Questionable: should've been replaced with an API call that shows user a pop-up like "do you want to change the default browser to $browser_name?". Rn it's just breaking stuff for the sake of keeping internet chromesplorer.
fl42v
joined 1 year ago
Meanwhile flatpack: (unverified)
Sending plain-text passwords is rather interesting, tho. Could've at least optionally encrypted 'em with a key derived from smth known by the user only.
FYI, not taking pride of using arch violates the EULA
So, as I've mentioned, you'll need another machine (I'd advice running Linux on it, but it's probably not strictly necessary)
The easiest route would probably be to run their all-in-one docker image. I believe, their instructions are rather straightforward. It would be enough to expose port 8080 only in the provided docker run command.
Then accessing from outside the local network may be accomplished via tailscale.
By default it will be accessible from within your tailnet only, but if it doesn't suite you (e.g. you want to use another VPN on your phone to hide your traffic from your provider or bypass regional restrictions) you can expose it to the internet via tailscale funnel.
So, regarding the account: it depends. AFAIK, there's no "graphene account" in grapheneos, but you can use the regular google account after installing sandboxed play services. Note: you don't have to, the only things from google I personally used were gcam (since their hdr+ thingy is quite good) and photos (since foss alternatives I've tried can't 3d transform), both without play services and internet access. On other roms there may be an optional account (ex, /e/os).
Applications: there's a messaging app (regular SMS) and gallery (not sure here, tho, mb there wasn't; once again I decided to keep using google photos), otherwise - nope. All can be obtained from f-droid/play store/aurora. Syncing probably needs to be done via 3rd party stuff (I'd probably go with self-hosted nextcloud instance, which can be done rather easily and for free with tailscale if you have a spare laptop/pc)
App installation: I personally went with f-droid plus aurora (since the proprietary software I use doesn't rely on play services other than for sending notifications, exception - gcam, but fixable with gcam services provider from f-droid with the caveat of not being able to use sandboxed play services due to the name collision). Idk how exactly sandboxed play services are "better" compared to f-droid, mb in terms of software availability? Otherwise I prefer f-droid since stuff there is Foss, trackerless and overall better audited (paste here the links to numerous articles about actual malware being found in play store).
Self-hosting nextcloud is relatively easy (I can drop some links later if you're interested), but you can also keep using whatever you used before. Also (correct me if I'm wrong) /e/ provides their cloud with some amount of free storage, so you may want to start with that.
Unlike arch that has no "stable". Yap, sure; idk what it was supposed to mean, tho.
Yea, but the move to verify the path seemed somewhat funny at the time. As for the second part - it's a shame, but expected: they need to re-compile like everything. So, I just decided to wait since all my machines are ssh-ible from VPN only
Incorrect: the backdoored version was originally discovered by a Debian sid user on their system, and it presumably worked. On arch it's questionable since they don't link sshd with liblzma (although some say some kind of a cross-contamination may be possible via a patch used to support some systemd thingy, and systemd uses liblzma). Also, probably the rolling opensuse, and mb Ubuntu. Also nixos-unstalbe, but it doesn't pass the argv[0] requirements and also doesn't link liblzma. Also, fedora.
For me it's not about efficiency (although tiling somewhat improves it) but rather basic comfort. With stacking wms windows constantly overlap each other, and then I have to constantly re-arrange them, alt-tab like 75 times to find the one I need, etc, and tiling does solve this issue pretty damn well.
I'd just wipe everything; also change the passwords to the accounts used during suspected infection, mb try to ask the cellular provider the SMS history in case it reset any passwords. Y'know, the usual stuff.
I mean, "if it doesn't suite your needs -- fork it" still stands. As for the lack of moderation -- that's applicable to the official instance, I guess? 'Cause it's like more than a half of all the users, so no wonder they can't moderate everything