any promises sadly)

To be realistic though, I doubt I could help that much, but I'll give this a shot

Well--

If Graphene goes then what are people who want the utmost privacy and security going to do/use

Graphene honestly seems like the only viable option

if they wanted it they would have contributed

Well many people can't contribute directly or financially

It's not necessarily their fault

It's the lack of attraction on getting developers sadly...

In a practical way, it's preferred that those who would help him are the ones who already had the experience in androi development

I doubt trying to start learning android development now would do that much help, but it may bring forth talented peeps

(With slight probability),

It's undoubtedly undersupported and needs more developers, contributions, and fiscal support, but I still can't get behind essentially blaming the community for not having the spare funds or knowledge to contribute but still whole heartedly enjoying it and advocating for others to use it as well

Pixel 4 support should have been done in January

* It's undoubtedly undersupported and needs more developers, contributions, and fiscal support, but I still can't get behind essentially blaming people who whole heartedly enjoying it and advocating for others to use it as well for not having the spare funds or knowledge to contribute

Sadly, the problem is it's being constantly attacked that some developers are getting repulsed because of them.

One way that we can contribute, if we can't code, is at least inform them correctly about the goals of this project.

what needs to happen is people contributing and actually actively doing work

<strcat[m] "what needs to happen is people c"> -sighs-

strcat: sorry for not being so experienced as you. anyway I did my best to help the project.

> <@furofuro_01:matrix.org> I doubt trying to start learning android development now would do that much help, but it may bring forth talented peeps

> (With slight probability),

takes some time to learn, even longer time if background in completely unrelated field

paintedman: other people could help

I don't know coding, so I can't contribute that way - I don't have the spare money lying around to contribute financially - I do have a bit of spare time so I advocate for people to use the project if they can and contribute to the code or contribute financially if they can.

paintedman: it's not up to you to do everything

There are many people who do the same

when I say devices need maintainers that doesn't mean 1-2 people have to do it all

just not me

i don't see how blaming them for not contributing just because they dont have extra money or coding experience helps

personally

I don't have the time, money or energy to spare that I put into the project

making plans to learn a bit of coding as side hobby

paintedman: there is supposed to be this /sys API and then defines set via variables for the device to make it write to it

I understand it needs coding and fiscal contributions, still I don't see how that's people fault for not having the knowledge or funds but still enjoying the project because they value their rights to privacy

paintedman: to make it initialize

paintedman: the kernel changes are disabling code for the sysfs interface that's supposed to be there when it's not a module

* I understand the project and it's developers need coding and fiscal contributions, it needs them badly - still I don't see how that's people fault for not having the knowledge or funds but still enjoying the project because they value their rights to privacy

To be fair, he isn't exactly blaming but stating the situation as it is.

paintedman: instead it needs to be figured out how to make that work properly instead of making it further from how it's supposed to be

* I understand the project and it's developers need coding and fiscal contributions, they need them badly - still I don't see how that's people fault for not having the knowledge or funds but still enjoying the project because they value their rights to privacy

paintedman: there is supposed to be a boot_wlan API for it to write 1 / 0 to

<furofuro_01[m] "To be fair, he isn't exactly bla"> "if they wanted it they would have contributed"

Seems like blaming to me - doesn't bother me, just saying

* Seems a good bit like blaming to me - doesn't bother me, just saying

paintedman: I don't know why the sysfs interface isn't there when I reverted the changes

maybe I didn't build what I thought I did

Ok thats an ambiguous one...

But it's a true statement though

<faxing[m] ""if they wanted it they would ha"> Replying to him

strcat: I've seen your commit and now I am building GrapheneOS to test this on my device

I'll rest my case for now.

Same

paintedman: using the /sys path didn't work because reverting the changes removing that code didn't make it show up for some reason

Now looking at it I apologize for flooding the chat, just a small thing I wanted to point out

paintedman: so I'm trying /dev/wlan right now but it's not right to need those 2 kernel changes - they don't make sense and aren't fixing something

* Now looking at it I apologize for flooding the chat, just a small thing I wanted to point out that I thought was unfair

furofuro_01: faxing start learning coding as side hobby, pretty much only thing other than donation us non-coding people could do

paintedman: so I think the kernel changes are wrong and are misunderstanding the problem which is that the sysfs interface is supposed to be there and isn't for some reason

yesterday I found that code in `frameworks/opt/net/wifi/libwifi_hal/` and wanted to look at it today, but anupritaisno1 said, that wifi, fixed already

paintedman: maybe having the current setup will work but it's not right

<proof_jr[m] "furofuro_01: faxing start learni"> By the time I'd learn it it sounds like the project won't even be around by the way that Daniel and Strcat are talking recently

it isn't fixed

> <@notmyname723:matrix.org> furofuro_01: faxing start learning coding as side hobby, pretty much only thing other than donation us non-coding people could do

* By the time I'd learn coding well enough to contribute, much less maintain a version of Graphene, it sounds like the project won't even be around by the way that Daniel and Strcat are talking recently

paintedman: I just figured out that the changes to the kernel are wrong

oh

and figured out that we need to set defines for libwifi-hal

paintedman: it's possible that what I have there *right now* might work

but it's wrong even if it works

it's not how it's supposed to be and may have consequences

<strcat[m] "but it's wrong even if it works"> strcat: do you have an idea of how it should work? your commit in `device_google_coral` seems very logical to me and I don't quite understand why it may be wrong? because clear AOSP doesn't use this variables?

paintedman: there are 2 commits

the 1st one is correct

the 2nd commit is a change to work around the current kernel setup being messed up

I don't know if it works as is

but it's wrong

I've seen only first. ok, I'll try to build both and test on the device for better understanding

If I were to try to learn coding for the sole purpose of contributing to Grapehene, what would be the language I should learn

"faxing" (matrix.to/#/@faxing:matrix.org):

You need a lot more than just code

Sure code is like the ABCs of it all

But you need to know in theory about what you're working on

Example knowing java alone is not enough to help you make an android app

You'll need to read the docs, understand things

I know but I mean coding will take the longest, no?

No

So I'd like to start on the thing I know the least about, coding, and do the other things simultaniously

It's this part that takes the longest

* I'd like to start on the thing I know the least about, coding, and do the other things simultaniously

Well you'd have to know coding to understand the rest so simultaneously is not the answer

From my understanding it takes around a year to get the extended basics so to speak and multiple to be good so I figured that'd take the longest

First you need to find out what you want to work on

My plan was to work on whatever the project needed the most help with at the time

Is that not what I should do?

That's not how it works

If you could learn everything in the world why need more people

I mean learn what they need the most now and hope its what they still need then

* I meant learn what they need the most now and hope its what they still need then

* I meant learn what they need the most now and kind of hope its what they still need then

That's never the case

Then what should I try to learn

Do you go to a dentist and tell him you have a problem with your vision?

* Then what should I try to learn that would be the most beneficial to the project

That's exactly how this works

People who have in depth knowledge on one particular section are needed right now

But I don't know what section I should dedicate my time towards

then us beginning coders won't be much help to project?

The project might not even be around by the time I've learn all of this since it'll likely take many many years but hopefully it'll at least be a helpful life skill lmfao

"faxing" (matrix.to/#/@faxing:matrix.org): if you want to do android apps learn java and start reading the docs

alright, thanks

I was unaware they needed help with the apps, so thanks for the info

If you want to do kernel work you should read of on C, the arm64 ISA and know at least a few basics of operating systems

<faxing[m] "The project might not even be ar"> that's me, planning to learn coding as side hobby but discovering pretty much has to replace main job

There's also compiler work to be done like porting stack probes

I don't even know what that means lol

* I don't even know what that means ngl lol

* I don't even know what that means ngl

Or you could dedicate yourself to selinux/hardened malloc and other sections

> <@faxing:matrix.org> The project might not even be around by the time I've learn all of this since it'll likely take many many years but hopefully it'll at least be a helpful life skill lmfao

* that's me, planning to learn coding as side hobby but discovering it has to replace main job

which part has lowest barrier to entry?

