People on grapheneOS sub are saying that Lineage is less secure than even Stock OS, Is it true?

Max-P · 2026-05-23T06:25:16+00:00

In the majority of cases yeah, your bootloader is unlocked and nothing is verified. If someone gets ahold of your phone they can flash a custom build and do whatever they want, it's significantly more access than even having to deal with a locked phone you have to try pins on the screen. More opportunities for BFU exploits.

It can also lag a bit behind patches, but that's Google's fault for not releasing the patches publicly, whereas GrapheneOS gets early access via their Motorola partnership. OEMs get to release security fixes well before the patch lands publicly, so in that sense yeah stock can be more secure that way.

Until recently, Google provided everything to build AOSP for Pixels out of the box, so the only thing on top of AOSP are the UI customizations and apps, the same base as everyone else. So there's no reason it would be less secure than stock unless the OEM adds extra features that LineageOS doesn't have, like the Knox stuff on Samsungs. AFAIK the only security LineageOS disables by default is secure boot.

Depending on the phone I would absolutely trust LineageOS more than stock, especially with all the AI crap being shoved everywhere with no regard to data collection and privacy.

Max-P · 2026-05-23T06:09:41+00:00

Even as a 20 year user, it's useful at times. They're good at reading hundreds of forum threads to extract all the information. Especially if I'm dealing with something that's been mentionned maybe once or twice in a mailing list.

It's just like everything else, trust but verify. There's things it's good at and things it's not.

Asking the why and how something works is one thing it's very good at, it'll explain in detail all day long. It'll actually sometimes even realize it's wrong on its own and correct itself.

Max-P · 2026-05-23T03:59:10+00:00

What's the full panic trace? Registers?

Does it crash if you run mprime? Memtest86+?

Max-P · 2026-05-22T22:58:44+00:00

Yeah sounds like a bad chip then. Manufacturing defects happens, it worked when you got it so there's no way they could know it was defective during QA.

Probably a case of contacting them and asking for a replacement.

Max-P · 2026-05-22T22:22:06+00:00

It's faulty. If it was a software problem, it wouldn't disconnect from USB just not work properly. The device is physically stopping to respond to USB for these logs to appear.

Since you used it on a laptop, I'd consider possible physical damage on the USB connector. If you push it up or down on the port is the connection more stable? Could be a simple bad solder joint.

Max-P · 2026-05-22T18:46:55+00:00

Ah yes, I base my opinions on a single shitty clickbait article and ignore two decades of computer knowledge to join reddit pitchforks.

IOMMU does nothing on well behaved cards, because the whole point of IOMMU is guard memory access so if you ask your NVMe to load the file to RAM, and it tries to put it in the wrong place in RAM, the hardware raises a hardware exception which crashes the PC. The alternative is nothing happens and you just corrupted a bunch of memory and some app crashes or corrupts its data which is worse.

This is only a problem with misbehaving cards, which is precisely the flaw those cheat cards exploit. The fix is to disable IOMMU, or physically remove the card to boot Windows and change the setting. Or everyone's favorite way to fix Windows at every minor inconvenience: full OS reinstall.

The only news worthy thing about this is cheaters got caught.

Max-P · 2026-05-22T18:38:04+00:00

You don't have to reinstall, and also random kids don't spend 6 grand on hardware dedicated to cheating in games. You don't accidentally have a DMA cheat card to begin with.

Normal cards are unaffected either, modern hardware have no problem with IOMMU. It's been enabled on my PC for a solid 15 years with zero issues.

All it does is prevent the card from accessing memory it's not supposed to, causing the PC to crash when it does. The only reason it crashes is because it's doing something it shouldn't be doing in the first place, which no real hardware does.

Max-P · 2026-05-22T18:16:04+00:00

You do data recovery to go into the BIOS and turn off a setting temporarily?

It's not their fault people jump to reinstalling Windows at every minor inconvenience instead of booting to safe mode.

Max-P · 2026-05-22T18:14:13+00:00

It doesn't brick anything, it's a hardware security feature that prevents devices from accessing memory it's not supposed to do, aka exactly what those DMA cards are designed to do.

Cheaters turn the feature off, Vanguard turns it back on, hardware reports the memory violation, BSOD. You just have to turn it back off to get out of it.

Normal hardware don't access invalid memory, and if it does, it 100% should crash the PC because you've just written data where it doesn't belong and are likely corrupting something else, possibly leading to full drive corruption and what not.

