Btw get Mull from the DivestOS repo, the F-Droid version has veeery slow updates and less.
I am pretty happy with GrapheneOS. Things like separate toggles for internet, or long powerbutton press foe torch are missing.
But you cannot imagine how much effort it is to maintain such a project, and their base is stable, the updates are damn fast.
First stability and security, then features.
Their core OS is minimal on purpose. I use the phone, vanadium (hardened chromium, with JIT toggle, now with adblock, completely degoogled), their attestation app, etc.
Most of the other stuff are random FOSS projects, I dont even use sandboxed play, but if I wanted to I could create a separate user profile and install it just in there.
DivestOS is doing sandboxed microG which is way more secure than unsandboxed, but still tons of effort and will break a lot.
Interesting. What are the App IDs of those both apps?
If they base on Chromite that is probably fine.
Not sure but GrapheneOS has an "LTE only" mode, stock Android only has preferred Network afaik.
visiting only known websites is not a scaleable option, a browser needs to be secure. Kiwix is the browser that basically runs desktop Chromium on Android, so it has Addon support. But that is also soon manifest v3 restricted, and likely pretty insecure.
of course the user data partition is not checked, but every other important one. I have not tested what would happen when it is modified though.
I dont know what magisk did, but I think that is only about Google Play adding their "safety" scanning to the OS. Nothing regarding boot. But yes, likely there could, can or should be OS components scanning things too.
Googles stuff is pretty insecure, for example the latest SafetyNetFix simply disabled hardware cryptography, as they still support insecure phones.
For sure this is very complex and there are always vulnerabilities found in Android and GrapheneOS.
Yes that is one definition.
But what if you get it back? Or if you just keep it?
There is a chance that you have Pegasus on there, and I wouldnt want a phone without the detection of this.
GrapheneOS can likely detect pegasus with their Attestation and if you have it, use an external device to reflash it.
Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.
Sandboxing, javascript
Vanadium has sandboxing but its javascript blocking is useless (no granular control)
Mull has no process isolation at all, but support for UBO and Noscript. Bad situation
it's a walk in the park for it to modify any of the partitions
These cannot be written without TPM verification or stuff, ask GrapheneOS devs about that, I dont know. The firmware signing is required, the verification will not be done inside the OS, that would be totally flawed.
If they have the firmware signing keys, they can fuck you. If they dont, they can only write to the system partition, and Attestation can see that.
Reading data has nothing to do with that. They likely can, but that doesnt matter.
My 6 years old phone still receives LOS updates
This will not include firmware and likely even the kernel.
Thanks! TLDR spamhaus (a big spamlist provider) has them on their spamlist, or maybe not, and they are using some fancy CDN.
It is VERY likely just a technical error.
What do you mean?
To my knowledge they dont ship GNOME 46 but some old "LTS" variant (GNOME doesnt do LTS variants)
Yes I know, and I want to try DivestOS one time. But they do incomplete patches.
They cannot update the kernel themselves or even worse the firmware. The kernel needs to be built and patched for the specific hardware, GrapheneOS relies completely on Google here. And the firmware needs to be signed by the vendors, so no chance either.
And especially baseband, cellular stuff has extremely many vulnerabilities in the code.
I mean I already reported 2 issues, but it still works. I can use it without big problems, I use the beta Flatpak (as explained in my flatpak remotes list).
Using Wayland too, Idk about any problems but if it wouldnt work I would just disable Wayland for the Flatpak and the app automatically runs through XWayland
Dont use "stable" software people.
Gimp 3 is already very nice! Use it exclusively.
I think 3a is already too old. I think 4a is a better minimum, but this is still insecure of course.
What, source?
How would you block an OS?
And btw there are some reasons why GrapheneOS may be criticised
I dont get why people would care for influencers
VPNs are not meant for privacy. The concept is clunky, as is the concept of our internet.
Tor or I2P are made for privacy, but the interactions with the clearnet have the same problems, you need a legal entity hosting the server, IPs are known and can be blocked etc.
Hosting your own VPN does not anonymize you anymore but is very unlikely to get blocked.
All Android phones have Google malware installed by default, as system apps, which means those apps can do whatever they want.
So every piece of data you put on there is possibly tracked and collected.
