SkewedZeppelin:
https://community.e.foundation/t/my-e-exit-interview/45687/6
Dec 2 21:43
🤔️
Dec 2 21:44
wj25czxj47bu6q:
> My threat model is less concerned about an individual hacker’s attacks, and more concerned with avoiding broadcasting information to google and governments.
> If governments really want to track my activities, they will find a way to do so
Dec 2 21:46
/e/ shills are next-level
Dec 2 21:47
SkewedZeppelin:
I think I wrote a decent response
Dec 2 21:58
wj25czxj47bu6q:
Is it just me, or did your response disappear?
Dec 2 22:02
Never mind
Tommy:
I still remember their e2ee claim
bro we have server side encryption so we cant access your files
and they didnt go back and correct it either
Dec 2 22:07
risen:
"We can't access your files, but somehow shared some peoples' files with other people by axident"
Dec 2 22:41
...
SkewedZeppelin:
thoughts on this? hxxps://goodphone.foundation/partners
Dec 4 00:27
this is deeper than just Simple Mobile Tools partnering with Secure Group
it is my understanding they always had "partners/resellers
but this seems like a different approach/target audience?
Dec 4 00:30
darhma:
I really have difficulty understanding how such phones can have a market...
Dec 4 00:35
jp:
some ppl don't have a PC to flash custom ROM
Dec 4 00:41
SkewedZeppelin:
there may be a market for phones that come out of the box with an alternative OS
but not when they're done in a imo questionable manner
and are 5 year old devices for not cheap prices
combined with bold claims
and still? no published source code despite saying they would
Dec 4 00:43
darhma:
> there may be a market for phones that come out of the box with an alternative OS
agree
> but not when they're done in a imo questionable manner
agree
Dec 4 00:45
> and are 5 year old devices for not cheap prices
> combined with bold claims
> and still? no published source code despite saying they would
In fact, I think these things only hurt the creation of an "alternative" market
Dec 4 00:47
matchboxbananasynergy!:
Oh man... is the Simple Phone and the Brax phone under the same umbrella?
Saddening.
Dec 4 00:48
Agreed that there is a market for phones that have alternative OSes pre-installed, but this is not it...
Nitrokey sells phones with GrapheneOS on it, but the price difference makes it hard to recommend when installing the OS takes 20 minutes at most
Dec 4 00:49
It would be better if they at least donated some of the profit back to the project, but to my knowledge, I don't think that's the case
Dec 4 00:50
...
SkewedZeppelin:
Pointing out issues counts as advertising I guess? https://community.e.foundation/t/my-e-exit-interview/45687/15?
and it takes 8 months of reorg to update the browser?
Dec 5 17:31
and also "please donate"
despite being a company
and completely ignored the comments on selling old phones
Dec 5 17:32
matchboxbananasynergy!:
Pretty weak and disappointing response from them
If a company cannot do what you can do as an individual, they seriously need to rethink their approach
Dec 5 17:45
Getting kinda tired of excuses from all these projects for being consistently unable to do the *bare minimum* like keeping things up to date
Dec 5 17:46
SkewedZeppelin:
"good security" https://www.youtube.com/watch?v=Aad2BuGudnE&t=12295s
Dec 5 18:54
Izumi Sena Sora:
> <@_xmpp_SkewedZeppelin=2fdivestos-mobile=40conference.konvers.me:matrix.org> "good security" https://www.youtube.com/watch?v=Aad2BuGudnE&t=12295s
Sorry! Noob here!... can you explain what do you mean by saying "good security"?
Curious to know!
Dec 5 20:05
risen:
> matchboxbananasynergy!:
> Getting kinda tired of excuses from all these projects for being consistently unable to do the *bare minimum* like keeping things up to date
Everyone makes excuses for what they neglect, including GrapheneOS. At least e fans haven't come here en mssse. SZ, maybe there should be a muc with a pro or semi pro mediator to host discussion among projects on neutral territory.
