431 comments

[ 3.3 ms ] story [ 333 ms ] thread
Limited data plans and connectivity issues make this infeasible. Also security issues on having incoming ports open, of course.

But what if instead of hosting an index.html file over HTTP(S) we could all host via BitTorrent?

A website could be a bunch of files that are referred to by a DHT hash file.

That way everybody who visits the website will also temporarily support the site by hosting it. If your self hosted site is Slashdotted/HNewsed than hosting would still not fail: after all, all the new visitors are temporarily also seeders of the file over BitTorrent.

You more or less described IPFS. Of course, IPFS grinds my gears because despite oodles of money and time, they still don't have a cohesive ecosystem SDK, haven't rebased on a Rust base, just squandering attention in the space, imo.
What does Rust have to do with it?!?
Take a look at Matrix and what the ecosystem is doing. The entire ecosystem is rebasing on the Rust SDK and bindings to it. It's a massive reduction in duplication of effort, and means there's fewer bugs with interoping clients because they're increasingly all using the same SDK.

It's considerably more flexible, more easily embedded than node or Go.

> It's a massive reduction in duplication of effort

Sounds more like a massive duplication-effort to me ...

And yet, it's not the first or last project to choose to build a base SDK in Rust and provide bindings on top. And an effort being taken by a company quickly trying to iterate, build a polished product, and bring revenue in on the edges.

And you can already look at various projects and see the positive impacts.

I'd elaborate on why, but we've all heard it a thousand times and the folks that don't want to believe anything they hear about Rust still won't hear it.

I don't see why they'd need to rebuild IPFS in Rust. Go is plenty fast. The problem is that the current IPFS network and design just don't scale very well.
This is correct. Go is more than adequate for this but IPFS has architectural issues.
I implemented exactly this in https://github.com/anacrolix/btlink. It works fantastically well. Unfortunately I couldn't get any funding from OTF or similar, and nobody is commercially interested in making websites easy to host and scale.
Please no. Phones go into tunnels, run out of battery, and go indoors where there's a poor signal or none at all. They make terribly unreliable servers. Not to mention how much faster this would chew up battery life.

If you want to keep a spare phone plugged in all the time in your closet, connected to Wifi/Ethernet, and hack it to be a webserver, then go ahead. But webservers on mobile devices, being used in a mobile way, are a terrible idea.

Nobody is saying that everyone should host websites on your phone. The author is saying you should be able to, if you so choose. Android and iOS put restrictions on what applications on a phone are able to do, often for arbitrary reasons.

You can't hack a web server in your closet to run on port 80 without jailbreaking your phone/unlocking the bootloader and rooting your phone, and I can't really think of a reason why that should be. It's not as it Android and iOS come with important http(s) servers out of the box, why shouldn't port 80/443 be available to apps?

> why shouldn't port 80/443 be available to apps

Because they're < 1024, I guess. Anywhere I've seen besides windows needs you to be root, or have some other specific permission to listen on that port.

Not that I agree with it, but it is the existing status quo.

I know about privileged ports, they just don't make sense anymore. They were a good idea on a timeshared system with groups of students logging into their own shells because equivalent personal computers were unaffordable.

These days, computers are used by one, maybe two or three people. If I, the only user of my phone, decide I want to use port 80, why can't I? Put this stuff behind a special privilege for all I care.

IIRC macOS got rid of privileged ports for these reasons. Dunno about iOS... But in any case what cell provider is going to let you handle inbound traffic? Most of the wifi networks you are on are NAT'd, etc. At best you'd probably want an outbound persistent tunnel that is "terminated" by a relay elsewhere. At that point you might as well just have the relay host the thing.
You're not getting inbound connections on IPv4 without a fight, although, I remember when you used to be able to pay mobile carriers to get a public IPv4 address that might have also been static(!) for VPN purposes. But it's not uncommon for carriers to give you a whole /64 on IPv6, and for that to be full proper connectivity (maybe they block smtp and smb, that's very common).

Yeah, IPv6 isn't everywhere, but if you have it on your phone and everywhere you want to access you phone from...

That's true even with a residential ISP though. It's no harder than serving off a laptop on android.
All mobile traffic is proxied today, anything inbound on a normal plan will get flagged if it’s at all disruptive.

I had some experience getting yelled at by a carrier for something like this. If your “server” is mobile, they get testy.

