The bar is Nokia 3510. I want reliable calls and SMSs and a UI that doesn't take 10 seconds to open the call app. Sadly what I got with the pinephone was 15 different DEs that are laggy as hell and last I checked receiving calls/texts still wasn't bulletproof.
Try to use a Nokia N900 today, and check if that's really the bar (I have one in my drawer).
I think the bar is higher, and the experience is already better than that on a few mobile devices.
If talking about the UI, Plasma mobile is a bit experimental, but gets stuff done with bells and whistles, phosh is a bit barebones but better performant. If you want the Maemo UI, try Nemo mobile. When installing postmarketos on a device, you get quite a few to pick from.
If you talk about performance, there are plenty of devices to pick with better performance than the Pinephone (including the Pinephone Pro soon, and the Librem 5). It was meant as a cheap dev platform, and it has largely succeeded at that.
Now, telephony support is where it hurts. Supporting modems can get quite complex, so progress is slow. The Pinephone was deliberately engineered as to be doable.
Part of the Linux appeal is choice. Choose what you don't need, but we'll likely end up with different needs.
One way to bridge the gap is to get Android apps running. We're getting there thanks to waydroid.
I think the only use cases where my Librem 5 doesn't yet reach my Nokia N900 (not counting obvious form factor and spec differences) are related to the cameras.
I'd say the development experience on the Librem 5 is much better than fiddling with Scratchbox, at least for me. I have even developed things in an IDE (in fact, it was Qt Creator ;)) running right on the phone, with external screen and keyboard attached; and cross-compiling is pretty easy too. Scratchbox was a massive PITA if you needed something outside of the default toolchain.
You shouldn't SSH into your server, because the terrible mobile security model means you're vulnerable to both Google and the cell network by doing so. A modern phone should be one of your least trusted devices.
The problem with the mobile ecosystem isn't so much what you can run on your phone, but rather what you can't stop running on your phone. And that perfectly good devices are relegated to the trash bin due to the upgrade treadmill. A Linux-first phone stands a chance at fixing these issues, whereas starting with an OS developed by a surveillance company does not.
You suggest a MITM attack against ssh by the carrier? Seems unlikely to me.
Not sure about the threat by Google if you’re using f-droid. Though there is always dmr’s compiler attack I’m not sure ssh would be the right vector. A keyboard attack might be more useful.
Not MITM, but rather the application processor trusting the baseband processor, which is running who-knows-what network-facing code. Qualcomm claims to have recently implemented memory separation, but without actual public documentation and scrutiny of internals why would one believe them?
Installing F-droid does not remove Google's presence in other software. On a vanilla Android phone, that is all of the Google (Play) services and who knows what centralized-expedient hacks have been put into the OS itself.
OP didn't mention LineageOS or custom ROMs, but rather promoted stock vendor Android with Termux. Yes, you can do additional work to fight the top-down controls. But you're running an uphill battle, and judging by the shrinking device list of LineageOS that hill appears to be getting steeper.
Please continue fighting that fight as I am currently, but at some point it's nicer to cut bait and move to an undeveloped ecosystem where you're welcome rather than persist in a more polished one where you're not.
I would love to switch to a fully open environment once it's available, but I think you're overstating the trouble with running LineageOS or other non-spyware ROMs.
Reasons to favour custom ROMs over Linux phones as a daily driver, at the moment:
- You get to pick between dozens of recent devices, many with flagship specs. (Note that the "official" device list only refers to the ones the core team approved, there are many more that stay "unofficial" for a year or more before getting accepted, but still work quite fine.) Other ROMs like Graphene are more limited, but an old Pixel is still way more powerful than a Pinephone.
- Basically everything that a mainstream Android can do works fine on custom ROMs. Exceptions tend to be big tech stuff like Google Pay which you probably don't want anyway if you're into privacy, or occasional bugs with specific models (under-screen fingerprint readers are a common one)
- As an actual consideration, the security model of Android is actually IMO miles ahead of Linux (assuming the mobile version copied the desktop in that regard). Apps are strongly sandboxed by default and there are plenty of tools to exert even more control, eg TrackerControl or Netguard to firewall them by domain, or Island/Insular to basically chroot them. On desktop OSes, including most Linux distro
s, user apps have e.g. access to all of the user's files by default, which would be terrifying in the context of a phone.
