Graphene is not a consumer brand and they do not intend to be a consumer brand. They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do. That will absolutely limit their scope and reach, but it also allows them to focus on the one thing they’re trying to do without making compromises.
For contrast, Signal is a very secure messenger which also wants to be user friendly so as to get the largest user base they can, which leads to all kinds of compromises - everything that’s come out that looks like a vulnerability in Signal originates in some feature or capability added to make the product more user friendly. Graphene will not make those trades.
Neither approach is de facto right - they spring from fundamentally different philosophies on how to maximize user safety, and both have been extremely successful in their missions, but you’ve gotta recognize what you’re looking at when you look at Graphene.
> They do one thing: make as secure a phone OS as they can. That’s it. If you’re expecting them to do anything in a friendly way, it ain’t gonna happen, that’s not who they are or what they do.
These things are not mutually exclusive:
You can make a great technical product while being friendly. You can make a great technical product while not being friendly.
You can make a compromised or flawed technical product while being friendly. You can make a compromised or flawed technical product while being unfriendly.
This comes up pretty often in other HN threads, unrelated to Graphene. There's this weird personality type who insists that they aren't legally obligated to be friendly or nice or pleasant, therefore it's fine for them to be unfriendly or jerks or unpleasant.
GrapheneOS needs to defend themselves. There would be more time for other types of posts other than defensive ones if they did not have to defend themselves.
As a community organizer for systems programmers: welcome to my world! I've finally made some headway after a decade, helped by the mass layoff apocalypse. (Turns out social skills help you stay solvent.)
Actually, you can't make a great product if you've alienated your allies, because all successes are intrinsically social, from the iPhone to Python to even the processor itself.
Going it alone is that nineties libertarian romanticism, a persistent self-destructive tendency that in present market conditions is unsustainable
If they were doing that one thing, they would not have posted this. It's fine not to market to consumers, but this raises additional concerns about the founder's judgement. Someone else claimed that they deleted update signing keys for copperhead devices. That's seriously concerning if true; possibly bad enough to switch away from grapheneOS.
He deleted the signing keys because it looked like the other owner of Copperhead OS wanted to make the signing keys available to government agencies and/or criminal organizations. He deleted the signing keys to protect their users against malicious updates, which is the right thing to do and should increase trust in him and the project.
It's worth actually reading the linked post. Relevant segment:
In 2018, matters between Micay and Donaldson came to a head over Donaldson’s desire to pursue business deals with criminal organizations, and his attempts to compromise the security of CopperheadOS, including by proposing license enforcement and remote updating systems that would allow third-parties to have access to users’ phones. As part of this process, Donaldson began to demand that Micay provide Donaldson with the “signing keys” - i.e. the credentials required to verify the authenticity of releases of CopperheadOS. Donaldson advised that, in order to secure certain new business, potential customers required access to the Keys.
The keys had been in continuous use by Micay, in his personal capacity, since before the incorporation of Copperhead. However, more importantly, any party with the keys could mark malicious software as “authentic”, and thereby infiltrate devices using CopperheadOS.
Micay was unwilling to participate in that kind of security breach. Since Donaldson had control over certain infrastructure for the open source project, he would be able to incorporate (or hire others to incorporate) the privacy-damaging features described above for all future releases of CopperheadOS. Micay therefore deleted the keys permanently and severed ties with Copperhead and Donaldson.
Ah, thanks for setting me straight. That's reassuring. I think I would still have more respect and trust for GrapheneOS if they either didn't respond, or struck a more neutral tone; but that's more subjective.
Is it that Donaldson wanted to pursue deals with criminals or he wanted to backdoor an OS for a defense contractor or that he was a government spy? From the article it seems like none. Claims need receipts or they are blind assertions.
Me? I was a CopperheadOS user from the 2021 rebuild era before GrapheneOS existed in its state. All I've seen from GrapheneOS and Micay are claims without evidence and over-moderation of points they don't agree with.
GrapheneOS has never concealed this information, it has been publicly accessible on the GrapheneOS website for years, as an article describing the projects history. https://grapheneos.org/history/
Deleting signing keys under threat of a hostile takeover is the responsible thing to do.
