-
brockin042[m]
gonner11: yes, I have a google fi pixel 2. The only issue is trying to send or receive MMS text messages. Doesn't work.
-
cant_unlock
I can't unlock my pixel 2. I'm in the bootloader, device state: locked
-
cant_unlock
I followed the instructions and OEM unlock is on, USB debuging is on...
-
cant_unlock
anyway has suggestions? This is a project fi phone
-
aeonsolution[m]
<i_am_your_device "I have a pixel 4a and would like"> we need people to help us test building GrapheneOS, this is step 0 to help us out
grapheneos.org/build#development-branch
-
aeonsolution[m]
once you can do that, then you can up us test the kernel for the new version of Android for your specific device family
-
cant_unlock
my other device is pixel4a btw
-
cant_unlock
is this works on my pixel 2... I'd be happy to help
-
aeonsolution[m]
we dont have enough people to support moving the Pixel 2 family to Android 11
-
aeonsolution[m]
for GrapheneOS, its a lot of work and not enough people willing to pitch in
-
aeonsolution[m]
as per the website, GrapheneOS supports Pixel 3 and Pixel 4 family devices
-
cant_unlock
is this a bot?
-
dazinism
sandroteem: Auditor can give some guarantees. Guess it depends what you are worried about, what you want to prove & to who...
-
cant_unlock
Someone here have experience with this: if the device says "device state: locked" in boot loader, does that mean the phone cannot be unlocked?
-
cant_unlock
This is a porject fi pixel 2 phone
-
dazinism
How big the threat is...
-
dazinism
If you are really worried using a device, which you don't know the history of isn't great...
-
dazinism
cant_unlock: check the website. Need to go into android settings on device, enable developer options, enable OEM unlocking
-
cant_unlock
@dazinism thanks, I followed all of that. I'm after these steps. developer mode is one. OEM is unlocked.
-
dazinism
and aeon isnt a bot!
-
dazinism
...well if they are they are a very helpful one 😆
-
cant_unlock
running the fastboot command just says it's waiting for a device to connect
-
dazinism
Probably means you need to try a different usb lead or port
-
dazinism
Or you have an ancient version of fastboot
-
cant_unlock
dazinism did this too - this is a USB cable that is verified to work for data transfer when the phone is booted normally
-
dazinism
fastboot --version
-
cant_unlock
it is also my third USB cable attempted, the other two were power only
-
cant_unlock
fastboot version 30.0.4-6686687
-
dazinism
fastboot is a bit more demanding of good quality lead and/or port
-
dazinism
Can fail when data transfer and adb don't
-
cant_unlock
@dazinism - OK, and it has to be able to transfer data right?
-
cant_unlock
asking because my good thick cable is power only.. anyway ok I am trying another cable
-
dazinism
fastboot flashing unlock
-
dazinism
You using a usb A - C lead?
-
cant_unlock
Yes
-
aeonsolution[m]
<dazinism "and aeon isnt a bot!"> i might as well be to the drones lol
-
cant_unlock
I don't need sudo right?
-
cant_unlock
(I'm on Debian)
-
cant_unlock
another cable, same result
-
aeonsolution[m]
dazinism: ♥️
-
cant_unlock
trying another USB port
-
dazinism
Depends if you've followed the instructions on the website properly
-
cant_unlock
this instructions say no sudo... I tried both
-
dazinism
If you've set PATH dont need sudo
-
cant_unlock
it does not work with another port on the computer either
-
cant_unlock
ah, but I didn't set path. I had an issue
-
cant_unlock
I changed to dir and I'm doing ./fastboot
-
cant_unlock
shoudl work just the same though
-
dazinism
If you tried sudo, think probably might as well continue with that
-
cant_unlock
sudo gives me a permission issue
-
cant_unlock
"sudo ./fastboot flashing unlockFAILED (remote: 'Flashing Unlock is not allowed')fastboot: error: Command failed"
-
dazinism
Think you need udev rules for debian
-
dazinism
I've not had to set them up
-
cant_unlock
udev?
-
dazinism
Have you done that?
-
cant_unlock
I don't know what udev rules is
-
cant_unlock
so no, I guess I haven't :)
-
dazinism
Its something to do with usb security
-
dazinism
Opens things up so you can communicate down usb
-
cant_unlock
hmmmm
-
dazinism
Hang on I'll find something....
-
aeonsolution[m]
-
aeonsolution[m]
the ubuntu rules should work
-
aeonsolution[m]
for debian
-
aeonsolution[m]
gl cant_unlock
-
cant_unlock
interesting. ok I'm cloning one sec
-
cant_unlock
and thanks for the help
-
dazinism
Actually, thinking about it, if you using sudo think you wont need udev...
