Kainer Weissmann
39.7K posts
@KainerWeissmann
A magic mushroom in the cow dung of the 21th century. Sound, Film, Web. PM8TJKCQQN6xrESHT8iVhTnv1YcRHZngPWpx3f4RvKtifci6bVQuxPkyrbf1YMoXskUYaEnKnqgj2ArEodCBeSX
Well. I hate to say it but while some of you were arguing about filters, the tradfi system has caught up and made surveillance money the default for AI. Painful own goal for Bitcoin. Colossal loss for freedom and agency.
We've written this post as a thorough debunking of extraordinarily inaccurate and misinformed claims being made about GrapheneOS. The main post making these claims is linked at the bottom. A growing number of our apps are built and signed separately from the OS to provide out-of-band updates. Each of these apps has reproducible builds. The official standalone releases are included in the OS rather than making separate builds for each device as part of building the OS. This is the standard and most sensible way to do things. It means the apps bundled with the OS are the same builds as the standalone releases instead of having two separate types of builds with two separate build systems. Both forms of building the apps are reproducible. It makes far more sense to use Android's standard app build system and tooling for standalone apps. It makes it much easier to work with them and for people to contribute. Needing to build apps as part of building the whole OS is a major barrier to contributions and can be avoided. Android supports out-of-band updates for the vast majority of the OS. These out-of-band updates are a major advantage over iOS. Many people aren't aware of how much can be updated out-of-band for Android. It's gradually turning into the entire OS having quite modular out-of-band updates which are fully compatible with the verified boot system. It still makes sense to have regular full OS updates which update all of the bundled components. A huge portion of Android is shipped as APKs which can be updated out-of-band. These can be built with the OS for simplicity but can also be built separately with their own standalone releases. If they have their own standalone releases, those are supposed to be bundled with the OS as a prebuilt instead of using a separate build system for the OS updates and out-of-band updates. It would also not be reproducible if separate build systems and toolchains were being used for both. An even larger portion of the OS can be updated out-of-band via APEX components which are an APK containing a structured filesystem with native libraries, services, data, nested APKs and other arbitrary files. Both APEX components and APKs are fully compatible with verified boot. GrapheneOS enables enforced verified boot for system APK updates rather than only APEX components. Android also has out-of-band updates to images via chained vbmeta (verified boot metadata) images. This works by having a hash of a key for chained vbmetas stored in the main vbmeta where each vbmeta has separately enforced downgrade protection via the secure element. GrapheneOS has very frequent OS releases and doesn't need out-of-band updates as much as the stock Pixel OS or especially the broader Android ecosystem. We mainly use out-of-band updates for our own apps with standalone releases and include the official releases of those in the OS releases rather than making separate builds. That's the way it's supposed to be done. Google Mobile Services Android operating systems use Google Play system updates providing APEX updates via standard builds from the Google Play Store. This provides monthly updates to large portions of the OS across devices regardless of their OS update cycle. We have no use for their approach since we have consistent OS updates which are more frequent than monthly releases. We could still set up out-of-band APEX updates to enable shipping an urgent for a specific component without an OS release but we don't currently use them as it would only save build time rather than improving usability. Android uses prebuilts for the kernels and Chromium WebView which are built separately from the OS. The expected way to bundle most apps with the OS is to have standalone releases with the official releases bundled with it. This is how the stock Pixel OS handles APK and APEX components updated out-of-band. It doesn't interfere with reproducible builds. Building, signing and shipping updates to the OS via modular components instead of building the entire OS for every change is going to be increasingly important as GrapheneOS scales up to a larger development team and a larger number of supported devices. It makes it far easier for people to work on smaller parts of the OS and we can release smaller updates for specific components. We're using it on a case-by-case basis for components we need to update frequently such as our GmsCompatConfig APK shipping the text file setting up most of our sandboxed Google Play compatibility layer shims. We also plan to start shipping GmsCompatLib as a standalone app but it was delayed due to banking apps wrongly believing updating it out-of-band was tampering. The claims which are being made in the linked post are extremely misinformed and backwards. They're attacking us for using approaches focused on security while claiming doing things in a far less secure way would be much better. The motivation for it is quite clearly promoting non-hardened operating systems through desperate attempts at misleading people about GrapheneOS with poorly informed claims. They're claiming we should be doing builds and signing on cloud servers because they believe having CI web interface is a substitute for third parties reproducing and verifying builds. We make all of our official builds on local infrastructure under our physical control for clear security reasons. Our app and OS builds are both reproducible. We're gradually working on turning reproducible builds into a more useful feature by setting up a system of having alternate build locations and a system for verifying the results match across our locations and also third party locations. Our App Store and System Updater are eventually going to support verifying builds based on other official and third party build locations. Moving our builds and signing to cloud infrastructure would not reduce trust in us but would greatly expand attack surface and how much needs to be trusted. GrapheneOS is a serious privacy and security project which is in the process of greatly expanding by hiring many developers and other people. We're improving our overall organizational and development processes as part of expanding. Expanding our use of out-of-band updates to the extent that it makes sense is part of this. x.com/TheVancedGamer…
🇭🇺🇪🇺 EU ramps up “disinformation” controls before Hungary vote Brussels and major platforms like Meta have activated DSA tools just weeks before Hungary’s elections. The system coordinates with fact-checkers and NGOs to limit what it labels “controversial” content. This goes beyond disinformation, allowing Brussels to sideline dissent and shape political narratives. Why it matters: unelected EU bodies could end up influencing the outcome of a national election. Source: European Commission, Ansa It, MCC Brussels, Democracy Interference Observatory
We shipped a lil something today: USDT Swaps ⚡💵 Lightning ↔ USDT. No custody. No accounts. No KYC. Move from sats to stablecoins in seconds, across a growing number of networks. 👉 beta.boltz.exchange 👈 Read the full announcement: blog.boltz.exchange/p/introducing-…
