-
servo
HELLO ALL MEMEBERS
-
Dylanger[m]
Has anyone applied the microG cert spoofing patch?
-
renlord[m]
Dylanger: no
-
Dylanger[m]
Also anyone know how the OTA Updater server works? I can't seem to find any doc's on running the server
-
Dylanger[m]
<renlord[m] "Dylanger: no"> I've applied them, about to build
-
digitalfrontier[
Hello, anyone have a Pixel 4a who has flashed their device with GrapheneOS? If so, how has it been working for you?
-
Dylanger[m]
Commits aren't signed ☹️ - only the manifest repo is signed
-
renlord[m]
so what if commits are signed, when was the last time people checked commit signatures?
-
renlord[m]
or even bothered to verify if commits are correctly signed
-
Dylanger[m]
-
Dylanger[m]
-
Dylanger[m]
?
-
renlord[m]
yea, it works
-
renlord[m]
how to set up your private release server is not documented
-
renlord[m]
from the script, you can see its assumed that you have a `www-data` user and at the homedir you should have `html_a` and `html_b` and `html (symlink)`
-
Dylanger[m]
Ah got it
-
Dylanger[m]
-
Dylanger[m]
-
Dylanger[m]
Any idea why running a private release server isn't documented?
-
Dylanger[m]
Just not enough interest?
-
renlord[m]
if you're going to self-build, you're just going to use it privately for yourself
-
renlord[m]
so what's the point of documenting how to setup a private release server?
-
Dylanger[m]
<digitalfrontier[ "Hello, anyone have a Pixel 4a wh"> Going to build this now
-
digitalfrontier[
Dylanger nice, hopefully it works well for you. I flashed it this morning, just about everything pretty much works like it should. Only issues I have seen were with the default SMS app and F-Droid. Upon launching the Messages app, I got a message which read "this app was built for a previous version of Android..." Same with F-Droid.
-
digitalfrontier[
I was able to install apps from F-Droid just fine regardless, but went with Aurora Droid instead which gave me no errors. There was also some weird graphical issue with F-Droid, hard to describe. Between switching to different screens within the app the screen would go black for a beat and then load whatever content needed to be loaded. Almost like a lag for loading content? In any case, I did forget that for
-
digitalfrontier[
whatever reason dark mode isn't universally applied. That is to say, to all stock apps. Just the settings related things in GrapheneOS. Other than that pretty happy with it on my Pixel 4a.
-
digitalfrontier[
Long story short, no major show stopping bugs on Pixel 4a.
-
louipc_
renlord[m]: commit sigs could be useful in court cases :p
-
renlord[m]
that itself is a can of worms
-
louipc_
maybe
-
louipc_
yea lol
-
renlord[m]
non-repudiation is often disputed
-
renlord[m]
since key management is a dark art
-
Dylanger[m]
How is Daniel managing key right now?
-
Dylanger[m]
Anyone know?
-
Dylanger[m]
Does anyone know where the production builds take place?
-
renlord[m]
yes. Daniel's computer
-
Dylanger[m]
Ah cool, so not some VPS/server somewhere
-
renlord[m]
and then he signs then with his keys
-
renlord[m]
of course not a random VPS
-
Dylanger[m]
Okay cool
-
Dylanger[m]
Does `OFFICIAL_BUILD` do anything else aside from disable/enable updater?
-
anupritaisno1[m]
<Dylanger[m] "Does `OFFICIAL_BUILD` do anythin"> Yes
-
anupritaisno1[m]
<digitalfrontier[ "I was able to install apps from "> Fdroid is just a very buggy client and is not really recommended
-
Dylanger[m]
<anupritaisno1[m] "Yes"> Do you know what specific?
-
Dylanger[m]
> <@anupritaisno1:m.apex.to> Yes
-
Dylanger[m]
* Do you know what specifically?
-
anupritaisno1[m]
<Dylanger[m] "Do you know what specific?"> I believe you've already seen it yourself
-
Dylanger[m]
I want a user build, but don't want the updater
-
Dylanger[m]
If `OFFICIAL_BUILD=false` is enabling other debug features I need to know about it
-
anupritaisno1[m]
Just don't set it at all
-
digitalfrontier[
anupritaisno1 do you personally use another method to install your apps? Perhaps grabbing the apks straight from the source or a site like APK Mirror?
-
burningdaemon[m]
F-Droid
-
burningdaemon[m]
Aurora Store
-
Dylanger[m]
> Aurora Store 👌
-
burningdaemon[m]
I installed Aurora on a second User. Cause of the apps
-
Dylanger[m]
Aurora is really nic
-
Dylanger[m]
* Aurora is really nice
-
Dylanger[m]
Has anyone managed to get an eSIM LPA working on Graphene?
-
Dylanger[m]
Guess there aren't any open source LPAs
-
null[m]
<Dylanger[m] "Has anyone managed to get an eSI"> IIRC, no
-
-
digitalfrontier[
Ah, Aurora Store is nice. No doubt. I try to rely only on FOSS apps though. The only app I have from Aurora is my banking app and Here We Go maps, no account. Don't @ me! But OSMand is just not good IMO.
-
digitalfrontier[
*apps
-
joltman[m]
If using OSMand, is one of the biggest problems that you don't have street numbers and there are fewer POIs than in other apps?
-
digitalfrontier[
Usability is one thing but yes also just finding places even with the map for my area downloaded.
-
digitalfrontier[
Also the limited voice navigation with no TTS installed.
-
digitalfrontier[
Minor gripes, sure, but in the end OSMand isn't my cup of tea for navigation.
-
joltman[m]
It's been a little difficult trading in Waze, which was my old "go to" for navigation.
-
Dylanger[m]
The "Force 90Hz" option is missing on the Pixel 4
-
digitalfrontier[
I hear you. A maps app is that one thing that just needs to be a great experience in all aspects. Google Maps is insanely good, Waze too. But we all got away from old Googs for a reason, right? It's just too bad we don't have a FOSS alternative that can match those two apps yet.
-
Dylanger[m]
<renlord[m] "so what's the point of documenti"> It's not possible to update via fastboot when the bootloader is locked, so without your own Release Server, you can't re-lock the bootloader with your own fork/version of Graphene
-
Dylanger[m]
(YELLOW State)
-
renlord[m]
you can relock the bootloader with your own build
-
renlord[m]
if you sign with your own custom key
-
renlord[m]
all custom keys will yield the yellow state
-
renlord[m]
including daniel's
-
Dylanger[m]
How do you do updates then?
-
Dylanger[m]
Without a release server?
-
Dylanger[m]
* Without a release server/updater app?
-
renlord[m]
`adb sideload OTAPACKAGE` ?
-
Dylanger[m]
🤔
-
renlord[m]
actually dont use that
-
anupritaisno1[m]
<renlord[m] "actually dont use that "> That's the correct way
-
renlord[m]
i was just unsure if you needed to unlock bootloader or not
-
renlord[m]
i've never done it myself
-
anupritaisno1[m]
<Dylanger[m] "The "Force 90Hz" option is missi"> Yes. We don't ship that weird app
-
Dylanger[m]
You know what it's called?
-
Dylanger[m]
I'll RE it and see what it's actually doing
-
Dylanger[m]
So we can implement it properly
-
Dylanger[m]
If screen brightness is low, it'll always stay at 60Hz
-
Dylanger[m]
Meaning shitty scrolling of twitter in bed
-
renlord[m]
with faster refresh rate, would i enjoy scrolling twitter more?
-
renlord[m]
🤔
-
Dylanger[m]
You tried on 90Hz? It's butter smooth
-
renlord[m]
no i havent
-
anupritaisno1[m]
<Dylanger[m] "So we can implement it properly"> We are not implementing it
-
anupritaisno1[m]
That app has several dependencies on code not publicly available in AOSP
-
anupritaisno1[m]
And it just repeatedly crashes
-
Dylanger[m]
I don't mean add the app, if you give me the name of the app, I can figure out what it's actually doing to force 90Hz
-
Dylanger[m]
It'll be a prop or something
-
anupritaisno1[m]
-
Dylanger[m]
ty
-
Dylanger[m]
Ah neat, I'll prob just force 90 on my own dt
-
Dylanger[m]
Pixel 4a is smoothly running 👌
-
Dylanger[m]
Great job with the documentation
-
Dylanger[m]
heh
-
-
Dylanger[m]
Glorious notifications
-
digitalfrontier[
Nice! The thing that surprises me most is battery life. It was already impressive stock but on GrapheneOS the battery life is bonkers.
-
nsgl[m]
Are carrier variants still a concern on `Pixel 4` and subsequent models?
-
digitalfrontier[
I don't have many apps aside from the stock apps though. Literally just 11 more.
-
Dylanger[m]
<anupritaisno1[m] "That's the correct way"> So `adb sideload` is a go? lol if I relock and can't update I have a ~~brick~~ shipment to Google
-
Dylanger[m]
> <@anupritaisno1:m.apex.to> That's the correct way
-
Dylanger[m]
* So `adb sideload` is a go? lol if I relock and can't update I have a ~brick~ shipment to Google
-
Dylanger[m]
* So `adb sideload` is a go? lol if I relock and can't update I have a <del>brick</del> shipment to Google
-
anupritaisno1[m]
<nsgl[m] "Are carrier variants still a con"> If you can figure out a way to unlock them, go ahead
-
anupritaisno1[m]
There's no real hardware difference between a carrier and a normal variant
-
joltman[m]
<nsgl[m] "Are carrier variants still a con"> I think that is still a problem...namely Verizon versions.
-
anupritaisno1[m]
<Dylanger[m] "So `adb sideload` is a go? lol i"> Yes so don't turn off OEM unlocking
-
anupritaisno1[m]
Turning it off really doesn't give you much security on graphene
-
anupritaisno1[m]
Anyone can reset the phone and turn it on again
-
Dylanger[m]
Ah right, good point
-
Dylanger[m]
Yeah it'll reset if anyone `flashing unlock`'s it
-
anupritaisno1[m]
And unlocking the bootloader resets the phone anyway
-
Dylanger[m]
Now to test GMS/FCM notifications
-
Dylanger[m]
Is ccache dead?
-
Dylanger[m]
Wasn't used at all during my build
-
Dylanger[m]
I can bytepatch vendorRIL now lol
-
anupritaisno1[m]
<Dylanger[m] "Is ccache dead?"> Useless
-
Dylanger[m]
Fair
-
Dylanger[m]
Yaaaas
-
Dylanger[m]
Threema notifications are working 🎉
-
Dylanger[m]
And ProtonMail
-
Dylanger[m]
💦
-
nsgl[m]
<anupritaisno1[m] "There's no real hardware differe"> What I meant is whether I still need to be careful not to accidentaly buy one. I'm in europe currently looking to get a second/new phone (4 or 4a) and aim to avoid the headache.
-
joltman[m]
Good seller communication and reputation are usually good signals that you're getting what you want.
-
renlord[m]
wut, protonmail requires play services?