-
aeonsolution[m]
they might not have sudo installed
-
aeonsolution[m]
its easier to get them to use the udev rules
-
aeonsolution[m]
its up to the user to get their distro to recognize their device
-
aeonsolution[m]
or use to arch 😛
-
cant_unlock
Eh well I'm tryng to follow the instructions there I get some commands not found
-
cant_unlock
some Path issues Debian has these damn
-
dazinism
No need for the ./
-
dazinism
Just
-
dazinism
sudo fastboot flashing unlock
-
cant_unlock
it won't find it but I'll try
-
cant_unlock
yep. command not found
-
cant_unlock
fastboot is not in my path
-
aeonsolution[m]
when you set the path following the instructions on the website
-
aeonsolution[m]
do not open up new windows
-
aeonsolution[m]
the path does not get carried over, because you only set it temporarily
-
aeonsolution[m]
<gonner11 "I turned on developer options as"> this assumes you have fastbooth on your path,
source.android.com/setup/build/running#unlocking-the-bootloader
-
cant_unlock
If I set the path it forgets what is on the path before and I lose other commands
-
cant_unlock
doesn't matter ./ should work if it's not on the path. something else is off
-
aeonsolution[m]
you are doing it wrong if you losing your commands
-
aeonsolution[m]
dont edit any .profile or .bashrc files if you dont know what your doing
-
aeonsolution[m]
just follow the instructions on the website
-
aeonsolution[m]
-
cant_unlock
I just did it. Same issue.
-
aeonsolution[m]
if you lost all your commands, restart your computer
-
cant_unlock
"< waiting for any device >"
-
cant_unlock
oh I see what I did wrong before with the path command. ok my bad. but I still have the same issue
-
aeonsolution[m]
yes, because your distro doesnt let you use the usb to connect your device as a local user
-
cant_unlock
that is, fastboot is in my path now, still doesn't work
-
cant_unlock
ah ha.
-
aeonsolution[m]
yes, that is another problem
-
aeonsolution[m]
that why you use android udev rules
-
aeonsolution[m]
to avoid having to use sudo
-
cant_unlock
wouldn't sudo work...? I did try to clone and install udev rules
-
aeonsolution[m]
i cant help you troubleshoot that issue because i dont use a distro that makes me do that, i just install the udev rules
-
aeonsolution[m]
-
cant_unlock
ok. I will look more into that, I ran into some issues installing (following their instructions) but that looks more promising
-
aeonsolution[m]
gl
-
cant_unlock
one question. when I do run fastboot with sudo, I get "FAILED (remote: Flashing Unlock is not allowed)"
-
cant_unlock
is that the same issue with the udev tools, or, something is wrong with the phone?
-
aeonsolution[m]
because of your distro rules
-
cant_unlock
ok. got it.
-
cant_unlock
Thanks aeonsolution[m] I'm going to work on this.
-
aeonsolution[m]
if you dont know how to fix that then there's is no point jumping down the system administration rabbit hole
-
aeonsolution[m]
just setup android udev rules
-
birdie[m]
<aeonsolution[m] "just setup android udev rules"> I've been curious about that, is that only for some distros? Cause I didn't have to do that for manjaro. Just used this easy install script
github.com/Peter-Easton/grapheneos-easy-installer
-
aeonsolution[m]
-
inthewaves[m]
How does porting work? Is it, for the most part, cherry-picking GrapheneOS-related commits from the old `10` branch into the `11` branches and testing them?
-
inthewaves[m]
I've noticed the site switched over to mention the 11 branch now:
grapheneos.org/build#development-branch
-
aeonsolution[m]
high level overview yes
-
aeonsolution[m]
you have to checkout the kernel from google
-
aeonsolution[m]
what device do you have
-
inthewaves[m]
3a
-
aeonsolution[m]
oh nice
-
aeonsolution[m]
each device has a kernel that is provided by google as a prebuilt
-
aeonsolution[m]
-
aeonsolution[m]
find your device
-
aeonsolution[m]
clone the project
-
aeonsolution[m]
and cherry-pick everything from GOS github for your corresponding device kernel
-
aeonsolution[m]
you start with commits that dont come from google, you get them from the project
-
dazinism
Hey inthewaves nice to have you here!
-
dazinism
Noticed on github all the stuff you've been doing
-
dazinism
Some interesting things you been upto
-
aeonsolution[m]
anu and i have a kernel for the beta, anu may have a new one now. what you would do in that case, is instead of doing that manual work you would clone our projects and put the our kernel where the prebuilt one is put
-
aeonsolution[m]
-
aeonsolution[m]
and then build out the os and see if it works on your device
-
aeonsolution[m]
-
aeonsolution[m]
here is an oldish kernel
-
birdie[m]
<aeonsolution[m] "birdie:
wiki.archlinux.o"> Thanks I'll read that
-
anupritaisno1[m]
cdesai: the entire "guide" could be shortened quite a fair bit
-
anupritaisno1[m]
Tbh I ignored the binary stage. Building without a vendor for now
-
aeonsolution[m]
oh nice, the kernel for the beta is the same as 11 🕶️
-
-
lickidysplit[m]
Does anyone know wot this is
-
inthewaves[m]
<aeonsolution[m] "you start with commits that dont"> Thanks, I'll look into it
-
aeonsolution[m]
inthewaves: send me a message if you need help
-
aeonsolution[m]
glad to have you checking this out!
