Develop Bugs

VPN (via tap)

Hey,
Does anyone know if there is a working TAP implementation for connecting to a VPN server on android. I know the API doesn't support it, but I thought there might be a work around. Root is acceptable.
Doing a search for "TAP" and "android" together is futile, since tap is also a verb described how you interact with your device. It's very frustrating.
Thanks,
-PW

Perhaps try searching for "tun", as they're often listed together?
With the numerous types of vpn endpoints, you may find better answers from people if you clarify what you're attempting to access (cisco, openswan, etc)
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html

spycedtx said:
Perhaps try searching for "tun", as they're often listed together?
With the numerous types of vpn endpoints, you may find better answers from people if you clarify what you're attempting to access (cisco, openswan, etc)
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html
Click to expand...
Click to collapse
I'm trying to access a openVPN server that is set up on a remote host. These are not public services. The "endpoint" is usually on the same hardware as the gateway of a particular LAN, but can occasionally be a node behind a NAT firewall. These are set up by my employer.
The reason we use tap instead of tun is because we need to monitor broadcast traffic on the remote LAN. Tun clients are supported on the android API, but Tap is not supported officially. I was asking to see if anyone found an unofficial way to do this. So far, I've only come across one solution that was apparently broken with newer versions of android.

What solution was it you found that's now broken? Did they remove tap from the newer kernels? Could be an easy enough fix for one of the custom kernels to patch back in.
I haven't used openvpn since 2.something, and I recall it working well, once you got the proper iptables and such patched in. So, I'm asking and following from curiosity.
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html

Media Volume Gestures

In LineageOS blog they report "Two new touchscreen gesture options have been added for lowering and raising the media volume". Did anyone find that feature?

Yes, in changes of latest nightly :
https://review.lineageos.org/197293
I did the upgrade and I don't find this new feature in android parameters.