(I imagine you already know most of that, I'm just laying out my reasoning for the same target audience as the OP's 'just install Termux' comment)
Do you really think Google or Qualcomm are going to try and root kit servers you ssh into? Google's privacy model is awful for many reasons but this doesn't seem like one if them.
I think my computer is my castle, an extension of my own mind, and subjecting it to the mercy of unaccountable third parties is a terrible idea. I can also foresee many business reasons why they might choose to be active attackers, such as measuring the popularity of various applications and data files. The pop culture mobile ecosystem has steadily increased into a dumpster fire of authoritarian control, and it's reasonable to assume the trend will continue.
Boy oh boy do I have bad news for you about every other computer you're using today. The ccNUMA model they teach in school is well and truly dead even on desktops. There is no modern computer that just has the CPU in charge of memory. I don't think there are any general purposes devices you or I can purchase that have actual memory segmentation (either true separation or via SMMUs/IOMMUs. On a modern desktop, you have dozens of random cores sitting on the memory bus that have full access to physical memory, and there's nothing you can do about it because those cores run their own proprietary (often baked in) software.
A Linux-first phone does absolutely nothing to fix this. Even if you're running your own operating system that you wrote yourself, your GPU or hell even the power management controller might reach around and steal all of your stuff. The issue lies in the way we build computers and the rapid proliferation of cores without any serious thought as to how we're supposed to manage and secure the enormous fleet of heterogeneous hardware that lives on a modern SoC.
Second, it matters if those possibly-hostile cores have network access. Technically they could subvert the software on the main CPUs to communicate with command/control, but that seems like raising the bar to such an attack. Whereas with the standard mobile architecture, I can totally see some phone manufacturer getting the "bright idea" to have the baseband processor collect statistics on the application processor's software for market research.
But I agree with your general point.
Still, I think moving in the direction of Linux phones gives us a starting point to do something about this insecurity - proving the market allows there to be devices that truly separate out the cell modem.
They wouldn't need to even talk to the AP to get out on to the network though :) If you have physical write access, you can talk to the network just by writing data in the network device's mailbox using the exactly same MMIO techniques that the AP uses. Its one of the reasons I am so disenchanted with current rootkit detection tech—if malware can get physical memory write, they can corrupt other cores memory persist into other SoC elements, well and truly out of view from the AP while still maintaining the exact same amount of control. I would not be surprised in the _least_ if the US three letter agencies have at least one implant that does this because its not exactly difficult but is so insanely hard to fix or detect that it makes it ideal for covert monitoring.
That being said, I think there's a fundamental disconnect between how SoCs work and how people actually think they work. Linux lives in just one tiny little corner of the machine and the hardware does so much to coddle Linux into thinking it's in control. The AP is just a core on the memory bus, it typically has no greater privileges (it often has _less_ because hardware vendors hide ""implementation details"" away from OS developers!) than any other core. I don't know that this is so much a radical take in the OS community though it might be one here: Linux _is_ part of the problem. Linux makes several assumptions about how hardware works. Chiefly, it assumes that it is in the driver's seat and it makes cooperating with other cores running their own copies of Linux (let alone other OSs) damn near impossible. I think the next step in computer evolution is going to come from software engineers rediscovering hardware and building code that not only runs on the AP but across all cores—from the power management controller to the AP--in an SoC. This may come from radically changing Linux or it may very well come from a new OS that treats modern hardware platforms as they are: platforms.
The baseband/PMIC is such a huge threat and it is entirely in the hands of the carriers that desperately want user data. Coupled with very tightly held IP the problem seems to be insurmountable. When I see "removing the Google ecosystem" I have a hard time taking the rest of statement seriously.
That only matters if your threat model includes Google and the cell network. Mine does not, because Google is not in the business of credit card fraud and virus writing.
