Upgrading/reinstalling some company specific software (it's an absolute mess, we essentially build our own tools for everything in C++, there's probably a quadrillion memory vulnerabilities and the software crashes all the time), because random people on the Windows team have been tinkering with the config over the years, and now essentially everything is broken and has to be reinstalled. We have been shipping newer versions of our software to customers than we were running internally... (of course it was tested in the staging environment, but our prod was pretty unmaintained and messy) I'm so glad that I'm usually on the Linux team... I was a software engineer before, but I was tired of C++ and the weird way we do things, so I was probably the first one who asked to move to the newly formed Linux team, when we started slowly migrating away from Windows around 6 or 7 years ago. Unfortunately like half of the Windows team recently quit or was laid off, so they had to find someone who could do this. Since I was a dev before, I'm quite familiar with our internal tools. I'm now working with 3 Windows guys on fixing this insanity. The entire process is not quite as bad as it sounds, but I really don't want to touch a Windows system ever again in my life.
Can you elaborate on MicroG needing root? To my understanding that is only required on ROMs that don’t require Sig. Spoofing, and Calyx does support it, specifically and only for MicroG.
I'm not entirely sure if all of microG needs to run as root, but I'm pretty sure that some parts do. Nonetheless, microG runs in the priv_app SELinux domain instead of untrusted_app, reducing the isolation and granting it more access to sensitive APIs. Sandboxed Google Play on GrapheneOS on the other hand is a normal application that can be installed and uninstalled by the user, running in the untrusted_app domain. It is tightly controlled by the Android permission mechanism, and doesn't have any permissions by default.
If you only care about security, you should keep Play Services isolated in a separate profile. That way, even if there happens to be a memory corruption vulnerability in Play services, which isn't caught by hardened_malloc or the hardware MTE in newer devices with ARMv9 chips, the rest of your system would still be safe, since Play services aren't running as root, and in order to compromise the entire system, there would need to be a privilege escalation vulnerability in all of Android, not just Play services.
And you know what helps reduce risk of exploit? Smaller codebases.
Why does CalyxOS include the F-Droid privileged extension then? It's yet another component running with elevated permissions and unnecessarily increasing attack surface. Why does it include Google's eUICC component with elevated privileges and no proper sandboxing?
Ideally, they wouldn't keep logs at all. But even if they do, they are pretty much useless. The only real piece of information included there would be your IP address, which you can mitigate by using a VPN or TOR.
300kg of Plutonium
Emulators exist... ...oh wait... FUCK NINTENDO
I love their exclusive titles, but their hardware, and the way they deal with emulator developers make me want to throw up
Probably the walls. Without them, the ceiling would collapse and everything in the room would be useless.
And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies
Ok let's assume this is true, and US intelligence agencies have actually backdoored all US phone manufacturers. What about foreign phones? If this was true, someone the NSA is interested in could just defend themselves by e.g. buying a Chinese phone. All this effort, just to be defeated by foreign phone manufacturers? It wouldn't be worth it, which is why it's so highly unlikely.
I think I found it https://discuss.grapheneos.org/d/12019-passkeys-as-mfa-on-grapheneos-a-guide
It might also be this one, I don't remember https://discuss.grapheneos.org/d/8184-graphene-os-3rd-party-passkey-support-on-android-14
Just about all of your identifying data is stripped out by the framework before interacting with Google at all
For all of them, we strip device identifier (MAC addresses, IMEI, etc)
This is literally nothing special, as all user-installed apps are denied access to identifiers like the IMEI and MAC address since Android 10. Since GrapheneOS isolates Play services in the Android application sandbox, they don't have access to any of these identifiers either.
I’m not too worried about memory exploits as I don’t really install apps
That's not how memory corruption exploits work. These can occur anywhere in the system, and just need to be triggered by an attacker. This doesn't require you to install an app, receiving a rogue message might for example be enough to exploit a memory vulnerability in the SMS app. Visiting a rogue website, which loads malicious JavaScript can be enough to trigger a memory corruption vulnerability in the Chromium WebView. That's why GrapheneOS doesn't just use hardened_malloc, but it also disables the JavaScript JIT compiler in Vanadium by default, and offers a toggle in the settings to disallow JavaScript JIT compilation in all apps making use of the system WebView component.
Wait what? Is that actually true? What if you are a foreigner visiting the US and bring your e.g. Oppo phone with you? You can't use it? Even with a foreign SIM?