Then there are 2 more problems
- the software is proprietary and cannot be externally wiped clean
- the software is outdated
This makes it vulnerable to Pegasus attacks and others. There are tons of secure practices to avoid getting it, like LTE-only, HTTPS only, encrypted and trustworthy DNS, sandboxed processes, blocked javascript execution from unknown websites...
But still if the phone is outdated there are unpatched and publicly known security issues. Just spamming them at all phones is likely to succeed as so many people run vulnerable versions, as vendors suck.
Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.
The firmware is protected and signed by the vendors, so it is likely clean.
But Pegasus installs itself to the phone storage.
If you A cant obtain factory images or B cant flash the phone at all, you cannot wipe it clean.
So a good activism phone needs
- trustworthy and minimal system apps / stock software
- modern software updates
- possible to reflash whole device externally
- nice to have: ability to verify checksum of system partition, like GrapheneOS Attestation
This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.
A friend of mine has 2 Windows Laptops, where in the process of moving from an old 2TB storage laptop to a newer 256GB storage laptop, moving files manually (somehow, dont ask me).
They noticed they accidentally removed a 35GB folder full of media files from a very big vacation, including nature photography and some strange GoPro format files. Valuable stuff.
So we took the newer laptop as its fresh, very small storage and not much done after deleting the files.
We used a 2TB backup drive which works well.
Used CloneZilla, exited to shell, mounted the drive with udisksctl and used testdisk and photorec, but with strange results.
- Testdisk created a "whole" recovery in .dd format
- Then noticed the "undelete" function in testdisk and manually undeleted all files we found
- Then used photorec on that .dd recovery
The testdisk undelete files are mostly corrupted, images with missing header files etc. Same as the result of some magic sauce proprietary recovery program.
The photorec results where really strange, everything was intact but only system stuff, cache, icons etc, not a single of the deleted media.
The media are 3000 or more, so this makes no sense, we used the "full" backup from testdisk.
The laptop is off and we have some time, we can also use the older, messier one if needed.
Questions:
- any way to repair these corrupted images and media?
- how to work with this data in photorec? How to export just the deleted files?
I think we should try to use photorec directly with the drive and not the .dd image, which may help.
We used dd and cloned the entire small, new disk to an .iso on the backup drive so we can work with it easier. Does this include all the stuff, also the deleted things?
We will also try scalpel.
Thanks!
Update
We did a lot with the small disk which should basically be in perfect condition to undelete stuff.
ddandddrescuebackup into an .iso and .raw image- testdisk backup into a .dd image
- photorec found only usable pictures from the OS, not a single of the wanted ones
- testdisk and Recuva had the exact same results, all of the wanted files but all broken, missing headers and metadata
- using scalpel currently
I would be happy about experience on how to restore such header files, information what they are and if you can use files for multiple media or guess them. We know the filetypes that we search for.
Also, are there any modern recovery tools out there, that promise better reliability?
Thanks!
Afaik most LLMs run purely on the GPU, dont they?
So if I have an Nvidia Titan X with 12GB of RAM, could I plug this into my laptop and offload the load?
I am using Fedora, so getting the NVIDIA drivers would be... fun and already probably a dealbreaker (wouldnt want to run proprietary drivers on my daily system).
I know that using ExpressPort adapters people where able to use GPUs externally, and this is possible with thunderbolt too, isnt it?
The question is, how well does this work?
Or would using a small SOC to host a webserver for the interface and do all the computing on the GPU make more sense?
I am curious about the difficulties here, ARM SOC and proprietary drivers? Laptop over USB-c (maybe not thunderbolt?) and a GPU just for the AI tasks...
In journalctl I see some notices that are not errors but stuff like "trying to do something only available on X11".
Should all of these be reported?
Edit: it was a bug where I was not sure if it is a bug or just a config issue.
I would be happy about having an automated message linking to bugzilla when such a removal happens.
---
I posted something related to Plasma and cursor issues with Flatpaks, and it was removed.
I cannot see who removed it.
I tried contacting the KDE account but got no reply.
rustic - fast, encrypted, and deduplicated backups powered by Rust - rustic-rs/rustic
Open source podcast player for Android with androidx.media3 - XilinJia/Podcini
Podcini is really great! It modernizes the Antennapod codebase (we wouldnt believe but that is pretty outdated!) and makes it more efficient.