"proof_jr" (matrix.to/#/@notmyname723:matrix.org): none

I'll probably dedicate myself to java for the apps, as I feel like it'll have the most value after this project is inevitably gone

* I'll probably dedicate myself to java for the apps, as I feel like it'll have the most value after this project is inevitably gone one day

If you're speaking after this project stuff

Kotlin/dart are getting popular

<anupritaisno1[m] "Do you go to a dentist and tell "> Yes, and turns out I had eye cavities. Good dentist used his eye retractor with his dental mirror to resolve it.

Well I wanted to learn it to help graphene but this sounds like a lot and I can't imagine the project still being around once I've learned all of this

it's already on sort of thin ice now

i just don't see it being around in 3-5 years if I've even gotten enough experience to help them out by then

why do you talk about it like you're the only person who could help?

it's not about you

what?

He is? I didn't get that impression.

i wasn't at all?

* i wasn't at all

Uhh probably just str on his high horsey.

that just seems unnecessarily aggressive, I was just asking for ways I could help the project most effectively, I not once said it was just about me in any way

* it just seems unnecessarily aggressive, I was just asking for ways I could help the project most effectively, I not once said it was just about me in any way

yet you talk about the project dying and not being around because of the length of time it would take you to learn?

I mean, he was talking about the plausability of it not existing in the future from what I understood.

Not necessarily that because of his contributions that it'll remain alive.

I was referring to you among many others saying the project is lacking funding and code contributors and may not be around for too much longer, so I was trying to find a coding language that could help the project if the project was still around once I was proficient in everything I needed to know to help, and also one that could not only do that but also serve a purpose and be useful outside of the project as well

* strcat, I was referring to you among many others saying the project is lacking funding and code contributors and may not be around for too much longer, so I was trying to find a coding language that could help the project if the project was still around once I was proficient in everything I needed to know to help, and also one that could not only do that but also serve a purpose and be useful outside of the project

as well

faxing We don't need paragraphs now about it

I think it was just a matter of getting rubbed the wrong way with your remarks

project lacks devs and we lack coding skills

And thats perfectly fine, I just felt the need to explain myself

* And thats perfectly fine, I just felt the need to explain/defend myself

people could just step up as device maintainers and start doing that work and then support for those devices wouldn't be in question anymore

you can't become a device maintainer without necessary skills

if what ends up happening is that people only step up for the Pixel 4 then ONLY the Pixel 4 will be supported

unless you're able to maintain a device using organic chemistry knowledg

* unless you're able to maintain a device using organic chemistry knowledge

if so, sign me up

I don't know what people are actually going to step up to help with and companies are generally not interested in helping with older devices unless they started with them

so it is up to the community to support anything but a newer device that a company is interested in using and paying developers to support

proof_jr: luckily you aren't the only person the community

it's not all about you

I, like many others, want project to succeed therefore I'm stepping up to contribute

strcat Yeah, no need to be rude about it though. I'm sure he just wants to help. Never did he say his presence alone is the only solution to keep Graphene alive, just that he wishes to help but it'll take time and the future won't be certain for the project.

Your attitude could be what could deter people from wanting to help

<strcat[m] "people could just step up as dev"> You still need a lot of the same or similar knowledge to be a device maintainer

or it could be the people always discouraging others from helping

easy solution is banning people who repeatedly do this

disrupting conversations about help that's needed and about development

<concat[m] "Your attitude could be what coul"> My thought exactly. I love the work he's doing but he seems overly/unnecessarily agressive to people genuinely asking about ways they can help effectively.

with concern trolling and off-topic excuses

> <@concat:spitetech.com> Your attitude could be what could deter people from wanting to help

* My thought exactly. I love the work he's doing but he seems overly/unnecessarily aggressive to people genuinely asking about ways they can help effectively.

* My thought exactly. I love the work he's doing but he/she seems overly/unnecessarily aggressive to people genuinely asking about ways they can help effectively.

if I'm asking for development help and you aren't a developer why do you need to jump in and have a multi-page unproductive discussion about it

* My thought exactly. I love the work they're doing but he/she seems overly/unnecessarily aggressive to people genuinely asking about ways they can help effectively.

<strcat[m] "or it could be the people always"> This sounds passive aggressive towards me, I'm not sure how defending those who want to help is "discouraging" them.

* My thought exactly. I love the work they're doing but he/she seems unnecessarily aggressive to people genuinely asking about ways they can help effectively.

I don't see people who want to help, I see people concern trolling from anonymous accounts

Be more direct, is that just a general statement or are you pointing fingers at someone during this conversation?

and trying to discourage others from helping

🤦‍♂️what the hell did this start

anupritaisno1 lol true

<strcat[m] "if I'm asking for development he"> I was looking to become a developer for the sole purpose of helping the project and asking what the most effective things to do that would be

"concat" (matrix.to/#/@concat:spitetech.com): honestly I just see laziness

Let's say the project wasn't there in 4-5 years

So what?

exactly ^^

let's discuss this in new room

You were there helping and you now have a skill that's actually useful

to not clog up chat

anupritaisno1 I'm all about action rather than talk, I agree. But I don't think it's entirely wrongful of them to have some form of concern about the future. I think both parties have a better way of going-about for this situation.

"faxing" (matrix.to/#/@faxing:matrix.org): my only advice to you is to find something you like to work on

Learn it properly

Contribute using the skills you get

Yeah, and if GrapheneOS ceases to exist in the future you can apply the skills for any other project for Android hardening that would exist or create your own.

"concat" (matrix.to/#/@concat:spitetech.com): what this guy said ^

There'll still remain some form of real-world use for these skills.

Oops xD

That was really my main question, was what the best thing for me to learn would be to not only have a skill for graphene, but something that could benefit me in the future after graphene

so thank you both for your advice and help

faxing Java has a good market share in general. Android knowledge may be trivial but Java skillset is always being seeked for. That's what I'd additionally like to add.

Thank you very much, that's really helpful

I'll focus on learning Java

I don't think it would take 4 or 5 years to learn some app development skills in java

I think it could be done in under a year

What if every member here pays some dollars monthly and that money is used to hire some developers?

who is going to manage that? and who will be hired?

I don't want this project to die

strcat[m], you can decide

Hi everyone!

also a few dollars is not going to add up to an engineer's salary

First year cs student here, excited to contribute in as many ways as possible

if 600 people gave $5/month that wouldn't be nearly enough to hire someone full time

If we are many people paying those, or even make GOS as a paid project to help monthly

<nickcalyx[m] "I think it could be done in unde"> Maybe even under 2 months (based off personal anecdote)

I was eleven when I learned Java.

IDN, only an idea, maybe it's not valid

<nickcalyx[m] "I think it could be done in unde"> I mean true proficiency - enough to help the project in a more meaningful way

Skills: python, c++, html, css, a little php, javascript and xml

<strcat[m] "if 600 people gave $5/month that"> What about advanced college students?

<strcat[m] "if 600 people gave $5/month that"> Hi, statistics student here. With some mental math I think some form of employment would be managable but definitely not full-time employment, and the income would still be mediocre on behalf of the hypothetical hired developer.

> if 600 people gave $5/month that wouldn't be nearly enough to hire someone full time

So people can donate $10 or 20

rosarium: seems to be you acting dismissive and unconstructive as others were earlier

not sure what the expected response is to concern trolling and unhelpful / harmful comments / claims

I currently have $800 in total that I can contribute overtime (saved from getting a 3xl instead of a Galaxy Fold )

concat: and how are we going to convince someone to work for way below their market value

if they aren't already a contributor super enthusiastic about contributing and willing to make huge sacrifices

strcat You aren't.

if you want to hire someone not associated with the project then it's going to have to be a competitive salary

and not part-time, unreliable work which leads to nothing productive getting done

and they have to be a good fit for it and able to be productive working remotely

so who are we going to hire and where is the money to do that

150k/year

I can't propose to someone that they should come work on the project for 20% of what they earn atm

strcat Your employers would likely consist of pseudo-volenteers. Those who would be comfortable working under those conditions for a certain cause. Hypothetically speaking such employment would be managable but the income as stated would remain very abysmal.

