this post was submitted on 30 Aug 2024

1 points (100.0% liked)

Technology

58513 readers

6923 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

GrapheneOS now officially supports Pixel 9, 9 Pro, and 9 Pro XL | GrapheneOS is a private, secure mobile operating system with Android app compatibility, developed as a non-profit open source project (9to5google.com)

submitted 1 month ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world

65 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] taaz@biglemmowski.win 0 points 1 month ago* (last edited 1 month ago) (9 children)

I am currently in the market for a new mobile phone. The current's one battery is basically dead and because of security patches now being about 2 years old I have to replace it whole instead of just getting the battery replaced again.

Pixel with GrapheneOS has been my number one choice for some time but...

there is no (privacy friendly & legal) replacement for Google Play Protect. My banking app won't work without it as well as one other app I kind of need too.
I am also just too used to having a phone in the 250-300 EUR range in the sense that I don't have to care about it that much.
It's a "consumable" product for me. Loosing/drowning it is not a big deal, where drowning 800 euros is just hard to justify no matter how much money I make.

I will probably just get the OnePlus Nord 4 instead because of their pledge to do 6 years of updates.

[–] x00za@lemmy.dbzer0.com 0 points 1 month ago

Battery life was a dealbreaker for me

[–] NoDignity@lemmy.world 0 points 1 month ago (3 children)

I'm not sure about over in Europe but around here the trick to an affordable Pixel is to just buy last years model since you can usually find them lightly used or even new in the $300 - $400 range and updates are only incremental anyway and since they get 7 years of updates now it should be good for quite a while.

For google play protect yeah thats a bummer, I just use my banks website but I don't know if European banks allow that.

Personally though I love Graphene OS it turned my phone from a device I hated due to anxitey I feel around corporate surveillance into a device I genuinely like again.

[–] Staubsaugernasenmann@discuss.tchncs.de 0 points 1 month ago

i can especially relate to the last part, it's so freeing to feel in control of my phone!

load more comments (2 replies)

[–] sugartits@lemmy.world 0 points 1 month ago (2 children)

Just buy an older supported device if grapheneos is important to you. Something like a 6 pro would be fine.

[–] NoDignity@lemmy.world 0 points 1 month ago (1 children)

To anyone reading this a 6 is a great pick but its worth knowing that the 7 year update promise only began with the pixel 8 so if you buy a 6 in 2024 it probably only has about 2 years of updates left. However they are only like $150 used I think so the value is probably there even if you only get 2 years of use out of it.

[–] vii@lemmy.ml 0 points 1 month ago (6 children)

What's the point of Goggle's security support when you're buying the phone for GrapheneOS?

load more comments (6 replies)

[–] EngineerGaming@feddit.nl 0 points 1 month ago

7a was the sweet spot for me, even if $300 is frankly a lot by my measure. But I think it was a worthy investment for me.

Would definitely not get a pro since the 7a is already on the edge of what I can use with one hand. Same for 7 but downplayed, I didn't opt for this one because it has a glass back.

[–] pandapoo@sh.itjust.works 0 points 1 month ago* (last edited 1 month ago)

Buy used, and/or buy an "a" model.

GrapheneOS is clearly the ideal ROM/OS, but alternatively there is another privacy and security centric ROM that supports a lot more devices, with the trade-off being it's not GrapheneOS.

Check out DivestOS and it's supported device list to see if that's a better fit for you. It's from the same developer as the Mulch and Mull browser forks.

As far SafetyNet/Play Project and other anticonsumer "security attestation" features, some bank apps will work fine, what others won't.

Does their website provide PWA support?

[–] rolling_resistance@lemmy.world 0 points 1 month ago (1 children)

All of my banking apps work, I have 6 of them.
You can buy an older Pixel, 5 or 6. They're still great.

[–] jet@hackertalks.com 0 points 1 month ago

https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/

[–] Persen@lemmy.world 0 points 1 month ago

You can replace the battery easily and there are roms like calyx and divestos, which support bl relocking.

[–] VintageGenious@sh.itjust.works 0 points 1 month ago

300€ is not disposable for me... People are used to buy phones over 800€ but 300€ is already quite a price

load more comments (1 replies)

[–] rxbudian@lemmy.ca 0 points 1 month ago (2 children)

GrapheOS now officially supports....