-
somenerd[m]
that'd be ironic
-
renlord[m]
-
renlord[m]
LOL apparently so
-
renlord[m]
very ironic, indeed.
-
renlord[m]
i suppose users without play services can use IMAP/SMTP configurations on their MUA
-
somenerd[m]
wow
-
somenerd[m]
lol wut
-
strcat[m]
you should just use a proper IMAP email client with IMAP push
-
strcat[m]
IMAP IDLE is push
-
digitalfrontier[
Tutanota is good if you need an email service without GSF dependence. They have an app on F-Droid.
-
strcat[m]
so a proper email client can do push as long as the server has IMAP IDLE support
-
digitalfrontier[
But they are based in Germany which is a 14 eyes country.
-
strcat[m]
the only way to use FCM would be if the server supports FCM... how many email servers support FCM anyway?
-
strcat[m]
protonmail went out of their way to do push via Google instead of IMAP
-
digitalfrontier[
Personally I use Ctemplar. Baser out of Iceland. Also on F-Droid.
-
digitalfrontier[
*based
-
renlord[m]
kinda like how i like to bendover backwards sometimes
-
JTL
renlord[m]: hmm?
-
prestocaso[m]
Anyone here try the Experimental 4a release?
-
digitalfrontier[
Yep. No major issues.
-
digitalfrontier[
Only things, Messages complains about being based on a previous version of Android, dark mode doesn't apply to all stock apps, F-Droid will also complain that it's based on a previous version of Android. But as someone else stated F-Droid is just buggy.
-
prestocaso[m]
I've got a 4a and would like to try graphene, I've been using calyxos so far, but I like grapene's security a bit more.
-
digitalfrontier[
You might want to switch to a different gallery app. I wasn't a fan and apparently others have had bugs crop up on it?
-
digitalfrontier[
For SMS I just use Signal as my default app anyway so the Messages issue didn't bother me too much.
-
digitalfrontier[
Ah and where CalyxOS is still on Android 10 the GrapheneOS build for the 4a is on Android 11.
-
prestocaso[m]
That's one issue yeah, I just chalk that up to calyx being a bit more conservative in their release schedule
-
digitalfrontier[
Right. I do find GrapheneOS to be just as smooth as CalyxOS on my 4a. Generally speaking. I was on CalyxOS before too.
-
prestocaso[m]
I'd used graphene on a 3a a bit back and loved it, but I got a really good deal to trade in for the 4a
-
anupritaisno1[m]
-
prestocaso[m]
And I've just been monitoring the scene since
-
digitalfrontier[
Pixel 4a is amazing and it has no business being as cheap as it is.
-
anupritaisno1[m]
Go and physically verify the device before handing the 3a over
-
prestocaso[m]
anupritaisno1: not sure what you mean, sorry
-
somenerd[m]
Like check that they have the device
-
anupritaisno1[m]
<prestocaso[m] "anupritaisno1: not sure what you"> It means exactly what I said
-
anupritaisno1[m]
You must go there and verify the OEM unlocking toggle is working
-
somenerd[m]
ohhh
-
anupritaisno1[m]
We have records where a seller sent a fake screenshot
-
anupritaisno1[m]
To one of the members here
-
prestocaso[m]
I traded in my 3a to google
-
anupritaisno1[m]
Then it's fine
-
Dylanger[m]
<prestocaso[m] "Anyone here try the Experimental"> It's so good
-
prestocaso[m]
Dylanger: so the issues you've encountered are negligible then
-
digitalfrontier[
Not who you asked but in my opinion yes. No show stoppers at all.
-
prestocaso[m]
anupritaisno1: and thanks for the heads up BTW
-
digitalfrontier[
Battery life is insane too.
-
digitalfrontier[
But I'm a light - mid user, YMMV.
-
strcat[m]
prestocaso: full security updates for Pixels aren't available for Android 10, it's not conservative to stay on Android 10
-
strcat[m]
we had to put in a huge amount of work to migrate to Android 11 promptly
-
digitalfrontier[
Flashed device at 8am with full charge. Now at 59%.
-
strcat[m]
prestocaso: it's offensive to suggest that it's because we aren't careful
-
strcat[m]
rather than we put in the work to provide a secure, up-to-date OS
-
anupritaisno1[m]
<prestocaso[m] "That's one issue yeah, I just ch"> Not really
-
strcat[m]
2020-09-05, 2020-10-01 and 2020-10-05 patch levels require moving to Android 11 since the device support code for Pixels isn't updated anymore for Android 10
-
anupritaisno1[m]
Calyx has external dependencies on projects like lineage for their new base
-
strcat[m]
we put in an enormous amount of work in September to migrate
-
anupritaisno1[m]
We don't
-
prestocaso[m]
digitalfrontier: sorry for the confusion, I'd seen Dylanger comment as well and I thought I'd get a second opinion
-
anupritaisno1[m]
<strcat[m] "we put in an enormous amount of "> Also yeah that
-
digitalfrontier[
No worries, lad!
-
digitalfrontier[
* prestocaso No worries, lad!
-
strcat[m]
if an OS targeting Pixels is not on Android 11 you should question how it can claim to be private or secure
-
strcat[m]
and whether the patch levels are accurate if they are claiming to have the latest patch levels
-
prestocaso[m]
strcat: I didn't mean to be offensive, I'd incorrectly used conservative in reference to their using things like microg for those that are new or need apps or services that rely on play services
-
digitalfrontier[
I honestly didn't read what prestocaso as if they meant any harm either.
-
digitalfrontier[
* I honestly didn't read what prestocaso said as if they meant any harm either.
-
digitalfrontier[
NP!
-
redu321[m]
Is there a big difference in security between the Pixel 3a and 4a? If i want graphene on it does it matter wich phone is better in case of security?
-
Cube[m]
<redu321[m] "Is there a big difference in sec"> The 4a has more memory and storage and a bigger display.
-
somenerd[m]
And I believe more update support
-
Cube[m]
yes, although I suppose with graphene that doesn't matter
-
Cube[m]
> <@cubegame:matrix.org> The 4a has more memory and storage and a bigger display.
-
Cube[m]
> In general, newer hardware is more secure, so the 4a is probably better for security.
-
Cube[m]
❗️just looking on the grapheneos.org and it says 4a support is experimental
-
Cube[m]
* yes, although I suppose with graphene that doesn't matter as much
-
makingaliasesisa
Yeah nothing broken yet with me
-
barcode[m]
Me too, working fine on the 4a until now
-
strcat[m]
-
strcat[m]
it doesn't make sense to get a 3, 3 XL or 3a at this point
-
strcat[m]
if you get a 3 or 3 XL, be prepared to replace it in a year
-
strcat[m]
we've been recommending only the 4 and 4 XL for a while now
-
strcat[m]
and 4a is now listed there
-
Dylanger[m]
Does the 4a have the Titan M?
-
coffeebag[m]
Sure
-
Dylanger[m]
<anupritaisno1[m] "
github.com/GlassROM-devi"> Huh, this applied cleanly
-
kopolee11[m]
<digitalfrontier[ "Only things, Messages complains "> Just a note that it is not unexpected that GrapheneOS warns you about apps that are targeting an old API level. That is fully as intended.
-
prestocaso[m]
Alright installed graphene and so far so good. The only error is on the SMS app so far and I'm using signal instead so no worries
-
strcat[m]
that's not an error
-
strcat[m]
GrapheneOS tells you if apps target an API level below 28
-
strcat[m]
it is not a bug or an error, it's an intended feature, as was explained above
-
strcat[m]
AOSP does the same thing for API levels below 23, we increase it to match the requirement enforced for new apps and app updates by the Play Store
-
prestocaso[m]
strcat: do you work on graphene, it seems like you really know your stuff
-
kopolee11[m]
<prestocaso[m] "strcat: do you work on graphene,"> He's the main developer.
-
Dylanger[m]
Daniel what hardware are you using to build on? Just like a laptop or?
-
strcat[m]
a workstation
-
strcat[m]
don't really understand the purpose of the question
-
Dylanger[m]
Just curious is all
-
strcat[m]
I'm in the process of getting a new workstation
-
strcat[m]
and retiring this one from development work
-
Dylanger[m]
Fedora Silverblue is good
-
Dylanger[m]
Podman works a treat
-
prestocaso[m]
That uses the new package architecture .tree or something similar correct?
-
Dylanger[m]
ostree yeah
-
-
prestocaso[m]
I'd looked at Fedora silver blue during the 32 beta and the potential seeming really cool. It was just a bit much for me
-
Dylanger[m]
```
-
Dylanger[m]
podman run --rm -it -v ~/Projects/AOSP/Graphene/ccache:/ccache:Z -v ~/Projects/AOSP/Graphene/
ssh:/root/.ssh:Z -v ~/Projects/AOSP/Graphene/aosp:/build:Z --pids-limit=999999 c54f0ac2949 bash
-
Dylanger[m]
```
-
Dylanger[m]
Takes about 1 hour to build Graphene
-
Dylanger[m]
AMD Ryzen 9 3950X 16-Core Processor, 64GB RAM
-
strcat[m]
that's only for a clean build
-
strcat[m]
an incremental build is much faster
-
strcat[m]
you aren't doing clean builds every time for development
-
Dylanger[m]
Yeah fair
-
prestocaso[m]
Again, thanks everyone for the feedback, and thanks Daniel for all the hard work. I'm poking around post flash and this really feels clean and fast
-
alex-resist_
Is building Graphene with 32GB of RAM borderline ok or borderline not ok?
-
strcat[m]
-
strcat[m]
read the documentation
-
strcat[m]
16GB is adequate for building the OS with few jobs
-
strcat[m]
it isn't adequate for building the Linux kernel
-
strcat[m]
you need over 32GB of memory to build the Linux kernel with LTO
-
strcat[m]
of course you could use any amount of swap and accept it being slow
-
anupritaisno1[m]
alex-resist_ it's fine unless your CPU is too overpowered
-
alex-resist_
strcat I have read it, it says 16 GB or more, and I just wanted to hear about some dev's experience with a certain amount of RAM
-
strcat[m]
the documentation is written by the developers
-
strcat[m]
if you trying to be productive doing many clean and incremental builds then I recommend a very powerful CPU with many cores and 64GB of memory
-
alex-resist_
strcat ok thanks, that answers my question :) Currently I have a 32 GB machine, so it's somewhere in between
-
strcat[m]
the memory is needed to support more jobs
-
strcat[m]
32GB + 32GB swapfile should be fine for building the Linux kernel and it won't actually have to use much swap
-
strcat[m]
32GB without swap probably can't link Linux with LTO
-
anupritaisno1[m]
[alex-resist_](
matrix.to/#/@freenode_alex-resist_:matrix.org) so I do like 64gb + 32gb ram/swap
-
alex-resist_
I'll try with 32GB of RAM and 32GB swap on SSD. See how far I can get
-
anupritaisno1[m]
With 20 jobs I can easily hit 50+ GB
-
renlord[m]
Maybe I should buy a cheap poweredge workstation
-
renlord[m]
Turn off all spectre mitigations.
