-
r0tt0r[m]
like fe. i have to use whatsapp due friends group but i only want whatsapp connecting through running vpn. in case i stop the vpn whatsapp would connect directly through wifi
-
strcat[m]
-
strcat[m]
enable always-on VPN + block connections not going through the VPN
-
strcat[m]
and then use the VPN's own configuration to have certain apps bypass it that you want to bypass it
-
r0tt0r[m]
ye thats what im doing currently
-
yzrhjocizuwkjlqo
strcat: With all respect, that you don't want to share anything about your personal life.
-
yzrhjocizuwkjlqo
May I ask what kind of education you got? Are you autodidact in all this knowledge about IT-security or have you read something like Computer Science?
-
strcat[m]
r0tt0r: but, as explained above, you are likely going to have leaks if you try to do this kind of thing
-
strcat[m]
instead of having a VPN for the profile as a whole
-
strcat[m]
r0tt0r: I do not recommend using a VPN on a case-by-case basis, the recommendation is to use it for the whole profile
-
Remu[m]
<strcat[m] "and then use the VPN's own confi"> For some reason, it does not do that on vpn like mullvad, when block connections not going through the vpn (aka split tunneling), which is a good way to block direct network access (but is redundant when you can just deny network permission)
-
strcat[m]
otherwise you're responsible for reviewing code, manifests, etc. and making sure you aren't opening up leaks
-
strcat[m]
for example if you permit DownloadManager to bypass the VPN, then of course apps with INTERNET can bypass the VPN via DownloadManager
-
strcat[m]
but the same thing applies to third party apps providing APIs to other apps that they can use for internet access
-
-
strcat[m]
recommendation: don't use a VPN on a case-by-case basis if you're using it for privacy reasons, use it for the whole profile
-
-
-
Remu[m]
Makes me chuckle for a second there
-
grayhatter
ahh matrix... the application that makes IRC depend on an html browser
-
yzrhjocizuwkjlqo
<madaidan[m] "> <@yzrhjocizuwkjlqocf:matrix.or"> That actually sounds plausible
-
madaidan[m]
* I choose to believe he came out of the womb with omniscience.
-
strcat[m]
yzrhjocizuwkjlqocf: I'm self-educated, I learned programming, computer science, infosec, etc. on my own
-
Remu[m]
<r0tt0r[m] "on resurrection rom i think i sa"> Anyways, had tested these in the past, and can vouch that INTERNET permission is more robust on at least preventing some ipc/intent gated by the same permission
-
yzrhjocizuwkjlqo
<strcat[m] "yzrhjocizuwkjlqocf: I'm self-edu"> That's impressive. I know a lot of people are self-educated in IT. But your knowledge on the field is... Enormous
-
Remu[m]
<strcat[m] "yzrhjocizuwkjlqocf: I'm self-edu"> Interesting, no formal education or degree about it
-
Remu[m]
?
-
TheJollyRoger
He's THE mighty strcat ^_^.
-
renlord[m]
strcat can write `strcat` implementation in ASM with his eyes closed
-
renlord[m]
severity and the ease of exploitation
-
madaidan[m]
<renlord[m] "strcat can write `strcat` implem"> Is this the GrapheneOS team's form of hazing?
-
renlord[m]
pretty tough bar to meet to join the grapheneos team
-
renlord[m]
anyways, if people thought its true, its a joke.
-
TheJollyRoger
Heh.
-
anupritaisno1[m]
<renlord[m] "strcat can write `strcat` implem"> What's so difficult about that?
-
Knull[m]
I keep trying to hype myself to learn c#, but I can't drag myself through it. I need 1 on 1.
-
TheJollyRoger
ultracard[m]: There is a writeup of weaver. I will fetch it for you later.
-
renlord[m]
i wouldnt even know how to start
-
TheJollyRoger
(This should explain one of the things the Titan chip can do)
-
-
anupritaisno1[m]
I'm not going to finish it though
-
anupritaisno1[m]
But something like that renlord
-
renlord[m]
can you do armv8 also?