Dec 5 20:12
SkewedZeppelin:
> there should be a muc with a pro or semi pro mediator to host discussion among projects on neutral territory
I don't think this will happen
Dec 5 21:55
I'd love to see someone else doing accurate comparisons of all the projects and their pros/cons, but it won't happen
plus things like tracking versions shipping
I've mentioned that before
but it too is unlikely to happen
Dec 5 21:56
swan:
>Pointing out issues counts as advertising I guess? https://community.e.foundation/t/my-e-exit-interview/45687/15?
is it actually that hard to keep things up to date? or is this just negligence on their part (im not a developer)
Dec 5 23:02
you manage to handle all the updates for divest os project but then a bigger project like /e/ os can't handle it? doesnt make sense to me
Dec 5 23:04
arne:
They are just doing something wrong
Dec 5 23:43
strcat:
> <@_xmpp_risen=2fdivestos-mobile=40conference.konvers.me:matrix.org> > matchboxbananasynergy!:
> > Getting kinda tired of excuses from all these projects for being consistently unable to do the *bare minimum* like keeping things up to date
> Everyone makes excuses for what they neglect, including GrapheneOS. At least e fans haven't come here en mssse. SZ, maybe there should be a muc with a pro or semi pro mediator to host discussion among projects on neutral territory.
yet another case where you're attacking GrapheneOS with unsubstantiated claims and innuendo
Dec 6 01:10
let me know where GrapheneOS isn't very direct and clear about what we provide
if you're talking about updates, we're months ahead of the stock OS on kernel updates and now also Mali GPU driver updates
Mali GPU driver updates have a fair way to go to reach current release, but we already ship latest GKI LTS which follows kernel.org LTS closely
Dec 6 01:11
we've always updated the Chromium base code quickly in OS updates within ~24h-48h (for releases with security updates), but there is far more than that to update frequently such as the kernel LTS updates that's just as important
Dec 6 01:12
I know you tried to attack us previously for not shipping those out-of-band, which isn't done yet due to 1) being incompatible with current approach to important hardening, 2) needing special code to update Trichrome builds out of band which is currently being implemented as part of near highest priority work rewriting our app repository client (the goal of that specific code is to properly support atomic updates of GSF + Play services + Play Store for sandboxed Google Play, along with adding versioned dependency for them on the sandboxed Google Play compatibility layer)
Dec 6 01:13
they are shipped very quickly and that's not more important than OS updates needed just as frequently
Dec 6 01:14
currently we've done initial port to just released Android 13 QPR1 along with supporting the latest GKI LTS for 5.10.y (which is now on 5.10.152)
that's being tested / worked on atm
currently we've done initial port to just released Android 13 QPR1 (needed for full December update) along with supporting the latest GKI LTS for 5.10.y (which is now on 5.10.152)
and btw we shipped the December kernel updates a month early so that's already handled...
Dec 6 01:15
SkewedZeppelin:
hm
I think risen was moreso referring to dark mode than updates
Dec 6 01:16
meanwhile: https://community.e.foundation/t/my-e-exit-interview/45687/16
Dec 6 01:18
https://github.com/SimpleMobileTools/Simple-File-Manager/issues/656#issuecomment-1337329825
Dec 6 02:16
🙈️
mexe:
> <@_xmpp_SkewedZeppelin=2fdivestos-mobile=40conference.konvers.me:matrix.org> meanwhile: https://community.e.foundation/t/my-e-exit-interview/45687/16
YEAHH!!!
fuck em
Dec 6 09:25
"at the end of the day /e/ is a company actively selling devices/cloud services, it is their responsibility to keep their systems updated for their customers."
Dec 6 09:26
/e/ was such a sexy pitch but then you use the thing and it's just instead of having your balls held by google you get to give it to a random group of indians who don't even have their bases too covered but are already are trying to churn cash and integrate with your device like google does
Dec 6 09:28
Ellenor Bjornsdottir:
we're not here for a race bias, thanks.
Dec 6 09:37
... and it gets worse, but not including it ...
Ellenor Bjornsdottir:
I'm saving that one as a keepsake. Utter moron.
Dec 6 10:17
mexe:
> <@_xmpp_Ellenor=20Bjornsdottir=2fdivestos-mobile=40conference.konvers.me:matrix.org> I'm saving that one as a keepsake. Utter moron.
bring it to PMs, otherwise please drop it
Dec 6 10:25
Ellenor Bjornsdottir:
SkewedZeppelin: Consider publishing a terms of service document for your chat channels. It helps avoid situations like this if people know what is and isn't acceptable in terms of behaviors and outlooks.