-
anupritaisno1[m]
Especially when it gets to the java part
-
strcat[m]
my recommendation is to build with purchased parts
-
strcat[m]
it depends on how much money you have to spend
-
renlord[m]
Poweredge backdoored!?
-
anupritaisno1[m]
<renlord[m] "Turn off all spectre mitigations"> BTW does this actually work
-
strcat[m]
a lot of the spectre stuff is in microcode / hardware now
-
strcat[m]
so you can't avoid the performance hit
-
anupritaisno1[m]
I turned off all mitigations and I don't see an improvement of more than a minute
-
renlord[m]
My old intel it makes a difference on ryzen not at all
-
Dylanger[m]
I was planning on re-running `repo init` every new release/tag and update via `adb sideload`, can take advantage of incremental updates?
-
Dylanger[m]
> Incremental updates shipping only the changes between two versions
-
strcat[m]
if you're making production builds for actual usage, you should do clean builds
-
Dylanger[m]
Can I still use incremental updates if I repo init'd with a tag?
-
strcat[m]
read the documentation at
grapheneos.org/build
-
strcat[m]
Dylanger: sure but you shouldn't be doing incremental builds for production use
-
strcat[m]
build documentation covers all this
-
Dylanger[m]
I'll RTFM
-
strcat[m]
for a production build you should clear `out/` as it documents before building
-
strcat[m]
otherwise you can generally use incremental builds for development
-
renlord[m]
RTFM is always good
-
renlord[m]
if ppl had to trust root CAs vs. DNS root authorities, which one?
-
anupritaisno1[m]
Root CAs
-
anupritaisno1[m]
Correct me if wrong
-
anupritaisno1[m]
-
strcat[m]
renlord: why not use DANE only for pinning and verify both?
-
anupritaisno1[m]
Hmmmmmmm
-
anupritaisno1[m]
Yeah
-
strcat[m]
and btw we have DANE set up for the
attestation.app,
grapheneos.org and
releases.grapheneos.org web servers
-
strcat[m]
although it isn't used by browsers or most other kinds of clients
-
strcat[m]
unlike the mail.grapheneos.org server where DANE is actually widely adopted for SMTP and is important for having TLS authentication at all (since by default there is no CA system unless you use MTA-STS which is like dynamic HSTS only)
-
renlord[m]
dnssec adoption is not widespread yet though
-
renlord[m]
and dane enforcement iiuc is opportunisitc
-
renlord[m]
i.e. even if dane verification failed, emails still get sent in the clear
-
renlord[m]
whereas MTA-STS has strict enforcement policy if the receiving server insists
-
renlord[m]
not quite related to the trust factor, but there's that difference between mta-sts and dane at least
-
redu321[m]
I am a bit worried about the auto update of graphene. What if Graphene chooses to do a update with some security leak, because a government for example is saying they need to do that. Is it maybe secure om not put your phone in auto update mode but to do i manually?
-
renlord[m]
if i'm in charge of releases, you should be very worried
-
renlord[m]
hehe
-
strcat[m]
renlord: you're incorrect about how DANE works
-
strcat[m]
"i.e. even if dane verification failed, emails still get sent in the clear" is not accurate
-
strcat[m]
if DANE is present in DNS, it is enforced, in a proper implementation
-
strcat[m]
redu321: your reasoning doesn don't make any sense
-
strcat[m]
redu321: your reasoning doesn't make any sense
-
strcat[m]
-
strcat[m]
if you want to disable automatic updates, you're free to do that per the documentation
-
strcat[m]
how are you going to be secure if you don't install the updates?
-
strcat[m]
but you're free to have an insecure device if you want, you can disable updates and avoid installing them, or you can sideload updates, I don't see how it provides you any protection against an insider attack but you do you
-
strcat[m]
renlord: opportunistic in regards to DANE means that if DANE is not present, it's not a failure, if it is present then it is enforced
-
strcat[m]
renlord: DNSSEC makes it so that you can securely check whether a record is present, lack of presence is signed
-
strcat[m]
so this is not a security hole in any way, it just means that servers not using DANE aren't unsupported
-
strcat[m]
renlord: and DNSSEC adoption doesn't really matter - if a domain is using DNSSEC / DANE, it works fine
-
somenerd[m]
> but you're free to have an insecure device if you want, you can disable updates and avoid installing them, or you can sideload updates, I don't see how it provides you any protection against an insider attack but you do you
-
somenerd[m]
maybe a chance to audit?
-
somenerd[m]
* > but you're free to have an insecure device if you want, you can disable updates and avoid installing them, or you can sideload updates, I don't see how it provides you any protection against an insider attack but you do you
-
somenerd[m]
maybe a chance to audit before updating?
-
somenerd[m]
not sure though tbh
-
-
anupritaisno1[m]
Look at the git history and reuse one of our old kernels and match the build date and number exactly
-
anupritaisno1[m]
You should have identical builds
-
anupritaisno1[m]
Only difference may be some bug in clang sometimes compiles some code differently. Though this is very rare
-
strcat[m]
somenerd: you're free to use your own builds and "audit" changes
-
strcat[m]
somenerd: I don't see what any of this has to do with the way the Updater UX works
-
strcat[m]
if you want to disable updates, disable them
-
anupritaisno1[m]
[somenerd](
matrix.to/#/@lelmister101:matrix.org) I really recommend you run official
-
strcat[m]
highly recommended to leave updates enabled
-
somenerd[m]
not my argument
-
somenerd[m]
just trying to see what he meant
-
strcat[m]
somenerd: you're not making an argument, you made a statement that doesn't make sense
-
somenerd[m]
hmm
-
anupritaisno1[m]
You could follow the instructions incorrectly and mess up unofficial and you won't have auditor support unless you run your own
-
Dylanger[m]
strcat: Is there a way I can get an alert when there's an update? I guess just watching reddit
-
Dylanger[m]
Now that I'll be manually updating
-
renlord[m]
Dylanger: it just downloads when there's an update
-
anupritaisno1[m]
[somenerd](
matrix.to/#/@lelmister101:matrix.org) well none of those are real issues
-
strcat[m]
Dylanger: twitter, github
-
anupritaisno1[m]
<Dylanger[m] "strcat: Is there a way I can get"> Watch for new tags
-
Dylanger[m]
👍️
-
Dylanger[m]
ty
-
renlord[m]
-
renlord[m]
no good?
-
renlord[m]
:(
-
renlord[m]
i think should nag if no update
-
renlord[m]
following unix principles
-
strcat[m]
renlord: it needs to be rebased
-
strcat[m]
you have to open a new PR targeting the 11 branch
-
strcat[m]
and rebase
-
renlord[m]
oh no i got rid of gos-10
-
renlord[m]
ok i'll do it some time
-
renlord[m]
oh wait
-
renlord[m]
the remote branch still exists LOL
-
strcat[m]
-
strcat[m]
if you want to disable updates temporarily, follow the guide there
-
anupritaisno1[m]
[renlord](
matrix.to/#/@renlord:matrix.org) I can rebase it and send it if you want
-
strcat[m]
I don't see any reason to change how it works, no one has presented one
-
renlord[m]
anupritaisno1: sounds good!
-
renlord[m]
i like how it works now
-
strcat[m]
if you're getting your updates through Updater then that implies Updater downloading it, verifying the signature and installing it
-
renlord[m]
if it works, it should just stay quiet
-
anupritaisno1[m]
<renlord[m] "anupritaisno1: sounds good!"> Yeah I have a bunch of other changes I need to send for updater too
-
anupritaisno1[m]
So if there's any changes strcat needs I'll do those in separate commits
-
anupritaisno1[m]
Besides that code is pretty simple
-
strcat[m]
I'm curious if there is any decent open source gallery app we could use instead of the legacy Gallery2 sample app
-
strcat[m]
doesn't need that stupid filter stuff
-
somenerd[m]
which ones have you tried so far? just wondering
-
strcat[m]
just basic editing (cropping, rotate, flip, etc.)
-
strcat[m]
none, haven't found one that implements the required APIs and is permissively licensed
-
somenerd[m]
hmm
-
somenerd[m]
maybe improve the present one?
-
strcat[m]
no one has expressed any interest in doing that
-
strcat[m]
are you volunteering?
-
somenerd[m]
no, I can't as I have no dev experience
-
anupritaisno1[m]
<somenerd[m] "maybe improve the present one?"> And who will do that?
-
somenerd[m]
yeah
-
somenerd[m]
didn't think that through
-
strcat[m]
the sample Gallery2 app from AOSP has serious bugs and is essentially just a pile of legacy code gradually being stripped down as it rots awahy
-
strcat[m]
* the sample Gallery2 app from AOSP has serious bugs and is essentially just a pile of legacy code gradually being stripped down as it rots away
-
strcat[m]
github.com/SimpleMobileTools/Simple-Gallery switched to GPLv3 and then also started using a proprietary photo editing library so I think the days of it being an open source app are numbered anyway
-
strcat[m]
it supports doing an open source build without that library
-
strcat[m]
also I think it's in violation of the GPLv3
-
strcat[m]
so yeah, it's problematic
-
somenerd[m]
wait what
-
anupritaisno1[m]
<somenerd[m] "didn't think that through"> The problem is that there's more serious issues that need to be worked on right now
-
strcat[m]
because it loads a proprietary library but yet the developer made it GPLv3
-
strcat[m]
which is not allowed - so they are accepting code from people as GPLv3
-
somenerd[m]
wait
-
strcat[m]
also I don't see how they just changed the license like that without copyright assignment from contributors
-
somenerd[m]
f-droid still allows this????
-
strcat[m]
somenerd: there is an alternate build of the app without the proprietary library
-
anupritaisno1[m]
If people want to volunteer to pick up on work we can't do right away
-
strcat[m]
missing the photo editor
-
anupritaisno1[m]
Go ahead
-
strcat[m]
somenerd: F-Droid temporarily stopped updating it
-
strcat[m]
anyway we can't include GPLv3 code regardless because it conflicts with what we want to provide
-
somenerd[m]
ohh
-
strcat[m]
GPLv2 is fine
-
anupritaisno1[m]
<strcat[m] "GPLv2 is fine"> What about confidential and proprietary?
-
coffeebag[m]
Hello guys, currently working on Gallery issues crash (when cropping, filtering...)
-
anupritaisno1[m]
Sarcasm ^
-
strcat[m]
anupritaisno1: I said above it has to be permissively licensed
-
somenerd[m]
what is the problem with GPLv3?
-
strcat[m]
too non-free for us
-
anupritaisno1[m]
We want to make devices that users cannot unlock
-
strcat[m]
doesn't permit making a device with an immutable root of trust
-
anupritaisno1[m]
And install other operating systems
-
strcat[m]
we want it to be possible to take GrapheneOS and make a device with an immutable root of trust
-
somenerd[m]
like with custom hardware?