Why on Earth would I want to use the command line to look at who called me? When has that ever been useful for you?
Personally I can’t imagine a more awful thing than using the command line on a small phone screen to do any serious development. Even a tablet gets claustrophobic.
You need a tutorial, not code example. As there are a bunch of pre compiled command line tools, all of which come from a single package installation, that you can use to send SMS, access address book and do other things from the command line.
Install from F-Droid to get access to all of those.
As a former embedded developer, I'm surprised nobody has come up with a basic purpose-built UI that skips all of the bloat (a phone doesn't need a WM), and just reliably performs basic functionality like voice calls and textual messages. Are the performance problems further down the stack (eg graphics driver), or are developers just too wed to the maladapted idea of running full web browsers on a phone, or what?
With the 4G partial shutdown I'd be in the market for a Pinephone but I just don't have time to do extra tinkering right now. I'll probably just limp along with my current pocket device and attempt to go VOIP-only.
Everyone keeps talking about "building a basic purpose-built UI" for many many years now, but that's pretty much a weekend project that could be easily built on top of already existing abstractions that somehow doesn't seem to gain dev traction. Zhone and Paroli already existed in the past, but most people gravitated towards more capable options. It's like people actually want their smartphones to be somewhat smart. Or maybe there are as many sets of things considered "basic" as there are people. Pick your explanation.
Easy, the Linux phone is going to happen on the same day as the Linux Desktop finally arrives.
Instead of collaborating on a single development and consumer experience, each of these efforts go out doing their own thing.
Meanwhile companies like Nokia[0] and Google come and assert this is how it is going to be, not happy move on.
The large consumer market, and App developers, don't care that many Linux syscalls aren't considered public APIs and communities like Termux refuse to acknowledge that.
So every couple of years these attempts keep being rebooted, all the way back to OpenMoko.
[0] - We all know why Nokia efforts bombed, and now their brand is also tied to Android phones
Can you really not imagine any application without the bloat of a web browser, that wasn't on flip phones? Have you never gotten used to muscle memory to control a curses app? I used to develop interfaces for 5 MIPS PIC microcontrollers that were more responsive than 98% of today's consumer market. When I'm on the go, the last thing I want to be doing is waiting for UI lag from too many layers of frameworks running on a low power processor, never mind the poor battery life.
Sure, but you know that's completely orthogonal to what I'm saying. There is a big difference between a WAP browser and the webapp runtime we now call a browser. The latter replaces purpose-developed apps running primarily off local storage with ever-present client-server latency, best-effort presentation, and attention-required input for every single interaction. In fact I'd say the early WAP browser is closer to an example of the type of lean, discrete-button-press-controlled application I'm advocating than the touchscreen "browser" of today. And sure a full contemporary browser comes in handy in a pinch, but thinking it suffices for routine everyday tasks on a small form device is terrible engineering.
Although most of my work is Web development related, I also share the same opinion, we should have stayed with HTML 4 and do everything else with native apps and networking protocols.
Unfortunely only a couple of water drops in this ocean share this opinion.
I like the touchscreen model a LOT more than the old button model.
There's one specific category of things that would be very well suited to a non-browser device, and that's IoT control, where you want something cheap enough to leave several around the house, drop-proof, with physical buttons.
But the ideal for that would be more like a calculator with Wi-Fi and rotary encoders than a phone.
Webapps could very easily be local first if they would hurry up and give us a non-nerfed(By certificate expiration) version of Signed Web Bundles.
Chrome OS had a great idea with real local apps without as much web sandboxing, but developed with web tech to make them very easy to develop.
The modern web is very unlikely to go away. And we use the internet for everything these days. Why would I want the risk of being caught an hour from home, suddenly needing to do something that can only be done on a browser?
They'd have to rely so much on individual apps for everything, but without layers of frameworks, the apps might not exist, because it would cost more to make them, and there might be fewer programmers in the world without those frameworks making it easy.
Making non browser phones useful would require really big change to the whole mobile ecosystem, or else phones could no longer serve their present role as do-everything devices.