SkewedZeppelin:
Holy shit
Please no personal attacks
No racism
No comparing to Hitler
Sto bickering
Keep it fucking civil
Dec 6 11:45
Ellenor Bjornsdottir:
No one was compared to Hitler.
SkewedZeppelin:
And ftr many of the /e/ devs are French, so that is just misinformation too
Dec 6 11:47
risen:
I couldn't get a list of unanswered questions on Gos forums in two seconds like at e's, but looked to be similar high number. Offtopic tag is used a lot, even for a pinned topic.
> Me:
> SkewedZeppelin: Do you recommend uninstalling cheogram and simple file manager because new vuln tags?
Dec 6 12:27
SkewedZeppelin:
Cheogram kept the old webrtc because the newer builds that threema offers disables the codecs it uses
As in you can't call to jmp in conversations
Dec 6 12:29
risen:
So that's a no, don't uninstall, tho f-d app says to
Dec 6 12:30
SkewedZeppelin:
I think monocles uses an even newer webrtc, which should work
Simple File Manager should be OK if you don't open PDFs with it
But there are nicer managers like Material Files
risen:
> SkewedZeppelin:
> But there are nicer managers like Material Files
Didn't see it on your Rec list
Dec 6 12:32
I only need minimal function plus consistent dark or bright mode 🙄
Dec 6 12:33
...
I don't see being a company as a criticism. It looks more serious and professional. Being both a non profit _and_ company is odd, for small operations. Being a hobby or non profit just gives you other ways of making money and cooking books, but everyone gotta pay bills.
Dec 6 14:25
jp:
> India being characteristically a hotbed for undesirable activity
totally not racist at all
risen:
Those f-droid wizards. They setup a nightly mirror for Orbot users, or drilled a hole through gitlab?
Dec 6 14:37
Ellenor Bjornsdottir:
/me drills a hole through self
Dec 6 14:40
...
Please understand:
> strcat:
> there's more kernel hardening with more to come as we restore pre-2018 stuff and work on more
What happened to the pre-2018 stuff?
Dec 6 22:50
strcat:
> <@_xmpp_Please=20understand=2fdivestos-mobile=40conference.konvers.me:matrix.org> > strcat:
> > there's more kernel hardening with more to come as we restore pre-2018 stuff and work on more
> What happened to the pre-2018 stuff?
there was a takeover attempt on GrapheneOS in 2018, so in 2018 I had to keep the project archived / alive and then rebuild everything including the infrastructure followed by starting to do releases again without most of the features initially ported to the new Android OS version
Dec 6 22:54
and since other contributors / developers working on the project mostly haven't been people who do the low-level hardening work, it has largely only been me dealing with that, and I have too much else to do so lots of old hardening hasn't been added back yet
partly because Android Runtime, etc. have changed so much
and stuff got more complicated with APEX, etc.
Dec 6 22:55
risen:
Wasn't it called Copperhead OS in 2018?
Dec 6 22:56
strcat:
lots of higher priorities than that: we've worked on lots of more important privacy features, security features, security updates beyond what AOSP / stock OS provide, filling in missing functionality, lots of app compatibility work (sandboxed Google Play compatibility layer, major work on making Network permission more broadly compatible in a similar way that sandboxed Google Play works but for all apps, per-app exploit protection compatibility mode and a lot of under the hood tweaks)
hard to find time to restore low level hardening unless it's particularly important stuff
which is still present
> <@_xmpp_risen=2fdivestos-mobile=40conference.konvers.me:matrix.org> Wasn't it called Copperhead OS in 2018?
in from around early 2015 to mid 2018, yes, GrapheneOS was called CopperheadOS
in 2014 it didn't really have a name
Dec 6 22:58
from around early 2015 to mid 2018, yes, GrapheneOS was called CopperheadOS
Please understand:
>> <@_xmpp_Please=20understand=2fdivestos-mobile=40conference.konvers.me:matrix.org> > strcat:
>> What happened to the pre-2018 stuff?
