Short update regarding the Xiaomi Smart Band 8 and Gadgetbridge

Okay, second night with my fitness tracker, and Gadgetbridge shows light sleep for almost 8 hours (and also a few counted steps in the flat). After reading a bit more about the software, I’ve changed my weather provider on the phone to “Tiny Weather Forecast Germany” which comes from our official DWD (Deutscher Wetterdienst) site who are also reporting to Tagesschau and other official media. That one is nicely integrated with Gadgetbridge, so that my fitness tracker now shows the temperatures as reported by DWD, instead of some unknown Chinese service.

I also changed my phone’s navigation system from Organic Maps to OsmAnd~ which is supported by Gadgetbridge (even Google Maps is supported, but any Google services is what I’m trying to avoid with all this). I have not yet tried any “Activities” or “Workouts” which would make use of map tracking, but I will do that soon (next on my list in fact).

Anyway, it’s nice to know that communications only occur between my own devices now, and that *nothing* goes to some unknown “cloud services” (aka other peoples’ computers). Except of course the fact that my phone gets the weather from DWD, so it also has to tell them where I am to keep that correct. That’s unavoidable, but I can live with that…

And like always, thanks for reading.

Update to this update 😉

Just saw that the battery status was different on the device and in the software, so I submitted a bug report against Gadgetbridge. See here.

And another update to this update (of the update) 😉

Yup; tracking works. First I didn’t exactly know how to *get it working*, so I tried with the Mi Fitness app first, but later found out how to view the “workout” in OsmAnd~. Here is how that looks:

Mi Fitness left – Gadgetbridge displayed in OsmAnd~ right

In the Mi Fitness screenshot, I had to take out my “customer number” (or whatever they call your digit-only user number at Xiaomi), so I airbrushed that out with The Gimp. Gadgetbridge and OsmAnd~ show nothing personal, except of course the area where we live. Took the small inner round through our “Wohnpark” in the Mi Fitness image, the bigger around the block walk in Gadgetbridge/OsmAnd~.

You can also export a .gpx file from Gadgetbridge, which is what I did to import it into Gnome Maps on my desktop – looks like this (with a shorter walk):

An exported .gpx route, here shown in Gnome Maps

Not bad for “experimental”, is it? Again, thanks for reading and for viewing.

First look: Xiaomi Smart Band 8

Yesterday I bought a fitness tracker. My wife and daughter both have one since long, and I started counting my steps when I first got an iPhone from the company, and later the used Google Pixel 4a from my wife. And while counting steps with a phone is good, and all that most people would probably need, I still also wanted those steps when I do *not* carry my phone, plus having a look at some other statistics like sleep tracking and so on.

Both Mitchie and Zuleikha (or Aki, which she prefers) are using FitBit devices. Mitchie lost her Charge 4 last year and got the Charge 5 soon afterwards, Aki has her Inspire 2 since about that time (or a bit earlier). But I didn’t want to go the Google route, and here’s why. Mike Kuketz, a German security consultant once mentioned an open source tracker software which doesn’t send every measurement to the big clouds for their analysis, so I was interested in that program called “Gadgetbridge” since a while. The best supported devices are those from Huami (aka Amazfit) and Xiaomi which use Huami’s “Zepp” app, but since the last update to Gadgetbridge, even some newer devices which use different protocols are supported – see here.

So my initial plan was to get a Xiaomi Smart Band 7 or an Amazfit Band 7, both of which originally use that Zepp app, and both being able to be used with Gadgetbridge instead. However, at our local electronics chain store, only the newer Xiaomi Smart Band 8 was offered, so I took that one instead. And to make matters short (or TL;DR in “modern” speech): no, I haven’t got it running with Gadgetbridge yet (support *is* still experimental), but I’m still glad I got this one, even tho it feels a bit strange to have a secure system like GrapheneOS, and then to install Xiaomi’s Mi Fitness software onto it – but in the long run, this will most probably change.