-
strcat[m]
if we include GPLv3 code, we're forbidding people from using GrapheneOS that way
-
strcat[m]
somenerd: yes
-
strcat[m]
so we won't include any GPLv3 code in the OS
-
somenerd[m]
hmm
-
somenerd[m]
yeah
-
anupritaisno1[m]
<somenerd[m] "like with custom hardware?"> Basically the project needs to move in the hardware space too
-
somenerd[m]
yeah
-
somenerd[m]
it was in the roadmap right?
-
strcat[m]
if we have custom hardware we want to be able to sell a variant of it with an immutable root of trust
-
strcat[m]
and we want it to be possible for others to make devices
-
strcat[m]
with an immutable root of trust
-
strcat[m]
GPLv3 code is off the table
-
somenerd[m]
that sounds really cool
-
anupritaisno1[m]
There's a lot of stuff in the roadmap
-
somenerd[m]
(as far as I understand)
-
renlord[m]
its an infinitely long roadmap
-
Dylanger[m]
<strcat[m] "if we have custom hardware we wa"> RISC-V?
-
Dylanger[m]
Open SoC?
-
strcat[m]
not relevant to the topic
-
Dylanger[m]
-
Dylanger[m]
That's basically it already done
-
somenerd[m]
yeah but the whole thing has to be
-
strcat[m]
Dylanger: that's an open source secure element and I wouldn't call it done considering that we need an implementation of the Citadel APIs
-
anupritaisno1[m]
No
-
somenerd[m]
I believe I saw a post from u/GrapheneOS on custom open hardware
-
strcat[m]
Dylanger: it's not a general purpose SoC, it's a secure element like the Titan M
-
anupritaisno1[m]
Proper hardware security is not just slapping a strongbox on
-
strcat[m]
that is a peripheral device essentially
-
strcat[m]
there isn't a RISC-V smartphone SoC and we're obviously not going to be designing an SoC
-
strcat[m]
in all likelihood we'd just use the SoC secure element implementation anyway
-
strcat[m]
like the Qualcomm SPU
-
anupritaisno1[m]
ECC ram too? ^
-
strcat[m]
it's unrealistic to make our own security chip, we'd need an off-the-shelf one, so sure an off-the-shelf one based on OpenTitan / RISC-V with the full Citadel API would be fine...
-
strcat[m]
but there isn't one
-
strcat[m]
can't use things that do not exist...
-
Dylanger[m]
Citadel... I have that bad boi in IDA somewhere
-
strcat[m]
Dylanger: the firmware?
-
anupritaisno1[m]
[strcat](
matrix.to/#/@strcat:matrix.org) but how do developers unbrick these phones?
-
strcat[m]
the OS parts are open source
-
Dylanger[m]
Yeah
-
Dylanger[m]
FW
-
strcat[m]
anupritaisno1: don't see the relevance to the discussion
-
Dylanger[m]
Cortex-M3 or something iirc
-
strcat[m]
anupritaisno1: phones with the immutable root of trust flashed would be the production ones not the development devices
-
somenerd[m]
would this happen after the move to a microkernel
-
somenerd[m]
?
-
strcat[m]
you would not be doing development on a production model
-
strcat[m]
somenerd: it's not tied to that
-
strcat[m]
and I'd suggest carefully reading what's written on the site about that
-
strcat[m]
you seem to have the wrong impression
-
somenerd[m]
let me reread
-
somenerd[m]
cuz I am kinda confused
-
somenerd[m]
ohhh
-
strcat[m]
don't see what that has to do with the topic
-
somenerd[m]
so these are unrelated
-
somenerd[m]
wonder why I thought they were...
-
somenerd[m]
I should really read the docs carefully
-
Dylanger[m]
If you used a SuzieQ (Orange dev cable from Google), you could interact directly with Citadel
-
strcat[m]
Dylanger: the orange cable you're talking about is not from Google
-
strcat[m]
and that only implements the ChromeOS Suzy-Q protocol
-
strcat[m]
the Android cables are extended
-
Dylanger[m]
Ah yeah that's the one
-
strcat[m]
Android version requires more to get logs from Android
-
somenerd[m]
TIL: google makes a lot of open source things
-
strcat[m]
the cable you're talking about would only give you firmware logs, it's missing the other half (i.e. the OS logs)
-
Dylanger[m]
It dropped me into a fully interactive shell
-
Dylanger[m]
Wasn't like root or anything
-
Dylanger[m]
But let me see fw versions etc
-
Dylanger[m]
I think Google removed it
-
Dylanger[m]
In 4
-
Dylanger[m]
I should check
-
strcat[m]
I'm aware of what it provides but you're talking about using it via an incomplete way
-
strcat[m]
it works differently based on whether the device is unlocked and there are fastboot oem commands
-
strcat[m]
we have proper complete debug cables
-
strcat[m]
unlike those ChromeOS ones
-
strcat[m]
we have someone that can make them
-
Dylanger[m]
<strcat[m] "it works differently based on wh"> Pixel 3 _totally_ didn't
-
Dylanger[m]
I remember doing it to a friends device that was locke
-
Dylanger[m]
* I remember doing it to a friends device that was locked
-
strcat[m]
read what I wrote
-
strcat[m]
> works differently
-
Dylanger[m]
adb not enabled etc
-
strcat[m]
it's not related to adb in any way
-
strcat[m]
you seem really confused about what it does
-
strcat[m]
there's no point in explaining to someone that knows what it does how it works
-
strcat[m]
and we have proper cables with all the functionality rather than just basic firmware logs
-
strcat[m]
i.e. being able to toggle on the OS logs from the kernel with fastboot
-
Dylanger[m]
<strcat[m] "> works differently"> I know that these 2 things are totally seperate, the shell I was dropped into was some sort of UART terminal, the cable itself added resistance to D- line, muxing me to the Titan M, I only mentioned adb was disabled because I was able to take his _totally untouced Pixel 3, and interact with the (debatable) most IC of the device_
-
strcat[m]
it has nothing to do with adb
-
Dylanger[m]
> <@strcat:matrix.org> > works differently
-
Dylanger[m]
* I know that these 2 things are totally seperate, the shell I was dropped into was some sort of UART terminal, the cable itself added resistance to D- line, muxing me to the Titan M, I only mentioned adb was disabled because I was able to take his _totally untouced Pixel 3, and interact with the (debatable) most important/private IC in the device_
-
strcat[m]
and it doesn't give any sensitive information without being unlocked and enabling the full logs
-
Dylanger[m]
It's still a vector
-
strcat[m]
as I said above it works differently when you actually enable the sensitive logging when unlocked
-
strcat[m]
a vector for what?
-
strcat[m]
you don't seem to understand what it's providing to you
-
strcat[m]
you can't "interact" with the Titan M using it
-
strcat[m]
you can get very basic status information from firmware, that's it
-
strcat[m]
I'm fully aware of what it makes available and how the access controls on it work
-
Dylanger[m]
<strcat[m] "I'm fully aware of what it makes"> Oooo great, please expand on this
-
strcat[m]
and you also seem confused about what the Titan M provides
-
strcat[m]
Dylanger: expand on what?
-
strcat[m]
if the device isn't unlocked you can't use it to get sensitive logs
-
strcat[m]
that's how it works
-
strcat[m]
there are fastboot oem commands tied to the debugging features
-
strcat[m]
you can't use them when locked
-
strcat[m]
even when unlocked it doesn't offer that much functionality on a production device
-
strcat[m]
mostly you can just get the rest of the logs including the OS logs
-
strcat[m]
useful for debugging early boot issues
-
coffeebag[m]
I have a question about GrapheneOS on 4a : is it normal that i don't have notifications on my apps ?
-
strcat[m]
and again it has nothing to do with adb
-
strcat[m]
coffeebag: be specific about what you mean
-
strcat[m]
which apps
-
strcat[m]
notifications work fine on GrapheneOS
-
coffeebag[m]
All
-
strcat[m]
coffeebag: you probably turned on DND then
-
strcat[m]
turn off do not disturb
-
coffeebag[m]
Nope it's off
-
strcat[m]
doesn't align with what you said above
-
strcat[m]
be specific about which apps don't provide notifications
-
coffeebag[m]
For exemple : Signal
-
strcat[m]
if you use the built-in clock app for example, those notifications work fine right?
-
strcat[m]
coffeebag: Signal notifications work fine on GrapheneOS
-
strcat[m]
it sounds like you've changed the notification settings or have DND enabled in some form
-
strcat[m]
check
-
coffeebag[m]
I have notifications but not thz dot
-
coffeebag[m]
I will double check
-
strcat[m]
what do you mean dot
-
coffeebag[m]
A dot on top of the app logo
-
anupritaisno1[m]
Notification dot
-
anupritaisno1[m]
What
-
coffeebag[m]
To Signal that there is notifications unread for this app
-
anupritaisno1[m]
You mean unread counters?
-
somenerd[m]
yeah, I think they meant that
-
strcat[m]
coffeebag: so notifications do work fine, you're talking about the launcher notification dot?
-
coffeebag[m]
I mean on home screen, my apps with unread messages don't have Dot Notification (the dot on top of the logo of the app)
-
coffeebag[m]
sorry my english is crap
-
strcat[m]
make sure you have that option enabled
-
strcat[m]
in the launcher settings
-
anupritaisno1[m]
Yeah notification dot
-
strcat[m]
long press on the home screen and go to settings
-
anupritaisno1[m]
[coffeebag](
matrix.to/#/@ukah:matrix.org) if you're lost, go to settings, reset app preferences and reboot
-
anupritaisno1[m]
That resets notifications too
-
coffeebag[m]
Erf ok i found
-
strcat[m]
look at Advanced in the Notifications Settings
-
coffeebag[m]
sorry for that
-
coffeebag[m]
thx a lot
-
strcat[m]
it has an option for the dot on lockscreen
-
strcat[m]
afaik that's enabled by default
-
coffeebag[m]
didn't know this option for graphene
-
coffeebag[m]
it's default on Stock rom
-
coffeebag[m]
mb ! thx
-
strcat[m]
it's the default in GrapheneOS too
-
strcat[m]
you disabled it
-
coffeebag[m]
wut
-
coffeebag[m]
weird, peraps
-
coffeebag[m]
(btw i use the 4A)
-
strcat[m]
perhaps you switched launchers and switched back, might have disabled it
-
strcat[m]
or you disabled it specifically
-
strcat[m]
but it's enabled by default
-
zugzwang[m]
Micay please enlighten us : is Ultrasonic beacon tracking possible or is it total bs?
-
engulf[m]
It is totally possible and it is used by many advertising and tracking companies
-
engulf[m]
* It is totally possible and it is used by many advertising and tracking companies at the moment
-
zugzwang[m]
<engulf[m] "It is totally possible and it is"> Hmm
-
zugzwang[m]
On r/privacy they posted a youtube video claiming a Tv it can connect to a phone via ultrasonic beacons
-
engulf[m]
Here is a study of 'Privacy Threats through Ultrasonic Side Channels on Mobile Devices'
christian.wressnegger.info/content/…ojects/sidechannels/2017-eurosp.pdf
-
zugzwang[m]
<engulf[m] "Here is a study of 'Privacy Thre"> Thank you
-
renlord[m]
there's also a paper on using lasers to issue commands to your voice assistant
-
renlord[m]
over kilometers of distance
-
renlord[m]
-
renlord[m]
LOL
-
somenerd[m]
> there's also a paper on using lasers to issue commands to your voice assistant
-
somenerd[m]
wait WHAT???????
