All posts by year

Showing everything matching: clear

2021

Attacks on GrapheneOS by calyxos/techlore

19 Sep 2021
GrapheneOS calyxos techlore Attacks Malicious Misinformation

GrapheneOS is focused on substance rather than branding and marketing. It doesn’t take the typical approach of piling on a bunch of insecure features depending on the adversaries not knowing about them and regressing actual privacy/security. It’s a very technical project building privacy and security into the OS rather than including assorted unhelpful frills or bundling subjective third party apps choices.


GrapheneOS and CalyxOS are much different kinds of projects. CalyxOS reduces privacy and security rather than improving it. It’s not a hardened OS. They don’t have the kinds of privacy/security requirements for devices as we do.

CalyxOS already supports a less secure device than that where they relied upon a broken/incomplete verified boot implementation. The vendor made relevant fixes and then CalyxOS wasn’t able to ship the firmware security updates anymore. They didn’t tell users it was very insecure.

GrapheneOS is only supported for Google Pixel devices. The reason why Pixel phones are supported is because they are the most secure, and they are the only handset that allows non-vendor operating systems to use all the handset’s hardware security features, they are the only handsets whose vendors fully open source drivers, and make firmware source code available to people who ask for it, the only vendors that are diligent with security updates and upstream those updates.

Most OEMs are far less trustworthy than Google… OEMs cut corners on security and mislead users about it. That’s a problem. Doing better than Pixels is very hard.

They have the Titan security chip, insider access protection, and every single driver on the Pixels is open source.

The firmware for them is actually available, if you ask nicely enough. It’s just not open. Nor is it modifiable, because the firmware packages are signed and verified.

Other vendors simply do not do this, or they instead cripple the phones’ hardware security features if you want to run an operating system that doesn’t come from the vendor.

Making a device with comparable privacy/security is extremely difficult. It’s not something that most companies are interested in doing when they can just market their products as better without doing the work. Why invest a massive amount of resources?

Unfortunately, marketing is what matters to vast majority of people buying products based on privacy/security. Journalists and others repeat the marketing claims of companies without skepticism of fact checking. Most ‘secure’ and ‘private’ phones, OSes, etc. are worse not better.


GrapheneOS developers/moderators are being impersonated across different platforms (Matrix, Telegram, Reddit) as part of the attacks on the project. They’re copying our display names, avatars and usernames. Make sure to confirm it’s one of our accounts and not someone malicious.

This is one of the tactics being used to cause harm to GrapheneOS. See https://github.com/bromite/bromite/discussions/1186 for a particularly damaging past incident where they impersonated Bromite’s developer.

Happening more frequently now and multiple developers/moderators are being targeted this way.

People have fallen for this trick repeatedly and a lot of harm has been caused with it. It’s not going to keep working for them when they’re doing it so frequently. It’s unfortunate CalyxOS/Techlore have encouraged their communities to engage in these relentless attacks on us…

They’re developed a bunch of dishonest talking points their community spreads about GrapheneOS across multiple platforms every day. It happens on most prominent posts discussing GrapheneOS. It’s not simply their communities doing it. They’ve taught them to do it and encourage it.

It’s our rooms being raided, so it’s our rooms which end up being a mess from the endless trolling. We regularly refute the misinformation they spread with fact-based responses. Their response to that has been playing the victim and pretending defending ourselves is aggression.

CalyxOS/Techlore are involved in increasingly intense harassment and bullying targeting our developers. Henry (Techlore) and Nicholas Merrill have both been extensively involved in pushing the narrative that our lead developer is crazy to direct harassment/bullying towards them.

This is not simply their communities doing something without their approval. They not only approve of it and encourage it but have been the ones crafting most of the malicious talking points. They regularly encourage attacks on us and pretend us refuting those makes them victims.

We’ve been building archives of the underhanded by CalyxOS leadership/developers who claim to be uninvolved in it and by people they welcome in their rooms despite extensive involvement in harassment. They welcome people who have publicly told our developers to kill themselves..

They’ve seriously crossed the line in the past few months and we’re starting to more actively defend ourselves beyond just countering misinformation now and then. They can expect this to be brought up in any organization/project/conference any of them ever has any involvement in.

That’s what the archive of the attacks is being used for rather than fruitlessly trying to convince their toxic community to stop attacking us. They don’t realize it but these underhanded attacks on us have cost them substantial funding/support already and will cost a lot more.

Further raids, impersonation, and harassment/bullying will directly result in posting threads like this one about what’s happening. Each time there’s another escalation of attacks, we’ll be contacting multiple organizations, etc. about what’s happening. There are consequences.


Footnotes

  • add citations and sources
More...

Kelowna's downtown and waterfront photos!

22 Apr 2021
Articles Kelowna Photos

Kelowna is a city in the south of Canada’s British Columbia province. It’s in the Okanagan Valley, on the eastern shore of Okanagan Lake, surrounded by provincial parks, pine forest, vineyards, orchards and mountains. Its downtown area incorporates waterfront City Park and a lakeside cultural district. More than 20 local vineyards offer wine tours and tastings.

For more information about Kelowna, check out Wikipedia’s article.

A view of the Delta Grand, the Kelowna Yacht Club, the Lagoons, and the Dolphins Condos from Kelowna's City Park.

I’ve added some more photo’s below for you to check out as well. In the future I will be adding hiking trail routes and photos to go along with them.


Technical information:

All photos were taken on a Google Pixel mobile device, running GrapheneOS and using the Open Camera app with Camera 2 API setting enabled.

Photos are optimized1 for clearnet using jpegoptim and the metadata2 is removed with exiftool.

jpegoptim --size=1024k *.jpg && exiftool -all= *.jpg

Footnotes

  1. Source code for the jpegoptim utility to optimize jpeg files. Providing lossless optimization (based on optimizing the Huffman tables) and “lossy” optimization based on setting maximum quality factor. Manual for how to use use utility. Can also be accessed by doing a man jpegoptim from terminal. 

  2. Source code for exiftool. ExifTool is a customizable set of Perl modules plus a full-featured command-line application for reading and writing meta information in a wide variety of files, including the maker note information of many digital cameras by various manufacturers. There FAQ has some examples using terminal. 

More...