It's not just about being friendly. If they have a bubble around them of employees, true believers, and people just afraid of speaking out that chills free expression of criticism, the truth has trouble getting out, which hurts trust.
Maybe true, but but the flip side is that sometimes what is called an attack is actually criticism. That's how it appears to a lot of us from the outside.
GrapheneOS wants to post more positive things, rather than just defensive replies. But they have very little choice in the matter. If the inhumane levels of attacks werent happening, they would have more time to discuss future features, how they choose to approach features, etc. But ignoring the attacks only make it worse. The suggestions to ignore it, even if genuine, arent helpful.
It may be the case that Daniel and the project are so under siege that they need to take a hostile attitude toward some of the people they interact with as a matter of self preservation. They may have no other option. But taking this posture while also being fair to all of the people around them (i.e. some people who aren't actually attacking them) may be difficult or even impossible. I can see this behavior in myself sometimes. I just don't have the energy to be fair. "F U".
I wouldn't want to see friendly corporate slop either. I appreciate how down to nuts and bolts the communiques are on Mastodon and how deadly serious they take everything. That part of the communication style makes me trust them more.
I think a good step in the right direction might be acknowledging that being defensive necessarily leads to erring on the side of assuming bad faith rather than good, which leads to some mis-judgements. So far you said that GrapheneOS is open to all criticisms, which (though I haven't followed the space very recently so my memory on specifics is hazy) just does not seem to match my interpretation. I think that if we were having this conversation on Twitter or Mastodon, Daniel would have blocked me by now (if he hadn't already blocked me years ago).
People can accidentally be spreading attacks with loaded/presumptuous statements even when their intentions are pure. Unfortunately, pure intentions can still cause harm that needs to be countered.
Take your reply as an example, the GrapheneOS accounts are managed by multiple people, so the fixation on one specific project member may not even be accurate to the discussion. Having ones character attacked is immensely harmful on its own, but being attacked for something one may not even be doing is also immensely harmful.
The unfortunate reality is that people tend to believe the first thing they read, and without something countering it, will roll with it, intentionally or otherwise. So countering misinfo efficiently and quickly is vital.
All the stuff about members of our team not being stable is ridiculous and only works in favor of people or organizations that don't like us or want to damage GrapheneOS.
GrapheneOS has multiple people helping out. Many developers as well as people who help out with non-development work. It's a big claim to say that the whole team is unstable.
I'd suggest reading the article again. Considering the situation, the party about deleting the keys should be a good sign for anyone reading it. It shows that the project's leadership cares about doing things the right way. Members of the team are similarly dedicated to helping build and support an OS that improves people's privacy and device security, not to scam users by making a flashy product and rake in cash. Or, in Donaldson's case, work with shady companies and even possibly criminals.
Privacy and security projects like GrapheneOS are important considering the political landscape these days. People really need to stop repeating inaccurate claims about us, like that we're criminals, unstable, crazy, etc.
> It's a big claim to say that the whole team is unstable.
I didn’t claim the whole team was unstable.
> only works in favor of people or organizations that don't like us or want to damage GrapheneOS.
Then I’d suggest stop shooting yourselves in the foot with personal rants published as public communications. If you genuinely feel you’re doing important work, then why wouldn’t you take your public communications seriously and behave maturely, as an organization?
> A wealthy nation-state with a sufficiently motivated voter base could certainly build up a meaningful competitor to TSMC over the course of, say, a decade or two (or three...).
TBH I think the bigger problem for how we teach kids are twofold:
1. There's a right answer to every problem in school
2. If you got it wrong, that's bad, and you did bad.
The pattern I've seen from younger people these days is a learned helplessness, where there's no room for them to be creative in school, and any attempt to do so runs the risk of failing an assignment, getting a B, missing out on Harvard, and spending the rest of their lives poor in a ditch, or so they're told.
One place I've seen people get caught here is when they don't actually have the information they need to solve the problem - when they don't understand the problem space well enough, or they don't know the boundaries of the systems or technologies they're using well enough, or there's unanswered questions. At that point, I've seen people dig into research projects and 15 page design document discussions that would all be obviated by a day or two of just doing the thing and seeing what happens.