Sadly, cell provider puts me behind an IPv4 CGNAT, they didn't even bother to hand out IPv6 addresses at least. I picked them out because they were cheap more than anything, so I only have myself to blame.

I have previously used carriers that did expose (IPv6) addresses, though. Port 25/53/etc were blocked but I could host a web server on there if I wanted to drain the 2GB of mobile data I had at the time.

NAT isn't a problem with IPv6 support. Of course there's the network firewall, but adding a rule to accept ports 1714-1764 isn't that hard.

Right now I've solved the problem with a VPN tunnel, but that's not really that permanent a solution.

There's still a big difference between a system service binding to the port vs a random app binding to it.

Even on a phone (that's not a "server" in the traditional sense), e.g. listening on UDP port 5353 is needed to show up in mDNS.

Unrestrained webservers on phones is an edge case that would certainly be abused by all sorts of crapware while being a very uncommon usecase for mobile devices at all.
It's true that there will always be unscrupulous actors but there are many ways to restrict or punish them already, I don't see why they would necessarily overwhelm existing methods.
Apps can already open ports and with the HTTP DNS record arbitrary ports can be used to serve http/3 content. Services like RDP and several types of VPN server all connect to unprivileged ports any app can listen on.

There should be a separate permission for listening on standard, reserved ports (anything in the IANA docs for all I care) that should require manual consent, like with location access. In fact, I think there should be a retractable permission for any kind of remotely accessible port binding. The fact any calculator app can start a VPN server on my phone without my knowledge isn't good! That doesn't mean providing any type of service is inherently bad, though.

For instance, there are tons of phone <=> desktop sync apps (My Phone on Windows, KDE Connect on Linux/Windows/Mac) that constantly communicate between each other. Why should your phone always be the one to initiate that direct connection? Why should we rely on cloud servers when mutually authenticated SSH is already doing every bit of protection we could possibly need? My phone is half a meter away from my computer, it shouldn't need to be this difficult!

You don't need reserved ports for the custom protocos.. And most of them, like sync apps, use high port anyway.
> HTTP DNS record

Can you tell me more about that?

I know about SRV records from Minecraft (of all things!) for a similar purpose, can you point me towards a reference of what is this about? Wikipedia fails me.

You can check this post from Cloudflare[1], and from there you can reach the IETF draft[2].

[1]: https://blog.cloudflare.com/speeding-up-https-and-http-3-neg...

[2]: Current version is https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-...

For anyone else looking: I don't think the cloudflare post says so, but the IETF draft does include "port" as an optional thing that SRVB records can include so we might finally get support for that in browsers:)
> My phone is half a meter away from my computer, it shouldn't need to be this difficult!

FWIW, that's possible today on Android (not necessarily tomorrow, not necessarily on iOS) - I can and do regularly move files around with rsync/scp courtesy of termux, either by running the command on the phone or just running sshd on the phone (which does, in my setup, need to be manually started; I don't know if that's inherent or could be changed) and then running the transfer from another machine.

(comment deleted)
Apps can already do this mostly and it's caused absolutely no issues. In fact, it's often used for ad-blocking. You just can't bind to port 80/443.
So? That's up to the user to decide.
Sure, if the user can build their own phone.

Otherwise they're competing with a lot of other people interested in what the phone should and should not do.

If they own a hammer, they can do what they like with a hammer, but a phone is not a hammer. It's a complex arrangement of molecules, licenses and competing group interests.

there is nothing fundamental to differentiate a hammer from a phone except complexity.

I'm sure if someone found a way to shove ads and place restrictions on the use of your hammer they would.

Yeah, it’s the complexity that makes the difference. There’s nothing but that to differentiate anything. You, a phone, a G class star, a comedy special on DVD. All “just” complex arrangements of matter.

People make a big deal out of those differences though, go figure!

A phone is physical tool owned by a person that fits in their hands. It's not as dissimilar from a hammer as you have tried to portray.
Wordplay. I can hold your hand in my hand, is it similar to a phone?

Otherwise your line of reasoning boils down to “it exists.”

I'm assuming the best intentions from you but I'd like to point out two things:

1. When discussing human rights (which apply to technological freedoms) reducing a need to "an edge case" is the basis of marginalization, defined as "treatment of a person, group, or concept as insignificant or peripheral". Therefore, it is never appropriate to rely on such language to prove a point, especially when we are discussing software which had to go out of its way to restrict freedoms.

