@4Dgifts @msolnik @dwizzzleMSFT @GrapheneOS @BllocPhone I'm still working on GrapheneOS but I'm putting much less time into it than before and I'm gradually handing off more and more of the responsibilities to the rest of the team. I don't have much energy or motivation left to work in security, software development, etc. as a whole. @4Dgifts @msolnik @dwizzzleMSFT @GrapheneOS @BllocPhone I'm not posting much on Twitter but I still check my account every couple days. Didn't see this for 11 hours since I'm just not looking at it much anymore. People consistently harass me every day on these platforms so I don't want to be looking at it throughout the day anymore.

@RichFelker @GrapheneOS Treble makes it possible to easily run AOSP or GrapheneOS on any hardware providing an implementation of Android vendor APIs which have a stable versioned ABI with backwards compatibility for a few major versions of the OS. It provides an easy way to support any Android phone. @RichFelker @GrapheneOS AOSP has official support for a few development boards with an entirely open source implementation of the vendor HALs based on Mesa, etc. It's entirely possible for a phone to provide that and Pixels will likely trend towards that and away from the Exynos tech due to Tensor SoC.

I know several people working as software engineers at Cloudflare. According to one of them, this incident (blog.cloudflare.com/the-mistake-th…) was hardly a mistake. Cloudflare is including block lists sourced from far right evangelical groups as part of their 'family friendly' DNS service. Cloudflare is aware their 'family friendly' DNS (1.1.1.3) isn't blocking sites like Kiwi Farms (kiwifarms . net) or Daily Stormer (stormer-daily . rw). It's a deliberate decision, despite their blog post claiming their filtering is meant to mimic SafeSearch, which filters them.

Cloudflare drops sites from their service on a daily basis for having content they dislike. They remove sites with adult content, support for sex workers, etc. They also drop sites they deem to be posting spam. Cloudflare's censored 1.1.1.3 DNS blocks lots of LGBT content, etc. They're too cowardly to stand behind their decisions so they won't mention sites like Kiwi Farms by name. Their official accounts and executives all have their replies disabled on Twitter to shut down dissent. Their free speech act is a ridiculous sham. They drop lots of sites.

@burnt_disk @MishaalRahman It's problematic that they expose those directly. They either require user consent on a case-by-case or one-time basis despite not being runtime permissions or they have no real privacy model. Low-level permissions exist for static analysis of what apps can request at runtime. @burnt_disk @MishaalRahman For example, request install packages allows the user to allow it as an app source and then approve app installations on a case-by-case update. Only thing that can be done without case-by-case consent is updating an app again after the user authorized an install initial/update.

@IntelTechniques It's unfortunate that you're giving a platform to someone making numerous false claims about both CalyxOS and GrapheneOS to promote CalyxOS. They're spreading misinformation about our project and are misleading people about multiple privacy and security topics. @IntelTechniques The article in unredactedmagazine.com/issues/003.pdf by Zachary McIntosh should be corrected. They're misleading people about sandboxed Google Play and microG along with falsely claiming that the CalyxOS approach does not use Google services, when in fact CalyxOS always does.

nginx configuration enforcing rate limit based on a value in request body to implement a rate limit for Flarum's forgot password API based on email instead of only based on source IP of the request:

github.com/GrapheneOS/dis…

Could move some directives to http {} to reuse more. nginx's limit_req runs very early in the request and $request_body only exists much later. That variable also only exists if you use a reverse proxy via proxy_pass, fastcgi_pass, etc. Have to get the value out of request body with map, add as a header and reverse proxy to itself.

AttestationServer will no longer be using request tokens as part of CSRF protection. It's far simpler to enforce the Origin header always being present and set to attestation.app for the entire API since we avoid using the GET method for anything:

github.com/GrapheneOS/Att… Using SameSite=Strict for our login session cookie provides a fallback layer of protection. It's not a full protection by itself since it doesn't protect the login and register methods since we really don't want to have sessions for clients who aren't logged into the site.

@Prof0und_Madman If the developer provides a self-updating mechanism for their app, it makes a lot of sense to get it directly from them.

F-Droid has serious issues with the security of their infrastructure and the app. Updates are often very delayed and they make undocumented changes to apps. @Prof0und_Madman Lots of people recommend F-Droid but it has some serious flaws and they're completely not open to acknowledging or addressing them. We expect many users are going to end up getting compromised when the poorly maintained/secured F-Droid infrastructure ends up compromised...

I think it's pathetic that people feel the need to promote themselves by spreading fabrications about GrapheneOS and myself. The whole routine of posting out-of-context screenshots and fabricating a whole fake story about them is getting old and people should stop falling for it. A troll made a room mimicking my account name / logo and the GrapheneOS room name / logo / topic. They mass invited the entire ban list of the GrapheneOS rooms. Many of those people are incredibly toxic. A couple literally spammed child porn in our rooms thinking it'd kill them.

