GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 34 released: https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-34.See the linked release notes for a summary of the improvements over …
An anonymous person donated 39 ETH to GrapheneOS on February 12th. Value of ~$59k at the time and now almost $65k.Currently, all the developers we pay to work on GrapheneOS are directly funded with cryptocurrency donations. This donation will let us…
Vanadium version 110.0.5481.65 released: https://github.com/GrapheneOS/Vanadium/releases/tag/110.0.5481.65.See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.Forum discussion thr…
GrapheneOS version 2023021000 released: https://grapheneos.org/releases#2023021000.See the linked release notes for a summary of the improvements over the previous release.Forum discussion thread:https://discuss.grapheneos.org/d/3356-grapheneos-vers…
There are other kinds of ongoing malicious attacks on GrapheneOS including harassment/threats/doxxing targeting our project members and coordinated misinformation being spread across platforms by groups of people using a mix of legitimate and sockpu…
We could scale up server resources and add more servers but it'd be a very poor use of funds. Our services are already scaled up more than we need when not under attack. Only our update servers are ever overloaded with legitimate traffic and only du…
Cloudflare could protect our websites from these attacks but isn't usable for our other services and our users wouldn't be happy about it due to privacy concerns. We're more concerned with other services than the websites so that's not really on the…
We could do further tuning to reduce resource usage per connection combined with greatly raising overall connection limit. Could further reduce concurrent streams and per-IP connection limits. We'd only want to disable HTTP/2 or use very aggressive …
This time around, they exhausted the overall connection limit and started causing dropped connections, essentially creating downtime.HTTP/2 streams use comparable resources to an HTTP/1.1 connection so nginx has to count each one as part of overall …
We also added a large encrypted swapfile to each server:https://github.com/GrapheneOS/infrastructure/commit/b93695ecc4862d1bdba9dabd76f5ffcf5d154902We also reduced HTTP/2 multiplexing limit, per-IP connection limit, buffer sizes, etc. last time:http…
In September, a similar attack caused nginx's master process to be killed by the out-of-memory killer causing much longer downtime. Default systemd service lacked auto-restart since master process supervises workers. We fixed that:https://github.com…
Our website was targeted with a Distributed Denial of Service attack using HTTP/2 multiplexing within the 2 minute window from 2023-02-09T00:58:00Z to 2023-02-09T01:00:00Z. OVH detected it and enabled mitigation but enough went through to cause down…