2. It's an incredibly slippery slope to use "crapware" as a justification for reducing the freedoms of the individual. Criminals will find a way, do not create a hostile user experience.

Is the right of a handful of people to run a web server on their phone more important than the right of millions of "unsophisticated" users to not be scammed / abused by malware?

Since it's inception smart phones have been a consumer platform, used for consuming content. The platform for tinkerers already exists. It's called a PC with Linux installed. Every platform does not need to cater to your needs.

PC is overkill for this case. A raspberry pi would get the job done while saving energy and equipment costs.
A raspberry pi certainly fits the definition of a "Personal Computer".
The whole "Mac versus PC" thing somewhat solidified the notion that PC refers to x86. Raspberry Pi uses ARM.
I have an X86 MacBook Pro.
"PC refers to a non-Apple x86 machine" then :)
I like to think of a 'PC' being any machine that is derived from the IBM 5150, which was the original 'Personal Computer' (although far from the first microcomputer). However, with UEFI support on many ARM SoCs, maybe the two lineages are now marrying into each other!
right of millions of "unsophisticated" users to not be scammed / abused by malware - but who even said this will lead to millions being scammed? Does (just) the ability to create a server on pc/mac imply are less secure compared to phones?(the question is just for this ability, not other protection mechanisms). Also, why just not treat it like option to sideload apps in android? Imo that option is orders of magnitude 'more dangerous' compared to creating a server but still that option can be used without the root and without breaking the warranty.
> Is the right of a handful of people to run a web server on their phone more important than the right of millions of "unsophisticated" users to not be scammed / abused by malware?

Are you familiar with the false dilemma?

https://en.wikipedia.org/wiki/False_dilemma

> The platform for tinkerers already exists. It's called a PC with Linux installed

I would love for you to make the case that a modern touch screen phone is not a Personal Computer. And you fail to address the very real scenario in which companies are conspiring to provide fully locked-down hardware and software ecosystems.

>I would love for you to make the case that a modern touch screen phone is not a Personal Computer.

I'm always up for a challenge, so here you go.

I'd argue that a PC is a general purpose personal computer. I wouldn't count a game console such as Xbox, PS or Switch as a PC because it is vendor controlled and locked down. I'd also not consider a car with an entertainment system a general purpose computing device.

Similarly phones are bought with the knowledge that they are more similar to game consoles than general purpose computers. They are bought with the knowledge that they are locked down by the vendor and that your use of the device is going to be limited. The right to install custom software that does whatever you want has never been part of the contract.

I do support the people's right to attempt to hack these devices to do whatever they want, but I do think expecting vendor support for their wacky antics is a step too far.

> I wouldn't count a game console such as Xbox, PS or Switch as a PC because it is vendor controlled and locked down

The Xbox was built primarily from standard components used in personal computers.

The PlayStation 2 and 3 ran Linux as alternative operating systems, officially supported by Sony.

The Nintendo Wii series is heralded as some of the most hackable and therefore versatile consoles in history, not for Nintendo's lack of trying.

> Similarly phones are bought with the knowledge that they are more similar to game consoles than general purpose computers

My phone in my pocket has more capability than my old laptops. Touchscreen interaction and the ability to make calls over a cell network do not suddenly make this thing not a personal computer. The hardware is completely capable of supporting this.

> They are bought with the knowledge that they are locked down by the vendor and that your use of the device is going to be limited.

This is just circular reasoning. The entire point is that this "knowledge" is simply consumer conditioning, and people are being taken advantage of by being fed this bullshit narrative.

> The right to install custom software that does whatever you want has never been part of the contract.

My friend, there is no contract. That is the point. I buy the hardware, and then I have the right to do whatever the fuck I want with it. Full stop. Anything less restricts my right to modify my personal items as I see fit.

> I do think expecting vendor support for their wacky antics is a step too far.

What? My phone runs a heavily-modified Linux and can do literally anything I need regarding personal computing, including hook up to external monitors and make use of peripheral devices like a mouse and keyboard. It is objectively a full-blown computer, regardless of if you can't understand that.

The premise of this thread is simply that, despite all of this, ports are arbitrarily locked down. This requires extra vendor intervention to implement, so your argument makes no sense. There is nothing wacky about using my personal computing device for.... personal computing. It's either disingenuous or ignorant to suggest this is not something which should be considered.