[please... something other than Pixel....]

Pixel 9

[–] Staubsaugernasenmann@discuss.tchncs.de 0 points 1 month ago (1 children)

The problem is that (as far as i know) only pixels fulfill their security requirements, for example that the bootloader is not only unlockable but also lockable. But I also would like to have more devices supporting it

[–] unexposedhazard@discuss.tchncs.de 0 points 1 month ago (5 children)

Fairphones should be supported imo. CalyxOS relocks the bootloader and they supported the FP5 right after launch.

[–] huginn@feddit.it 0 points 1 month ago (2 children)

Fairphone should sell phones outside of Europe

Unfortunately neither of us get what we want

[–] unexposedhazard@discuss.tchncs.de 0 points 1 month ago (1 children)

Oh they dont? 0.o I didnt know that, weird

[–] wreckedcarzz@lemmy.world 0 points 1 month ago (3 children)

Mmmhm. I've been eyeing them since their first phone. I'm sure they will offer even the most basic "international shipping with no warranty or support" any day now...

my skeleton, 64 years from now, in front of a computer with the website loaded, waiting for the global debut

load more comments (3 replies)

[–] sugar_in_your_tea@sh.itjust.works 0 points 1 month ago (1 children)

You can get the previous model (FairPhone 4) in the US through Murena.

[–] huginn@feddit.it 0 points 1 month ago (1 children)

Paying full price for a phone that was weak when it released 3 years ago that is also missing most US cell bands and is locked to T-Mobile.

Oh and also the parent company doesn't ship anything to the US, so parts are aftermarket only.

That's not available in the US: that's you can hack together a workaround.

[–] sugar_in_your_tea@sh.itjust.works 0 points 1 month ago

Yup, I looked into them because so many people talked them up, but due to all of those issues you mentioned, I crossed it off my list. I ended up going with Pixel 8 due to long software support, GrapheneOS compatibility, and acceptable repairability, though I would have preferred a PinePhone Pro (if it had better speakers and software support) or FairPhone (if it had better support in the US).

I guess we'll see what happens when my phone goes out of support (so, 6+ years?) or I break it.

[–] jet@hackertalks.com 0 points 1 month ago (1 children)

gos is open source. If the fairphone people wanted to maintain a fork of GOS for their phones, they could.

[–] sugar_in_your_tea@sh.itjust.works 0 points 1 month ago (1 children)

And they could discuss w/ GrapheneOS devs about upstreaming changes and collaborating on longer-term support. I highly doubt GOS project has the resources and desire to support another phone line.

[–] jet@hackertalks.com 0 points 1 month ago (1 children)

https://grapheneos.org/faq

Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree. Device support repositories for the Android Open Source Project can simply be dropped into the source tree, with at most minor modifications within them to support GrapheneOS. In most cases, substantial work beyond that will be needed to bring the support up to the same standards. For most devices, the hardware and firmware will prevent providing a reasonably secure device, regardless of the work put into device support.

if fair phone wanted to, they could, but gos will not volunteer for the work.

[–] sugar_in_your_tea@sh.itjust.works 0 points 1 month ago

And that's completely fair IMO. If FairPhone did do the work and supported US customers as first-class on their platform, I'd probably buy my next phone from them.

[–] FutileRecipe@lemmy.world 0 points 1 month ago (1 children)

CalyxOS relocks the bootloader and they supported the FP5 right after launch.

CalyxOS is not a hardened OS, and GrapheneOS requires more than than just relocking the bootloader.

Fairphone's devices do not meet basic security requirements for hardware, firmware and the software device support including drivers. Please look at the hardware requirements at https://grapheneos.org/faq#future-devices and check for yourself how many of those are provided by the Fairphone. Even the Fairphone 5 has a CPU core from 2021 without even PAC and BTI.

Ref: https://discuss.grapheneos.org/d/7208-8y-security-updates-on-fairphone-5-will-the-devs-consider-porting-grapheneos

[–] unexposedhazard@discuss.tchncs.de 0 points 1 month ago

Thanks for the info!