Speaking non-hypothetically the workplace wouldn't be appealing and you will not enconter anyone seeking hirement.

sounds like it's not really about hiring people then

<strcat[m] "concat: and how are we going to "> Passionate college students? My brother is 4th year cs student and he contributed to newpipe and morbii

<strcat[m] "sounds like it's not really abou"> Yeah, it's *mostly* not about hiring for your specific situation.

the project needs developers/maintainers not drive-by contributions

<privacy_based_li "Passionate college students? My "> If they need to bump out their resume and they're fond of the project while also needing some extra cash on the side, I can somewhat see that happening. It's almost an unobtainium though.

> <@privacy_based_lifeform:matrix.org> Passionate college students? My brother is 4th year cs student and he contributed to newpipe and morbii

* If they need to bump up their resume and they're fond of the project while also needing some extra cash on the side, I can somewhat see that happening. It's almost an unobtainium though.

Maybe I can convince some of my classmates to contribute once we start having in person classes

Notice however, that both require some form of passion.

don't have money to pay people right now

the current donations are needed for hardware and legal fees

An actual functioning economy doesn't rely on passionate people.

and I don't earn enough to live normally

🙁

"strcat" (matrix.to/#/@strcat:matrix.org): I can provide you hardware

That's horrible, the first thing is that you live normally!

I have servers that average build times of about 3 hours for a clean no ccache build

<strcat[m] "and I don't earn enough to live "> Do you have a college degree of any sort? Have you had issues redeeming it for good-enough paying jobs?

Good deal for you?

<concat[m] "An actual functioning economy do"> True but I am willing to contribute alot once I graduate. Im the meantime I'll try to bring some students together to try and maintain

concat: I choose to work on this

if I have a job elsewhere this is over

think you don't understand

what I have put into this for 6 years

for so little in return - really nothing in return

"strcat" (matrix.to/#/@strcat:matrix.org): I can give you hardware

If you'd like

anupritaisno1: I have a local build machine, not fast enough but works

anupritaisno1: issue is each developer needs phones and a workstation to be productive

Anyway the offer is always open

my local build machine is faster than what you're talking about

Figures

I need 1 of each supported device running GrapheneOS with bootloader locked / verified boot enabled

Can I contribute hardware too? I got a Alienware m17 R3, 10th gen i9, rtx 2080, 32gig ram, 2tb ssd. Any way you can utilize it remotely when im not using it? 9 hours at a stretch (when I sleep)

and ideally a development device (don't have this atm) with bootloader unlocked

and ideally reference devices with AOSP and the stock OS

and good build hardware

<strcat[m] "for so little in return - really"> Rather than some praises and offers to help which yet have not been delivered, yes. But there comes a point where a hiatus might be necessary to recuperate however that too comes at its own consequences. A viable substitution would rid this issue by a good margin, which none have been located yet.

other developers mostly only need a couple devices and a workstation

> <@strcat:matrix.org> for so little in return - really nothing in return

* Rather than some praises and offers to help which yet have not been delivered, yes. But there comes a point where a hiatus might be necessary to recuperate however that too comes at its own consequences. A viable substitution for the current maintainer/dev would rid this issue by a good margin, which none have been located yet.

The degree may be useful in the scenario if that does come true, maybe.

concat: I don't really know what you mean

the options are continuing on and trying to make this work or discontinuing the project

so far I have continued on trying to make things work despite other people doing far more to try to destroy the project than helping

and it has been nearly wiped up by their efforts

and my whole life has been screwed up

strcat It's not black and white, you can choose to discontinue momentarily until appropriate resources have been gathered.

the net impact of other people on the project is certainly incredibly negative

Is Daniel here btw?

<privacy_based_li "Is Daniel here btw?"> Daniel is strcat

concat: resources are not going to be gathered by discontinuing it

it would just be over

Ohkay

you don't get resources by discontinuing a project

where are those resources going to come from if it's dead already

strcat From the new job you'll get, from community rally.

strcat Main resources would be the new attained revenue with that sacrifice and some community backup (the latter of which will probably not happen)

Dont discontinue this beautiful project please, can you tell me what equipment you need? I can source it for cheap

At least i can try

concat: bad idea tbh

I've worked with grapheneos code for 5 years

Going to something else is probably not going to sit well with a lot of us

strcat That's why a more appropriate solution would be having a substitution for your position. Which, at face value sounds as an unobtainium.

anupritaisno1 You don't really have many other options thought, you're still depending on community support regardless.

* anupritaisno1 You don't really have many other options though, you're still depending on community support regardless.

anupritaisno1 Recuperation with this sort of action has its own consequences, though I have not specified and simply pointed that out so there's no mistake of what I'm trying to get across.

Noted

concat: as I said if I move on to something else, this is over, for good, and money I get from that new job is not going towards it

anupritaisno1 The same fate will bestow with the current situation and the approach to postpone until healed because theyre "someone steps up" or "we die". And I think trying to get back in business if nobody steps up could be plausable contraire to discontinuing GrapheneOS permanently.

and if the project is dead there isn't going to be a community of people actively working on it or supporting it

doesn't make any sense

your suggestion is to kill the project and somehow that helps, I don't get it

again just seems like concern trolling to me

"strcat" (matrix.to/#/@strcat:matrix.org): are you alright BTW?

<strcat[m] "your suggestion is to kill the p"> It isn't, that's a strawman.

no

My suggestion is that if nobody steps up the consequences would be inevitable regardless, and to stop support early and attempt to gather appropriate resources externally.

<strcat[m] "and if the project is dead there"> It's not about the community, if it was we wouldn't be in this situation now.

not sure what that is supposed to mean

really no idea what you are talking about

at all

Me neither

It means that the community is playing little roles with what's going on.

Not sure why that's really hard to grasp. Unless someone does step up.

I am not sure what you think is going on

strcat It's quite clear what I'm trying to say, the community isn't in your favor now and it doesn't seem like it would be later.

I don't know what you mean by that

I don't get what you are talking about

from the start

it is not making any more sense as you go on

strcat You'll be in a situation where discontinuation would be the best option due to the lack of support, but I'm saying you can attempt to reform it in the future after discontinuation.

Tell me what's confsuing about my statements.

Should I structure it one-by-one as we go?

there is not going to be any reviving it if it has to be discontinued from lack of support / success

it would just be over

it makes no sense to start over

"concat" (matrix.to/#/@concat:spitetech.com): delaying the resolution for the mess created is going to end up in more mess created that needs solving later on

<strcat[m] "it would just be over"> That's a mentality, not an objective fact. If you discontinue the project, then you have more time to collect proper resources and start over.

I am not sure how it's helpful to talk about these things and turn my requests for help into trying to convince me to discontinue it

It's easy to ask someone to just quit because you're not in the same situation as them

Someone might fork it at that point and continue on, you never know

I'm saying: why not do such if the opportunity strikes?

just derail discussions and try to deter people from contributing

Not a solution

opposite of helping

"concat" (matrix.to/#/@concat:spitetech.com): that's not opportunity, just plain gambling

when I ask for help that's not an invitation to give uninformed advice

<anupritaisno1[m] "It's easy to ask someone to just"> Nobody's telling him to quit, it's about the inevitable day he will quit if the situation remains the same as it is now.

if the project was discontinued it would not be restarted

I would not gather resources to revive it that makes no sense

it is not in a position to obtain the necessary resources if it is not active

<strcat[m] "I am not sure how it's helpful t"> Where'd you get the idea that this was a proposition to quit? It was rather a proposition to press the restart button rather than the shut down button as you are proposing if the project "gets discontinued". I did not bring that up in the first place.

you don't solve anything by discontinuing it

"strcat" (matrix.to/#/@strcat:matrix.org): how about selling refurb devices with the OS installed?