> Differing from the forked project, this project is purely Kotlin based, relies on the most recent dependencies, and most importantly has migrated the media player to androidx.media3, and added mechanism of AudioOffloadMode which is supposed to be kind to device battery. Efficiencies are also sought on running the app. App build is also upgraded to target Android 14.
After some hiccups at the beginning, it is now in a very good state!
It you use Kinoite prerelease for Plasma6 you may want to rebase to Fedora 40. Fedora 40 is still prerelease but rawhide is already on branch 41. This may cause issues with some repositories, and Plasma6 is added and updated on Fedora 40. rpm-ostree rebase --reboot ostree-unverified-registry:quay....
Fedora will ship Plasma 6 with version 40.
As a prerelease, you can easily test it by rebasing an Atomic Desktop install to "Kinoite prerelease".
Now that 40 is branched, you may want to rebase to 40 instead of rawhide, which is already on Fedora 41.
Here I show the needed commands.
Fedora Kinoite 40 is perfectly usable for me!
Imagine I get hardware without TPM or something, that is not supported by Win11.
I will not run an EOL Win10 as the machine needs to be connected to the internet. Tbh isolating stuff in a VM could be an idea but I dont know.
Its not for me but a noob with 0 tech knowledge, that says all...
How stable are the available hardware check bypasses? Is Micro$ already starting to aggressively block those?
I would not want to buy a PC to find out Win11 doesnt boot anymore in a few months...
Thanks!
I am thinking about using my GrapheneOS Pixel6a as a desktop. Not really tbh, but in emergencies and if Collabora Office etc work well, why not?
I would like to experiment.
What I need:
- USB-A mouse
- USB-A keyboard
- USB-A thumbdrive (at least one)
- HDMI/DP monitor port (I use VGA but with an HDMI adapter)
- maybe AUX
So nothing fancy, but it should not cost damn 100€ or be cheap chinesium.
I am from the EU, which is really important too, so no Walmart or Target or whatever (the electronic shops we have are horrible).
Thanks!
---
It seems like a "USB hub" is what I am looking for. Matching manifacturers:
- Anker
- ...
Okay this is an AOSP feature, see first comment
The problem is that Google decided to do stupid stuff without user consent again
- dark mode can't be turned off on energysaver (which doesnt make any sense non non-OLED displays which are still common)
- energysaver reduces possible max brightness without any reason, not even changeable like in older Androids (where the bar actually went down)
Fuck Google...
I use Chromium only for PWAs like the Element Web UI of my server, to avoid Electron.
Now I have a different browser set as default in my system.
Firefox of course integrates perfectly and uses the "system link handler" to open links.
I want to make Chromium use this link handler, to open every clicked link not in the same browser but send it to my system link handler and thus open in my default browser.
I already set #enable-user-link-capturing-pwa Disabled in chrome://flags. The addon "Open in Firefox Browser" seems to be broken.
I dont know how manifest v3 interferes with that ability of addons to hook into the link handling of the browser.
Btw Chromium has not a single "portal" setting in the flags, but uses the filepicker portal by default.
Attached: 2 images I have no idea why people use #Chrome. #Firefox looks so much better, and their theme actually works! Even their hidden compact theme looks perfect, the padding around elements is always the same... meanwhile Chromium uses tons of different shapes and they are all incoherent and ...
A little admiration of how easy UI customization is on Firefox, and how shitty Chromium looks.
*Timestamps* 00:00 Introduction 01:45 Astra Monitor 02:36 Pano Clipboard Manager 03:14 PaperWM 04:04 MiniView 04:51 Quick Settings Tweaker 05:12 Privacy Settings 05:29 Apps Menu 05:50 Places Status Indicator 06:04 Logo Menu 06:36 Just perfection 07:25 Top Bar Organizer 08:01 SpeedUp Gnome Shell 08:43 Wiggle 09:07 Blur my shell 09:30 Burn My Windows 09:56 Caffeine 10:20 DDTerm
I dont necessarily agree.
- a different clipboard manager (whatever is equal to KDEs)
- blur my shell
- quick settings tweaker probably
- privacy settings (which is only for pipewire apps I guess, so nearly none)
- wiggle
- probably some maximize to workspace