-
anupritaisno1[m]
aeonsolution: you can invite him to that chat
-
inthewaves[m]
ls
-
anupritaisno1[m]
kryptonymous stop spamming reactions
-
kryptonymous[m]
didn't know that was spamming anupritaisno1:. Was just catching up on the thread and reacting. BTW, I appreciate all you do for the community. 🙂
-
mmcblk0[m]
Please, how can i works alarm on GOS?
-
strcat[m]
use the standard alarm clock app?
-
dan-v[m]
strcat: do you happen to know off top of your head if we are going to run into our usual chromium webview incompatibility issue
-
dan-v[m]
otherwise i'll go take a look
-
mmcblk0[m]
<strcat[m] "use the standard alarm clock app"> yes, but not works
-
lickidysplit[m]
Works fine for me
-
lickidysplit[m]
Did u set it for correct AM/PM? 😂
-
dan-v[m]
strcat: look like v86+ has sdk set to R
-
strcat[m]
dan-v: yes and current version is 85
-
strcat[m]
so unless we use beta, similar issue
-
strcat[m]
I'll just use stock WebView temporarily
-
strcat[m]
save trouble
-
dan-v[m]
sounds good strcat - i'll probably do the same initially until things are working and then give beta a shot
-
strcat[m]
cdesai: seedvault and setupwizard will need to be ported
-
strcat[m]
setupwizard breaks the build atm
-
strcat[m]
Vanadium itself (browser only) works
-
strcat[m]
-
strcat[m]
should be done with that for now
-
strcat[m]
also doing the Vanadium update to the new release
-
strcat[m]
so much to do
-
strcat[m]
so tomorrow or in the next few days when they release the Android 10 security update
-
strcat[m]
plan is to do a final release based on that for Android 10 branch
-
strcat[m]
along with switching over to the Android 11 kernels
-
strcat[m]
to get the kernels shipped / tested early as a starting point
-
strcat[m]
goal is to get the kernels ready today
-
strcat[m]
testing Android 11 Pixel 2 kernel atm
-
strcat[m]
need help with Pixel 3/3a and 4 still
-
strcat[m]
I might just do a release tonight if we get the kernels done
-
strcat[m]
before they release security patch tags
-
strcat[m]
we'll see
-
dan-v[m]
strcat: have you validated if prebuilt vendor works with stock 11 AOSP?
-
strcat[m]
okay Pixel 2 kernel works
-
strcat[m]
dan-v: no
-
strcat[m]
I'm working on Android 11 kernels with the last Android 10 tag
-
strcat[m]
along with porting very basic stuff to Android 11 via emulator
-
strcat[m]
I'm not touching Android 11 device support, letting you and cdesai do that
-
strcat[m]
and others
-
strcat[m]
kernel stuff is not that bad so far
-
dan-v[m]
strcat: ok, sounds good
-
strcat[m]
Pixel 2 doesn't have many changes, 3 and 4 do
-
strcat[m]
one thing to note is for qcacld Google applied a similar change as what I did disabling build tag
-
strcat[m]
they backported a ton of stuff so there may be issues with other changes
-
strcat[m]
need to figure that all out
-
strcat[m]
this android-10.0.0_r46 tag they pushed... really fucking weird
-
strcat[m]
it's from 2019 lol
-
dan-v[m]
lol wtf
-
strcat[m]
BTW
-
strcat[m]
it's not going to impact many people
-
strcat[m]
but if you installed GrapheneOS before the first stable release in 2019, there may be issues updating to Android 10
-
strcat[m]
because I am not going to port the code for handling the old encryption format from before the first stable release
-
strcat[m]
i.e. people who installed it when it was Android Hardening may be forced to factory reset
-
strcat[m]
it would be too much work to continue supporting the old format especially since it's difficult to test
-
strcat[m]
-
anupritaisno1[m]
Deletion: 100
-
strcat[m]
installations that were made at some point before the 2019.03.05.03 release of the Android Hardening project will be forced to factory reset after updating to GrapheneOS based on Android 10
-
strcat[m]
2019.03.05.03 was the only tagged release under the Android Hardening name, so this only applies if you installed before there were even official releases
-
strcat[m]
i.e. one of the early testing builds
-
strcat[m]
if you've factory reset at any point since then it's already handled
-
strcat[m]
I'm not willing to continue porting the backwards compatibility handling forwards and it would be far too much work to actually do a forced migration (which is why it was never done)
-
lickidysplit[m]
Thanks strcat (=
-
atasuke[m]