'pressing a restart button' is supposed to do what

concat: why do you always come here and criticize a project you don't use?

throw away everything

all progress

Guys stop

Everyone

let the people who want to destroy it win

Seriously

and that accomplishes what

Instead of killing everything and starting from scratch

makes it way harder to ever get any resources to develop it if it is dead

anupritaisno1[m], some people are doing that, maybe strcat[m] could do it with better results, he's the developer

how is that a helpful suggestion

Think about how we can promote the project

<strcat[m] "I would not gather resources to "> If you're not going to do anything else with your life after Graphene gets discontinued, then I suppose you're right. But I assumed you were going to try to find some other form of income, and if sustainable could be used to rescrape the project back together.

how can I take that seriously as anything but concern trolling

if I start doing something else I am not coming back to this

"concat" (matrix.to/#/@concat:spitetech.com): honestly that doesn't happen

<strcat[m] "let the people who want to destr"> Again, I'm not sure if you're trolling at this point. It's clear I'm referring to when you make that own decision yourself.

and if I came back to this that source of income would end

concat: anupritaisno1 jalb66 strcat make separate room where someone else moderates project concern, make this room for dev questions

concat: you don't decide what I choose to do

Before corona I hardly had time to work on glassrom and was falling into burnout from the work I was given everyday

* concat: anupritaisno1 jalb66 strcat make separate room where someone else moderates project concern/discussion, make this room for dev questions

Thing is when you do a job the job has to be something you like

strcat What kind of argument is this?

You're not going to find time for side projects

strcat "you don't decide what I chosoe to do" who implicated otherwise? How is theorizing a course of action after discontinuation making decisions for you?

concat: I don't know, you just concern troll and try to derail discussions and cause harm as far as I can tell

Rarely happens

I ask for help and explain that I will need to drop the ongoing work on Pixel 4 support without it

strcat Something you don't clearly understand isn't trolling, stop trying to gaslight me and claiming I'm doing it in bad faith.

"concat" (matrix.to/#/@concat:spitetech.com): you're not being gaslighted

Can we ban him?

and you folks turn that into many, many pages trying to turn it into a discussion about ending the project and how I should end it to revive it later what?

"cn3m" (matrix.to/#/@cn3m:privacytools.io): we just ignore him

Is that so hard?

<anupritaisno1[m] ""concat" (matrix.to/#/@c"> "you just concern troll and try to derail discussions and cause harm as far as I can tell"

Banning just seeks to create bad blood

concat: it is what you're doing

strcat It's what you speculate I am doing, inductive reasoning to slander someone is bullshit.

I'm not slandering you

don'

don't even know who you are

You're creating false descriptions about my character, that's slander.

"strcat" (matrix.to/#/@strcat:matrix.org): please go to private message

I didn't say anything about your character

Please

Now

I can't tell if I started an argument and it just morphed it a brigade

or this was just unrelated and cooincedental

interesting you come here a few weeks ago and start trying to create drama and problems

concat[m], please stop, he said it doesn't help, so why are you posting like that?

* or this was just unrelated and coincidental

One suggestion, how about you pause the development on Pixel 4 for one or two months and continue working on Pixel 4a when it comes out. Its gonna be much more popular than Pixel 4, which means more potential doners?

<strcat[m] "interesting you come here a few "> I know concat. He isn't a troll.

<strcat[m] "I didn't say anything about your"> You obviously did, implying I was a "concern troll" and instigator.

that is what you are doing

actions

If it is the former, Daniel I apologize - if it is the latter then carry on

* I can't tell if I started an argument and it just morphed into an unrelated brigade

I have worked on this for 6 years with little in return while having a lot of other opportunities

I don't need people that are new to it to give me advice from a position of near total ignorance on the project

I have not asked for advice / suggestions

<strcat[m] "that is what you are doing"> And creating untrue statements about ones action I consider slander. You're free to think so, but saying it from an objective standpoint isn't right.

<strcat[m] "I don't need people that are new"> Then don't accept it, rather than calling someone an instigator and troll when they were discussing the future of a project.

Nobody is shoving it down your throat.

then why are you doing it in the public channel

and why do you keep going on and on when it's clearly not welcome

"concat" (matrix.to/#/@concat:spitetech.com): can you stfu

Please it's really getting annoying

and why are you trying to convince me to discontinue the project

It's not helping anyone

You're creating arguments that are going nowhere

Concat please dont drag it any further

<strcat[m] "and why do you keep going on and"> Because you were having a conversation with me and I was responding to your remarks.

when you do it in the public channel and the people causing problems make their own private channel to coordinate

I see a problem

"concat" (matrix.to/#/@concat:spitetech.com): can you just stop this

Yes, please, stop

<strcat[m] "then why are you doing it in the"> Uh, am I not allowed to? Is everything in a public channel meant to be objective and accepted?

concat: I am not trying to have a conversation with you, I am trying to defend myself and the project because you're posting it here for others to see

it's a public channel if you're posting it here

you intend for more than just me to see it

strcat Defending your project against what attack? Stating that the possibility of recuperation wouldn't be so bad?

You're not defending against anything, you're disagreeing with a hypothesis which is a conversation.

I can't follow it

If anything I am defending myself from someone who is influencial in a populated public channel calling me a troll and instigator.

I don't know what you're trying to say

You're too damn critical of the responses. This is a great project many of people put a lot of work into and people benefit every day. Please stop you're my friend

I didn't call you a troll and instigator

I said that those were the actions

strcat Right, I was attempting to make it more clearer if that was the case. But that just led me to being called a troll and what-not. Whatever.

Can we stop this now guys?

Lmao what's going on, calm down guys and go to learn how to code to help the project

This discussion is going in circles

And has become a childish game of who can blame who better

<strcat[m] "I said that those were the actio"> Sure, but I perceive certain actions afiliated to ones character. E.g. if someone is "trolling" they must be a troll, etc.

concat, i at least feel like my gripe was founded - strcat may contest that - and I appriciate you backing me on my thing but I didn't attack Daniel's character like you are.

* concat, i at least feel like my complaint was founded - strcat may contest that - and I appriciate you backing me on my thing but I didn't attack Daniel's character like you are.

You didn't say word-for-word but you were undeniably implying me to be one.

* concat, i at least feel like my complaint was founded - strcat may contest that - and I appreciate you backing me on my thing but I didn't attack Daniel's character like you are.

"concat" (matrix.to/#/@concat:spitetech.com): shit man your implicit conversion is worse then the mess C does sometimes

* concat: , i at least feel like my complaint was founded - strcat may contest that - and I appreciate you backing me on my thing but I didn't attack Daniel's character like you are.

faxing Well, "I'm not attacking character I'm saying like it is" as I've been told here just now.

anupritaisno1: hey Anu is the right place to download GlassROM for the project the GitHub?

What?

What are you talking about concat

(Welp...)

(Guess we are humans after all.)

"cn3m" (matrix.to/#/@cn3m:privacytools.io): honestly I took a leave from glassrom to do pixel 4

It's completely unmaintained right now "cn3m" (matrix.to/#/@cn3m:privacytools.io)

> <@furofuro_01:matrix.org> (Welp...)

> (Guess we are humans after all.)

Jokes on you, I'm three badgers in a trenchcoat

<anupritaisno1[m] ""cn3m" (matrix.to/#/@cn3"> You're my hero

<faxing[m] "What are you talking about conca"> When someone attacks me it's just "telling it like it is". But whenever I "tell it like it is" doesn't seem to be the case for some reason.

<faxing[m] "> <@furofuro_01:matrix.org> (Wel"> Yikes. No wonder \s

"cn3m" (matrix.to/#/@cn3m:privacytools.io): anyway top issue is that hardened malloc seems to trigger a crash in unity games

No time to debug this just words from the testers being reflected

<anupritaisno1[m] ""cn3m" (matrix.to/#/@cn3"> That's is an interesting test as a lot of the code being native right?