-
zugzwang[m]
It even goes on as to that the dogs can sense them and jump at the tv when its happening
-
renlord[m]
meh, all kinds of side-channels exist
-
somenerd[m]
wow
-
zugzwang[m]
<renlord[m] "there's also a paper on using la"> Thank you
-
-
renlord[m]
maybe kilometers was an exaggeration
-
renlord[m]
Siri is vulnerable too!
-
renlord[m]
lulululul
-
somenerd[m]
lol
-
engulf[m]
<renlord[m] "there's also a paper on using la"> That's not really something that would affect most of us, although that might change.
-
engulf[m]
Here is a Blackhat talk about Ultrasonic Cross-Device tracking
-
engulf[m]
-
engulf[m]
But if you want to have more specific conversation about Ultrasonic tracking, I would suggest Techlore group as this is intended for GrapheneOS
-
somenerd[m]
or the off topic one
-
strcat[m]
zugzwang: we have the added Sensors permission for very good reasons
-
saucy-salamander
So when my alarm triggers it seems like I have to unlock my phone to dismiss it (default app, Pixel 4 XL) anyone experience this also?
-
engulf[m]
strcat: Is it "normal" that apps like `10062`, `10152` and `10190` have all used way over 10MB (in some cases over 50MB) of WiFi in last 30 days?
-
anupritaisno1[m]
Yes
-
somenerd[m]
what are those apps anyway?
-
engulf[m]
Can you explain what kind of data is transferred, to where and why?
-
anupritaisno1[m]
First tell me how you got said "data"
-
engulf[m]
You go to: Setting->Network & internet->Wi-Fi->Wi-Fi data usage?
-
engulf[m]
* By going to: Setting->Network & internet->Wi-Fi->Wi-Fi data usage?
-
Guest26643
I want to improve my privacy in 2021 and atm I'm used to the conveniance of iPhones, I'd like to switch to Pixel with grapheneOS tho. How long does it "usually" take until there is a grapheneOS for a "new" Pixel phone? For example when can we "expect" a grapheneOS for the Pixel 5?
-
Guest26643
I know you cant tell for sure. I'm simply interested in an educated guess from someone who has witnessed the release of for example the Pixel 4 and can tell me how long it took them there
-
digitalfrontier[
> <@kopolee11:matrix.org> Just a note that it is not unexpected that GrapheneOS warns you about apps that are targeting an old API level. That is fully as intended.
-
digitalfrontier[
> And many of the default apps are really just placeholders for comparability reasons, not meant to actually be used.
-
digitalfrontier[
Thanks for the detailed explanation! My thanks to strcat as well for clarifying further.
-
somenerd[m]
> meh, all kinds of side-channels exist
-
somenerd[m]
the sad part is that the tone seems like this is normal
-
somenerd[m]
* > meh, all kinds of side-channels exist
-
somenerd[m]
the sad part is that the tone makes this seem like it's normal
-
strcat[m]
Guest26643: it will take *forever* if people never step up to do the work
-
strcat[m]
Guest26643: there is no guarantee of support for newer Pixels
-
strcat[m]
so far no one is working on those and we still need more people helping with the 4a
-
Guest26643
Understood thanks
-
digitalfrontier[
<strcat[m] "I'm curious if there is any dece"> What about Simple Gallery Pro?
-
digitalfrontier[
Unless the Apache 2.0 license puts people off?
-
ultracard[m]
<digitalfrontier[ "Unless the Apache 2.0 license pu"> the first thing i do on a fresh android install is to replace the default gallery app with Simple Gallery Pro
-
ultracard[m]
it's amazing
-
revelation1318[m
Same here.
-
digitalfrontier[
Agreed. It's really good. Skimming over the Apache 2.0 license the only thing that stands out is the following "This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file."
-
digitalfrontier[
But it does state "reasonable and customary use." I don't know, I'm not sure how to interpret that.
-
revelation1318[m
It says GNU GPL v3 in GitHub.
-
revelation1318[m
It was changed from Apache v2 to GPL v3 in 2019. F-Droid is not up to date here.
-
somenerd[m]
yeah
-
somenerd[m]
and apparently GPLv3 is a problem
-
somenerd[m]
> we want it to be possible to take GrapheneOS and make a device with an immutable root of trust
-
somenerd[m]
> so we won't include any GPLv3 code in the OS
-
somenerd[m]
> GPLv3 code is off the table
-
somenerd[m]
from Daniel MIcay
-
somenerd[m]
* from Daniel Micay
-
somenerd[m]
* and GPLv3 is a problem
-
strcat[m]
digitalfrontier: Simple Gallery Pro is GPLv3 and uses a proprietary library incompatible with GPLv3 for photo editing (which is quite strange)
-
strcat[m]
it doesn't have a proper photo editor in a build without that
-
strcat[m]
and they've stated they won't be developing one
-
digitalfrontier[
<revelation1318[m "It was changed from Apache v2 to"> Thanks mate!
-
digitalfrontier[
<strcat[m] "digitalfrontier: Simple Gallery "> Well that's not just strange but also a bit depressing.
-
strcat[m]
we won't include GPLv3 code but even if we were willing to do that I am concerned about the future of all those simple mobile tools apps
-
somenerd[m]
yeah that proprietary library is rather concerning
-
strcat[m]
I think Gallery2 broke because of OS changes rather than internal changes
-
strcat[m]
backwards incompatible change somewhere
-
strcat[m]
it was likely already doing something incorrectly and it broke
-
strcat[m]
depending on some implementation detail or something like that
-
somenerd[m]
really?
-
strcat[m]
it's a really crufty old app
-
strcat[m]
it was likely doing something really wrong
-
somenerd[m]
wow there are no more options then...?
-
somenerd[m]
that's sad
-
strcat[m]
and now it broke
-
strcat[m]
I don't know what you mean by that
-
strcat[m]
in the short term someone could fix Gallery2
-
somenerd[m]
> I don't know what you mean by that
-
somenerd[m]
I meant no more FOSS and good gallery options
-
DonaldBiden
Hello. I found a good offer for a used Pixel 2. Is it good enough or should I wait for a bargain on a newer model?
-
digitalfrontier[
Pixel 4a is only $ tree fiddy.
-
digitalfrontier[
Plus taxes obviously but come on that's cheap.
-
redibc[m]
I just got a used pixel 3 for 130 us
-
cyborgninjaneer[
Pixels don't have a very long software life. Best get the newest one you can.
-
digitalfrontier[
<redibc[m] "I just got a used pixel 3 for 13"> Not bad. I don't trust anything used though. But that's just me.
-
joltman[m]
After installing Simple Gallery Pro, is it good to disable the stock Gallery?
-
digitalfrontier[
I did so and have had zero issues.
-
digitalfrontier[
It will just be hidden if you disable it.
-
joltman[m]
How do you re-enable it later if you want to go back to it later and it's hidden?
-
digitalfrontier[
Settings, Apps & Notifications, See all apps
-
joltman[m]
Thanks!
-
digitalfrontier[
You're welcome!
-
DonaldBiden
Found a good offer for a used Pixel 2. Is it good enough or should I wait for a bargain on a newer model?
-
strcat[m]
Pixel 2 is almost dropped
-
strcat[m]
get a Pixel 4a, nothing else should be considered for a budget device
-
DonaldBiden
OK ty
-
somenerd[m]
Is there any plan on expanding the docs?
-
strcat[m]
docs about what?
-
strcat[m]
the docs are regularly being expanded
-
strcat[m]
people tend to just not read them
-
somenerd[m]
about GrapheneOS
-
DonaldBiden
The Google Pixel so expensive for its specs...
-
strcat[m]
about what specifically?
-
strcat[m]
DonaldBiden: which device are you talking about
-
somenerd[m]
not really anything spacific
-
somenerd[m]
* not really anything specific
-
strcat[m]
the Pixel 4a is the budget device
-
strcat[m]
somenerd: they're being regularly expanded, your question is strange
-
somenerd[m]
oh ok
-
DonaldBiden
pixel 4a is $350. pixel 3 $213. pixel 2 $201.
-
mrxx_0[m]
somenerd: You need a specific information which isn't on the website ?
-
strcat[m]
Pixel 2 is obsolete and about to be dropped
-
strcat[m]
I would expect it to be really cheap when it's more than 3 years old
-
strcat[m]
I doubt it is a new Pixel 2 for $201
-
strcat[m]
it sounds like you're comparing a new Pixel 4a to a used Pixel 2
-
somenerd[m]
> somenerd: You need a specific information which isn't on the website ?
-
somenerd[m]
no, not yet
-
strcat[m]
DonaldBiden: same with that Pixel 3 - you can't really compare prices of a new device to used ones
-
strcat[m]
and a Pixel 3 is a bit over 2 years old, Pixel 2 is a bit over 3 years old
-
DonaldBiden
@strcat[m] no, these are used prices
-
strcat[m]
4a is from August this year
-
DonaldBiden
including shipping and taxes it can be more
-
strcat[m]
DonaldBiden: $350 USD is the price of a *new* Pixel 4a
-
strcat[m]
it was released a few months ago so there are probably not many used ones
-
DonaldBiden
strcat[m] I just checked ebay, that's the bottom price for a used one.
-
DonaldBiden
exactly
-
strcat[m]
if you buy a Pixel 2 you'll need to replace it in a month
-
DonaldBiden
So Pixel 3 is the only budget viable option?
-
strcat[m]
you won't be getting competitive security day one and it'll be dropped soon
-
strcat[m]
Pixel 3 is not a budget option, it's a 2 year old flagship device
-
DonaldBiden
They should say that in the FAQ
-
strcat[m]
buying old devices is not a good way to save money
-
strcat[m]
DonaldBiden: we do
-
strcat[m]
-
DonaldBiden
Idk, they break fast.
-
strcat[m]
4, 4 XL, 4a are the only recommended devices
-
DonaldBiden
I was looking for a phone with cracked glass but even those are expensive...