My understanding is that was the actual point of "move fast and break things" - gain knowledge by trying stuff to help you make better decisions, even if you make a mistake and need to roll back or fix it. The art to this is figuring out how to contain the negative consequences of whatever you're testing, but by all means, experiment early to gather information.
I've stated it to mentees as "don't be afraid to start a fire as long as you know where the fire extinguishers are" - it's OK to fail in the service of learning so long as you fail in a contained way.
Fun fact: Neanderthals actually had larger brains than Homo Sapiens! Modern humans are thought to have outcompeted them by working better together in larger groups, but in terms of actual individual intelligence, Neanderthals may have had us beat. Similarly, humans have been undergoing a process of self-domestication over the last couple millenia that have resulted in physiological changes that include a smaller brain size - again, our advantage over our wilder forebearers remains that we're better in larger social groups than they were and are better at shared symbolic reasoning and synchronized activity, not necessarily that our brains are more capable.
(No, none of this changes that if you make an LLM larp a caveman it's gonna act stupid, you're right about that.)
Bigger brain does not automatically mean more intelligence, but we have reasons to suspect that homo neanderthalensis may have been more intelligent than contemporary homo sapiens other than bigger brains.
You can't draw conclusions on individuals, but at a species level bigger brain, especially compared to body size, strongly correlates with intelligence
This is the other side of the coin of Uber violating state and local regulations for the better part of a decade to get their business off the ground or HSBC laundering money for the cartels.
A weird part about the modern world is that a cell phone is incredibly cheap compared to shelter, food, or just about anything else. You’d be surprised how many homeless folks have phones.
Astronauts are, as a group, extremely risk loving. Every single person who signs up to go into space knows what they’re signing up for - they’ve spent their entire life working for the opportunity to be put in a tin can and shot into orbit atop a million pounds of explosives. There’s a very valid critique that NASA has become far too risk averse - we owe it to the astronauts to give them the best possible chance to complete the mission and make it back safely, but every single person who signs up for a space mission wants to take that risk, and we don’t do anyone any favors by pretending that space can be safe, that accidents are avoidable, or that the astronauts themselves don’t know what they’re signing up for. A mission that fails should not be considered a failure unless it fails because we didn’t try hard enough.
My father, who flew combat missions for the Navy in Vietnam and then became a test pilot, told me after the loss of Columbia that if he had had a chance to make that flight and spend 7 days in Earth orbit, even knowing that he'd burn up on reentry, he'd have done it.
1) Eventually you will die, no matter what. It can be the most mundane thing. Slipping on a ketchup splatter can cause great damage for example.
2) It's a profession where you intentionally kill people, so, that changes the calculation for your own risk.
3) It's a unique opportunity.
(and potentially)
4) Gives a sense of living / be in history books for his family.
So you have a possibility of a guaranteed exciting life for a death that you anyway will have, but doing something you love, it's not too bad.
This is one of the things that’s deeply challenging for biology and biochemistry - it’s extremely resistant to the sort of reductionism that works so well for other fields. It’s rare to find a single compound, a single species, or a single pathway that’s responsible enough for an effect to show up in studies of the sort of power that one can muster without a ton of time and money, and as soon as you try to capture synergistic effects, you hit a combinatorial wall quickly. In microbiology, for instance, colonies of different bacterial species are the norm, not the exception, and metabolic pathways that span multiple species are common to the point that trying to isolate a given species’ contribution can miss the effect entirely.
> metabolic pathways that span multiple species are common to the point that trying to isolate a given species’ contribution can miss the effect entirely.
So, a metabolic pathway is the set of steps by which an organism converts one molecule into another - this can be by splitting a molecule into pieces, by adding or removing an atom or small group of atoms, or by combining two different molecules into a larger or more complex one. By way of a very, very simple pathway, your body breaks down ethanol (alcohol, C2H5OH) by first removing a hydrogen (and causing the oxygen to double-bond to the carbon) to create Acetaldehyde, CH3CH=O, and then oxidizing that by swapping the H remaining on the second carbon for an OH to create Acetic Acid, the primary component in vinegar. So, when we say your body metabolizes ethanol into acetic acid, we're talking about a two step metabolic pathway.