<concat[m] "When someone attacks me it's jus"> There's a difference in a founded argument or attack, and an unfounded one. I'd like to think mine was founded, whether it was or not, but I'll admit I was overly aggressive when that's what I was criticizing Daniel for, which is just hypocritical. You also need to be able to admit when you fucked up.

> <@concat:spitetech.com> When someone attacks me it's just "telling it like it is". But whenever I "tell it like it is" doesn't seem to be the case for some reason.

* There's a difference in a founded argument or attack, and an unfounded one. I'd like to think mine was founded, whether it was or not, but I'll admit I was overly aggressive when that's what I was criticizing Daniel for, which is just hypocritical. **You** also need to be able to admit when **you** fucked up.

"cn3m" (matrix.to/#/@cn3m:privacytools.io): idk somebody has to test it on both glassrom/graphene, narrow it down and

You get it

There are no crashes if unity is 32-bit

Also there's probably a shitload of merge conflicts in existence there

<faxing[m] "There's a difference in a founde"> There was no fuck-up, I was being civil and trying to explain what was being misunderstood. I was (implied/)called a troll and instigator, how is calling that out a fuck-up?

Interesting, so it's specific to Pixel 4?

"cn3m" (matrix.to/#/@cn3m:privacytools.io): there is a regression in chromium related to that too

The actual fuck-up was trying to state my opinions over the overprotective room that dogpiles on me over a harmless opinion about the future.

Something on sm8150 is broken due to chromium 83

I'm not gonna flood the chat anymore today, you have fun with your argument but I'd advise you to leave Daniel out of it after what I argued with him about

he's dealt with enough petty shit today

I can't even follow what this is about

faxing Let's not stir the pot now, strcat already stopped. No reason to continue.

I have no clue what it has been about since the start

"strcat" (matrix.to/#/@strcat:matrix.org): just go to pm

I got upset about some things that were said

Is hardened malloc almost like a virtual container to further isolate apps?

Interesting, a hardened malloc patch or two and it should be done?

"cn3m" (matrix.to/#/@cn3m:privacytools.io): no

We don't f***** patch hardened malloc

<concat[m] "faxing Let's not stir the pot no"> I wasn't stirring the pot this time but aight

have a nice rest of your day everyone

The issue needs to be traced from the engine and reported upstream

<anupritaisno1[m] "The issue needs to be traced fro"> Gotcha thanks. So that's not a blocker issue for GrapheneOS? Thanks so much for the explanation

This isn't even a priority as nobody games on grapheneos

hardened_malloc uncovers memory corruption bugs

<strcat[m] "I got upset about some things th"> Okay, and I apologize if I got under your skin then. But that level of miscommunication shouldn't lead to a similar fiasco like now, and making enemies with you is the last thing I'd want.

so it's expected that it will uncover bugs in apps

Aware

concat: I don't consider you an enemy, I'd have banned you if I thought you were acting in bad faith

concat: I just don't like what you were doing and it seemed a lot like concern trolling to me

Yeah I play SuperTuxCart and 2048 ha. GrapheneOS and gaming is not a priority

and I don't understand what you were trying to accomplish

<j3ghprjfo[m] "Is hardened malloc almost like a"> It's about how programs can allocate and use memory

"cn3m" (matrix.to/#/@cn3m:privacytools.io): those are not unity games

It's a specific game engine that has the issue

And patching hardened malloc is like locking your main door, destroying the roof and shattering the windows

strcat Well, isn't "concern trolling" a bit of an implication I probably was acting in bad faith? But, my point was just that if the project does get discontinued if nobody steps up there could still be a chance to come back, it's not easy but the possibility is what I was considering. I'm fine if you disagree with that.

Thanks so it's purely their fault. Good to know

What's up with the WiFi too?

CAF fucked up

And strcat doesn't want to accept the hack

I'm kind of with him on that one "cn3m" (matrix.to/#/@cn3m:privacytools.io)

<strcat[m] "and I don't understand what you "> Contribute to the discussion when someone earlier mentioned future of Graphene, something like that is how it began.

But that's the only way I know it works

"cn3m" (matrix.to/#/@cn3m:privacytools.io): basically the problem is that when you load a kernel module you're loading it from the filesystem and this means the filesystem is already up

But when it is built into the kernel

The module comes up before the filesystem

This is a problem not just on sd855

they have a sysfs API that's supposed to be used to signal when it's ready when it's built into the kernel

but these changes are disabling that and hacking this into a different API

Sd865 needs this hack too

Basically that °

so I don't really understand why we can't use the intended sysfs api

use 1 / 0 instead of ON / OFF, point the path to that as they seem to expect

but for some reason the sysfs api wasn't showing up when I tried

not sure what's up with that

"cn3m" (matrix.to/#/@cn3m:privacytools.io) this whole mess happens because nobody tested qcacld as a built in driver

but seems like what needs to be fixed, maybe it's config option, dunno

anupritaisno1: but they made this sysfs api for this use case

So AOSP works, but GrapheneOS doesn't?

The correct fix "cn3m" (matrix.to/#/@cn3m:privacytools.io) is to fix the sysfs api

I don't know if it's broken or just not enabled right

maybe it was an selinux policy issue

dunno

But sadly I am clueless as to what's wrong

And it seems that this commit is actually needed at least as a hack

"cn3m" (matrix.to/#/@cn3m:privacytools.io): ideal solution is Qualcomm fixes this

"strcat" (matrix.to/#/@strcat:matrix.org): another thing is

Why does the prebuilt work?

If our own commit works do we assume the prebuilt does the same thing?

anupritaisno1: yes but they probably do it to make the module work properly

anupritaisno1: basically

when you use the module you're supposed to use /dev/wlan

when you build it in you're supposed to do this via the sysfs interface

Yes I get it

I've read that code

the reason they made the sysfs interface is the /dev/wlan interface isn't available before the driver is up

But I don't know why it is broken

so the 2 hacks we applied to the kernel driver

1st one disables sysfs code (maybe we can revert that already)

2nd one hacks the initialization into /dev/wlan

They are making it behave as a module impl

yeah

but it's clear it's not supposed to be like that

/dev/wlan isn't supposed to be there before init

or at least not usable

Honestly we should label.those commits with big [workaround] tags

anupritaisno1: it works now

And mention them in the issue

but this just seems really broken

it makes this API available when driver is down

"strcat" (matrix.to/#/@strcat:matrix.org): well I'm sorry if I'm not of much help.

I think the right approach is reverting the commits

and using the /sys API for 1 and 0

1) I don't have the device

2) while I can read and understand kernel code I've no past experience in coding the kernel

strings

and then figuring out how to make sysfs come up

"strcat" (matrix.to/#/@strcat:matrix.org): it's not you think, that's how it works on my old devices

hello

Hello

Hello

Hello

We playing this game now?

Hello

lol

I'm now, trying to flash my 3axl and ran into an issue

*new

Okay what's the issue

I get to the step to run flash-all.bat and cmd opens and crashes

Probably means you don't have adb installed

I'm using the portable version, I'll try the installed version

Follow the guide in the webpage and use Powershell

Feel free to ask "treiz" (matrix.to/#/@treiz:matrix.org) I'll help you get it installed

yeah, I was following techlore's video

haven't flashed a rom in a long time

Follow the guide too, many peoplee followed that video and it miss some things

In Windows you must use Powershell

treiz: if you use the portable version of adb/fastboot, you will likely end up with a "fastboot too old" error or if you force it, something that won't boot. You'll want to follow the official instructions.

Just follow the text guide exactly and you should be fine. Videos like that can become outdated quickly as well

"treiz" (matrix.to/#/@treiz:matrix.org): anyway if you absolutely can't get it working you can try my alternative guides

treiz: I can give you a hand once I return to the computer.

looks like I missed the step of downloading the platform tools >.<b

"JollyRoger" (matrix.to/#/@JollyRoger:matrix.org): Google's web flasher is open source?