-
DonaldBiden
They cost so much more than Redmi
-
strcat[m]
I have never had a Nexus or Pixel phone die before it became end-of-life
-
DonaldBiden
Ppl crack the glass all the time
-
DonaldBiden
I had a Samsung which I bricked, idk even know how
-
strcat[m]
I've had a Nexus 5, Nexus 7, Nexus 10, Nexus 6, Nexus 9, Pixel C, Nexus 5X, Nexus 6P, Pixel 1, Pixel 1 XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL
-
strcat[m]
none have died early
-
jpds
DonaldBiden: Hardware randomly dies all the time
-
strcat[m]
the only one that has broken at all is the Nexus 5 because that thing was poorly built and the USB port wore out during development + after it was already EOL the screen broke just from the whole thing starting to fall apart
-
strcat[m]
but the devices now are much better built
-
strcat[m]
that was a lower end plastic phone
-
strcat[m]
with really weak thin glass for the screen in comparison
-
DonaldBiden
jpds that's what I was trying to say, it's better to buy a cheap old one which is supposed to last only a year
-
strcat[m]
jpds: a small percent of hardware
-
strcat[m]
and there's a warranty
-
DonaldBiden
I buy them cheap without a warranty...
-
strcat[m]
in my experience, when hardware dies in ~4-5 years, it's almost always in the first couple months (unless you're talking about breaking it)
-
DonaldBiden
I don't remember the last time I owned a new device...
-
strcat[m]
DonaldBiden: well, Pixel 2 is essentially unsupported at this point already
-
DonaldBiden
Gotcha
-
strcat[m]
it might not get an update next month, we don't know how much longer it'll be supported
-
strcat[m]
Pixel 3 has a year of guaranteed updates left, Pixel 3a somewhat longer
-
DonaldBiden
Why did the devs choose the Pixel?
-
strcat[m]
atm the devices have 3 years guaranteed support on release
-
DonaldBiden
Because it's well documented?
-
strcat[m]
-
strcat[m]
because they offer the best privacy and security
-
strcat[m]
most devices don't have full security updates available let alone being competitive on firmware/hardware privacy and security
-
somenerd[m]
I wish that they had more years of support though
-
DonaldBiden
How ironic for a Google device
-
strcat[m]
the vast majority of devices don't support all the hardware-based security features for another OS
-
somenerd[m]
probably good reasons as to why there are less years of support compared to iPhones though
-
DonaldBiden
Gotcha, so what you're saying is Google tried to do an iPhone competitor
-
-
strcat[m]
just bear in mind that's the minimum guarantee
-
DonaldBiden
Ty
-
strcat[m]
for example Pixel 1 got last update December 2019
-
strcat[m]
the date when it's actually dropped isn't known
-
strcat[m]
Pixel 4, 4 XL and 4a are also the most secure among what we support
-
strcat[m]
and we have the best maintenance for those
-
DonaldBiden
Looks like only Lineage phones are an option for me...
-
strcat[m]
we have higher standards for maintenance teams than we used to
-
somenerd[m]
not really a good idea though...
-
DonaldBiden
-_-
-
somenerd[m]
-
strcat[m]
this channel is only about GrapheneOS
-
somenerd[m]
yeah
-
somenerd[m]
I'll move to offtopic
-
DonaldBiden
Let me put it this way: are the NSO guys only hacking Androids?
-
strcat[m]
DonaldBiden: not sure what the relevance is to the discussion, and no
-
nicob[m]
How is the Pixel 4 without fingerprint the 'most secure among we support'?
-
DonaldBiden
There's something called security by obscurity
-
strcat[m]
read that
grapheneos.org/faq#device-support section in the FAQ I linked earlier
-
strcat[m]
DonaldBiden: 'security through obscurity' is primarily referred to as a way of criticizing weak approaches to security... and again I'm not seeing the connection to the discussion
-
strcat[m]
nicob: fingerprint scanning and the Pixel 4 IR-based facial scanning is a very similar system
-
strcat[m]
nicob: it doesn't really have much to do with the security we're talking about there
-
DonaldBiden
OK, thanks
-
strcat[m]
biometric security is an optional secondary unlock option for each profile
-
strcat[m]
we'd like to implement our planned 2 factor secondary unlock option
-
nicob[m]
That would be ideal, something you know and something you have, until then, can you point me a source where it says it is as secure as the fingerprint on the 3? As I seem to recall it is not...But apparently I am off
-
strcat[m]
you seem to be confusing it with camera-based facial recognition
-
strcat[m]
which is not what it is
-
strcat[m]
if you want to do research on it, go ahead
-
strcat[m]
it's the same kind of approach that modern iPhones use for facial scanning
-
strcat[m]
and it's very unlike using a camera for it
-
strcat[m]
it's much easier to fool a fingerprint scanner than the iPhone / Pixel 4 facial scanning, it has advantages and disadvantages
-
nicob[m]
Ok
-
Wonderfall[m]
Facial scanning is nice, too bad it works from hardly to not at all with masks ; that was to be expected.
-
nicob[m]
This is what scared me when looking into pixel face unlock the first time.. The bulletpoints under 'How face unlock works' - important
support.google.com/pixelphone/answer/9517039?hl=en&ref_topic=7083614
-
nicob[m]
Of course there are downsides to the fingerprintsensor but they are generally more in the users control..
-
strcat[m]
there are people with similar enough fingerprints that it collides
-
strcat[m]
the face scanning is much more unique than fingerprint scanning
-
strcat[m]
as I said earlier
-
lev[m]
<nicob[m] "This is what scared me when look"> there are settings that mitigate the accidental unlock (i.e. face unlocks the phone, but you still have to swipe up to get to the home screen)
-
lev[m]
also if you are captured, they could also hold the the phone to your finger
-
lev[m]
you'd need to restart the phone before you were restrained in either case
-
lev[m]
I dunno how to help you if you have an evil twin though lol
-
coffeebag[m]
I want to fix bugs on the gallery2 app. But i don't have enough resources to build the entire GrapheneOS. Is the following thing is possible to do ? : Get the kernel then ONLY build gallery2. Disable my gallery2 app then install it on my device (which have grapheneOS) to test
-
strcat[m]
you can build only gallery2
-
strcat[m]
you seem to have a misunderstanding about what a kernel is and it's not relevant to this
-
strcat[m]
you need to change the app id to something else if you want to install it on GrapheneOS
-
strcat[m]
since you don't have our release keys
-
coffeebag[m]
i'm talking about the kernel google sunfish for example
-
coffeebag[m]
it's a kernel right ?
-
strcat[m]
the normal way to do development is just to do an initial build, then start making changes, then do incremental builds
-
strcat[m]
and test your changes
-
strcat[m]
incremental builds only rebuild what changed and then make new images with those changes
-
louipc
you can develop most apps without building the whole OS
-
strcat[m]
if you really want there are commands for building specific apps in the AOSP tree, etc.
-
coffeebag[m]
And i was asking if i need it in order to build Gallery2 bcs Gallery2 use internal apis no ?
-
coffeebag[m]
ok
-
strcat[m]
change to the directory of Gallery2 and run `mm` instead of `m` at the top level
-
strcat[m]
after setting up the environment and choosing target
-
coffeebag[m]
ok thks i will do this
-
» louipc thumbs up
-
Cyrinux[m]
Hi, on my 3a,I can't get the last update. Seamless update clients keep stopping. I clear the storage and cache. But seems this doesn't help. Can I update with adb maybe without losing data?
-
Cyrinux[m]
* Hi, on my 3a,I can't get the last update. Seamless update clients keep stopping. I clear the storage and cache. But seems this doesn't help. Can I update with adb maybe without losing data? (I use stable version)
-
strcat[m]
get logs from `adb logcat`
-
strcat[m]
can figure out what's going wrong
-
strcat[m]
it's possible to sideload the update with adb but it's important to figure out what the issue is
-
-
-
-
Cyrinux[m]
those logs came from adb logcat | grep -i seamless
-
Cyrinux[m]
* those logs came from adb logcat | grep -i seamless, will try to reboot and retrigger the bug
-
strcat[m]
Cyrinux: you need to provide more of the logs
-
strcat[m]
you aren't providing enough
-
strcat[m]
use a paste site
-
Cyrinux[m]
yep will do this
-
Cyrinux[m]
* Hi, on my 3a,I can't get the last update, i'm stuck on the 6 oct. Seamless update clients keep stopping. I clear the storage and cache. But seems this doesn't help. Can I update with adb maybe without losing data? (I use stable version)
-
Cyrinux[m]
* yep will do this, strcat
pastebin.com/kQbE59u0
-
Cyrinux[m]
* yep will do this, strcat
pastebin.com/kQbE59u0 , i can read a dns cache problem and selinux denied? I use a vpn + custom dns if this can help.
-
anupritaisno1[m]
[Cyrinux](
matrix.to/#/@cyril:levis.name) I'll read your logs. Pm me and send the entire thing to me
-
anupritaisno1[m]
Then if there is some bug I'll open an issue so that we'll get it fixed
-
strcat[m]
Cyrinux: you're not providing all the relevant log content
-
strcat[m]
don't use grep
-
strcat[m]
run adb logcat -c to clear logs
-
strcat[m]
trigger the issue
-
strcat[m]
run adb logcat -d to dump logs
-
strcat[m]
and copy the relevant portion with the exception with full information / context
-
Cyrinux[m]
Ok
-
anupritaisno1[m]
[strcat](
matrix.to/#/@strcat:matrix.org) I'm helping him in private
-
anupritaisno1[m]
I'll have a look at his logs and let you know
-
Cyrinux[m]
strcat:
-
Cyrinux[m]
* strcat: its good, thx guy, will try to get more logs the next time i know what you need now, the last monkey pressing on update button trigger the service update but the ui was crash i understand
-
ultracard[m]
Hey guys, I am currently running Calyx OS on my pixel 4a. But now I want to switch to graphene OS. But I have a few questions: 1. should i flash stock android before installing Graphene OS and install all updates to update to the latest firmware or is graphene OS itself able to update the devices firmware via OTA updates. 2. Is there anything i need to do differently when installing graphene OS over a Calyx OS
-
ultracard[m]
installation compared to when the phone is running stock android.
-
anupritaisno1[m]
<ultracard[m] "Hey guys, I am currently running"> Just flash grapheneos directly
-
strcat[m]
ultracard: GrapheneOS has all the firmware in the factory images and updates
-
ultracard[m]
also, does anyone know a bit about android user profiles. Because I would like to install whatsapp on a seperate user account because I would imagine that having several security privacy benefits. But I' don't know what a different user account does. For example: can whatsapp read files stored on another users account if i give it permission to access external storage?
-
ultracard[m]
<ultracard[m] "also, does anyone know a bit abo"> nice, sounds great
-
ultracard[m]
<anupritaisno1[m] "Just flash grapheneos directly"> thanks, will do that
-
ultracard[m]
<ultracard[m] "also, does anyone know a bit abo"> and also: can an app installed on another user account run in the background while I'm on a different user profile?