>
> starting to do releases again without most of the features initially ported to the new Android OS version
Damn, I thought that the project just continued as usual after the renaming to GrapheneOS, didn't know that many features were gone
Dec 6 22:59
and then again it didn't really have a name from mid 2018 to early 2019 when I chose the GrapheneOS name provided to us by someone who was building on top of it and gave us the name they had wanted to use
Please understand:
> strcat:
> and then again it didn't really have a name from mid 2018 to early 2019 when I chose the GrapheneOS name provided to us by someone who was building on top of it and gave us the name they had wanted to use
Is there a list of hardening that's missing when compared to back in 2018?
Dec 6 23:02
risen:
If a person worked on a garden in Ukraine and it got blown up by a cruise missile strike, so they moved to Poland and started working on a new garden again, are they working on the same garden? (Rhetorical, no answer needed)
Dec 6 23:13
SkewedZeppelin:
in this case it is more like a greenhouse in a shipping container
the area around was blown up
but the shipping container and its contents remained intact
Dec 6 23:15
risen:
Description above doesn't sound intact.
Dec 6 23:16
Some parts could be salvaged or rebuilt
Dec 6 23:17
And they carried a vial of soil to Poland
Dec 6 23:18
SkewedZeppelin:
bleh
Dec 6 23:20
But Micay was the one writing all the code
examples from 2015 here: https://github.com/Divested-Mobile/DivestOS-Build/tree/c0083c15193868d07cb6715dc418d515dfa2ad48/Patches/Copperhead-13.0
Dec 6 23:21
risen:
Yeah, same guy was gardener too. If someone works for company A 5 years and company B 5 years, did they work for company B 10 years? (rhetorical)
Anybody do something like capture the flag contests on different phone OS?
Dec 6 23:23
SkewedZeppelin:
even some 2014 ones here: https://github.com/Divested-Mobile/DivestOS-Build/tree/c0083c15193868d07cb6715dc418d515dfa2ad48/Patches/OLD/bacon/Kernel-All/ch-12.1
Dec 6 23:24
as far as I'm concerened the company was merely an accessory, and Micay was the constant in these
risen:
They call this perspective self centered.
Dec 6 23:27
It's OK. Didn't want to argue.
Dec 6 23:28
strcat:
risen: GrapheneOS repos on GitHub are the original repos, they were moved not copied
Dec 6 23:29
I could have fought over the old name but wanted to rename the project anyway, and it saved a lot of trouble
CopperheadOS was a stupid name
https://github.com/GrapheneOS/platform_manifest/network/members
Dec 6 23:30
https://github.com/CopperheadOS-Tab-S/platform_manifest as one arbitrary example from 2016
Dec 6 23:31
> <@_xmpp_SkewedZeppelin=2fdivestos-mobile=40conference.konvers.me:matrix.org> as far as I'm concerened the company was merely an accessory, and Micay was the constant in these
the company only existed from late 2015 (October or November iirc) onwards
I still own half the company and may eventually get full ownership of it and redirect the old domain to grapheneos.org
Dec 6 23:32
> <@_xmpp_SkewedZeppelin=2fdivestos-mobile=40conference.konvers.me:matrix.org> But Micay was the one writing all the code
back then I was literally writing near 100% of the code other than rare external contributions
compared to not writing most now due to having other full time devs
Dec 6 23:33
...
thecast:
> risen:
> If someone works for company A 5 years and company B 5 years, did they work for company B 10 years? (rhetorical)
If that person has been working on the same product which has evolved and is now being produced by Company B, then they have been working on the product for 10 years. These questions were totally irrelevant semantic nitpicking
Dec 6 23:52
strcat:
FYI, I never did contract for for Copperhead and never had any employment agreement with it (was not an employee)
being co-owner of a company being paid out as a co-owner is not the same as working for a company
Dec 6 23:53
being co-owner of a company being paid as a co-owner is not the same as working for a company including all the legal rules around it
FYI, I never did contract work for Copperhead and never had any employment agreement with it (was not an employee)
Dec 6 23:54
...
SkewedZeppelin:
it does give a pretty prompt warning notification and convenient button to uninstall however
(didn't actually know about htat)
Dec 7 04:06
...
risen:
Dos should have a warning like this too, on older devices: This OS has known vulnerability. We recommend uninstalling immediately. Ignore/uninstall
Dec 7 11:09
Copyright 2022