<anupritaisno1[m] ""JollyRoger" (matrix.to"> I didn't know google had a browser based utility!

BTW in all this argument today I've forgotten to make dinner

Go eat your supper!

I'm not making any headway with powershell

"treiz" (matrix.to/#/@treiz:matrix.org): use my method

Extract the image-whatever.zip

fastboot flash boot boot.img

fastboot flash avb_custom_key avb_pkmd.bin

anupritaisno1[m], where is your method?, I'd like to read it :)

fastboot reboot recovery

adb sideload the full OTA

Is a small name ARM arch CPU usually a better bet for security than an x86 CPU?

or just ./flash-all.sh

it auto reboots to fastboot mode now too (in the dev branch)

"jalb66" (matrix.to/#/@freenode_jalb66:matrix.org): actually there's an option in img_from_target_files to generate a bootable only image

The -z flag enables it

Well I use it to my advantage

Shipping just a boot.img and sideloading a full OTA is about 300 mb smaller than getting a fastboot image

Also the amount your computer needs to verify is minimal

yeah because the format is bad

if you turn off compression for the inner zip

Can you tell me the link?

and the outer part .tar.xz instead of a zip

You need to just verify a small file containing a boot.img and the recovery handles all the verification

it's smaller than an ota

anupritaisno1: the issue with the factory images format is that the inner zip has compression enabled, and zips do per-file compression not overall

and zip is DEFLATE

OTA uses better compression

Think OTA does puffin right?

it uses a mix of xz and other things

although ppl are generally downloading a delta

GrapheneOS always releases a delta from past release -> currenmt

* GrapheneOS always releases a delta from past release -> current

and that's used by the updater if it's available

if we do really close releases then we try to make multiple deltas

current -1 to current

and also current -2 to current

Anyway there's an option to make a zip with just a recovery

if you look at the archive

we used to disable compression for the factory images inner zip

and then use .tar.xz for outer

Just 26 mb, only kernel

800 mb for the OTA

Compared to 1.2 GB for fastboot

img_from_target_files -z

Wait do incremental updates not work at all in taro?

Twrp*

"cdesai" (matrix.to/#/@freenode_cdesai:matrix.org): ?

Yes broken on purpose

In fact twrp is the reason why anything other than glassrom uses an older encryption format

What is glassrom?, another system?

On the oneplus 7 pro

"jalb66" (matrix.to/#/@freenode_jalb66:matrix.org): you use it to get close to grapheneos security on devices where porting it isn't possible

Oh I didn't know it, thanks

This is usually due to nonstandard hardware additions that cannot be easily added to grapheneos

With the same security and verified boot?

Verified boot does exist

Ok

strcat: i completed the regular cts the other day on the pixel 4 xl, i'm going to run another tonight with my new build that i just finished (started around 1300 CET). would you like the results compiled into a gist using this template: github.com/Peter-Easton/GrapheneOS-…/Android-10-cts-report-template.txt

Some of the security work needs help porting

Mostly the selinux policy

"dallemon" (matrix.to/#/@dallemon:matrix.org): yes

Definitely do that

Would help a lot

dallemon[m]: be sure to check the example as well, and include what error messages it prints.

TheJollyRoger: of course :)

"dallemon" (matrix.to/#/@dallemon:matrix.org): send me a copy too in pm

Will need it for reference

Also please check everything related to WiFi in the CTS verifier app

We used a hack to get WiFi working and need to catch obvious gotchas

anupritaisno1: full report or based on the template?

Eventually that hack will be dropped

Base off the template

the source i have must be from just before the wifi fix/hack :/

dallemon: wifi is just now working

today

ah, and my sources are approx 7hrs old

You can just repo sync

make installclean

rm -rf release-whatever

Is GOS pure AOSP or does it also have some Lineage cherry picks?

And rebuild quickly

"nokkuda" (matrix.to/#/@nokkuda:matrix.org): no lineage here

I think we have a few in network stack

But nothing specific

nokkuda[m]: GrapheneOS has never used Lineage as an upstream provider. GrapheneOS does incorporate some things from other projects, such as SeedVault for doing encrypted backups.

I'm going to reinstall my pixel3a, but not sure yet whether I go for LOS or GOS. I did use Copperhead in the past.

"nokkuda" (matrix.to/#/@nokkuda:matrix.org): go for grapheneos

Ok, here's the million dollar question then:

If you want security

Do you want /actual/ security, not just a bunch of theatrics, menus, and tweakables? If so, go for GrapheneOS.

"nokkuda" (matrix.to/#/@nokkuda:matrix.org): problem with lineage is that they treat pixel as hobby devices

Nobody cares about maintaining pixel until they go EoL

Well yeah. Security is Graphene's main selling point :) but I'm surely going to miss Magisk/AdAway et al.

Personal DNS filter

<anupritaisno1[m] "Nobody cares about maintaining p"> Yeah the pixels dont get much love currently.

anupritaisno1: the NetworkStack change is mine

"strcat" (matrix.to/#/@strcat:matrix.org): ah okay

<anupritaisno1[m] "Personal DNS filter "> With VPN? I use dnscrypt proxy on the desktop with blacklist support

Huh

"strcat" (matrix.to/#/@strcat:matrix.org): either I was really tired or I saw a few more commits on network stack the other day

nokkuda I recommend reading the main page on the site and the FAQ

anupritaisno1: those were also my changes, just rolled back

I'm not sure anymore

Oh okay

"nokkuda" (matrix.to/#/@nokkuda:matrix.org): grapheneos is meant to be used on a locked bootloader so magisk is out of the question

Besides we absolutely can't support it

I did. Seems like I have to read again. But can I use a Dns filter even when using the VPN's Dns?

<anupritaisno1[m] ""nokkuda" (matrix.to/#/@"> I'm aware of that

Magisk causes issues like boot races which can destabilize graphene's security

But mostly are an annoyance

woot! it's flashing

The problem is that magisk is on /data

And /data is mounted like almost dead last

nokkuda: yes read the FAQ entries about DNS

So magisk has to kill boot processes, load modules and restart them after

Sometimes it doesn't restart them correctly

This can cause issues and several have been documented

it would totally defeat the purpose of verified boot

so no point of trying to mix them

among other things

Well I think I'll give Graphene a try next week. Maybe I can manage without Magisk and all the bells&whistles ;)

nokkuda[m]: having verified boot, being able to take advantage of the full hardware security features on your phone, proper OTA updates, and full, production-quality releases is going to vastly outweigh the extra Power User cred.

"nokkuda" (matrix.to/#/@nokkuda:matrix.org): well there's other issues

Down the road enabling yama is planned

It's already enabled on glassrom BTW

And yama breaks magisk hide completely

The reason is that magisk calls ptrace_attach on processes and yama blocks processes from calling ptrace for security reasons

Magisk having absolutely zero error handling keeps on retrying the ptrace call

Causing magiskd to use 100% of 1 CPU core

Thx for the explanation.

As browser, do you recommend Bromite?

Bromite and vanadium are the only recommended browsers

For security that is

nokkuda[m]: just use Vanadium.

Vanadium and GrapheneOS were developed in parallel to take advantage of the security improvements specific to each other.

Use them together.

Does it have ad blocking feature (it's an absolute must have for me)?

"nokkuda" (matrix.to/#/@nokkuda:matrix.org): I advise you read the wiki. It has answers to most frequently asked questions

"nokkuda" (matrix.to/#/@nokkuda:matrix.org): bromite does

Hence my question

I'm happy with Bromite on stock ROM already

Phone flash complete, thanks for the help!

Well thanks to all, I'll give it a try and report back in case of issues/questions.

Bye

"nokkuda" (matrix.to/#/@nokkuda:matrix.org): you should read the official website instructions

Many of the questions you asked are already answered there

I will. Don't remember all the fastboot commands ;)

treiz[m], congrats!