I only know about 3 ncurses type TUI apps(No idea if they're actually ncurses under the hood). Nano, nmtui, and a demo test app I built for developing plugins.
I don't use any of them unless I'm SSHed into things, because tech has reached the good enough point where even Electron apps are pretty snappy on an SSD.
The PinePhone in its current iteration is unfortunately unusable. It's a shame because while I do wholeheartedly believe in the mission of the project it's simply just not quite there yet. Nevertheless, a much better alternative in the meantime is to do what Edward Snowden did: https://twitter.com/snowden/status/1175430722733129729?lang=....
> a much better alternative in the meantime is to do what Edward Snowden did
He also wouldn't use WiFi or email, so his advice is far from practical for most users.
While the base PinePhone is admittedly underpowered, it's far from unusable. The Pro seems like a considerable step up that would solve most of the issues with the base model. The software is still not there yet, but it will also improve. I'm actually pleasantly surprised at how usable a true Linux phone is in 2022.
The "it's vs its" fight's dilation is overdue: I knew that it was going to become a grammar mistake spreading throughout, reaching almost every pseudo-professional writer...
I guessed that anybody criticizing the trend towards the unnecessary apostrophe would be: either considered a grammar nazi; or their own writing being extraordinarily examined for mistakes (as a punishment for their criticism).
As a non-native speaker, my language credentials may be slim, but I can't really stand the -quite widespread- extra apostrophe when it's a possessive "its". The reversal, though, doesnt bother me that much. I guess that it's about character conservation.
People just don't know what a noun, verb or possessive adjective are. For some reason school never tries to teach it to you after you're 10 and people go on learning literature without knowing the role of different words.
One thing this article fails to mention is that in practice, you can mix and match and have e.g. Plasma Mobile apps on Phosh. Sadly, most distributions don’t do a good job at enabling this by default (as in preinstalling the qt5-wayland package (which usually is not in the dependency list) or setting the proper environment variables, so that people don’t have to figure these out on their own.
Also, video recording is (albeit obviously somewhat poorly and not up to todays standards) is possible, it‘s just that Megapixels, the de-facto default camera app, doesn’t have the feature.
If you wonder about Linux Phones, I try to weekly collect what has happened in the previous week on my blog [0]. If you‘re wondering about apps, check out this app list [1].
I'm surprised I haven't seen anyone mention the PinePhone Pro (became available this year) still not consumer ready but Soo much faster than pinephone (one of the main and valid complaints).
It honestly feels like close to being a daily driver with the only thing missing being the battery life. (Caveat: don't care about camera and honestly don't know what that state that is in).
Everything (mainly software) is still being worked on but I was surprised just how much of a difference the new hardware made
59 comments
[ 2.6 ms ] story [ 134 ms ] threadThis snapshot cannot be displayed due to an internal error.
We don't need endless combinations of "Desktop Linux" on the phone.
I think the bar is higher, and the experience is already better than that on a few mobile devices.
If talking about the UI, Plasma mobile is a bit experimental, but gets stuff done with bells and whistles, phosh is a bit barebones but better performant. If you want the Maemo UI, try Nemo mobile. When installing postmarketos on a device, you get quite a few to pick from.
If you talk about performance, there are plenty of devices to pick with better performance than the Pinephone (including the Pinephone Pro soon, and the Librem 5). It was meant as a cheap dev platform, and it has largely succeeded at that.
Now, telephony support is where it hurts. Supporting modems can get quite complex, so progress is slow. The Pinephone was deliberately engineered as to be doable.
Part of the Linux appeal is choice. Choose what you don't need, but we'll likely end up with different needs.
One way to bridge the gap is to get Android apps running. We're getting there thanks to waydroid.
Buy an android phone. A good one. Whichever you like.
Install F-droid from website.
Install Termux from F-droid.
You get a full Debian linux running inside your phone as an app. No need to even root your phone.
You can now :
Access, parse your address book, sms, call records everything from command line.
Access sensors on your phone from command line -- like GPS, compass or camera.
Access SD card and other files. rsync, scp, wget and others.
SSH into your server.