-
ultracard[m]
so: is whatsapp able to send out data to mark zuckerberg if I am logged into another user account or is the app suspended while i'm not on teh user account it's installed on
-
ultracard[m]
I know i should stop using this creepy application anyways, but some people are simply not willing to use signal messenger and don't care about privacy because they think that only criminals like drug dealers need privacy
-
strcat[m]
ultracard: apps can't share data or communicate across profiles regardless of what permissions you give them (other than via the network)
-
strcat[m]
that's what profiles are: isolated workspaces, with their own shared data (such as their own home directory, contacts, etc.) and apps can only communicate with mutual consent within a profile
-
strcat[m]
not across them
-
strcat[m]
and apps are installed separately within each profile
-
ultracard[m]
wow
-
ultracard[m]
impressive
-
ultracard[m]
amazing
-
ultracard[m]
thanks
-
ultracard[m]
i love that
-
ultracard[m]
so excited, gonna go ahead and install graphene os right now
-
strcat[m]
it's a separate installation of the app - although for efficiency the OS shares the actual apk installation across them (so updating an app in one profile updates it for all profiles - which is safe due to the OS pinning signing keys and preventing downgrades for apps in general)
-
strcat[m]
this is just how user profiles work in AOSP
-
dazinism
ultracard: it can keep running in a different profile, but will only have access to data from that profile.
-
zugzwang[m]
I read that even vpn on 2nd profile works well
-
strcat[m]
although many OEM forks of AOSP disable user profiles
-
strcat[m]
ultracard: we enable a non-standard AOSP feature which is being able to explicitly logout of profiles
-
strcat[m]
ultracard: each profile has a separate disk encryption key based on the authentication method of that profile
-
strcat[m]
and when you logout of a profile it becomes fully at rest as if you rebooted (for that profile)
-
dazinism
You can log out of the profile and that will shut it down. If you are in a different profile, you wont get notifications from it.
-
strcat[m]
can't logout of the main "Owner" profile since it handles things other profiles require (to do that, you reboot)
-
ultracard[m]
wow, omg i love graphene
-
ultracard[m]
<dazinism "You can log out of the profile a"> nice, wouldn't want notifications from whatsapp anyways
-
strcat[m]
the only things we change about user profiles from AOSP are increasing the limit from 4 to 16 and enabling logout
-
strcat[m]
logout plays really well with how per-profile encryption works
-
strcat[m]
and AOSP supports properly purging keys from hardware / memory now
-
strcat[m]
(hardware as in the CPU crypto acceleration registers etc)
-
zugzwang[m]
<strcat[m] "logout plays really well with ho"> If i remember correctly you couldnt log out of profile on android 10?
-
strcat[m]
zugzwang: logout is a feature we enabled downstream
-
strcat[m]
zugzwang: AOSP 11 doesn't have a logout option except for device managers that enable it
-
ultracard[m]
so i do not have to worry about whatsapp collecting or using my data (except for the data it collects when i'm using the app) while i am logged into a different user where whatsapp is not installed?
-
strcat[m]
we just set it to be available as a standard UI feature without needing a device manager - really minimal change
-
strcat[m]
ultracard: you don't have to worry about it other than CPU timing side channel attacks, etc.
-
strcat[m]
which I'm sure it doesn't do
-
ultracard[m]
<strcat[m] "we just set it to be available a"> cool, because on Lineage OS (at least LineageOS 16) that feature is missing
-
strcat[m]
just put it in a dedicated profile and if you don't want it running, logout of that profile
-
strcat[m]
you can leave it running in the background while you use another profile and the profiles are isolated
-
ultracard[m]
<strcat[m] "ultracard: you don't have to wor"> nice, yeah, if whatsapp did something that nefarious and someone would find out they'd be sued to the moon.
-
strcat[m]
and profiles that are in the background can't do stuff like recording audio (apps can't record audio in the background anyway)
-
strcat[m]
(but there's a separate restriction on profiles as a whole not being able to do that)
-
ultracard[m]
<strcat[m] "you can leave it running in the "> if the app running in the background cannot collect data from another users account i don't mind
-
zugzwang[m]
If i use orbot always on block other traffic on 2nd profile. will that effect main profile?
-
strcat[m]
yeah it can't do that, user profiles are isolated
-
dazinism
-
strcat[m]
zugzwang: the network connection is shared across profiles essentially
-
zugzwang[m]
I searchef on here but its broken threads as element wont show full conversations
-
ultracard[m]
except for: if whatsapp can scan for nearby wifi networks in the background that would mean that it can track my location, and i wouldn't want mister zuckerman to know my location
-
dazinism
Not sure exactly how having apps is a secndary, backgrounded profile would effect all those
-
strcat[m]
ultracard: apps can't see Wi-Fi, Bluetooth, cell towers, etc. unless you grant them Location access
-
strcat[m]
so if you don't want them tracking location, don't grant Location
-
strcat[m]
Location covers seeing nearby Wi-Fi networks, cell towers and scanning for Bluetooth devices, along with using supplementary location services (which we don't have) not just GPS
-
strcat[m]
and anyway the "GPS" is really GNSS
-
ultracard[m]
<dazinism "ultracard: heres info about what"> thanks, sounds interesting
-
dazinism
-
zugzwang[m]
<strcat[m] "ultracard: apps can't see Wi-Fi,"> Is it the same on ios?
-
ultracard[m]
<strcat[m] "so if you don't want them tracki"> really? I thought google was purposefully misleading users by allowing them to disable location services but not telling them that the app can still find out where they are using wifi/bluetooth
-
strcat[m]
ultracard: that's not accurate
-
dazinism
strcat: Do you know if apps in secondary profiles have device encrypted components if they would be active before logging into a secondary user?
-
strcat[m]
and we don't have Play services anyway
-
strcat[m]
but that is not accurate about Play services
-
dazinism
logically sounds plausible
-
Dylanger[m]
<strcat[m] "and anyway the "GPS" is really G"> Iirc GPS is within the modem on Qualcomm devices MPSS
-
ultracard[m]
<strcat[m] "ultracard: that's not accurate"> wow, I'm impressed. thanks. didn't think that google would ever surprise me in a positive way regarding privacy
-
dazinism
Dont think many apps have device encrypted components though.
-
dazinism
Anyone know any apps that do?
-
strcat[m]
dazinism: I don't really think secondary profiles can use direct boot because they are inactive
-
strcat[m]
dazinism: if you switch to them, before you have unlocked
-
strcat[m]
that's the only time they would be active
-
strcat[m]
so sure it can work in that case
-
strcat[m]
switch to them to make them active and don't actually login
-
strcat[m]
dazinism: not really sure secondary users support it that way though
-
strcat[m]
they might become active after login
-
strcat[m]
you'd need to test
-
strcat[m]
I've never had a reason to look at that
-
dazinism
Fair. Don't know of any apps that I could test with.
-
dazinism
Its unusual for apps to use direct boot.
-
clox[m]
Hi, is it good to reboot my grapheneOS ones a day? Or it do not make a different?
-
ultracard[m]
thanks guys, realizing that i can still have privacy even when i'm using whatsapp made me smile because it makes me feel like we're not yet completely living in a technological dystopy
-
dazinism
clox: yeah its useful. A reboot has kernal & system checked by verified boot and reloaded.
-
ultracard[m]
which factory image should i use for my pixel 4a? there is one with OTA and one without
-
Uberarchangel
Hi peoples. So i bought a 5 I needed the IPX rating instead of 4a from the specs the hardware looks extremely similar to 4a would sunfish work on the 5
-
dazinism
ultracard: ota is an update
-
ultracard[m]
<ultracard[m] "which factory image should i use"> does that mean that the one version of graphene OS does have OTA updates and the other one doesn't or is the zip file wich OTA in it's name an additional file i need to flash if i want to have tha ability to get over the air updates
-
ultracard[m]
> <@ultracard:matrix.org> which factory image should i use for my pixel 4a? there is one with OTA and one without
-
ultracard[m]
* does that mean that the one version of graphene OS does have OTA updates and the other one doesn't or is the zip file with OTA in it's name an additional file i need to flash if i want to have tha ability to get over the air updates
-
clox[m]
<dazinism "clox: yeah its useful. A reboot "> Thx, dazinism
-
ultracard[m]
<Uberarchangel "Hi peoples. So i bought a 5 I ne"> I'm not a developer, but flashing it on the 5 shouldn't work
-
ultracard[m]
it has different hardware
-
anupritaisno1[m]
<Uberarchangel "Hi peoples. So i bought a 5 I ne"> No it will not
-
anupritaisno1[m]
Do not flash a factory image not meant for your device
-
dazinism
Use the OTA files to update if GrapheneOS os already installed
-
ultracard[m]
<Uberarchangel "Hi peoples. So i bought a 5 I ne"> you could brick your phone in the process. wait until there's an official release of graphene OS for the pixel6
-
Uberarchangel
That is why I came and asked thank you.
-
ultracard[m]
> <@freenode_Uberarchangel:matrix.org> Hi peoples. So i bought a 5 I needed the IPX rating instead of 4a from the specs the hardware looks extremely similar to 4a would sunfish work on the 5
-
ultracard[m]
* you could brick your phone in the process. wait until there's an official release of graphene OS for the pixel5
-
ultracard[m]
<dazinism "Use the OTA files to update if G"> but I thought that OTA meant "Over The Air" updates, meaning that i don't have to manually download a file to update my phone
-
dazinism
Its the same file as is served OTA. Just can download and sideload onto device if for some reason you don't want to connect the device to network, or maybe grapheneos server
-
ultracard[m]
<dazinism "Its the same file as is served O"> OK, now i get it. Thanks dazinism. You're amazing
-
Uberarchangel
Are there any people looking into the pixel 5 even for alpha/beta.
-
dazinism
I didnt realise anyone had a 5 yet
-
anupritaisno1[m]
-
Uberarchangel
I don't not yet 5ht or 6th is my eta
-
dazinism
Actually, if you are up to date and going to the next update you will get a smaller delta OTA via seamless updater
-
Dylanger[m]
Is there any more tinkering aside from extracting libs and bins from vendor and cloning the kernel? For the 5
-
Uberarchangel
Hrmm that sounds like that could be a fun weekend project
-
dazinism
Porting all the grapheneos changes to the device.
-
dazinism
Sorting out SELinux policies
-
dazinism
Getting Auditor app to work with it
-
dazinism
Fixing any bugs uncovered
-
Dylanger[m]
I always thought Graphene itself was a GSI
-
Dylanger[m]
But I guess GMS embeds itself into vendor
-
dazinism
Then needs a maintainer/maintenance team to commit to looking after things for the device lifespan
-
anupritaisno1[m]
<Dylanger[m] "I always thought Graphene itself"> It isn't
-
anupritaisno1[m]
Grapheneos is compiled specifically for a given device
-
dazinism
Think most of this is still relevant / current
-
dazinism
-
Uberarchangel
I am still surprised there is that many hardware differences between the 4a and 5
-
dazinism
Think 4a5G shares more with the 5.
-
Uberarchangel
That is my bad that is what I meant
-
Uberarchangel
I would think those 2 could litterally run the same OS build
-
anupritaisno1[m]
No they can't
-
Uberarchangel
The 4a5g and 5 can't run the same build?
-
Uberarchangel
Alright I am going to go thank you for the information gus I will likely be back once I get my phone to talk more
-
Uberarchangel
guys*
-
anupritaisno1[m]
I'm like
-
anupritaisno1[m]
Fuck you're gonna be back?