kurtn said:
In LineageOS blog they report "Two new touchscreen gesture options have been added for lowering and raising the media volume". Did anyone find that feature?
Click to expand...
Click to collapse
hamelg said:
Yes, in changes of latest nightly :
https://review.lineageos.org/197293. I did the upgrade and I don't find this new feature in android parameters.
Click to expand...
Click to collapse
I did notice the following 3 new Gerrit entries (though there may be more).
https://review.lineageos.org/#/c/197293/
https://review.lineageos.org/#/c/197054/
https://review.lineageos.org/#/c/196995/
I'm not totally sure but, it may only be available for certain devices at this time but, I'm sure that it could be implemented for more devices over time.
Though, i do love the Changelog that Lineage provides but, they have a tendency to result in more questions with a clever form of open ended statements.
Good Luck!
~~~~~~~~~~~~~~~
I DO NOT PROVIDE SUPPORT VIA PM UNLESS ASKED/REQUESTED BY MYSELF.
PLEASE KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE

Configure PrivacyGuard

Hey Guys,
I'm running LineageOS on multiple devices and was wondering if its possible to configure the privacy guard. For instance, that it don't allowed newly installed applications to start at boot, or runing in background. Do you understand?
Devices:
Samsung S7 LOS 14.1 official link
Samsung S4a LOS 14.1 unofficial link
Samsung Galaxy Tab 2 official link

You can use 'enable by default' option for newly installed apps but it only blocks personal permissions by default. When you install a new app, you'll be prompted to take control of privacy guard to set other permissions.
Sent from my ZUK Z1 using Tapatalk

So there is no way to preconfig this? Like a simple config file?

*push*
Anyone? This seams so easy and fundamental for me, that I can't believe no one needed or implemented that feature

chrisrevoltes said:
*push* Anyone? This seams so easy and fundamental for me, that I can't believe no one needed or implemented that feature
Click to expand...
Click to collapse
Locating a Guide, Tutorial, etc... that's specific to Privacy Guard is a challenge and I do believe that certain LineageOS features should have something to explain as well as some guidance and such.
The best that I can find is actually within a device specific area of the forum that appears to apply to most all device regarding this feature.
Hopefully the information on the following thread is helpful for you and you may be able to obtain some member guidance and clarification as a question "in general".
https://forum.xda-developers.com/showthread.php?t=3739136
Good Luck!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.

Not sure if this is what you're looking for, but in my LOS15.1 ROM, I can go to Settings and search for "privacy", and find the settings for Privacy Guard. The PG settings for each app can be configured manually, and there are also a few options like "Enabled by default" and "Show notifications".

Why is this website so slow to load?

What is wrong with xda-developers.com?
It taskes like more than 15 seconds to load pages.

The delay occured when xda switched to https (At least for me)
Try changing your theme or browser, see if that makes a difference

kuromusha38 said:
What is wrong with xda-developers.com? It taskes like more than 15 seconds to load pages.
Click to expand...
Click to collapse
DSA said:
The delay occured when xda switched to https (At least for me). Try changing your theme or browser, see if that makes a difference
Click to expand...
Click to collapse
I can't state for sure but, in addition to what @DSA had stated...
I think that it does stem from the XDA Server switching to Https but, the advertising as well as other items that the web page loads may be via Http.
If so, then this is what's called "Mixed Content/Mixed Domains" whereas the website loads content not only from the XDA Server but, content from other, outside the XDA Server, URL's using both the Https, Http, and possibly others.
Maybe @bitpushr, @Wood Man or @MikeChannon (or another Admin) can confirm, deny or just state that I've won the "XDA Official Nut Case Award"... LMAO!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.

Ibuprophen said:
I can't state for sure but, in addition to what @DSA had stated...
I think that it does stem from the XDA Server switching to Https but, the advertising as well as other items that the web page loads may be via Http.
If so, then this is what's called "Mixed Content/Mixed Domains" whereas the website loads content not only from the XDA Server but, content from other, outside the XDA Server, URL's using both the Https, Http, and possibly others.
Maybe @bitpushr, @Wood Man or @MikeChannon (or another Admin) can confirm, deny or just state that I've won the "XDA Official Nut Case Award"... LMAO!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Click to expand...
Click to collapse
Yup, there are multiple reasons including the ones you mention, but add to that the high volume of Users we have and the ever increasing size of our databases and a highly customized version of vBulletin. We have been aware of load times and it is always a focus for the Server Admins. The site has evolved and been added to with many non standard additions and we're at the limits of vBulletin, but like I say we do always have plans and have done things over time to improve things.
Mike

We monitor load times constantly, usually based on our metrics pages should be loading within 1 or 2 seconds - with the ads there is sometimes a delay of up to 15s for a 'full' page load. Those external assets are mainly out of our control and can be removed by purchasing XDA ad free.
Regarding https - we made this switch over a year ago - there is no noticeable difference in load time based on switching to https. Actually, right after the move to https we were able to upgrade to http2 which allows the browser to load multiple assets in parallel faster and should actually have sped up the site for most people.
As @MikeChannon stated XDA is based on older forum software. At our size it slows down noticably, and in particular if you have a lot of threads/posts, subscriptions and that sort of thing. For logged out users we already cache a ton of things, making the site very fast. We are in the process of rewriting the backend to make this faster for everyone. At present, the first time you load the page after a while we need to cache some user-specific items and this can delay page loading a few seconds.

@bitpushr & @MikeChannon, how does the the loading of XDA via the PC/Android Browser affected when the XDA server is accessed by way of other methods like the Tapatalk website as well as the various Apps too?
I mean the load on the Server Accessing the XDA Server using other methods besides using the traditional xda-developers URL from a browser.
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.

Ibuprophen said:
@bitpushr & @MikeChannon, how does the the loading of XDA via the PC/Android Browser affected when the XDA server is accessed by way of other methods like the Tapatalk website as well as the various Apps too?