-
anupritaisno1[m]
Kind of
-
anupritaisno1[m]
I'd have to use ldr there iirc
-
anupritaisno1[m]
It would be a lot more complex though
-
anupritaisno1[m]
Remember this, you can immediate to memory, immediate to register, register to register and memory to register on x86
-
renlord
Knull[m]: can get x86 asm lessons from anupritaisno1[m]
-
anupritaisno1[m]
Assume data is in memory
-
anupritaisno1[m]
Now figure out a way to do memory to memory
-
renlord
if you can write asm, no need to bother with any programming languages or their respective toolchains
-
anupritaisno1[m]
You can use movsb btw
-
strcat
#grapheneos-offtopic for all this stuff please
-
pebble2hr[m]
I'm on popOS (Ubuntu based) I've the the bootloader unlocked. "Sudo ./fastboot flash flash-all.sh" returns with "unknow partition 'flash-all.sh' fastboot error cannot determine image filename for 'flash-all.sh'. Everything else has gone smoothly until now. This is only the second phone I have ever flashed a custom ROM.
-
strcat[m]
pebble2hr: follow the official instructions at
grapheneos.org/install exactly as they're written
-
strcat[m]
at no point do you use `fastboot flash` in the official instructions
-
strcat[m]
and you also shouldn't be referencing it as `./fastboot`
-
strcat[m]
just start over using the official installation instructions
-
TheJollyRoger
Yeah, if you type "sudo ./fastboot" that's telling the computer "substitute user, then use fastboot in this directory with these arguments." It doesn't mean what you want.
-
strcat[m]
we don't provide support for other ways of performing the installation
-
strcat[m]
if your OS does not have working udev rules allowing fastboot to be used without root, follow the instructions as a whole as root
-
strcat[m]
don't try to just work around it for specific commands
-
strcat[m]
we can't provide lessons on using the CLI here
-
strcat[m]
need to follow the instructions exactly as written on the site, no omissions or changes aside from putting the right device name and release version
-
pebble2hr[m]
Gotcha. Starting over correctly. Thank you.
-
pebble2hr[m]
Got it. Thank you!
-
TheJollyRoger
Great!
-
TheJollyRoger
Welcome aboard the ship!
-
njha[m]
So I'm trying to run StreetComplete and I'm getting a memory management issue
-
njha[m]
-
njha[m]
Is there anything I can do to try to get it to run?
-
Dylanger[m]
Is there a reason this room is still at v1?
-
Reimu[m]
<Dylanger[m] "Is there a reason this room is s"> irc bridging
-
Dylanger[m]
Hm, okay
-
Reimu[m]
And probably logging too, as the offtopic is bridged but at v5
-
njha[m]
agh this is probably a really obscure issue
-
njha[m]
how do you debug java that calls C++ that calls java
-
adeus[m]
Which camera app people are recommending the default one is super buggy ?
-
TAsn
<dazinism "TAsn (EteSync): I think folks wo"> Yeah, that's a great idea, thanks! I've been talking with the Replicant people about writing an encrypted backup agent because I've never heard about seedvault before.
-
Reimu[m]
<adeus[m] "Which camera app people are reco"> None
-
TheJollyRoger
adeus[m]: you can try OpenCamera if you like. If you have Pixel Visual Core, turn on the Camera2 API, it will give you very good results compared to software-only HDR.
-
TheJollyRoger
The software-only HDR often has its colours come out oversaturated and sometimes its lines are a little bit blurry. This often doesn't look so bad when you're viewing it on a tiny 6" screen, but it will make a big difference when you view it on a large monitor later.
-
Reimu[m]
<TheJollyRoger "adeus: you can try OpenCamera if"> It has not been updated for months, and still uses legacy storage access. It works and is enough for what it can do, but it's far cry from being recommended (at least on android 11 privacy/security standards)
-
Reimu[m]
Maybe give it a year and some good alternatives to gcam will appear with updated APIs, gcam is still not a good choice due to needing a debug apk for it to work, along with it exposing an unnecessary attack surface
-
Reimu[m]
<TheJollyRoger "The software-only HDR often has "> For camera quality, I agree.
-
TheJollyRoger
Reimu[m]: ah, crud, so I see. >_<.
-
TheJollyRoger
Thanks for the heads-up!
-
adeus[m]
Thanks for answers re camera
-
aokiepokie[m]
<Reimu[m] "It has not been updated for mont"> What do you mean legacy storage açcess and what is implications?
-
gaurdog[m]
hello
-
gaurdog[m]
so im currently at the flash-all portion of the install but the .bat isn't executing at all, double click and a closed window
-
gaurdog[m]
update, now its telling me my flashboot is too old, even though it's the latest one from sdk
-
-
Reimu[m]
It's a reason they implemented scoped storage on Android 11
-
gaurdog[m]
could my issue be due to me updating to android 11?