Hey I’m still having issues generating signed build. I get this « warning »
pastebin.com/k22iYA2N
-
atasuke[m]
The signing process complete but it must be badly signed because auditor fail at verified boot
-
strcat[m]
atasuke: Auditor just doesn'
-
strcat[m]
* atasuke: Auditor just doesn't know about your keys
-
strcat[m]
you need to fork Auditor and add your verified boot key to the database
-
strcat[m]
and set the debug / release keys for Auditor (that it uses to verify Auditor on the other device) to the keys you use to sign Auditor
-
strcat[m]
it won't be interoperable with the official Auditor and AttestationServer builds
-
strcat[m]
they don't trust your keys for signing the OS or for signing Auditor
-
strcat[m]
if you use a modified build of Auditor, it won't pass attestation, since it isn't signed with the correct keys
-
strcat[m]
the whole point of it is that you can't trick it like that
-
strcat[m]
you can try
-
strcat[m]
it won't work
-
strcat[m]
the hardware-based attestation includes the signing key of the app from the OS
-
strcat[m]
and the signing key of the OS
-
strcat[m]
(it gets signing key of the OS in early boot before the OS is booted up and reads persistent state)
-
atasuke[m]
Thanks you a lot for the detailed information. This should be added to the website
-
atasuke[m]
Is there any resources on how to run your own attestation service ?
-
d64qoc8432li8p9o
I have tried building Vanadium trichrome before and renamed it in different package in args.gn
-
d64qoc8432li8p9o
Despite doing so, I can't install the apk in an official GrapheneOS phone
-
cn3m[m]
@d64qoc8432li8p9ouijtv:matrix.org: the apk needs the library apk installed first
-
d64qoc8432li8p9o
<cn3m[m] "@d64qoc8432li8p9ouijtv:matrix.or"> I did that
-
d64qoc8432li8p9o
Even in adb
-
d64qoc8432li8p9o
But some error came
-
d64qoc8432li8p9o
Gotta check later
-
d64qoc8432li8p9o
Library -> Chrome apk
-
strcat[m]
testing Android 11 kernel for Pixel 3 atm
-
strcat[m]
atasuke: it's covered in the attestation server README
-
strcat[m]
atasuke: server needs the same adjustments: add your verified boot key and perhaps give the OS a name like GrapheneOS (atasuke's build) for the database
-
strcat[m]
atasuke: and set the keysit checks for Auditor to your debug / release keys
-
strcat[m]
* atasuke: and set the keys it checks for Auditor to your debug / release keys
-
strcat[m]
then you can just launch it on the server - you only need to do setup to configure it being able to send emails
-
-
d64qoc8432li8p9o
Iirc
-
d64qoc8432li8p9o
The package name is there
-
d64qoc8432li8p9o
But, not sure if I did something wrong in building process
-
d64qoc8432li8p9o
Just followed the instructions and downloaded the dependencies.
-
atasuke[m]
strcat: thanks you but where do I add the keys in the app and server ? Where is the database ?
-
kmart
Guys, I'm looking for a developer that could port graphene to a device I'm working with. Will pay of course
-
kmart
I do have sources (AOSP) for that device, so shouldnt be too hard I Guess?
-
cn3m[m]
kmart:
grapheneos.org/faq#future-devices The expectation is you buy a device for GrapheneOS. The issue is that other devices don't meet the standards of the project otherwise they likely would be supported or at least considered
-
cn3m[m]
if it doesn't meet the criteria it is not GrapheneOS
-
kmart
This device wont be used for any kind of media playback, deleted the TZ truslets for that, as they are full of bugs usually, No need BT or NFC, browser or google store to install crapware. I think I can be made secure
-
blacklight447[m]
<strcat[m] "testing Android 11 kernel for Pi"> The hero we don't deserve, but the hero we need
-
strcat[m]
atasuke: in AttestationProtocol.java
-
strcat[m]
look at commits adding devices
-
atasuke[m]
strcat: ok thanks a lot
-
kmart
cn3m[m]: its why I said I would pay for this anyway, I understand that some devices are better targets for this, but I really want soemthing more secure than a basic AOSP code
-
cn3m[m]
<kmart "cn3m: its why I said I would pay"> you are better with a locked bootloader
-
kmart
the bootloader will be locked, I woen full license of the code, and will write my own root key to them
-
kmart
own*
-
Ultron[m]
kmart: Which device you got if you don't mind sharing?