So what is it like? Well it counts my steps (and less than the free and open source “Paseo” software on the phone before, but it’s said to be pretty accurate), it also tracks my sleep, counts my heart beats, blood oxygen, and all that stuff – what most of these devices do. The Xiaomi software is pretty colourful, as are the hundreds of watch faces you can install with a single click. Here are some screenshots of the software running on my phone:

In case you want a comparison of some of these devices, here is a German one from FitForFun, and the guys from Heise’s Techstage had an almost similar result. But of course they don’t even think about using said devices with free and open source software, so choose wisely. Of the older generation (compatible with Zepp apps and such with Gadgetbridge, except the Huawei device), there’s also a nice video, also in German, here.

I will report more later, since I have the device more or less since a single day only, and this is my first one (although I can compare it to those FitBits, and to be honest, Aki was a bit jealous about that Goose watchface you could choose for mine)… 😉

Like always, thanks for reading.

Update, later on the same day:

Got Gadgetbridge working by now on the Pixel 6a (had tried it on the 3a before). And I’m still exploring it of course, but here’s a first screenshot from the phone:

Gadgetbridge working with the Xiaomi Smart Band 8 on the Google Pixel 6a running GrapheneOS

So for the moment I’ll have deactivated Xiaomi’s app and this one active instead. Switched the battery usage from ‘Unrestricted’ to ‘Optimised’, because this doesn’t have to be active when I don’t want it to. So let’s see how this develops. But I’m glad that I’ve been successful.

And again, thanks for reading.

To whom it might concern: GrapheneOS added Android Auto

Happy new year again.

Forgot to tell you that with two updates from December 30th and 31st, GrapheneOS now added Android Auto if you can make use of it (we can’t; our car is a year or so too old for that). An article on 9to5Google reminded me of it, and here are the release notes from GOS.

And unlike stated in 9to5Google, my Pixel 6a which is on the GrapheneOS “stable channel” got it already. But since our car can’t do it, and I haven’t switched on any (sandboxed) Google services, it’s of no big deal for us. But if your car can make use of it, enjoy.

Thanks to Daniel Micay and his team over at GOS. And like always, thanks for reading.

Now running…

  • GrapheneOS on the Google Pixel 6a mobile phone
  • DivestOS Mobile on the Google Pixel 3a mobile phone
  • Debian on my self-built desktop computer (for “work”)
  • Arch Linux on my self-built desktop computer (for “fun”, or to see the newest stuff)

Looks like this:

GrapheneOS
DivestOS Mobile
Debian
Arch Linux

Oh, and of course I’m also running the latest jams on the Wikiloops radio. You can participate in these if you like, why not give it a try?

Like always, thanks for viewing, reading, listening, and all that 🙂 Happy holidays 🙂

Update, from Wed Dec 20th, 2023:

According to the German security expert Mike Kuketz, GrapheneOS is the gold standard of all Android operating systems. His article is in German, only the parts where he cites Daniel Micay, founder and lead developer of GrapheneOS are in English.

Privacy Guides has the same opinion and recommendation. See also at Eylenburg’s comparison. And at AndroidAuthority. And maybe the best one at PrivSec.

Be aware tho that in case you reject all Google services and apps, you’ll also lose some of their “AI” and capabilities. Your choice. In that case, user profiles might help – one owner profile without, and a user profile with Google services (still sandboxed in GrapheneOS). And thanks again for reading.

Two good articles

Bobby Borisov wrote a nice article called “Debian Unveiled: The Gold Standard of Linux Stability” on his linuxiac web site, and Ankush Das summarized in his “Focusrite Extends Help to Linux Developer to Enable Driver Support” article on It’s FOSS News how Geoffrey Bennett and Focusrite are getting together since he started writing driver and GUI software for their audio interfaces (and reported about that on LinuxMusicians).

So both articles are good and recommended reading.

Thanks to Gnome, computing became a lot less fun again

Got Gnome 45 on Arch today, and – as expected and even announced – none of the former extensions kept working. Looked like this:

Gnome 45 desktop on Arch Linux, with Conky and my own wallpaper photo

The workspace switcher still worked, but is redundant now because they made another pill-shaped one on the top left (not movable). Freon and Openweather extensions don’t have version 45 yet, and even Vitals – at least the one packaged in Arch’s User Repository (AUR) was too old. And GSConnect, the most important one for integrating your phone(s), is gone as well.