Don't forget to lock it

I did

> Don't forget to lock it

I laughed

😀

Hi, is there a grapheneOS compatible api or app as alternative to google maps api like mapbox or osmand in microG , an api that is madatory for some app ?

nikoleos: bubu1.eu/openpush this is the only attempt I've seen

should I enable 'Lock SIM card'?

I've heard people saying to enable it but without any explanation to why

faxing[m]: Sim Card Lock simply means that someone'll have to enter the pin if they take your SIM card out and stick it into another cellphone.

So it's a good protection for sim swapping?

If you believe your adversary would surrepticiously remove the SIM card from your phone and place it into another phone, yes.

eh couldnt hurt

However it will do /nothing/ if they call up your service provider and trick the kid being paid $8.50 an hour to say "Have you tried turning it off, then back on again?" into porting out your number to another card.

thanks for the info

So the attack vector for it is extremely narrow. Yes, it can't hurt, just there are some limitations to it.

yeah

unlikely for it to help but just a step ill take for the hell of it

thanks

Yep, you're welcome!

> nikoleos: bubu1.eu/openpush this is the only attempt I've seen

I think its more about Google cloud messaging previously called firebase than Google maps api coming builty many apps with included maps and location

If you lose your phone in any way, its good to have on.

gozimas[m]: yeah, good point there!

I think that sometime in the future, given the horrors of authentication via phone numbers, phone service providers that hold large amounts of personal data should do a better job than relying on publicly available information like what's my birthday and the last four digits of my credit card.

Like hey, maybe an attestation from your Yubikey over the WebUI!

"TheJollyRoger" (matrix.to/#/@freenode_TheJollyRoger:matrix.org): is that possible?

Connecting an s-key to your phone

anupritaisno1[m]: Yes, but not over the customer service line. It would have to be done from a desktop or from a phone equipped with NFC or that supports U2F.

However, what could be done would be if you call in asking your number to be ported out, the staff need to place it in queue and give you exactly 24 hours to log on via the WebUI, click "Approve Port Out" and then plug in your Yubikey and attest.

So android supports Fido U2F?

Android does, but the U2F implementation in it is currently handled via Play Services.

the issue is Chromium uses a library in Play Services for it

it really shouldn't be in Play Services, should be a separate library

Yeah...

the reason it's there is to take advantage of Play not needing to request access

I guess

Oh :(

Somebody using a app for find phone if steal or lost?

Good question

Cyrinux: if it's stolen and they're not an idiot, they'll turn it off

I don't think there is any privacy-respecting app for this

The FAQ covers anti theft in depth

does Signal have a location-sharing feature?

<strcat[m] "does Signal have a location-shar"> according to mr robot, yest

anyway you would want end-to-end encryption to another device you control that's equally secure

> <@strcat:matrix.org> does Signal have a location-sharing feature?

* according to mr robot, yes

<strcat[m] "I don't think there is any priva"> I can selfhost services if needed

<strcat[m] "anyway you would want end-to-end"> i think they wrote their own script for it though when i come to think about it

seems there isn't one

Im agree

and whatever they have seems to depend on Play

I'd recommend just not using anything for this atm

There are free and open source self-hostable solutions for location tracking. That's the only thing I can think of but it would never offer the other features that some anti-theft services provide like remote commands or remote wiping.

<M0xC0ncord[m] "There are free and open source s"> Could that be handled by some other software?

You could, but you shouldn't

<EssentialChaos[m "Could that be handled by some ot"> Yes but I don't know of any such.

All it would take is writing an Android app that provides an agent of sorts that implements those, and likely making that app a device admin. Then you write a webUI or something to interface with any agents that call back to it. Self-hosted malware basically.

> Somebody using a app for find phone if steal or lost?

I use phonetrack with my self hosted nextcloud instance in case of loosing my device. If steal , they will turn it off so not effective

But malware is all about intent in my opinion.

I don't think it should really be a self-hosted service per se but rather E2E encryption to another client

device you want to use to manage others show a QR code, you scan it from the other one, now it can manage it, and you can choose what it can do with toggles

still don't think it's particularly useful

if it's actually stolen they can and will turn it off if they aren't an idiot

and even if they ARE an idiot

if they regularly steal phones they will have figured out to turn them off

> I don't think it should really be a self-hosted service per se but rather E2E encryption to another client

I wander if a nextcloud can be E2E encrypted , i use to think yes because of https and encrypted data possibility , but i'm just a begginer in open source and security world

So for example 'private lock' and regular backup are maybe the solution. And money to buy another phone if this happen.

<EssentialChaos[m "Could that be handled by some ot"> By the paste I use a hacky way that emulate exchange server and I was able to remote wipe from cli

> <@essentialchaos:tchncs.de> Could that be handled by some other software?

* By the past I used a hacky way that emulate exchange server and I was able to remote wipe from cli

"strcat" (matrix.to/#/@strcat:matrix.org): we have some progress on WiFi sysfs

Check pm

Just a reminder to EVERYONE that uses this project, that you should become an sponsor on: github.com/sponsors/thestinger

Just give at least $5. It's a beer less a month. Someone is working so damn hard for this to success.

"fdsrgheq" (matrix.to/#/@fdsrgheq:matrix.org): literally living paycheck to paycheck here

If you'd give up a beer a month to use GOS that would still be a sweet deal

<anupritaisno1[m] ""fdsrgheq" (matrix.to/#"> Your still a boss

Doesn't feel like it

<anupritaisno1[m] ""fdsrgheq" (matrix.to/#"> My understand is you're contributing in other ways. :)

> <@anupritaisno1:m.apex.to> "fdsrgheq" (matrix.to/#/@fdsrgheq:matrix.org): literally living paycheck to paycheck here

* My understanding is you're contributing in other ways. :)

I used the microsoft apps for android on my old phone, I see in the aurora store that they have a few of trackers in them, will those still work on graphene or can I use those apps?

most should work

<treiz[m] "I used the microsoft apps for an"> what? the apps or the trackers?

the trackers, seems silly to reinstall them if they are going to keep tracking me, right?

Apps

Most apps should work.

treiz: don't know what you mean by trackers

<treiz[m] "the trackers, seems silly to rei"> do the depend on google play framework?

if an app has the internet permission it can send data anywhere

and apps do not need common analytics/telemetry/advertising SDKs/libraries to do analytics/telemetry

strcat: hey Daniel, do we have official GrapheneOS merch?

you're being misled by apps claiming that they can tell you which apps violate your privacy

many open source apps do the same

whether or not they use those common telemetry libraries

privacy_based_lifeform: not atm

I would like to step up and make them a thing

<strcat[m] "privacy_based_lifeform: not atm"> I will get them designed and manufactured and all payment will be done on github

What do you think of that idea?

I was looking at the outlook app in the aurora store, it has a bunch of google and facebook analytics

I would like to make TheJollyRoger's debug cables into an official thing perhaps

with branded cases

dunno

cases, t-shirts and stickers

I just got this idea while watching a Linus tech tips vdo😂

complicated without a non-profit org to deal with it

so no, right now

we don't have an organization set up with management to deal with stuff like that

<strcat[m] "complicated without a non-profit"> ?

we can't just sell things

what legal entity is selling it

and paying sales tax

I will deal with it

and if it's an individual they need to pay income tax

so who is the individual legally selling it

I think it has to be first party

umm my friend has his own factory and shop

and where I live its pretty cheap to make em

<privacy_based_li "cases, t-shirts and stickers"> where's my grapheneos diapers

strcat: I'll work on it and send you designs and stuff, what email ID should i send it to?

<madaidan[m] "where's my grapheneos diapers "> Sorry, I can only manage t-shirts and sticks rn😂😂

<privacy_based_li "Sorry, I can only manage t-shirt"> :(

Help me with one thing

If I collect the revenue and donate it through github, it will be doubled right?

strcat[m]: I have branded cases actually!

GrapheneOS branded cases??

privacy_based_li: oh, nonono these are for the debugging harnesses.