-
kmart
and while I am busy rewriting the entire boot chain up to the point kernel is booted (scrapped the MTK code of that part), I would prefer to replace the upper part with something better than AOSP
-
kmart
its an unbranded ODM device manufactured in china of course :) but at least I have all the source
-
Ultron[m]
Why not just buy a supported device?
-
kmart
because then I wont be able to rewrite the bootchain, incl, WiFi FW and cellular modem fw?
-
kmart
I understand all Graphene devices use modem/wifi fw blobs as they are, with all the bugs
-
Ultron[m]
Okay. But I have not heard good things about the Mediatek SOCs.
-
kmart
the SoCs are fine honestly, its the code that has a backdoor within a backdoor
-
Ultron[m]
<kmart "I understand all Graphene device"> They are isolated.
-
kmart
isolated how?
-
cn3m[m]
I am going to have to ask you to switch to offtopic chat. This has nothing to do with GrapheneOS and I can't see this device being supported
-
inrdrna[m]
lmfao
-
inrdrna[m]
"unbranded ODM" :curi
-
inrdrna[m]
* "unbranded ODM" :curious:
-
kmart
No stress cn3m[m], just noting the reason why not grapheneOS-device, because I cant upgrade other parts of the FW on those. And AFAIK, aside from one custom phone form kickstarter, no retail devices have the modem isolated in a real way, they all share some memory and are vulnerable to modem->kernel exploitations
-
kmart
inrdrna[m], yes, look it up, you have to order like 5000 units, pay source code fee and you can start your own phone project
-
cn3m[m]
yeah no
-
cn3m[m]
iPhones have been doing that for years very well
-
cn3m[m]
and lately Pixels have been doing just as well
-
cn3m[m]
IOMMU can and does work
-
cn3m[m]
also MTK is absolutely shit at handling security issues
-
cn3m[m]
remember the root exploit for the kindle?
-
cn3m[m]
that effected every MTK chip
-
cn3m[m]
after a year of not patching
-
cn3m[m]
Google said fuck it and mitigated it themselves
-
cn3m[m]
Google doesn't do that!
-
kmart
sure, I know those issues, and many many more, every piece of boot chain has tons of bugs that are still unpatched to this day
-
kmart
while preparing to this project I must have found like 10 different ways to bypass secure boot on MTK
-
kmart
incl. unpatchable romcode bugs
-
kmart
but that isnt an issue
-
cn3m[m]
Save yourself the time and effort and buy a device every few years and don't worry about upgrades
-
kmart
since I scrapped all that code and rewrite it from scratch
-
cn3m[m]
it is not worth anyone's time
-
kmart
cn3m[m], I'm making my own phone bruh :P I'm not here to upgrade my personal device or somthing
-
cn3m[m]
that is assuming your code is flawless which is a huge assumption. Again if this could be moved to the offtopic chat I would apperciate that
-
kmart
well, then back to the core issue at hand - I would like to swap the AOSP delivered within the deal, with soemthing else, preferably GrapheneOS
-
kmart
and I would pay for this -- thats about it
-
cn3m[m]
"/join #grapheneos-offtopic"
-
kmart
but thats on the graphene topic, isnt it ?
-
kmart
device porting topic
-
cn3m[m]
kmart: to supported devices
-
cn3m[m]
that is not a supported device
-
kmart
thx for the clarification :P
-
cn3m[m]
kmart: yeah if a device is going to meet the criteria of the project then it is on topic
-
kmart
well it would be hard to judge that, as in the end the device will be indeed on the MTK chip but will run little to none of actual MTK code
-
cn3m[m]
you have the criteria
-
cn3m[m]
make your case why it meets every point of it
-
derpy
anyone use m.uber.com on graphene?
-
derpy
As far as I can tell it doesn't allow one to add stops or change destination... Maybe there's a way to use the app without google services?
-
derpy
or another work around I don't see?
-
d64qoc8432li8p9o
<derpy "anyone use m.uber.com on graphen"> Try using desktop mode?
-
d64qoc8432li8p9o
Not sure
-
derpy
d64qoc8432li8p9o I made a support ticket with them... Doubt they'll be helpful though
-
derpy
No way to do using uber.com or m.uber.com
-
jpds
I really doubt Uber will work without Google MAps
-
alzxjm[m]
Not sure about adding stops or changing destination but m.uber.com seems to work OK for requesting a ride.