Edit some Java files, compile and install it as an app from your phone.
Install other packages that you need using apt-get or pkg. Like python, ruby, php, gcc.
And many more.
The problem with the mobile ecosystem isn't so much what you can run on your phone, but rather what you can't stop running on your phone. And that perfectly good devices are relegated to the trash bin due to the upgrade treadmill. A Linux-first phone stands a chance at fixing these issues, whereas starting with an OS developed by a surveillance company does not.
Not sure about the threat by Google if you’re using f-droid. Though there is always dmr’s compiler attack I’m not sure ssh would be the right vector. A keyboard attack might be more useful.
Installing F-droid does not remove Google's presence in other software. On a vanilla Android phone, that is all of the Google (Play) services and who knows what centralized-expedient hacks have been put into the OS itself.
The untrusted hardware is, of course, a more complicated matter.
Please continue fighting that fight as I am currently, but at some point it's nicer to cut bait and move to an undeveloped ecosystem where you're welcome rather than persist in a more polished one where you're not.
Reasons to favour custom ROMs over Linux phones as a daily driver, at the moment:
- You get to pick between dozens of recent devices, many with flagship specs. (Note that the "official" device list only refers to the ones the core team approved, there are many more that stay "unofficial" for a year or more before getting accepted, but still work quite fine.) Other ROMs like Graphene are more limited, but an old Pixel is still way more powerful than a Pinephone.
- Basically everything that a mainstream Android can do works fine on custom ROMs. Exceptions tend to be big tech stuff like Google Pay which you probably don't want anyway if you're into privacy, or occasional bugs with specific models (under-screen fingerprint readers are a common one)
- As an actual consideration, the security model of Android is actually IMO miles ahead of Linux (assuming the mobile version copied the desktop in that regard). Apps are strongly sandboxed by default and there are plenty of tools to exert even more control, eg TrackerControl or Netguard to firewall them by domain, or Island/Insular to basically chroot them. On desktop OSes, including most Linux distro s, user apps have e.g. access to all of the user's files by default, which would be terrifying in the context of a phone.
(I imagine you already know most of that, I'm just laying out my reasoning for the same target audience as the OP's 'just install Termux' comment)
A Linux-first phone does absolutely nothing to fix this. Even if you're running your own operating system that you wrote yourself, your GPU or hell even the power management controller might reach around and steal all of your stuff. The issue lies in the way we build computers and the rapid proliferation of cores without any serious thought as to how we're supposed to manage and secure the enormous fleet of heterogeneous hardware that lives on a modern SoC.
Second, it matters if those possibly-hostile cores have network access. Technically they could subvert the software on the main CPUs to communicate with command/control, but that seems like raising the bar to such an attack. Whereas with the standard mobile architecture, I can totally see some phone manufacturer getting the "bright idea" to have the baseband processor collect statistics on the application processor's software for market research.
But I agree with your general point.
Still, I think moving in the direction of Linux phones gives us a starting point to do something about this insecurity - proving the market allows there to be devices that truly separate out the cell modem.
That being said, I think there's a fundamental disconnect between how SoCs work and how people actually think they work. Linux lives in just one tiny little corner of the machine and the hardware does so much to coddle Linux into thinking it's in control. The AP is just a core on the memory bus, it typically has no greater privileges (it often has _less_ because hardware vendors hide ""implementation details"" away from OS developers!) than any other core. I don't know that this is so much a radical take in the OS community though it might be one here: Linux _is_ part of the problem. Linux makes several assumptions about how hardware works. Chiefly, it assumes that it is in the driver's seat and it makes cooperating with other cores running their own copies of Linux (let alone other OSs) damn near impossible. I think the next step in computer evolution is going to come from software engineers rediscovering hardware and building code that not only runs on the AP but across all cores—from the power management controller to the AP--in an SoC. This may come from radically changing Linux or it may very well come from a new OS that treats modern hardware platforms as they are: platforms.
It's always great to have private options though.
depends where your priorities are i guess.
It feels like the best of both worlds.