But I /can/ make GrapheneOS branded phone cases and have actually *wanted to* for a long time.

Pandemic not withstanding :P

But the only issue is that doing this is /not cheap/.

Ahahaha, yes.

privacy_based_lifeform: the github $5000 of matched donations is over

it was maxed out

oh

We did it! \o/

Good to know it didn't go to waste

it's almost a year since that started

so it wont double the donation now?

it won't double now

need to update the site

github.com/Peter-Easton/android-debug-cable-howto#getting-fancy privacy_based_li

Okay, hang on one moment, I'll do it.

PR incoming.

TheJollyRoger: I'll do it

Oh.

Okay!

Hmm... how about i make it a monthly subscription of t-shirts and stickers? Like new github monthly doners can get them

privacy_based_li: those are the original Mk. I debugging cables. The Mk. Is are discontinued now.

privacy_based_li: in all honesty, I don't think they'd turn much of a profit and might even entail a bit of financial risk for us because either...

Either we do low volume production which means they'd turn out horribly expensive,

or we try to economize on scale but that means tying up a large amount of money in inventory that will sit on the shelf.

no you guys dont have to pay me or anyone anything

Yeah?

Ill get them designed, manufactured and sell them, and whatever money I get I will donate ALL of it to the project

Consider that as my contribution

What say?

And oh ill make sure the t-shirts are cool and everyday wear

with sick designs

Hmm. I appreciate the enthusiasm! But I think we'll have to wait a bit on that. There are some laws around this sort of thing as well as the trademark I don't want to run afoul of at this very moment so I'll have to look into it at my end.

Since I don't know anything about this at this moment.

Yeah ofcource

TheJollyRoger: Also, you are?

I'm Peter Easton.

I'm new here so will take some time getting familiar

I'm just something of a friendly face on the IRC and the debugging cable guy.

Hi Peter, pleasure talking to you

ohkay

Ahoy shipmate!

: )

Yeah. I'm currently trying to pick up Java so I can learn more, but actually my area of expertise is mechanical design, mostly part design.

Also, the GrapheneOS logo is copyrighted right? or can I use it freely?

So, think crankshafts, gears, connecting rods, plastics injection and blow-molding, that sort of thing.

Nicee

privacy_based_lifeform: well it can be considered a trademark

people are free to design stuff with it but should get permission to actually use it anywhere

<TheJollyRoger "Yeah. I'm currently trying to pi"> I thought it was, pillaging, stealing and drinking rum. :O

dallemon[m]: ehehehe, that too X3.

I was a mechanical technologist before I turned to piracy :D

<strcat[m] "people are free to design stuff "> okay, I'll get started with the designs atleast, caz its gonna take a few months maybe to finalize the designs. I'll conduct a survey with a bunch of designs. Can I have the permission sir?

I'll email you the designs first before starting the production and when you give the green light I'll get them to production. Okay?

privacy_based_li: if you're interested in doing cases, let me know, so we don't end up duplicating work. However, take note that I use Siemens PLM NX11 to do the majority of my designs.

Oh I'd love to do the cases but I dont have a supplier for that. You got any?

I don't; I originally was planning to have the prototype produced by a contact I knew through work, but I've since lost my job.

oh.. im sorry

Oh ahahaha no no no it's all alright, I'm doing okay and this has given me a lot more time to try to figure out what I want to do.

Great😊

Yeah.

Alright, so I'll fly off to some work

Cheers and good luck!

<privacy_based_li "I'll email you the designs first"> Lemme know if Daniel replies to it

<TheJollyRoger "Cheers and good luck!"> Thanks, You too! See ya guys

Hi there, just a quick doubt, say eventually in the coming months the pixel 4 gets official graphene support. And in the mean time the 4a comes out, Will the same wait and effort have to be applied to the 4a like we're seeing now for the 4, or can we expect a much faster delivery for official support?

zozu[m]: it'll depend on the community.

Remember, GrapheneOS is not a business where you pay the money in exchange for a service. GrapheneOS is an open-source project where the idea is that everyone can put in something together, collaborate, and in the process produce something more than the sum of their individual contributions.

What I mean to ask is, Will it take the same effort as any new pixel will?

Well, it's likely that the Snapdragon 855 SoC will end up being very different than the 730.

But I don't know.

iiuc Think the 4a would be easier once 4 is done... but it needs someone to step up and do the work

Yeah. It'd also be an ongoing commitment to ensure that the phone can be maintained.

Considering the 4a may be coming out later this year, is it worth the wait, or would we realistically only se support for it later next year?

I don't know.

Okay, makes sense

I mean, lemme put it this way.

I wish I could contribute to development directly. I'll try to donate and try to advocate for the project so I'm at least doing something.

Let's say I put on my phone and go for a jog, and while I'm out there my phone slips out of my pocket and smashes down a flight of concrete steps.

Okay

I can tell you right there in that contingency that I would not hold out for a 4 or 4XL, I would immediately buy a 3a to replace it the moment I get home.

Because that's a time-sensitive matter.

But say you have a really old iPhone and you've been waiting to get a good new phone for a while, and your very privacy and security orientated?

"TheJollyRoger" (matrix.to/#/@freenode_TheJollyRoger:matrix.org): highly unrealistic

Then you'll have to make that call.

<TheJollyRoger "Because that's a time-sensitive "> (Becouse there, you need a new phone asap!)

If it was you?

Doesn't 3a have support until 2022?

anupritaisno1[m]: huh. I keep it in a rubber case and screen protector... but you think it'd survive smashing down a set of concrete steps? I'm not willing to test that out...

jknsec[m]: yes, it's still got a good amount of time left of firmware updates!

Yes! I know, and I'm really inclined to get it soon. My only issue with the 3a is that it's not waterproof

Or even resistant

Yeah...:(

And becouse I'm stuck with a really old phone, this was gonna be my big perchase

To be fair though, my Pixel 3 had its USB slot severely damaged by water that got into the USB.

The problem with it is that the water tends to get into that USB slot and stay in there so if you get it wet you have to pull it out as quickly as you can and immediately blow the water out of the little slot.

"It's water resistant"

Yeah.

zozu: it has some water resistance but not very good and not certified

but it does have sealed speakers and some attempts at sealing other stuff

So is the 4/4a going to be better from 3/3a from a security hardware perspective or about the same?

mostly just not certified for it

and maybe they skimped on some of it

jknsec: better

New chip?

but mostly from the newer SoC

Oh makes sense.

it doesn't change much else relevant to security but the SoC generation changes a lot

I wonder if they're going to use the same Titan M chip?

Yeah

Also looking forward to Android 11

TheJollyRoger: Knowing Google I'd expect same or better

Whew!

TheJollyRoger Not sure. I think it's roughly the same as last gen if I'm not mistaken? Maybe slightly better?

Tbh if there are any major chip developments they'll probably be in the 5 maybe

How does the kernel SELinux domain work? It's not like you can confine ring 0.

<madaidan[m] "How does the kernel SELinux doma"> If the machine has a strict and properly configured SELinux policy, I think the only logical step to further exploitation is to attack the kernel directly, to which there are no SELinux protections.

I don't know much about SELinux's kernel protections, if any, though.

There's none

<M0xC0ncord[m] "If the machine has a strict and "> That's not what I'm talking about. I'm asking what android.googlesource.com/platform/s…/refs/heads/master/public/kernel.te is

I'm going to guess that the kernel domain is for kernel operations that adhere to the same types of access that userland applications can. I.e. if the action requested by the kernel is synonymous with some access that can be done in userspace on some object, it can be assigned a domain and treated like a regular process by the policy.

madaidan.: the kernel has threats associated with processes which are confined by the domain for that process (since it's doing operations on their behalf, etc.)

madaidan.: it's not the code that's confined it's the operations it does

that have security checks

madaidan.: the kernel domain is for the same stuff when not associated to a userspace process

including when the kernel spawns userspace helpers