My solution, for the moment? Go to XFCE. I’ve tried Budgie but didn’t like it, and I never became friends with KDE again since leaving it 20+ years ago. So for now my Arch desktop looks like this:

XFCE4 desktop on Arch Linux, with default background and with added weather and sensor applets (built in, eat that, Gnome!)

So still no GSConnect (or KDE Connect), but still better than this forced-into-your face behaviour of Gnome. Seems like Linus was right, that is cancerous behaviour, thanks but no thanks.

Edit/Update:

I gave KDE another try. No love yet, but it’s growing on me. And KDE Connect works as well (that small phone icon in the lower right):

KDE Plasma desktop on Arch Linux, with Conky and some additional widgets

So let’s see…

Edit/Update from later the same day:

Back to Gnome by now. Like I said, I tried to love KDE or XFCE or other desktop environments, but just can’t. So for the moment I installed the latest nightly build of GSConnect from Github, and for a bit of weather info, I used another extension from AUR’s git. That relies on the installed weather app from Gnome which isn’t as good as OpenWeather, but it works (showing Frankfurt, not the place we live but close enough). For the moment, I can do without Vitals or Freon, I know that my CPU temp and fans speeds are good no matter what I’ll do. So back to minmalistic Gnome:

Gnome 45 desktop on Arch Linux, with GSConnect and a bit of weather info

Like always, thanks for viewing.

So many updates…

During the last month or so, quite a number of bugs have been found, some of them prominent, and some severe ones which are actively exploited already, meaning that more or less everyone is affected, no matter what operating system(s) they use. That’s why more or less every operating system and program vendor(s) are offering updates at the moment, and you should install all of them.

For instance: the webp image and vp8 video formats from Google, they are used in every major browser and even in programs you wouldn’t think of, like the Signal desktop and mobile clients which are basically Chrome browsers as well (just with another look). Or in-OS updates like libvpx on Linux and the equivalent ones on Windows, Macs, and so on – even “stable” operating systems like Debian 12 “Bookworm” are offering updates on almost a daily basis at the moment, and you should really care.

On Android phones, look for updates as well – the original Google Pixel devices which are still supported just got Android 14 (which has bug fixes), but ones on A13 or older should still get updates as well – and don’t forget to check the Google Play Store or its alternatives like F-Droid & Co. Play services as well in case you’re on standard Android. And for iPhones and the Apple iOS/MacOS world the same applies.

So do yourselves and us all a favour, and update your engines, ladies & gents. Thanks.

P.S.: older devices are potentially greater risks than newer ones, which is why Apple or Google and also 3rd party vendors like GrapheneOS only support their devices for a certain amount of time. Luckily, for the new Google Pixel 8 phones that supported time frame was now extended to 7 years, for these and older ones see here.

Older ones could still run at home with some risks accepted, and with OSs like DivestOS, like for instance our 11 year old Nexus 10 tablet or the Pixel 3a phone. That Pixel 3a for instance has Android 13 (which Google never gave it), and while the Nexus 10 tablet ist still on Android 7 (which Google also never gave it), it still can have the latest security patches at least for the software side (but not for Qualcomm, ARM, or any other 3rd party hardware vendors of course, blame it upon them):

At least a bit more peace of mind, and even if that’s not a 100% solution, it’s still better than nothing, so we have to thank people like Tad (DivestOS) or Daniel (GrapheneOS) for all of their work. Please support them if you can. And see a comparison table of Android ROMs at eylenburg. Thanks.

Sigh…

Just saw the first little parts of what will become Gnome 45 trickling in, like in:

:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (2) gnome-disk-utility-45.0-1  openpmix-4.2.6-1

Total Download Size:   1.87 MiB
Total Installed Size:  9.83 MiB
Net Upgrade Size:      0.03 MiB

And why does that make me sigh, you might ask? Well, because the guys at Gnome think they know better again, and will again break existing and working desktops for you, me, or everyone (worst will be for “the big guys” who make desktops like Unity based upon Gnome). See this article in The Register:

GNOME 45 formalizes extensions module system

I’m using four Gnome extensions which I’d really like to keep, which are OpenWeather, Freon, the built-in Workspace Indicator, and GSConnect, so I looked up https://extensions.gnome.org/ to search for version numbers, and as expected, none of them has a 45 version yet. And while it’s all documented from the Gnome developers, I’d like to wait until all these – for me – important things have updates before I’ll get a desktop which again throws out the baby with the bath water, many thanks.