Personally I can’t imagine a more awful thing than using the command line on a small phone screen to do any serious development. Even a tablet gets claustrophobic.
the usual benefits of command line --> parsing the result set, transforming, filtering is easier for me from command line tools than gui cut-paste.
i don't do long command typing from the phone. rather ssh into the phone from my laptop and can work inside the phone's shell.
https://play.google.com/store/apps/details?id=ru.iiec.pydroi...
Command line is just a poor man's REPL.
Install from F-Droid to get access to all of those.
With the 4G partial shutdown I'd be in the market for a Pinephone but I just don't have time to do extra tinkering right now. I'll probably just limp along with my current pocket device and attempt to go VOIP-only.
Instead of collaborating on a single development and consumer experience, each of these efforts go out doing their own thing.
Meanwhile companies like Nokia[0] and Google come and assert this is how it is going to be, not happy move on.
The large consumer market, and App developers, don't care that many Linux syscalls aren't considered public APIs and communities like Termux refuse to acknowledge that.
So every couple of years these attempts keep being rebooted, all the way back to OpenMoko.
[0] - We all know why Nokia efforts bombed, and now their brand is also tied to Android phones
Such a device would probably not be any better than a $20 flip phone from eBay. They still make them.
Unfortunely only a couple of water drops in this ocean share this opinion.
There's one specific category of things that would be very well suited to a non-browser device, and that's IoT control, where you want something cheap enough to leave several around the house, drop-proof, with physical buttons.
But the ideal for that would be more like a calculator with Wi-Fi and rotary encoders than a phone.
Webapps could very easily be local first if they would hurry up and give us a non-nerfed(By certificate expiration) version of Signed Web Bundles.
Chrome OS had a great idea with real local apps without as much web sandboxing, but developed with web tech to make them very easy to develop.
They'd have to rely so much on individual apps for everything, but without layers of frameworks, the apps might not exist, because it would cost more to make them, and there might be fewer programmers in the world without those frameworks making it easy.
Making non browser phones useful would require really big change to the whole mobile ecosystem, or else phones could no longer serve their present role as do-everything devices.
I only know about 3 ncurses type TUI apps(No idea if they're actually ncurses under the hood). Nano, nmtui, and a demo test app I built for developing plugins.
I don't use any of them unless I'm SSHed into things, because tech has reached the good enough point where even Electron apps are pretty snappy on an SSD.
He also wouldn't use WiFi or email, so his advice is far from practical for most users.
While the base PinePhone is admittedly underpowered, it's far from unusable. The Pro seems like a considerable step up that would solve most of the issues with the base model. The software is still not there yet, but it will also improve. I'm actually pleasantly surprised at how usable a true Linux phone is in 2022.
1. Use it as phone
2. Plug it to a dock and use it as normal linux desktop pc
Just wondering why it is still years out of reach...
https://nexdock.com/samsung-dex-laptop/
The "it's vs its" fight's dilation is overdue: I knew that it was going to become a grammar mistake spreading throughout, reaching almost every pseudo-professional writer...
I guessed that anybody criticizing the trend towards the unnecessary apostrophe would be: either considered a grammar nazi; or their own writing being extraordinarily examined for mistakes (as a punishment for their criticism).
As a non-native speaker, my language credentials may be slim, but I can't really stand the -quite widespread- extra apostrophe when it's a possessive "its". The reversal, though, doesnt bother me that much. I guess that it's about character conservation.
Also, video recording is (albeit obviously somewhat poorly and not up to todays standards) is possible, it‘s just that Megapixels, the de-facto default camera app, doesn’t have the feature.
If you wonder about Linux Phones, I try to weekly collect what has happened in the previous week on my blog [0]. If you‘re wondering about apps, check out this app list [1].
[0] https://linmob.net
[1] https://LinuxPhoneApps.org
It honestly feels like close to being a daily driver with the only thing missing being the battery life. (Caveat: don't care about camera and honestly don't know what that state that is in).
Everything (mainly software) is still being worked on but I was surprised just how much of a difference the new hardware made
Why do I need an 8-Core processor to open Firefox? What is it doing with all that CPU?!?!