• Problem-based person@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    129
    arrow-down
    3
    ·
    18 hours ago

    Holy shit, the bootlicking and mental gymnastics in the article’s comments:

    • Phones are good now! You don’t need custom ROMs!
    • If you got nothing to hide you will use a stock phone!
    • No average person loads custom ROMs, it’s a nerd thing!
    • LiveLM@lemmy.zip
      link
      fedilink
      English
      arrow-up
      59
      ·
      edit-2
      16 hours ago

      Talking about rooting and custom ROMs is so frustrating because most of the replies are always like this.

      “baCk iN mY dAy I UseD to RoOt mY gALaXy s2 bUt pHoNeS aRE sO GoOd tOdAy iTs pOinTlEsS nOw”
      Motherfucker, we’re starting to not even be able to have full access to our own filesystem and Android gets more restrictive each year for alleged security reasons and you want to tell me this shit is not necessary anymore???

      Lemmy is potentially the first place where people actually fucking get it.

      • Lka1988@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        13 hours ago

        “baCk iN mY dAy I UseD to RoOt mY gALaXy s2 bUt pHoNeS aRE sO GoOd tOdAy iTs pOinTlEsS nOw”

        Fucking lmao, I remember people saying that a decade ago when I had my Nexus 6P.

      • Limonene@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        13 hours ago

        Just try asking about rooting in the GraoheneOS Discord, and you risk getting banned.

        GrapheneOS has a ton of locked down stuff they don’t want you to access. They make rooting extra hard, they don’t support compiling the OS from source, there’s still the TEE you can’t access even with root, and the OS filesystem is readonly to inhibit customization.

        GrapheneOS promotes “verified boot” that stops you from doing many important things.

        • they don’t support compiling the OS from source

          They literally have a whole instruction page for it on their official website: https://grapheneos.org/build

          What they don’t support is making modifications to GrapheneOS, compiling it, and then still calling it GrapheneOS. It’s not. You changed it, so it’s something else. It’s your own fork of GrapheneOS, so you should name it accordingly.

          there’s still the TEE you can’t access even with root

          Uh that’s by design? Do you even understand the purpose of a secure element and trusted execution environment, and how they work?

          and the OS filesystem is readonly to inhibit customization

          It’s read-only for security reasons. This is the default AOSP behavior. iOS/iPadOS and macOS handle this very similarly. This is the industry standard for secure devices. If you want to make modifications, the code is open source, you can freely modify the OS, compile it, sign it with your own keys and use it with full verified boot enabled.

          GrapheneOS promotes “verified boot” that stops you from doing many important things.

          Verified boot is a built in featore of AOSP. https://source.android.com/docs/security/features/verifiedboot

          • Limonene@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            4 hours ago

            They literally have a whole instruction page for it on their official website: https://grapheneos.org/build

            I’ve asked, and they don’t support you at all after you build it. You can’t get updates or packages from GrapheneOS. Compare to Debian, Ubuntu, RHEL, etc., where you can compile your own newer package, install it, even replace core operating system components, and then seamlessly upgrade to the OS vendor’s version when they catch up.

            What they don’t support is making modifications to GrapheneOS, compiling it, and then still calling it GrapheneOS. It’s not. You changed it, so it’s something else. It’s your own fork of GrapheneOS, so you should name it accordingly.

            Even if you don’t modify it, they tell you not to call it GrapheneOS, and don’t offer any way to install patches, besides building it again.

            Uh that’s by design? Do you even understand the purpose of a secure element and trusted execution environment, and how they work?

            Yes, I understand it. I’ve opposed TPM from the start, and this is just TPM for Android. I don’t want a device that keeps secrets from me. I do want comprehensive backups, including all cryptographic keys. I should be able to access the TEE from my authenticated PC over SSH.

            I’m fully aware that Widevine won’t run on a device where the owner has control over the whole device.

            The code is open source, you can freely modify the OS, compile it, sign it with your own keys…

            I don’t have the resources to do this (PC nor effort). They recommend 100GB+ storage and 32GB RAM for building it, and you seemingly can’t do it incrementally, since you have to flash an entire operating system at a time. I want to modify one file, like the call recording xml file. (That file is from a previous operating system I had, but I can’t provide an example of niche cases like that for GrapheneOS, because I only ever used GrapheneOS for a few days, so I don’t know what kind of small modifications I would want to make.)

        • Noxy@pawb.social
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 hours ago

          GrapheneOS promotes “verified boot” that stops you from doing many important things.

          What is your strongest example of an important thing that can’t be done on GrapheneOS because of its boot/loader security?

          • Limonene@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 hours ago

            Comprehensive backups, which can only be done after rooting. You can do this, but only after disabling verified boot.

            • GenderNeutralBro@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 hours ago

              In theory Seedvault covers this. In practice…well I dunno, ask me again when I get my next phone. I’ve not had the opportunity to properly test it.

        • Ghoelian@piefed.social
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          3
          ·
          12 hours ago

          Well yeah, because grapheneos is specifically made for security, not customiseability. Rooting your phone makes it a lot less secure, so it doesn’t seem strange to me that grapheneos doesn’t want you to.

          • Limonene@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            11 hours ago

            Can you please explain how rooting adb only, not any apps, makes it less secure? Use concrete examples, not abstract.

        • LiveLM@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          12 hours ago

          I can understand them not wanting you to root since their focus is security above everything else, but that bit about not supporting compiling from source is a bit sketchy 🤨

            • Limonene@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 hours ago

              They do provide instructions for compiling from source, they just don’t support you at all afterwards. If you compile GrapheneOS and put it on your phone, they say “you are not running GrapheneOS” at that point. Unlike Debian or Ubuntu, where every package can be replaced by a hand-compiled version, and it’s still Debian or Ubuntu.

    • GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      40
      arrow-down
      1
      ·
      15 hours ago

      No average person

      I hate this line of reasoning in all facets of life. And it does seem to appear in all facets of life.

      Nobody is average in every way. If we accept that it’s okay for every goddam thing to suit only the “average”, and to hell with everyone else, then nobody will happy in more than ~3-5 aspects of their life.

      • Kn3cHt@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 hours ago

        It’s not simply the average person it’s most people that don’t need this. For most people a custom rom adds nothing, most people barely change their wallpaper.

      • Crozekiel@lemmy.zip
        link
        fedilink
        English
        arrow-up
        7
        ·
        10 hours ago

        Yea. Why are there so many sizes of clothes anyway? The average person doesn’t need pants with a 44 inch waist. And so many food options? The average person doesn’t need anything more than nutrient rich gruel.

        • pirat@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 hours ago

          I assume that, for humans, the average number of legs must be a number below two since most people I know of have two, while some have one or none and only very few have three or more.

          I wonder how those 1.something-legged pants would look on all the people with different amounts of legs than that average number. Luckily, it seems it’s currently more common for clothing designers to snap to the normal (as in common number) rather than design for the average number. I guess people with less than two, or with prosthetics, can use two-legged pants to some degree, but with more legs than average, it seems, you’ll still be in trouble at the mall – unless there’s a skilled tailor in there too!

    • GreenShimada@lemmy.world
      link
      fedilink
      English
      arrow-up
      42
      ·
      17 hours ago

      We should start a co-op that buys advertising data on people that say stuff like this and then bombards them with spam that says “You have nothing to hide, [name]! You want everyone to know you love [advertising data entry tied to them]”