-
Reimu[m]
Check which fastboot
-
Reimu[m]
Maybe it's loading an installed fastboot somewhere else
-
-
gaurdog[m]
thats all its giving me
-
-
gaurdog[m]
i'm fairly new to all this so im just going off what two videos and a couple reddit threads
-
Reimu[m]
Ah, you should have followed the offical guide in website, and nothing else, as recommended by devs here: grapheneos.org/install
-
gaurdog[m]
That's what I did
-
Reimu[m]
Welp, try going back to step one, set the $PATH, $env, and assuming you have the platform-tools folder, $device-build-number folder in the same directory, then execute {./}flash-all.{sh/bat} on terminal/powershell
-
gaurdog[m]
redoing that now
-
r0tt0r[m]
strcat: my first ever pull request send, pls dont be too tough with a pull virgin
-
vorletzter[m]
Hey folks, im playing around with GrapheneOS. Very nicley done. Two Questions though. (How) Can i add an eSIM? And is there any known way to add an Exchange Accounts?
-
dar_gomml[m]
<vorletzter[m] "Hey folks, im playing around wit"> no e-sim support; outlook app works with exchange accounts.
-
dar_gomml[m]
(there may be other apps too that work with exchange)
-
vorletzter[m]
allrighty, thanks. Thats what i feard. I need eSIM though. Any Chance that this is comming soon-ish? Is this an Graphene or AOSP Issue?
-
Reimu[m]
<r0tt0r[m] "strcat: my first ever pull reque"> You forgot 3xl
-
Reimu[m]
Oh, it was a comment line
-
M4h9xo21pj[m]
strcat: strcat Hi strcat Are you a moderator on GrapheneOS? I am new to the channel
-
Reimu[m]
<vorletzter[m] "Hey folks, im playing around wit"> esim is gms dependent as of now apparently
-
dar_gomml[m]
<vorletzter[m] "allrighty, thanks. Thats what i "> not that i know ..
-
golli[m]2
With the 4a 5G, are there options to disable things like 2G and 5G? Or is it all or nothing?
-
nscnt
golli[m]2: You may already choose your preferred network type. That's nothing new. Settings > Network & internet > Mobile network > Preferred network type
-
dar_gomml[m]
<golli[m]2 "With the 4a 5G, are there option"> device is not supported right now..
-
COVID-1984
What's the best way to get this on GOS? It is the only way that I can have in-browser page translation on GOS it seems (which I happen to need sometimes) -
blog.mozilla.org/addons/2020/09/29/…port-in-firefox-for-android-nightly
-
COVID-1984
^ basically says that Firefox nightly allows for desktop FF extensions instead of only "android" extensions.
-
golli[m]2
<nscnt "Golli: You may already choose yo"> Yes, but are you able to entirely disable specific network types?
-
golli[m]2
<dar_gomml[m] "device is not supported right no"> I'm aware that for now, it's not supported.
-
DC[m]
<BeingFrey[m] "Hello Good GrapheneOS folks! =) "> @freenode_DonaldBiden:matrix.org: BeingFrey Sygic
-
DC[m]
* @freenode_DonaldBiden:matrix.org: BeingFrey
-
DC[m]
Sygic
-
DC[m]
* @freenode_DonaldBiden:matrix.org: BeingFrey
-
DC[m]
Sygic
-
DC[m]
-
anon765[m]
G'day GrapheneOS folks I am a complete noob and have jumped headlong into this OS and love it so far. I have used the search bar but cant find any solutions to the Signal app sucking all my battery power. Is there a tutorial for a work around with this? Thanks for your support.
-
DC[m]
<adeus[m] "Which camera app people are reco"> You might want to try a Google Camera port and lock down Location and Network permissions.
-
Reimu[m]
It's an option, but not recommended, just like OpenCamera
-
Reimu[m]
-
Reimu[m]
"There are downsides to having this SELinux domain exposing a huge amount of attack surface for something that cannot be supported and is very likely to stop working."
-
Reimu[m]
Not only you are suggesting a gcam app that has already risks due to sepolicy access, you are suggesting a modded apk which content, authenticity and integrity of the code is not assured without decompiling the code. Might as well use OpenCamera even with full /home access on secondary user.
