https://blog.esper.io/android-13-deep-dive/
Android 13 changelog: A deep dive by Mishaal Rahman
Conversation
Notices
-
Benoit (benoit@toots.benpro.fr)'s status on Tuesday, 16-Aug-2022 07:47:36 UTC 
Benoit
-
Bernie (codewiz@mstdn.io)'s status on Tuesday, 16-Aug-2022 07:49:30 UTC 
Bernie
@benoit They also mention my brainchild (but it's mostly a rehash of the info in Google's announcement blogpost):
https://blog.esper.io/android-13-deep-dive/#dns_over_https -
Bernie (codewiz@mstdn.io)'s status on Tuesday, 16-Aug-2022 07:49:48 UTC
Bernie
@benoit They also mention my brainchild:
https://blog.esper.io/android-13-deep-dive/#dns_over_httpsIt's mostly a rehash of the info in Google's announcement blogpost, but so proud! ๐
-
Bernie (codewiz@mstdn.io)'s status on Wednesday, 17-Aug-2022 07:35:46 UTC
Bernie
@tagomago @benoit DoH3, yes. The hardest part of the project was convincing various people to let us use an HTTP/3 library written in #Rust:
https://github.com/cloudflare/quicheThe Android Security team has been a great proponent of Rust: they helped my team with code reviews, importing all the crates we needed into AOSP, build rules, test infra...
-
Tagomago (tagomago@mastodon.social)'s status on Wednesday, 17-Aug-2022 07:35:49 UTC 
Tagomago
-
Bernie (codewiz@mstdn.io)'s status on Wednesday, 17-Aug-2022 08:01:35 UTC
Bernie
There was a lot I wanted to do after launching the basic transport protocol.
Hopefully others will continue working on the roadmap to stop sending unencrypted hostnames across the Internet (this includes both DNS and SNI).
Linux is sadly lagging behind, with DNS-over-TLS barely supported by systemd-resolved, and DNS-over-QUIC under development in Unbound. Both lack desktop integration for captive portal login, no UI to notify users when a network is blocking port 853...
-
Bernie (codewiz@mstdn.io)'s status on Thursday, 18-Aug-2022 07:28:44 UTC
Bernie
@tagomago @benoit Some people wanted to move Cronet into AOSP, but it's a kitchen sink and doesn't even work without a JVM:
https://developer.android.com/guide/topics/connectivity/cronet -
Tagomago (tagomago@mastodon.social)'s status on Thursday, 18-Aug-2022 07:28:46 UTC
Tagomago
@codewiz @benoit Impressive! How come some people were reluctant to use a Rust library?
-
Bernie (codewiz@mstdn.io)'s status on Thursday, 18-Aug-2022 07:30:52 UTC
Bernie
@tagomago @benoit For historic reasons, the Android DNS resolver runs as root, and it's hard to change due to vendor hooks and SELinux policies that can't be changed retroactively in released versions of Android.
So I just couldn't use Cronet for DoH3, but this was an argument against importing Quiche into AOSP.
-
Bernie (codewiz@mstdn.io)'s status on Thursday, 18-Aug-2022 07:46:06 UTC
Bernie
@tagomago @benoit There were also concerns like "Rust is too experimental " or "Android CI doesn't support code coverage for Rust", and some FUD that Quiche wasn't a quality implementation of HTTP/3 or couldn't be supported.
-
Bernie (codewiz@mstdn.io)'s status on Thursday, 18-Aug-2022 07:53:55 UTC
Bernie
@tagomago @benoit
Perhaps the only valid concern was that nobody on my team was a real Rust expert, me included.The impromptu Android Rust team stepped in to offer us code reviews, design advice and, later, internal courses targeted at Android C++ developers.
https://source.android.com/docs/setup/build/rust/building-rust-modules/overview
#rust #android #aosp #programming -
Bernie (codewiz@mstdn.io)'s status on Thursday, 18-Aug-2022 08:12:11 UTC
Bernie
@tagomago @benoit In the end, we used Quiche and DoH3 was implemented entirely in Rust.
This might have slowed down the launch of DoH3, but hopefully this initial effort will accelerate the rewrite of thousands of lines of creepy C/C++ code that's currently running on billions of Android phones...
...parsing network packets ๐ฐ
...with root privileges ๐ฑ
-
Bernie (codewiz@mstdn.io)'s status on Thursday, 18-Aug-2022 08:37:32 UTC
Bernie
-
Tagomago (tagomago@mastodon.social)'s status on Thursday, 18-Aug-2022 08:37:35 UTC
Tagomago
Yeah, those are the lines I was expecting to read.
-
Bernie (codewiz@mstdn.io)'s status on Thursday, 18-Aug-2022 17:35:28 UTC
Bernie
@tagomago @benoit Hard-coding a list of DoH3 servers was my decision to avoid blocking the launch on Settings UI changes:
https://cs.android.com/android/platform/superproject/+/master:packages/modules/DnsResolver/PrivateDnsConfiguration.h;l=239-266;bpv=0;bpt=0 -
Tagomago (tagomago@mastodon.social)'s status on Thursday, 18-Aug-2022 17:35:29 UTC
Tagomago
-
Benoit (benoit@toots.benpro.fr)'s status on Thursday, 18-Aug-2022 17:35:30 UTC
Benoit
BTW it's a shame that you can't (yet) input a custom server. AdGuard Home supports DoH3.
I will stay with DoT until...
Quote:
The initial release of DNS-over-HTTP/3 support limits the user to two โwell-known DNS servers which support itโ, which includes Google DNS and Cloudflare DNS. -
Bernie (codewiz@mstdn.io)'s status on Thursday, 18-Aug-2022 17:41:17 UTC
Bernie
But that was over 1 year ago. Android 13 should have had a drop-down list of Private DNS providers, updatable by the DnsResolver module, with the ability to type a custom url for the 0.01% users who'd want to.
-
All Bobinas P4G content and data are available under the