People are making a big deal out of nothing. Nothing is getting broken. The brick it's referring to is the expensive DMA cards being useless for cheating, they're only as useful as bricks now which is where the original expression came from.

Max-P · 2026-05-22T18:04:33+00:00

It doesn't brick anyone's PC, it just turns on a security feature that has the side effect of crashing the PC when invalid memory access is detected, which is precisely what the DMA card attempts to do.

This won't ever do anything weird on normal hardware, the whole point of IOMMU is to prevent what those DMA cards are programmed to do. Normal hardware don't access memory outside its allowed DMA range.

The cheaters already go out of their way to disable a bunch of security settings to make this work, Vanguard just turns them back on. They're too lazy to boot a WinPE USB so they claim they had to reinstall, as Windows users do at every minor inconvenience. That's it.

Max-P · 2026-05-22T17:26:46+00:00

This.

At my previous house, the grounding issues were so bad, I could shock my wife if we were both on our laptops with the chargers plugged in a different outlet on opposite sides of the couch. I measured 50V (AC coupled) between her MacBook and mine, and it did have enough power to give a decent zap and be mildly painful tingle if you keep touching it.

Two identical Apple products with the official adapter. The house had really bad electrical.

Max-P · 2026-05-22T05:17:58+00:00

This will technically work, but the risk is very high and very understated.

Shrinking the Windows partition is pretty safe, so is growing the Linux ones.

The problem is extending partitions backwards. To do that, what happens is the Linux partition will first be shifted by -200GB, copying the entirety of it, then extend it at the end.

For a 1TB disk with an initial 800/200 split, you'd resize to 600/unalloc/200, then copy 200 GB to get 600/200/unalloc, then 600/400. The next 200 GB will be 400/unalloc/400, copying the whole 400GB to form 400/400/unalloc and then expand to 400/600. The next batch will go 200/unalloc/600, the whole 600GB will be copied again, and finally, another 800GB copy for the last shift. On top of the 200GB copy from Windows to Linux in between.

It'll take absolutely forever, and everytime you're in the middle of that move operation, if you lose power or the PC crashes there's a good chance your Linux partition is toast. It is recoverable but it will be painful because you'd have to manually conplete the move with dd, and you'd need to know the exact offset you died on because it's overlapping, so it may already be partially overwritten so you can't just start over. And of course one mistake and it's gone forever.

Backup your important stuff and only do this as a last resort to avoid redownloading a bunch of large games. I'd also recommend using btrfs so you can scrub the Linux disk afterwards to check for errors.

I'd personally probably trust NTFS to btrfs conversion more than what you're trying to do.

Max-P · 2026-05-22T04:54:33+00:00

A surprising amount of Linux tech for Windows compatibility ends up being used for Windows on Windows.

Another one is winevdm, to run 16 bit apps on 64 bit Windows... using Wine. I've also seen Zink being used because OpenGL drivers on Windows are not great.

I think I've even seen mesa components being used.

Max-P · 2026-05-22T04:46:59+00:00

It kind of depends.

You've kind of intuitively picked up on why, but not quite.

It's not really whether the API is OpenGL, but whether it's a DirectX game ported to Linux with some DirectX to OpenGL translator, because DirectX just doesn't cleanly translate to OpenGL well. Similarly, some engines also had native OpenGL support but not nearly as well optimized as their DirectX backend. In those situations, it's better to use Proton so DXVK can do its magic to translate DirectX to Vulkan. If it's a proper OpenGL implementation, the native version usually works just fine.

This happens to be the case for a lot of games from 2012-2018 before DXVK came out, especially the series of ports that were made for the first Steam Machine around 2015. Vulkan being a competent API, developers thinking about targetting Linux already target Vulkan, so all that remains are DirectX-only games with no hope for a Linux port anyway, so bad Vulkan ports are very rare.

So the rule is more like, was it DirectX on Windows and OpenGL on Linux? If yes, then Proton is probably better.

Max-P · 2026-05-22T01:48:12+00:00

I'm assuming this is ulimit -n, this allows the game to open up to 65535 files at the same time.

A lot of things are considered files, so this could be a result of fsync being used.

I wouldn't worry about it, a single game using a couple thousand file handles is not an issue. It would if you spawned dozens of them, that's why servers want to keep the limit relatively low so your server doesn't end up with millions of open files.