-
Reimu[m]
Still up to the user discretion whether to use that link or not, as the original gcam works anyways with gcamprovider debug apk
-
Reimu[m]
(Which is available in apkmirror)
-
Reimu[m]
Not meant to offend the user, just my point of view on the choices of camera app to be used on GrapheneOD
-
Reimu[m]
Not meant to offend, just my point of view on the choices of camera app to be used on GrapheneOS
-
Knull[m]
am i the only 1 who uses the default built-in camera that graphene comes with?
-
Knull[m]
ive had no prob with it. I press a button, it takes a picture.
-
Reimu[m]
<Knull[m] "ive had no prob with it. I press"> It is actually has an alright quality in hardware itself already
-
Reimu[m]
<Knull[m] "am i the only 1 who uses the def"> I don't have problem with it as well.
-
Reimu[m]
Is it peculiar that I don't use my phone that much for photography? Or is it the usual selling value of Pixels outside GrapheneOS?
-
alzxjm[m]
The right way to use your phone is: however you want.
-
Reimu[m]
casual picture quality is pretty alright on built in cam plus you'll have to trust the OS and its components anyways (which include system apps)
-
Reimu[m]
<alzxjm[m] "The right way to use your phone "> Yeah
-
alzxjm[m]
I really like taking great photos, so I use Google Camera most days.
-
Reimu[m]
No problem with it, better off knowing the tradeoff and risks
-
Reimu[m]
Apkmirror usually gets the apk as-is from Google Play, right?
-
Knull[m]
🤯 google?
-
alzxjm[m]
Reimu: I believe so.
-
Reimu[m]
<Knull[m] "🤯 google?"> Hate to say this but, there is no good foss keyboard for other languages
-
alzxjm[m]
I used `adb pull` to get the APK off my stock Pixel and installed that on GrapheneOS.
-
alzxjm[m]
I've always been able to update the Google Camera app using APKMirror, which as I understand it means it's the same app (same signing signature) and thus it's safe.
-
alzxjm[m]
* I've always been able to update the Google Camera app using APKMirror, which as I understand it means it's the same app (same signature) and thus it's safe.
-
Reimu[m]
As much as I don't want anything to do with Google, there is no keyboard for the language I need in AOSP keyboard
-
Reimu[m]
(And its foss equivalent/component is pretty much abandoned/unstable)
-
Reimu[m]
<alzxjm[m] "I've always been able to update "> The signatures and hashes will tell
-
alzxjm[m]
It seems...kinda unlikely that Google is spying on your keyboard? I mean I guess you can't really rule it out but it seems fairly safe to use it on GrapheneOS with Network denied. I dunno. I'm not an expert.
-
alzxjm[m]
Google has so many easier ways to collect data from its users.
-
-
Reimu[m]
<alzxjm[m] "Google has so many easier ways t"> This I agree, but it does not affect that stand of minimizing Google apps
-
-
alzxjm[m]
I usually use the GrapheneOS keyboard but sometimes I need to gesture type so I keep it installed.
-
alzxjm[m]
gboard, that is.
-
Reimu[m]
check*
-
Reimu[m]
Does not matter that much, to be honest, if it's on secondary users, as "profiles" is within a user anyways
-
Reimu[m]
<alzxjm[m] "I usually use the GrapheneOS key"> It still is a great keyboard app, and even if you use foss, you'll still have to trust the app and its code anyways
-
nscnt
golli[m]2: On my Pixel 3a I can choose 4G, 4G only, 3G, 2G. I think it's just a matter of what AOSP chooses to show the user. I guess the underlying APIs should be there and it's just a matter of what gets implemented.
-
Reimu[m]
<nscnt "Golli: On my Pixel 3a I can choo"> And even then, Pixel 4a 5G has no maintainer to bringup it to GrapheneOS
-
Reimu[m]
Needs new configuration for 5G only soon
-
Knull[m]
everything about 5G is bad for privacy, right? Only option is to disable?
-
Reimu[m]
Nevermind 5G, SIMs in general is bad for privacy and security
-
Reimu[m]
<Knull[m] "everything about 5G is bad for p"> But it makes things worse for cellular traingulation
-
Reimu[m]
<Reimu[m] "Nevermind 5G, SIMs in general is"> Not using SIM is not for everybody
-
Knull[m]
is there a good voip to use without needing a phone number to sign up? Everything voip that i look into, i'm very uncertain about.