I mean the load on the Server Accessing the XDA Server using other methods besides using the traditional xda-developers URL from a browser.
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Click to expand...
Click to collapse
Overall there is no impact, but each method has its own benefits/drawbacks. For example, I know when Tapatalk is first loaded - it loads all forums and is very slow to load.

bitpushr said:
Overall there is no impact, but each method has its own benefits/drawbacks. For example, I know when Tapatalk is first loaded - it loads all forums and is very slow to load.
Click to expand...
Click to collapse
I see...
I wasn't sure of the impact on the server between the Apps and other sources and the typical browser access.
I've got a feeling that a percentage of members/guests accessing the forum via the browser is getting smaller and smaller as more and more members/guests are using Apps and other sources like the Tapatalk website.
Or is this percentage not something that has been looked at much?
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.

bitpushr said:
- with the ads there is sometimes a delay of up to 15s for a 'full' page load. Those external assets are mainly out of our control and can be removed by purchasing XDA ad free.
Click to expand...
Click to collapse
So unless we buy ad free, long load times are a thing..

Yeah but I have Ublock installed, so ad shouldn't be an issue then. Still slow

General XDA Article: Google shelves plans to add support for another private DNS standard in Android 13

https://www.xda-developers.com/android-13-native-private-dns-shelved/
February 21, 2022 8:49am Pranob Mehrotra
Google shelves plans to add support for another private DNS standard in Android 13​Android currently offers support for one private DNS standard — DNS-over-TLS (DoT). However, Google has been working on adding native support for another private DNS standard for a while. In September last year, we spotted a code change in AOSP suggesting that Google planned on adding native support for the DNS-over-HTTPS (DoH) standard in Android 13. But a recently merged commit indicates that the company might have had a change of heart.
According to the recently merged code change, Google won’t enable DoH in Android 13 by default. The commit’s description states: “DoH: Don’t enable it in T by default.” While this statement doesn’t mean that Google is completely abandoning plans to add native DoH support to Android, it does clarify that that won’t happen in Android 13 Tiramisu. At the moment, we have no further details on the matter. But we’ll make sure to let you know as soon as we learn more.
For the unaware, DoT and DoH are private DNS standards that encrypt communications between your device and the Domain Name Server (DNS). Although both standards perform the same function, DoT uses TLS (also known as SSL) to encrypt DNS traffic, while DoH uses HTTP or HTTP/2 protocols to send queries and responses instead of directly over UDP (User Data Protocol).
Both standards also use different ports, with DoT using a dedicated port for DNS traffic and DoH using port 443 — the same port that all other HTTP traffic uses. This means that all your DNS traffic blends with other HTTPS traffic when using DoH, which makes monitoring and blocking DoH queries a lot more complex. These differences give DoH a slight advantage from a privacy standpoint. For this reason, we were looking forward to getting native DoH support in Android 13. Unfortunately, we might have to wait another year for Google to add native DoH support to Android.
Thanks to XDA Recognized Developer luca020400 and Mishaal Rahman for the tip!
Click to expand...
Click to collapse

Well as long as we can still use a custom dns I think we're doing good

spart0n said:
Well as long as we can still use a custom dns I think we're doing good
Click to expand...
Click to collapse
You're missing the big picture though. Without some kind of encryption, anybody can eavesdrop on your dns lookups.

96carboard said:
You're missing the big picture though. Without some kind of encryption, anybody can eavesdrop on your dns lookups.
Click to expand...
Click to collapse
That's the whole point of DoT... DNS over TLS. Why bother with DoH when DNS over HTTPS only adds an additional layer of crap over the existing TCP stack? Don't try to solve problems by moving up in the OSI layer.

craznazn said:
That's the whole point of DoT... DNS over TLS. Why bother with DoH when DNS over HTTPS only adds an additional layer of crap over the existing TCP stack? Don't try to solve problems by moving up in the OSI layer.
Click to expand...
Click to collapse
Except for the fact that most networks intercept traffic on DNS ports, and in some cases most/all ports that are non-HTTP. Like it or not, EVERYTHING is being moved to port 443 because if you block or intercept that, it is immediately obvious that the internet is broken.

96carboard said:
Except for the fact that most networks intercept traffic on DNS ports, and in some cases most/all ports that are non-HTTP. Like it or not, EVERYTHING is being moved to port 443 because if you block or intercept that, it is immediately obvious that the internet is broken.
Click to expand...
Click to collapse
What kind of network are you on where "anybody can eavesdrop on your dns lookups."?
"Most networks" do not MITM or block DoT ports. Maybe some sketch wifi, but you have bigger problems to worry about at that point.
If an adversary blocks DoT 853/8853, no queries resolve, internet is broken.
If an adversary MITMs DoT, cert fail, internet is broken.
DoH has the added complexity of HTTP headers, allowing tracking and other privacy issues if implemented poorly.
The inventor of DNS prefers DoT over DoH,
https://twitter.com/i/web/status/1047613817541120000
Think about why big tech wants you to use DoH over DoT....
Still not sure why you would even WANT to have DNS run on the app layer instead of transport.

yeah on home network my DoT is handeled by my firewall but over mobile networks or public wifi I use DoT via custom dns in android

I think they both have a place. Many times DoT port is blocked on corporate networks, but I guess you can use something like RethinkDNS at that point. Still an interesting discussion to say the least.

craznazn said:
What kind of network are you on where "anybody can eavesdrop on your dns lookups."?
"Most networks" do not MITM or block DoT ports. Maybe some sketch wifi, but you have bigger problems to worry about at that point.
If an adversary blocks DoT 853/8853, no queries resolve, internet is broken.
If an adversary MITMs DoT, cert fail, internet is broken.
DoH has the added complexity of HTTP headers, allowing tracking and other privacy issues if implemented poorly.
The inventor of DNS prefers DoT over DoH,
https://twitter.com/i/web/status/1047613817541120000
Think about why big tech wants you to use DoH over DoT....
Still not sure why you would even WANT to have DNS run on the app layer instead of transport.
Click to expand...
Click to collapse
The fact you aren't aware is reason enough for changes in how DNS works.