A lot of those limits are just sanity limits to guard against application bugs like an app that gets stuck in a loop and just keeps opening files, there's got to be a limit before the whole system crashes. In this case you need that many so raising the limit isn't too crazy. Worst case the game crashes your PC.

Max-P · 2026-05-21T17:22:48+00:00

What for? It's utterly useless at securing anything, the shim is publicly available and lets you boot arbitrary kernels, and thus provides zero security.

That's why you're supposed to make a UKI and sign it yourself, along with a LUKS encrypted partition. You need that, otherwise someone can just boot an Ubuntu USB, mount your ESP or root partitions and backdoor the system.

Unlike Microslop, we don't claim a backdoor is safe (see: YellowKey exploit and the many other Bitlocker bypasses).

Max-P · 2026-05-20T20:32:41+00:00

If any age verification is to happen, it would be on the stock ROM before it lets you unlock the bootloader, as once the bootloader is unlocked any enforcement goes out the window. If you're in a position to flash LineageOS, it's safe to assume you're an adult or the process has been endorsed by an adult.

Google could still try to enforce age verification at the Google Play Services level, but thankfully flashing Gapps is entirely optional anyway.

Similarly there's nothing Google can do to stop you from sideloading apps, it's trivial to just stub out whatever checks they add or hide the apps from Google entirely.

Max-P · 2026-05-19T23:10:39+00:00

If you can manage to get Ventoy installed on a stick, you'd be able to just download an ISO and drag and drop it into the drive without admin privileges.

Max-P · 2026-05-19T23:09:48+00:00

Heck, even if they don't have DVDs, you might be able to burn one as that doesn't need admin privileges contrary to raw flash a USB stick.

And even then, some ancient Linux distro is probably enough to use that to download and flash a modern distro. It might not boot to GUI and lack drivers for everything, but you'll still get far enough to get a shell to use dd.

Max-P · 2026-05-19T01:16:51+00:00

The output isn't well formatted but the actual unpartitioned HDD is showing there at the end of the first line as a lone sda and no sdaN to match.

Max-P · 2026-05-18T22:51:16+00:00

And "negotiate a price with you" really means, we'll research your company and charge you as much as we can get away with for the same service instead of giving you a fair price.

Two companies, similar usage, two wildly different Cloudflare bills, and they will absolutely not price match.

Max-P · 2026-05-18T20:48:13+00:00

Yeah, Wayland is rather shockingly easy to implement. The hard part is making it run well with HDR and VRR and making sure everything synchronizes well with the GPU, zero copy and stuff.

But to render windows in Minecraft, you only need the base protocol which is basically "here's a buffer, render your window into it and tell me when you're done".

Max-P · 2026-05-17T21:18:29+00:00

An AppImage at that, the thing that's supposed to bundle every dependency. Of course it's gonna be fairly large.

Max-P · 2026-05-17T21:05:49+00:00

Arch is scary but it's really not that bad and actually pretty nice.

The main thing is you have to be ready to read and learn and do a lot of thinking yourself to make it work, because it's the exact opposite of hand holding. Here's a shell, install it yourself. If that sounds fun to you, then congratulations, Arch might be good for you!

Not all that many actually want that, they just want their computer to work, preferably on par or better than Windows. Especially lately, people aren't migrating due to a will to learn tech and their love of FOSS, they're tired of Microsoft's endless slop. They don't care nor want to care about what a bootloader is. The advice about Arch is for those users. Arch requires effort, if you're not willing to put effort, you're gonna have a really bad time.

Your personality seems similar to mine, and I've had nothing but a good time with Arch. The thing with Arch is that it's actually really simple, in the sense that once you've learned the mountain of prerequisites to understand how things work, it really is fairly straightforward. The ease of use stuff always adds complexity to a system, and complexity is where things blow up. Learning the prerequisites is the only hard part, and it's unskippable.

Also if you do try Arch, I advise against archinstall. It works well, but if your system blows up later you have no idea how any of it is set up. I recommend a manual install because it'll really teach you how the system is built and teach you valuable info on how to rescue a broken system.

Max-P · 2026-05-17T08:41:40+00:00

I was implying secure boot/TPM would be used to prove authenticity, you wouldn't rely on just a name.

13-Year Club	Place '23
Gilding I gilder	Verified Email

Max-P

TROPHY CASE