-
alzxjm[m]
(I'm on CalyxOS w/microG disabled so this might not be 100% comparable to Graphene, but it seems to work OK)
-
leonidas164[m]
<derpy "anyone use m.uber.com on graphen"> adsfasf: so far i doesn't work at all. Same goes for most mobility apps of course
-
strcat[m]
btw I would greatly appreciate if people could send more PayPal and GitHub Sponsors donations to help cover the costs of defending the project
-
strcat[m]
legal fees for defending against the BS lawsuit filed against the project and for filing our own lawsuits are very expensive
-
strcat[m]
I'm going to be primarily using Bitcoin donations for funding other developers
-
strcat[m]
been using PayPal to cover legal fees and it's entirely out atm
-
strcat[m]
it's ~2k/month, need more donations
-
strcat[m]
atm Bitcoin -> being used to fund other developers and hardware for them, PayPal -> legal fees, server costs, domain registration costs, GitHub Sponsors -> my income
-
strcat[m]
not 100% but that's approximately how it's used
-
strcat[m]
this way I don't need to deal with handling the complexity of capital gains on Bitcoin as income since the project isn't for me atm, keeps things simpler
-
strcat[m]
a site that had my credit card info was compromised and my bank hasn't sent the replacement yet so I have to use PayPal to pay for stuff atm which is really annoying, had to move over various recurring payments to it and deal with hassle beyond that
-
strcat[m]
they gave me a new number but didn't send the card, they fucked up somehow, really annoying, been a month since I can conveniently pay for stuff
-
strcat[m]
and I had a backup card that's unused but they never sent a replacement when it naturally expired, good stuff
-
strcat[m]
and they aren't responding to my messages via their site atm, and they won't give me a number for calling them about this, the regular credit card number is 'disputes' and they won't deal with it
-
strcat[m]
I only need it so I can easily pay for stuff, I don't run a balance on it
-
strcat[m]
so like atm OVH payments for GrapheneOS, domain registration and all my personal bills had to be moved to paypal or getting someone else to pay for it with a credit card and sending them cash
-
strcat[m]
super annoying
-
strcat[m]
banks always causing me problems
-
strcat[m]
how hard it is to just send something in the mail?
-
ThomCat[m]
strcat lawsuit is in US or Canada?
-
strcat[m]
Canada
-
strcat[m]
PayPal is the easiest way to pay those invoices right now so I'd appreciate if people can donate via PayPal, I need a lot more than I'm getting right now
-
strcat[m]
I can pay via eTransfers or a credit card - but I haven't received either of the new renewed credit cards in the mail due to some bureaucratic problem
-
strcat[m]
and eTransfers are a real hassle
-
strcat[m]
so I guess I could start withdrawing money from my bank account into PayPal
-
strcat[m]
it would be nice if donations would cover these ongoing substantial costs though
-
strcat[m]
in order to continue development I really need these costs covered
-
strcat[m]
not getting enough donations recently
-
strcat[m]
I also want to start paying other developers so they can spend more time on the project so the BTC will start being used up for that
-
ThomCat[m]
Would you take venture capital money if someone could find a firm willing to 'invest'?
-
ThomCat[m]
-
Lallerz
hello
-
atasuke[m]
Hello
-
Lallerz
after having found netflix.service, amazon.service amazon.apphandler facebook.manager and tons of analytics packages on my damned xiaomi, I decided to choose other. That's the short story why I am here
-
Lallerz
and I am pleased to find such a populated chan, wow
-
jcpicard32[m]
Welcome!
-
Lallerz
and, may I ask if the next release will support the pixel 4a ?
-
githerazi[m]
<Lallerz "and, may I ask if the next relea"> Yes. Yes you may ask.
-
Lallerz
Thanks
-
Lallerz
will the next release support the pixel 4a ?
-
derpy
you guys have an auto-updater for F-Droid? Or you always do them manually by clicking 'install' on each app?
-
Nikos[m]
<derpy "you guys have an auto-updater fo"> For auto update functionality you need the f-droid privileged extension (because that functionality requires system access). It s not included in GrapheneOS though.
-
derpy
Do people in this community generally use & trust it (the priviledged extension)?
-
ThomCat[m]
* @strcat Would you take venture capital money if someone could find a firm willing to 'invest'?
-
cn3m[m]
<derpy "Do people in this community gene"> no it is not supported(due to blindly trusting 3rd party repos) and needing root
-
derpy
ok
-
derpy
will just click with the ol fingers for now :)
-
fll[m]
<Lallerz "will the next release support th"> That will probably take some time, since the phone is not even out yet and someone needs to step up to be the maintainer of the 4a
-
Lallerz
thanks for the reply
-
lev[m]
I've dug around a bit in the logs and didn't really find anything definitive, but: what are people's thoughts on using biometrics (particularly the fingerprint reader) ?
-
lev[m]
it seems like it's viewed favorably, but it seems like having that sort of data recorded would be a risk to the user
-
lev[m]
I assume that data is never transmitted at all, and should be hard to access by apps that aren't meant to access it?
-
jpds
lev[m]: The biometric data is stored in the Titan M security chip
-
cn3m[m]
stored fuzzy not evn google or grapheneos can reverse it
-
lev[m]
what about the hardware itself? would it be impossible to intercept data being reported from a 'read' ?
