final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ's avatar
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ
npub1c9d9...sqfm
Keeping the fight. Community Moderator for #GrapheneOS https://discuss.grapheneos.org/u/final This is a personal account. I do not speak on behalf of GrapheneOS developers as a whole (nor am I) and suggestions shall not be endorsements.
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ's avatar
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ 1 year ago
GM! ๐Ÿ”ฅ New #GrapheneOS 2024022300 Update! Adblocking for Vanadium, New Setup Wizard, new colour schemes and more! Changes since the 2024020500 release: - completely new GrapheneOS Setup Wizard implementation for the initial setup of the device and secondary user profiles - Theme Picker: update color schemes including adding the monochromatic colorscheme option - Sandboxed Google Play compatibility layer: always apply PhenotypeFlag overrides to avoid regressions for some users - Sandboxed Google Play compatibility layer: catch SecurityException from setApplicationEnabledSetting() instead of relying on PhenotypeFlag override - Sandboxed Google Play compatibility layer: add support for Android Auto 11.3 by extending the wireless Android Auto and phone call handling toggles to also allow BluetoothAdapter#getActiveDevices - Sandboxed Google Play compatibility layer: add developer functionality for updating Android Auto via the Play Store for testing - Storage Scopes: avoid legacy apps using legacy storage crashing when trying to access the wallpaper - remove legacy AOSP Search app now that Vanadium provides the global search intent in addition to the more common web search intent also implemented by other browsers including Brave - fix upstream bug breaking package manager support for uninstalling apps only installed in other profiles from the Owner user - Settings: improve strings for network connection toggles - kernel (5.10, 5.15, 6.1): temporarily ignore sysrq_always_enabled to avoid sysrq being enabled on devices passing it on the kernel line unconditionally - kernel (5.10): update to latest GKI LTS branch revision - kernel (5.15): update to latest GKI LTS branch revision - kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.75 - Pixel 4a (5G), Pixel 5: update to UP1A.231105.001.B2 vendor files - Vanadium: update to version 122.0.6261.64.0 - GmsCompatConfig: update to version 96
Releases | GrapheneOS
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ's avatar
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ 1 year ago
GM! ๐Ÿ”ฅ BIG UPDATE: Vanadium version 122.0.6261.43.1 released: Our new Vanadium release has initial adblocking support - currently using EasyList + EasyPrivacy for now - no cosmetic filters or advanced features yet - filters updated via Vanadium Config app - standard filters used to avoid user distinction
GitHub
Release 122.0.6261.43.1 ยท GrapheneOS/Vanadium
Changes in version 122.0.6261.43.1: add initial basic support for filtering ads based on a subresource filter APK updated separately from Vanadium...
 #GrapheneOS
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ's avatar
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ 1 year ago
#GrapheneOS project announcement: TLDR: Moving away from Signify keys to OpenSSH keys to sign releases, which has better platform support and is overall a benefit. SSH public key for signing GrapheneOS releases: contact@grapheneos.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUg/m5CoP83b0rfSCzYSVA4cw4ir49io5GPoxbgxdJE This key has been used for signing our Git tags since January 2023 and will also replace signify for factory images releases. Official builds of GrapheneOS are signed with per-device signing keys for updates and verified boot. Those signatures are automatically verified. The signatures for source releases (Git tags) and factory images are a separate thing and we're standardizing on using SSH for those. We replaced GPG with signify for signing factory images in 2019 prior to SSH having file signing support. Signify is perfectly modern, unlike GPG which is a poorly designed legacy technology. However, SSH signing is a lot more broadly available than signify and is a bit nicer. Our SSH public key is signed with our previous GPG and SSH keys: Key: https://grapheneos.org/allowed_signers Signify signature: https://grapheneos.org/allowed_signers.sig GPG signature: https://grapheneos.org/allowed_signers.asc GPG key has been fully retired for a while and the signify key will also be retired going forward. We've completed replacing the factory images signify signatures with OpenSSH signatures. It only impacts users following the traditional CLI install guide. It's a nice improvement since Windows and macOS have it in the base install and nearly all Linux distributions package it. Each supported OS for installation either has a Chromium-based browser in the base install (Android, ChromeOS, Windows) or a first party repository with one available, so the web install avoids this problem and relies on verified boot for verifying the flashed firmware and OS.
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ's avatar
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ 1 year ago
Vanadium version 121.0.6167.178.0 released 10 hours ago, btw: See the changes: - update to Chromium 121.0.6167.178 - disable selecting initial search query text for the web and global search intents added by GrapheneOS #GrapheneOS
GitHub
Release 121.0.6167.178.0 ยท GrapheneOS/Vanadium
Changes in version 121.0.6167.178.0: update to Chromium 121.0.6167.178 disable selecting initial search query text for the web and global search i...
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ's avatar
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ 1 year ago
A self-reliant, full-time open source software developer lives off of donations to continue their work, put food on the table and put a roof over their head. Exploit brokers offer bounties on exploiting their work for tens of thousands regardless, money that could have helped these developers not live off waiting for the next donation or having to run fundraisers. There's an ethical question behind an industry like that.
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ's avatar
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ 1 year ago
If you are protecting your technology and your first thought isn't your mobile device then you are not going to make it. In my opinion mobile security is always my first priority. What you use most should be the most important of all things you have to protect, for most, that is your phone. The technology you carry around with you on a day to day schedule has far more data worth something to a threat. Where ordinary people spend time more on their phone than they do a computer, a phone is the golden ticket to your life. Even if you have nothing of value to worry on compromise now, it doesn't mean that will not have something valuable later after further use. Where a computer manages day to day work tasks, a phone often manages people's lives. They are an irreplaceable tool in society. Your communications, photos, videos, documents, online activity or possibly even your finances and identity are managed on portable devices. The most promenant attack campaigns we know from world affairs involve targeting smartphones, some of the most expensive bounties for zero-days involve mobile software, and there are multiple industries whose main objectives are to find and attack smartphones. Threat actors love smartphones. Protect what is most valuable.
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ's avatar
final [GrapheneOS] ๐Ÿ“ฑ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ 1 year ago
Hackgate is what started everything for me. My interest in mobiles, communications and security started afterward. It is an incredible research to read... It's a shame it's so underestimated due to how comprehensive it is, which also makes it difficult to fully understand. A lot only talk about the murder victims or royal officials. There are key events spanning decades, and the groups responsible were from so many different groups of media, law enforcement and private investigations that it's comparable to systematic corruption. Even I fully don't get it years later, but I still try.
โ†‘