-
strcat[m]
ultracard: you should follow
grapheneos.org/install and use the factory images not the OTA
-
strcat[m]
the OTA is just shown on the releases page for people who want it for some reason like sideloading it to recovery to update instead of updating via the automatic over-the-air updates
-
strcat[m]
the update client in the OS uses the incremental updates (unless you fall behind updates) anyway, not those massive full updates for updating from any past version
-
strcat[m]
we just don't bother listing those on the releases page
-
Dylanger[m]
Is it worth removing Widevine etc from firmware/NON-HLOSS
-
Dylanger[m]
Its still signed, but removing it could remove attack surface?
-
Dylanger[m]
It sucks you don't have MRC blown into these devices
-
prestocaso[m]
Anyone else having an issue with new pipe. Every video I select throws up a error report
-
strcat[m]
Dylanger: Widevine is in TEE which is largely legacy now that there's a proper secure element
-
anupritaisno1[m]
<prestocaso[m] "Anyone else having an issue with"> Known issue. Everyone is affected
-
strcat[m]
Dylanger: so sure with custom hardware wouldn't include it but wouldn't really change anything
-
strcat[m]
Dylanger: we can just finish removing support for it in the OS
-
strcat[m]
doesn't matter
-
anupritaisno1[m]
[strcat](
matrix.to/#/@strcat:matrix.org) so I can't watch Netflix on grapheneos phone, sad
-
anupritaisno1[m]
Sarcasm ^
-
strcat[m]
I doubt you can anyway
-
strcat[m]
I assume their app depends on Play Services and that they try to prevent using a web browser on mobile
-
anupritaisno1[m]
<strcat[m] "I assume their app depends on Pl"> It works
-
strcat[m]
the app?
-
anupritaisno1[m]
It'll use DRM on vanadium in the browser
-
strcat[m]
ah didn't realize they supported it
-
strcat[m]
Vanadium (Chromium) just delegates to the OS
-
anupritaisno1[m]
* It'll use DRM on vanadium so it does work in the browser
-
strcat[m]
the DRM doesn't really do anything
-
strcat[m]
I don't really understand how it's supposed to stop anything
-
anupritaisno1[m]
<strcat[m] "Vanadium (Chromium) just delegat"> Glassrom doesn't do DRM. Remember a few months ago I gave you a crash log on how vanadium on glassrom crashed on Netflix because it couldn't find any DRM HALs on the device?
-
strcat[m]
ah yeah
-
strcat[m]
we need to properly disable it
-
strcat[m]
not remove the generic HAL
-
strcat[m]
we need to remove the widevine implementation not the generic HAL
-
anupritaisno1[m]
Yeah
-
strcat[m]
anyway atm we don't remove per-device functionality like that
-
strcat[m]
we just don't include stuff in product like nasty Sprint stuff
-
strcat[m]
we include all of the SoC vendor components
-
strcat[m]
and widevine is basically part of that
-
anupritaisno1[m]
BTW widevine is not just one blob
-
strcat[m]
I know
-
anupritaisno1[m]
There's other HALs that get the keys from the hardware and give it to widevine
-
anupritaisno1[m]
And there's clearkey too
-
anupritaisno1[m]
And there's also a huge amount of sepolicy that will have to go out
-
anupritaisno1[m]
Remember how our isolated app updates in device trees are mostly DRM HAL?
-
strcat[m]
the sepolicy doesn't really have to be removed if there is nothing set up that can use it
-
strcat[m]
anupritaisno1: I don't think any Pixels support clearkey just widevine
-
-
anupritaisno1[m]
DRM info app on pixel 4
-
-
anupritaisno1[m]
Here's what it'd look like on glassrom
-
Dylanger[m]
Has anyone done any side channel fun with Titan M?
-
Dylanger[m]
I think it's time to blast some EM at it
-
Dylanger[m]
<strcat[m] "anyway atm we don't remove per-d"> Wish you guys at MRC, you'd be able to make changes to ABL and XBL
-
Dylanger[m]
* Wish you guys had MRC, you'd be able to make changes to ABL and XBL
-
strcat[m]
anupritaisno1: ah so clearkey is just like a fake testing DRM?
-
strcat[m]
didn't realize that
-
strcat[m]
-
strcat[m]
yeah
-
ultracard[m]
hey guys, just installed graphen OS on my google pixel 4a, and it worked. It's still a bit buggy, sometimes i have to tap on an application multiple times to open it, but i guess that's to be expected when installing a rom which is stilll "experimental"
-
strcat[m]
you shouldn't ever have to tap multiple times to open something
-
strcat[m]
unknown: also make sure to lock it
-
mx[m]
Hi I am trying to install on pixel 3a i unlocked but cant execute ./flash-all.sh
-
mx[m]
I'm on linux mint
-
ultracard[m]
<strcat[m] "unknown: also make sure to lock "> sure, did that
-
ultracard[m]
<mx[m] "Hi I am trying to install on pix"> had the same problem
-
strcat[m]
probably don't have udev rules to run it as a non-privileged user
-
ultracard[m]
my problem was that i was using "sudo ./flash-all.sh"
-
ultracard[m]
but if you use sudo, your path variable will be different
-
mx[m]
i did with sudo
-
ultracard[m]
nice
-
ultracard[m]
than we know what the issue was
-
ultracard[m]
try without sudo
-
ultracard[m]
i also wanted to do it with sudo because i thought that would be safer
-
ultracard[m]
but it only works without sudo
-
strcat[m]
mx: that won't work if you don't have fastboot accessible there
-
strcat[m]
ultracard: using sudo without arguments runs stuff as root...
-
strcat[m]
ultracard: opposite of safer
-
strcat[m]
although there is no real distinction between a user with access to sudo as root, and root
-
mx[m]
I'm on fastboot mode with unlocked state
-
strcat[m]
mx: you need to follow
grapheneos.org/install as it's written there - you can't run flash-all.sh with sudo part of the way through the process
-
strcat[m]
if you want to run it as root (rather than getting proper udev rules) you need to do the whole thing that way
-
strcat[m]
so you have fastboot there
-
mx[m]
yes
-
mx[m]
i did step by step
-
mx[m]
including verification
-
mx[m]
how to check communication between device and terminal
-
mx[m]
?
-
mx[m]
I have < waiting for any device> message
-
saucy-salamander
mx what OS are you using to install? That sounds like you are not running as root or you haven't set up the udev rules
-
saucy-salamander
OK saw you are on Linux Mint
-
mx[m]
stable for 3a sargo-factory-2020.10.23.04
-
saucy-salamander
I would just become root (sudo -i) and do the entire process again
-
saucy-salamander
So instead of using sudo, do it as root
-
mx[m]
OK I will try
-
mx[m]
just go into folder and do ./flash-all.sh ?
-
mx[m]
or start from fastboot flashing unlock ?
-
mx[m]
it is unlocked anyway
-
saucy-salamander
<mx[m] "I have < waiting for any device>"> What were you doing when you got this message? Start from there
-
mx[m]
I'm in root now in sargo-factory-2020.10.23.04 and I will try ./flash-all.sh
-
coffeebag[m]
which messages you get on your mobile phone screen ?
-
mx[m]
same issue stop on < waiting for any device>
-
mx[m]
no massage, just fastboot mode
-
mx[m]
massage is in terminal
-
coffeebag[m]
you should unlock the bootloader
-
mx[m]
I did already, do this again?
-
mx[m]
i did fastboot flashing unlock and have same massage again
-
mx[m]
< waiting for any device>
-
coffeebag[m]
come private
-
coffeebag[m]
i pm you
-
anupritaisno1[m]
<coffeebag[m] "come private"> Lewd
-
Dylanger[m]
Does Graphene change any of the modem's NV?
-
Dylanger[m]
Also does anyone know if GCam on the Pixel 4 is actually using the Visual Core and not cdsp?
-
Dylanger[m]
`vendor/firmware/CAMERA_ICP.elf` has a REX section
-
-
Dylanger[m]
Firmware for the Visual Core?
-
Dylanger[m]
If I want to change the default font, can I just change the `frameworks/base/data/fonts/fonts.xml` file?
-
-
Dylanger[m]
Just change this?
-
BeingFrey[m]
Hello Good GrapheneOS folks! =) I am desparately trying to find a Google Maps equivalent. I've tried OSM and MagicEarth apps but they are not terribly user-friendly. Suggestions?
-
prestocaso[m]
BeingFrey: F-droid provides osmand+ for free which adds a few things
-
BeingFrey[m]
<prestocaso[m] "BeingFrey: F-droid provides osma"> Ha.. you're in many rooms/groups I see.
-
BeingFrey[m]
Thanks again! =)
-
BeingFrey[m]
Which custom ROM do you use?
-
prestocaso[m]
No problem the aurora store within fdroid should allow you the install google maps go as well
-
BeingFrey[m]
<prestocaso[m] "No problem the aurora store with"> On GrapheneOS?
-
mx[m]
Thanks coffeebag. I am on the board with GrapheneOS.
-
prestocaso[m]
BeingFrey: graphene at the moment but I've used both
-
BeingFrey[m]
<prestocaso[m] "BeingFrey: graphene at the momen"> And your preference?
-
coffeebag[m]
np
-
coffeebag[m]
!
-
prestocaso[m]
BeingFrey: for my use case Graphene, but considering what you will need it may be different
-
BeingFrey[m]
<prestocaso[m] " BeingFrey: for my use case Grap"> Google Maps is extremely hard to beat.
-
BeingFrey[m]
<BeingFrey[m] "Google Maps is extremely hard to"> And when you NEED IT, you NEED IT!
-
prestocaso[m]
BeingFrey: it is yeah they've clearly put the time into making it unbeatable
-
coffeebag[m]
What about CityMapper ?
-
coffeebag[m]
depends off your needs but it's a great app when you live in big cities
-
BeingFrey[m]
<coffeebag[m] "What about CityMapper ?"> Never hear of it but will certainly look into it. Thanks! =)
-
mx[m]
<BeingFrey[m] "And when you NEED IT, you NEED I"> You need a second phone for G Maps
-
prestocaso[m]
Not familiar but I'll look into it
-
coffeebag[m]
CityMapper is really strong for public transport, wayyyy better for google map on this point
-
prestocaso[m]
I have been able to use g maps go in graphene
-
coffeebag[m]
but i never try it on small towns / on the road
-
prestocaso[m]
It works through your browser
-
BeingFrey[m]
<prestocaso[m] "It works through your browser"> How "private, secure" is it using Google Maps via the browser on GrapheneOS?
-
BeingFrey[m]
Are you compromising?
-
prestocaso[m]
It doesn't require me to log in
-
BeingFrey[m]
Hmm
-
BeingFrey[m]
Interesting.. I'll look into it.
-
BeingFrey[m]
Thanks!
-
BeingFrey[m]
I appreciate all of your insight, feedback and suggestions folks! Unfortunately, I need to leave now for an appointment! All the best to you!
-
BeingFrey[m]
Bye for now
-