-
cn3m[m]
your camera would be a much easier method
-
cn3m[m]
I don't know if they are using encrypted memory or what(the SEP does for TouchID), but at some point the effort required to man in the middle the fingerprint sensor would be really high
-
BalooRJ
is there a way to use only biometric and not have to use the pin or a password? Or can they only be used in tandem
-
cn3m[m]
just use a 4 digit PIN
-
cn3m[m]
if it is truly random it would take roughly 650 years to bruteforce
-
cn3m[m]
the fingerprint times out after 48 hours
-
BalooRJ
good to know.
-
cn3m[m]
so making a fake in that time would prove challenging if it was stolen
-
lev[m]
or if you restart
-
cn3m[m]
sure
-
lev[m]
so if you're nabbed, restarting the phone is a good move
-
cn3m[m]
yes, especially for AFU avoid lockdown
-
cn3m[m]
Pixel 4 with IR scanner + a good length truly random PIN + practicing a fast restart is probably the ideal setup
-
cn3m[m]
shoulder surfing and CCTV are dead in the water since you don't enter your password often
-
lev[m]
it's also depends on when you restart though, to be fair
-
atasuke[m]
If my device is stolen and I couldn’t reboot. Is the data at risk ?
-
lev[m]
if you get picked up, and instantly restart, you'll probably turn your phone back on to look up a number unless you have your emergency contact memorized
-
lev[m]
at which point you'll definitely enter it in, while on camera
-
cn3m[m]
<atasuke[m] "If my device is stolen and I cou"> um, not really
-
cn3m[m]
the 48 hour timeout on biometrics is good enough
-
cn3m[m]
and AFU is tricky on GrapheneOS
-
atasuke[m]
Ok
-
cn3m[m]
people know they are going to have to deal with no usb attack vector and layers upon layers of hardening on iOS. On a Pixel that may come as a real shock to see you also have that here. Not to advocate security through obscurity at all, but yeah
-
salbutamol[m]
emergency contact number on the lockscreen sounds like a wise move
-
cn3m[m]
Pixel with GrapheneOS is pretty tough
-
atasuke[m]
Dope
-
atasuke[m]
Just an idea, why isn’t there a way to wipe the phone after a number of failed password attempts ?
-
cn3m[m]
I really don't think that is a necessary
-
cn3m[m]
You can already junk a Pixel effectively by trying to unlock it too many times(a DOS basically) an iPhone has this feature since the timeouts are shorter(but the minimum PIN is far far longer)
-
cn3m[m]
so if you want for instance to use an iPhone with a 4 digit PIN
-
cn3m[m]
it is meant for a 6 digit PIN so it wouldn't be as strong as a Pixel 4 PIN vs 4 PIN
-
cn3m[m]
an iPhone with 4 digit PIN and the 10 tries makes some more sense there
-
salbutamol[m]
there's a program on FDroid called Wrong PIN Shutdown which will turn off your device after X retries if that gives you some peace of mind
-
cn3m[m]
not recommended
-
salbutamol[m]
oh no?
-
atasuke[m]
salbutamol: you have to register the app as a device admin which is not really good
-
cn3m[m]
device manager
-
cn3m[m]
and correction
-
cn3m[m]
the time out on Pixels is not as aggressive as I remember
-
cn3m[m]
it is pretty hard to disable the device
-
cn3m[m]
but still it is very strong
-
salbutamol[m]
oic - what's the risk there, that the app could be shady / exploited?
-
atasuke[m]
Yes shady
-
cn3m[m]
yes
-
cn3m[m]
if it was exploited it would have full ownership of your profile
-
salbutamol[m]
gotcha
-
lev[m]
huh, apparently pixel 4/xl are already out of stock, and not available from google any more
-
cn3m[m]
in general the iPhone system is not as refined. Requires 6 digit PINs(which are long, but less likely to be easily guessed), shorter timeouts(which can be nice), but the wipe after failed attempts only make sense if you have a bad PIN imo
-
cn3m[m]
it opens you up to more damage if someone wipes your phone
-
cn3m[m]
than expecting someone to guess your nigh unbreakable PIN(on either phone)
-
cn3m[m]
if someone did bypass the hardware timer
-
cn3m[m]
they would bypass the wipe limit too
-
echotunnelriver[
Does Graphene have a pin scramble feature? I haven't seen this mentioned anywhere.
-
cn3m[m]
though a hardware timer bypass is extremely unlikely
-
cn3m[m]
<echotunnelriver[ "Does Graphene have a pin scrambl"> it does
-
cn3m[m]
basically if you PIN is 1234 iPhone will protect you by at least making it longer. People don't really carry 6 digit easily guessable combos in their head like SSN, birthday(you could add year though), and years like 1787. iPhones with the wipe after 10(optional) makes it way more appealing if you have a really bad PIN
-
cn3m[m]
Pixels on the other hand the 4 digit PIN makes more sense if you have it fully random it will be very strong and you don't need to worry about data loss and on top of it the PIN is shorter
-
nickcalyx[m]
> Does Graphene have a pin scramble feature? I haven't seen this mentioned anywhere.