-
Knull[m]
i'd think with that, no sim - no problem
-
Knull[m]
not to mention, most of them seem tailored to businesses. Not some guy's cell phone.
-
Reimu[m]
<Knull[m] "not to mention, most of them see"> Yeah, like Twilio
-
Reimu[m]
Answered in offtopic, but tldr: there is not much I know of, maybe try TextNow?
-
dazinism
Knull: check out jmp.chat
-
Knull[m]
<dazinism "Knull: check out jmp.chat"> yea that one got mentioned. We picked up in off-topic. I'm just reading up on this jabber business, new to me.
-
golli[m]2
<Reimu[m] "And even then, Pixel 4a 5G has n"> Yeah, I'm currently aware of it. I mean, the phone just recently came out so I've got to give it some time.
-
dar_gomml[m]
4a has a headphone jack too
-
malicoye[m]
I have 5 headphones, 1 have headphone jack
-
malicoye[m]
I would take wifi charging over headphone jack from the 70s every day
-
golli[m]2
<dar_gomml[m] "4a has a headphone jack too"> Yes, but I come from the Galaxy line of phones. I need the screen space 😢
-
ultracard[m]
<nscnt "You're on a right track that you"> thanks :)
-
TheJollyRoger
ultracard[m]: oh yeah. You asked about the Titan security chip a bit back, did you? I've got a bit of a moment now to discuss it.
-
TheJollyRoger
Indeed, the Titan chip can bolster the security of a short pincode, if you decide to set a short pin code, by enforcing a timeout between attempts at guessing the pincode. After 50 attempts, the Titan will start doubling the timeout to a maximum of 1 day at 150 attempts (which will take roughly 2 weeks) so to completely exhaust the keyspace of a 4-digit pincode will take roughly 650 years. If
-
TheJollyRoger
you choose to make a longer passphrase, GrapheneOS will also allow that.
-
TheJollyRoger
It does many other things, not just disk encryption, but this is one of the big draws.
-
TheJollyRoger
Google realized that not many people will enter EFF diceware passphrases onto their phones, this is their way of protecting users who have an expectation of security on their phones with a 4-digit unlock code.
-
renex
about vanadium, is there a way to have it delete cookies and other info like that when one quits the app?
-
TheJollyRoger
You can launch in Incognito, that's probably the easiest way to do it.
-
renex
no quit (and delete cookies) option like firefox has?
-
TheJollyRoger
I don't see one.
-
TheJollyRoger
There is a context menu for Vanadium though, you can simply choose "Launch Incognito" every time and get into that habit.
-
TheJollyRoger
**There is a tap-and-hold context menu
-
TheJollyRoger
You can definitely submit the option in as a pull request to the Vanadium patch set though, if you can patch it in.
-
renex
sorry, haven't done any coding for android, it would likely take quite a while
-
TheJollyRoger
Neither have I, I'd like to someday though!
-
TheJollyRoger
One thing to aspire to!
-
strcat[m]
Reimu: a modded Google Camera won't have a valid signature matching the SELinux profile so it won't be able to access the DSP and Visual/Neural Core
-
strcat[m]
so it would be software only
-
renex
another question about vanadium, how does one keep it up to date?
-
strcat[m]
updating the OS
-
renex
ah, so it's bundled into the OS
-
strcat[m]
renex: anything that comes with the OS is updated with the OS
-
strcat[m]
it is possible to install out-of-band updates to certain apps
-
TheJollyRoger
Yeah. I go and load Auditor whenever precompiled builds are available.
-
TheJollyRoger
Since they're already installed into the OS and their certificates are pinned they're going to be verified when I load them.
-
strcat[m]
the OS consists largely of apps and APEX components
-
strcat[m]
both of which support out-of-band updates
-
strcat[m]
we disable out-of-band APEX updates since they have the same release cycle as the OS and it makes no sense to use them for GrapheneOS (or any sane OS, really)
-
strcat[m]
don't really accomplish anything for the stock OS on Pixels
-
strcat[m]
they exist for devices not receiving proper updates
-
strcat[m]
same applies to a lot of the app components, although for the stock OS they bundle a lot of apps with their own release cycles
-
strcat[m]
we don't
-
strcat[m]
there are 3 apps where out-of-band updates make sense for GrapheneOS: Auditor, PDF Viewer, Vanadium
-
strcat[m]
so those apps are signed with their own keys used for the out-of-band releases too