Bacteria can stash intermediate pathway results outside of their cell wall for various reasons (sometimes the chemical environment is more amenable outside the cell than inside, sometimes buildup of the intermediates can disrupt other processes, sometimes that's just how it happens - biology is weird), and very often what you'll see is that a multi-step metabolic pathway can span across multiple different organisms - so, species 1 takes up a starting material, performs a handful of modifications, and then excrete the results outside the cell wall, and then another species will take up that substance and perform additional modifications on it, and this can run through several species before reaching the terminal state in the pathway (including the first species again). This works because each bacteria can have different enzymes and different internal chemistry which can affect how easy or likely a reaction is.
Nitrogen fixing is a notable example of this - it's not just one species in the roots of legumes responsible for taking N2 and converting it into ammonia, there's 6 or 7 that take part in that pathway.
I think author is saying that you ingest compound A, microbe 1 eats A and secretes B, microbe 2 eats B and releases C. C happens to do <positive thing>. You could imagine parallel pathways where maybe microbe 2 only works if it is in the presence of microbe 3.
Meaning everything is a mess to try and disentangle.
I run both (LS on Mac, at least), they do different things - pi.hole is a great ad blocker which applies to all of the devices on your network. Little Snitch is doing something different - it tells you every call that every app you use is making, and allows you to approve or deny each one. So, you can block telemetry for apps, or you can block certain apps from contacting certain servers, or you can just use it to watch what apps on your system are calling out to where.
To clarify, I'm aware that pihole is not intended to run on a client OS, and doesn't monitor at a process level. I'm focused on the intended effect rather than the process itself (blocking malicious/ad servers). And I think I framed my initial question incorrectly as if LS and PiHole as subtitutes. It's perfectly fine and even preferrable to use both as layered protection. I'm just thinking however when it comes for bang-for-buck it seems like PiHole is the better value proposition if you could only set up one.
pi.hole is primarily billed as an ad blocker, but the fundamental way it works is by applying a curated set of DNS lists that are blocked (commonly telemetry and ad servers), and the admin dashboard which is just a web page (therefore works on all platforms, smartphones included) will do the same thing: it tells you every call that every app on every device on your network is making, and you can approve or deny it. You can curate your own list as well and block servers/connections you don't want on the network.
LS afaik operates in the same area where it's intended to be used for privacy. I guess I could see it being useful for people who don't have admin access to their router, but for people who do have such access I would think the benefits of network-wide DNS monitoring/blocking would outweight the costs of having to configure your router settings.
Yeah, if you're just looking for ad blocking, you're right, pi.hole is the better bet.
Little Snitch is intended for per-process, per-connection blocking - for example, you may need, eg, an Instagram uploader app to contact Meta's servers, but an unrelated app should not be able to (and even in the case of the hypothetical IG uploader, you can get very fine grained about the controls - media.facebook.net, not telemetry.facebook.net). In that way, LS does have some advantages over pi.hole in that space - You'd need to set up every single item that you normally get for free from a blocklist, but it gives you much finer control over what's getting blocked and much better visibility into what connections your processes are trying to make.
Again, I don't think Little Snitch is the right answer if you're looking for ad blocking specifically, and if that's the extent of your privacy concerns, pi.hole's a better bet. Little Snitch is a per-application connection monitor and firewall - it _can_ block ads, but that's not its primary purpose.
LS seems to not be claiming any security promise on Linux because it can't make any guarantees given eBPF limitations. But the entire purpose is different and there is very little overlap in my view. PiHole is entirely (I think?) just applying the blocklist made easy. LS allows you to build the blocklist in real time.
I would guess that to the extent the blocklists include things that are loaded by applications and not websites, they are almost entirely built by users of something like LittleSnitch or OpenSnitch. This is also entirely doable with wireshark logs, but I think that requires more infrastructure to build into usable lists.
For contrast, Signal is a very secure messenger which also wants to be user friendly so as to get the largest user base they can, which leads to all kinds of compromises - everything that’s come out that looks like a vulnerability in Signal originates in some feature or capability added to make the product more user friendly. Graphene will not make those trades.
Neither approach is de facto right - they spring from fundamentally different philosophies on how to maximize user safety, and both have been extremely successful in their missions, but you’ve gotta recognize what you’re looking at when you look at Graphene.
reply