-
nickcalyx[m]
Do you mean rearranging the keypad?
-
jpds
Yeah, it's in the settings, somewhere
-
atasuke[m]
<cn3m[m] "in general the iPhone system is "> iPhone doesn’t require 6 pin
-
cn3m[m]
I mean you can set it to 4 if you customize it
-
cn3m[m]
but the default PIN is set to 6
-
jpds
nickcalyx[m]: Under Security
-
-
Guest82
Hey! I'm female 23 and I'm so horny right now. Wanna trade pics with cute man. Add me here >>
NUDY.FUN << :
-
atasuke[m]
Lmao
-
tu30
I know there are no deadlines / don't want to pressure anyone but what's the current state for android 11
-
tu30
Not that I really care to be fair it hasn't added anything relevant to us
-
tu30
But still
-
cn3m[m]
Kernel is the current goal
-
cn3m[m]
Pixel 2 is done
-
cn3m[m]
Pixel 3 is development
-
cn3m[m]
then I believe after the kernels are done a release on Android 10 will be out to test the new kernels
-
Guest82
Hey! I'm female 23 and I'm so horny right now. Wanna trade pics with cute man. Add me here >>
NUDY.FUN << :
-
lev[m]
rofl
-
lev[m]
what minimal effort
-
lev[m]
(re: now deleted spam, not the comments about testing the new kernel)
-
cn3m[m]
bait 10/10
-
cn3m[m]
clap
-
lev[m]
I genuinely pity anyone who would click on that
-
Autopsy[m]
Pity me pls
-
lev[m]
you poor sad man
-
derpy
davx5.com/tested-with jeez they should at least recommend some top ones they know function well... paradox of choice!
-
derpy
just spent over an hour trying to move a damn address book... I don't see how this could possibly be a recommended app; such a waste of time.
-
derpy
Is there an android function where you can import / export just the address book to grapheneOS?
-
derpy
DAVx5 is way overcomplicated
-
Autopsy[m]
FastMail works flawlessly. It's not complicated. Anyways, is off topic, my man.
-
derpy
"best way to migrate contacts to GOS" is off topic?
-
derpy
ok
-
Autopsy[m]
Type all the numbers in individually if you can't figure it out.
-
Autopsy[m]
These sorts of questions shouldn't be asked here. It's an internet search away.
-
Autopsy[m]
How difficult is it to just make a fucking csv file of your contacts and import them into Android?
-
Autopsy[m]
Or a vCard
-
jpds
derpy: I like
etesync.com
-
derpy
jpds tnx
-
Guest35
Hey! I'm female 23 and I'm so horny right now. Wanna trade pics with cute man. Add me here >>
NUDY.FUN << :
-
Autopsy[m]
Yes, I'll add you.
-
Autopsy[m]
Jesus Christ lol
-
atasuke[m]
Again
-
lev[m]
is she like the 23rd female in her line of genetically engineered chatbots?
-
lev[m]
or is her first name "female" and last name "23"
-
derpy_online
Is it offtopic to ask about the phone app... I have a SIM and also a SIP account. It is supposed to ask first, but it does not ask and just defaults to the SIM.
-
derpy_online
Also, every time bluetooth disconnected I have to repair - it never remembers... Is this a known issue?
-
derpy_online
got the call selecting working
-
lev[m]
nice
-
lev[m]
is this with the stock dialer? I was thinking about looking at others, for no particular reason
-
adeus[m]
Hey I heard that the next update will force some people to do a factory reset ???
-
adeus[m]
Please tell me it’s not true
-
jpds
adeus[m]: No
-
KE0VVT
Last time I bought a device with the hopes of putting a custom OS on it, the bootloader was locked and the radio was not supported. I just want to buy something that will definitely work with GrapheneOS.
-
KE0VVT
(I bought a Galaxy Nexus. Little did I know, it’s a different piece of hardware when you get it from Verizon, and few ROMs supported it.)
-
nickcalyx[m]
> Hey I heard that the next update will force some people to do a factory reset ???
-
nickcalyx[m]
Where did you hear that
-
d64qoc8432li8p9o
It depends on what version you first flashed the OS and if you factory reset after some update
-
strcat[m]
only people who installed GrapheneOS before it was called GrapheneOS
-
strcat[m]
and before the first Android Hardening stable release
-
strcat[m]
-
strcat[m]
I was very clear about that
-
dazinism
KE0VVT: its still the same, dong buy a Verizon Pixel as the bootloader can not be unlocked
-
dazinism
*dont buy a