This device is going to get at best around 2 years of proper security updates due to using an SoC launched in late 2020 with 3 years of support. They're claiming they'll be providing something they won't really be providing without doing the work for it.

arstechnica.com/gadgets/2021/0… It'd be nice if journalists looked beyond marketing and press releases for evidence/substance. It's probably expecting too much. Apple has done the work to provide 6 years of proper support. Fairphone has no actual plan or intention to do it. It's not enough to want to do it...

Canada supposedly has universal health care but OHIP (Ontario) doesn't even cover basic dental or eye checkups and they phased out annual checkups at your doctor.

Dog can get an MRI within a couple days but a person getting one requires waiting for ages. It's also getting worse. Ontario approach to health care is you're on your own from 20 through 64 unless something goes wrong. I think by phasing out annual checkups, etc. they've pretty much doomed it. Official position is pretty much that preventative health care isn't useful according to sketchy data.

Bitcoin mining revenue will become entirely provided by transaction fees as block rewards rapidly fade away.

There isn't infinite demand for Bitcoin block space. Higher transaction fees push people to 2nd layers (Lightning), side chains (Liquid) or custodial exchanges, etc. BTC price went up far faster than block rewards went down, creating a massive amount of revenue for miners in the short term.

The price would have to double every 4 years simply to keep providing the same block reward revenue. Price would need to go up faster for it to increase.

2 memory corruption bugs introduced to Firefox by Debian patches:

bugzilla.mozilla.org/show_bug.cgi?i…
bugzilla.mozilla.org/show_bug.cgi?i…

Freezing versions of most software for years, backporting a small subset of security fixes and applying broken / strange distribution-specific changes isn't great. A lot of distributions have these kinds of problems with their packaging but Debian remains the best example.

It's painful working with Debian due to all the distribution-specific broken extensions, hacks, meta-configuration and scripts. It's awful as an upstream maintainer too.

https://twitter.com/GrapheneOS/status/1395288483900559362

30% of our community is already migrated to the new Matrix rooms. If you want to get involved in the GrapheneOS community or contribute via beta testing, development, etc. you should join. Best experience is with Matrix itself rather than a bridge to it. Element is the most capable client but there are plenty of other options such as weechat-matrix in a terminal:

matrix.org/docs/projects/…

In particular, Element has the best support for end-to-end encryption and uses it by default for direct messages and other non-public rooms.

Likely going to have very positive news to announce about GrapheneOS in the near future.

It's unfortunate that others decided to pick up the torch of fighting an underhanded war against us after Copperhead started to stop. The past month SHOULD have been a huge relief, but no... Nevertheless, there's probably going to be some great news. I hope others realize that waging a misguided war against us is not going to work out to their benefit and they can either stop or destroy themselves in the long run. I'll happily put very substantial resources into it.

I'm not sure why I didn't make this change sooner:

github.com/GrapheneOS/har…

There's not much downside to only having 1 slot per slab once slab allocations are 4096 byte aligned, which is what we refer to as extended size classes. This goes nicely with the guard slab feature. By default, there's an unused guard slab between every possible usable slab that's left as unused PROT_NONE memory.

If the slabs have 1 slot, the allocations have guaranteed guard pages without paying the cost of actually making system calls to set them up during regular usage.

I'm not surprised to find out that Linux kernel socket load balancing is in a terrible state with no good options. Some background:

blog.cloudflare.com/the-sad-state-…

Traditional epoll wakes every thread and they race to accept the connection. EPOLLEXCLUSIVE fixes it but uses LIFO order. LIFO order is terrible for a web server. HTTP connections are generally long-lived and reused for mixed / varying workloads. That's even more true with HTTP/2 where clients are only supposed to make a single connection to each server and multiplex everything over it concurrently.

Reddit posts with IRC log from December where one of the people spamming chat channels with Copperhead talking points and nonsense admitted to being paid by Copperhead after starting to feel guilty about it:

reddit.com/r/GrapheneOS/c…
reddit.com/r/CopperheadOS… These raids on our channels have escalated substantially and they've become more underhanded. They often pretend to be GrapheneOS users and concern troll. They aim to get banned and then join other channels supportive of attacks on GrapheneOS to complain. Got lots of proof.

Copperhead was raiding our channel again for hours while I was asleep. I just woke up and I'm helping the moderators who have been busy dealing with it.

The Matrix room often has to be closed to new users joining due to these raids. Please try using IRC if you're unable to join. I really don't like closing the room to new users but I don't see another way to deal with it. It causes a lot of harm to our community either way.

If there's a way to disable inline images in a Matrix room let me know. Need some help from admins too.matrix.org

We've archived these tweets where Copperhead's CEO admits to them tracking devices via unique identifiers and using them as part of the update system.

He admits that their phone sellers with Copperhead emails, etc. have databases mapping unique identifiers to the customers too. His excuse is that tracking devices via unique identifiers available to update server doesn't count as tracking users. They've designed it in a way that they can ship an update targeting a device. The excuse is they don't know which user has which device, but their seller does.