[–] Persen@lemmy.world 0 points 1 month ago

I think some op phones also meet the requirements.

load more comments (1 replies)

[–] deadcade@lemmy.deadca.de 0 points 1 month ago (7 children)

Lead dev of grapheneos is extremely toxic in communication. I don't trust someone like that developing the software running on a phone.

[–] MoonlightFox@lemmy.world 0 points 1 month ago (2 children)

Do you have some examples?

load more comments (2 replies)

[–] Kopy@lemmy.world 0 points 1 month ago (2 children)

He isn't on the project since last year. androguru

[–] airglow@lemmy.world 0 points 1 month ago (1 children)

That's dubious, since the "former" lead developer is still referring to the project with the pronoun "we" on social media.

[–] FutileRecipe@lemmy.world 0 points 1 month ago (2 children)

You can still be part of a project without being lead, to be part of the "we." Did he contribute and/or is he part of GrapheneOS, yes? So he's part of the "we."

Or does only the lead developer get the "we?" Wouldn't that make it more of an "I" instead?

[–] vga@sopuli.xyz 0 points 1 month ago

You should remember that he founded the original CopperheadOS project (from which he was violently ousted by his cofounder) and has been working on it and this for a decade.

[–] airglow@lemmy.world 0 points 1 month ago

I was responding to a comment that claimed "he isn't on the project since last year". Based on his activity on social media, he is clearly still in the project.

[–] deadcade@lemmy.deadca.de 0 points 1 month ago (1 children)

His github says otherwise

[–] Kopy@lemmy.world 0 points 1 month ago (1 children)

It states that he is the "Founder of @GrapheneOS", not the current lead developer. So I don't get your point

[–] deadcade@lemmy.deadca.de 0 points 1 month ago (1 children)

His activity on GrapheneOS repositories, issues, etc. indicates he's still very active in development and in the community.

[–] asdfasdfasdf@lemmy.world 0 points 1 month ago

IMO he can contribute all he wants. His PRs will still have to go through someone else (i.e. the new maintainer / lead dev). I don't care if he adds new code. That's much appreciated.

Toxicity is more of an issue if you're the maintainer since you have control over the project.

[–] mr_pip@discuss.tchncs.de 0 points 1 month ago

might be toxic, but the os is brilliant

[–] vga@sopuli.xyz 0 points 1 month ago* (last edited 1 month ago) (1 children)

I know Daniel somewhat from some years back, and calling him extremely toxic is just wrong. He is and has always been rather bad at communication under stress and is clearly on the spectrum in some way. Technically a genius person, but perhaps doesn't have the right set of qualities to lead things, except from a strictly technical pov.

Very good decision from him to withdraw from social media. I hope he manages to contribute in the future.

[–] deadcade@lemmy.deadca.de 0 points 1 month ago

is clearly on the spectrum in some way

This is not an excuse to behave the way he does.

Very good decision from him to withdraw from social media

He hasn't, still on github, still on HN.

[–] sugar_in_your_tea@sh.itjust.works 0 points 1 month ago (1 children)

Honestly, a lot of lead devs in fantastic FOSS software have pretty limited patience. I've read plenty of that guy's discourse, and while I think he could be more diplomatic, I don't see any reason to suspect he's doing anything malicious with the project.

I'm personally totally fine using GrapheneOS. If you aren't, there are plenty of alternatives.

[–] deadcade@lemmy.deadca.de 0 points 1 month ago (1 children)

"Limited patience" is understandable, but the behavior of the GrapheneOS dev is completely different. I've personally interacted with them not too long ago, and nothing has changed since the public accusations from a year ago.

[–] sugar_in_your_tea@sh.itjust.works 0 points 1 month ago

That's fair. I personally don't interact with him, nor do I plan to (why would I?), so it really doesn't bother me. As long as the other devs can manage dealing with him and the quality of the code stays high, I'm happy. If the other devs leave the project, I'll look for forks.

[–] nutsack@lemmy.world 0 points 1 month ago

as long as they do good work i don't give a shit what they think

[–] shiftymccool@programming.dev 0 points 1 month ago

So? Bad people can make good things. We should all stop using Linux because Torvalds is a dick?

load more comments