Looking for / thinking about alternatives? Nah, not really. I never really loved KDE, and XFCE isn’t an option for me either, nor are others which mostly mimic Windows (like Cinnamon & Co.), or Enlightenment. So let’s see how this turns out.

But there are worse news, especially for those of us who are using Android phones, namely Google’s planned “Privacy Sandbox”. See this article:

Google Chrome Privacy Sandbox open to all: Now websites can tap into your habits directly for ads

Time to look out for another browser, see also in https://www.androidauthority.com/chrome-ad-topics-rollout-3362364/ – and it’s getting worse, since this will probably end up in AOSP. Chatted a bit about that with Tad who is the lead developer of DivestOS, and he assured me that neither DivestOS nor GrapheneOS would include these bits. But Google with its former infamous “Don’t be evil” mantra seems to turn to Orwell’s Newspeak lately, which is really bad. There’s nothing “private” about their sandbox anymore, so dump these Chrome browsers, and get Mulch or Vanadium (or better, Firefox) instead. Best solution for Android phone users: install GrapheneOS in case you have a current Pixel phone, or DivestOS for those whose devices would also be covered by LineageOS, or whose devices are too old for GrapheneOS.

And no, Apple is not an alternative. Security based upon obscurity never worked, I’m only dealing with Open Source here, no time for walled garden crap.

Like always, thanks for reading.

Update, from September 12th, 2023:

Here are some more links, some new some old, but take your pick or read them all if you care for real privacy:

https://www.theregister.com/2023/09/07/google_privacy_sandbox/

https://lifehacker.com/how-to-disable-google-chromes-new-privacy-sandbox-track-1847276073

https://www.forbes.com/sites/kateoflahertyuk/2023/09/07/new-google-chrome-targeted-ad-tracking-heres-how-to-stop-it/

https://theconversation.com/google-chrome-just-rolled-out-a-new-way-to-track-you-and-serve-ads-heres-what-you-need-to-know-213150

https://techcrunch.com/2023/09/08/google-flips-the-switch-on-interest-based-ads-with-privacy-sandbox-rollout/

https://www.theverge.com/2021/3/30/22358287/privacy-ads-google-chrome-floc-cookies-cookiepocalypse-finger-printing

https://www.zdnet.com/article/heres-how-to-opt-out-of-google-chromes-privacy-sandbox-floc-trials/

https://techcrunch.com/2023/01/17/privacy-sandbox-topics-api-criticism/

https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/

https://en.wikipedia.org/wiki/Privacy_Sandbox

https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

https://www.howtogeek.com/724783/how-to-opt-out-of-google-floc-in-chrome/

By far not the only sites and articles I’ve found, but enough to give you an idea why this is bad. And as I wrote above, it could be even worse on Android phones, where Google almost always has the ‘WebView’ authority, which means that any link you’ll click will be opened in WebView (aka Chrome), no matter if you have Firefox or other browsers set as your default. Only way to mitigate that is to use more private operating systems on your phones, like GrapheneOS (which uses their hardened Vanadium WebView), or DivestOS (which uses their hardened Mulch WebView, partly based upon GrapheneOS’s Vanadium (plus a few other goodies like an ad-fighting hosts file)).

Like always, thanks for reading, and for considering in helping to make the web a safer place to be.

Update, from September 30th, 2023:

Here’s another one. Do yourselves and us all a favour, and don’t use that browser.

Ladies & gents, please start your engines (update your browsers)…

Due to several newly discovered and closed bugs in recent times, it’s advisable to update your browsers, both Firefox and everything based upon Google’s Chrome and Chromium engines.

See here and here for Firefox, here and this and that for Chrome.

The fastest of my systems to update these (or their hardened derivates) were DivestOS with updates for their Mull and Mulch browsers, and Arch Linux with the new Firefox and Chromium browsers – thanks for all of your work, it’s really appreciated!

Thanks to you for reading, and for considering to staying safe.