Graphene here as well! I gave them that feedback in the support email chain… no reason to allow this setting combo without a warning. Also not clear why split tunnel doesn’t remedy this, I would have thought apps excluded via split tunnel would be exempt from the VPN while it is connected and Kill switch is active (although obviously it makes sense that nothing is excluded when kill switch activates on vpn disconnect)

Right, I don’t want to either… But apparently split tunnel doesn’t work as I expected, since Kill Switch still affects apps that are excluded in split tunnel

Interesting! I have heard of gluetun but never tried it. What about the mobile scenario? In this case I was using Jellyfin client on Android to access the server on my PC

deleted by creator

My experience so far as a new user, which might be a little redundant but here goes:

• Overall, there is a balance to work out between security, decentralization and FOSS, and anonymity.
• for the average user, using sandboxed google play is pretty much essential. Otherwise you’ll spend days trying to figure out why you aren’t getting notifications, why certain integrations aren’t working, etc. Notifications especially are just painful without google FCM. HOWEVER, I do not believe it is mandatory to sign in to your Google account for notifications to work, so you could in theory avoid signing in at all and still take advantage of FCM.
• multiple profiles don’t make sense for my use case (and possibly most people). Graphene does advertise the use case of having banking apps on a separate profile, but after attempting to do just that I believe it is a very niche use case that would actually benefit from it. Obviously a great tool to have for privacy and security, but not something you’ll went to use everyday.
• For the move away from Imessage, it is indeed kinda painful and still ongoing. The simple fact is that people are super weird about switching from I message, and honestly going straight to Signal was a no-go for many of my contacts. I’ve had to settle for WhatsApp, Telegram, and even Discord… I just have had to accept that the transition will take time. I’ve weighed that privacy issue against the privacy gain of GrapheneOS itself, and the benefits of supporting a 3rd party OS option, and I still believe using Graphene is better overall. And, once people get used to using a 3rd party app vs Imessage, in a couple years the jump to Signal will be no problem at all.
• banking apps are super painful. That being said, here is an opportunity to vote with your wallet… Support apps that don’t require invasive system access for “security”. For me, the biggest eye opener was that there are NO GENERIC THIRD PARTY TAP TO PAY PROVIDERS IN THE US. It is only Apple Pay, Samsung Pay, or Google Wallet. And, as is pointed out on the Graphene user guide, 3rd party apps are allowed to implement their own NFC payment system, but the extremely vast majority simply choose to use Wallet or Apple Pay. This is obviously rather scary as more and more retailers use these systems, and I’ve realized I would gladly support and use any alternative at this point. Without Graphene, I would have never even thought about it.

Seems like it needs a good old fashioned review bombing… https://www.amazon.com/Unhumans-Secret-History-Communist-Revolutions/dp/1648210856

What are you using for the Unified Push setup? I tried using ntfy and could never get notifications to come through on GrapheneOS

I am so old

Or during, and with open source it could have been possible for independent fixes to have been created as people figured out through trial and error. Additionally, something like this would have cost Crowdstrike a ton of trust, and we would see forks of their code to prevent this from happening again, and now have multiple options. As it stands, we have nothing but promises that something like this won’t happen again, and no control over it without abandoning the entire product.

Nah Conquest of Bread is not really that technical haha, and also rage inducing so should be a good combo 😂

If it works on chromium I’d consider that even if it is a quirk on the bank website, chromium is handling it cleanly and allowing you to use the site. That’s something we probably want incorporated in Firefox. I’d encourage submitting the bug report to Mozilla, and don’t assume too much about what they can/cannot do!

I think the key part here is that it’s a guess on your part whether using Firefox is the cause. Do you get any specific error when using the website? Or does something just “not work”, such as you click a button and it does nothing?

Also, I’ve run into stuff like this before, and my best bet has been to be flexible about using other browsers to work around issues. I would suggest testing the banking website with Chromium (or even Chrome). If it works, file a bug with Mozilla (https://support.mozilla.org/en-US/kb/file-bug-report-or-feature-request-mozilla) and just use Chromium/Chrome for only that website until the bug is fixed.

This will allow you to still do business, while still participating in open source via a helpful bug report that could end up benefitting others as well.

Holy enlightened centrism… this guy is exactly the kind of both-sides-ing “undecided” voter that conservatives utilize to achieve the ratchet effect and stop any meaningful progress dead in its tracks.

Because beginners have no idea about OS architecture concepts. If they are a true beginner coming from Windows or MacOS they may not understand things like the Linux boot process. Of course they can read the Arch install procedure which I’ve heard is excellent, but many people are easily intimidated by documentation and often view computers as a tool that should just work out of the box without them needing to understand it. Mint is an attempt at making that happen. Obviously, once you start to modify your Mint install alot you are going to run into issues, and a highly modified or customized system is where distros like Arch and Tumbleweed actually become easier to maintain. I’d argue Mint is a natural first step to the Linux pipeline. People who only need a web browser will probably stop there, while others will continue to explore distros that better fit their needs.

Thank you!

What did you have to change for VRR? I’m also having an issue where I need to force the EDID and haven’t been able to get VRR

So, basically shitposting poisons AI training. Good to know 👍

Fairly simple explanation by arstechnica: “The malicious versions [of xz], researchers said, intentionally interfere with authentication performed by SSH, a commonly used protocol for connecting remotely to systems. SSH provides robust encryption to ensure that only authorized parties connect to a remote system. The backdoor is designed to allow a malicious actor to break the authentication and, from there, gain unauthorized access to the entire system. The backdoor works by injecting code during a key phase of the login process.”

Also from the article, you should check if your distro is offering a downgrade from the affected 5.6.x packages. Right now the exploit is not fully understood. For example, openSUSE recommends a full reinstall of Tumbleweed if an SSH server was enabled, just to mitigate risk.

https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/

https://news.opensuse.org/2024/03/29/xz-backdoor/