(comment deleted)
i’ve never heard someone say that it’s a human right to run a webserver.

i understand that you want to own the stack on your tech, and i would argue that if custom OSes were allowed, that fulfils that need. it’s not apple or google’s responsibility to let you do anything with their OS, in the same vein that you often are limited by stock router firmware or what’s on your ps5.

as phones are hyper-personal it makes sense people want more control, but most average users do not. and as someone who works closely with smartphone tech, i want it to just work and i don’t want to worry about whatever nonsense is enabled by disabling security or os-level by guarantees.

just get a fairphone or whatever. it’s not a human right to force tech companies to embrace your vision of computing

> i’ve never heard someone say that it’s a human right to run a webserver.

Now that you have, will you say that it has more merit if discussed in future?

But the option is there, rooting. As long as that is reasonably available I don't really see problem. Of course the seven hells of apple ecosystem is another matter

You can argue all you want about what the normal joe shmoe should be able to do but most joes shmoes will use that to hurt themselves more than help.

Limitiations are essentially OSHA of computing, by making it hard to do the wrong stuff it makes most people least likely to hurt themselves.

> But the option is there, rooting. As long as that is reasonably available I don't really see problem.

Well, it's not reasonably available. The number of android phone manufacturers that still allow bootloaders to be unlocked without significant friction is pretty small, and hardware attestation is slowly killing the whole rooting/custom rom scene since phones with unlocked bootloaders can't run many apps.

> But the option is there, rooting. As long as that is reasonably available I don't really see problem.

The option is there on some phones, and that with caveats; lots of phones don't let you root them, and even if you can they'll artificially break things (like sony degrading the camera, or any app that refuses to run if it realizes it's on a rooted phone)

I'm intrigued. Should all smart refrigerators be able to run web servers? TVs? Would you want them to?
That would be one decent instance of a self cooled server.
This is a complete straw-man argument and deserves no further consideration. Refrigerators are not personal computers and in this case, the less digital tech a refrigerator contains, the better.
Exactly. And a phone is not a personal computer either.
How did you make this leap? Are you capable of understanding nuance?
I made this leap because the foundation of your claim that phones should run webservers appears to be

Personal computers should be able to run a web server > Phones are personal computers > Phones should be able to run webservers.

Phones have indeed turned into personal computers. Why is this hard to accept? For many use cases including basic web browsing, the phone has taken over the market where the personal computer used to dominate.
Flatly stating, presumably with a straight face, that "a phone is not a personal computer" is a really wild take.
It might feel good and noble to chide people about this stuff, but this type of hyperbolic, exaggerated grandstanding is THE reason why our society is so polarized. It is absolutely NOT slippery slope to human rights violations to talk about edge cases or to make tradeoffs. Escalating everything to such high stakes makes discussion and compromise impossible.
>feel good and noble to chide people about this stuff, but this type of hyperbolic, exaggerated grandstanding is THE reason why our society is so polarized.

Is this line supposed to be ironic or something?

It's quite reminiscent of the tolerance paradox, at least.
> It might feel good and noble to chide people about this stuff, but this type of hyperbolic, exaggerated grandstanding is THE reason why our society is so polarized.

I'm sorry, but what are you doing right now if not this?

(comment deleted)
> 2. It's an incredibly slippery slope to use "crapware" as a justification for reducing the freedoms of the individual. Criminals will find a way, do not create a hostile user experience.

It's a legit security issue. Not protecting people from these things is far more user hostile.

Preventing some users who have the know-how from running a web server is not mutually exclusive with protecting people who don't wish to or don't know how.
But this issue is minuscule compared to allowing running unverified apps... a thing that's allowed in most android phones a button away without the need to break warranty. What's more funny, looks like ios soon will allow this too. So phones are already offering the option to run unverified code, user should just allow it and accept the risks prompt. Why not treat the server thing (which imo is much less dangerous) just the same way?
> When discussing human rights

I've never heard an argument before that the ability to host a personal website on a cellphone is a human right. But, by using this phrase, you seem to be assuming your readers already agree with you that human rights is what we are discussing. As a rhetorical device, that may be effective at getting someone to back down for fear of being labeled as anti-human-rights, but it is not effective at persuading someone of your implied thesis. I'd very much like to hear such an argument connecting cellphone websites to human rights.

Most simply, you could start from the view that is the basis of English common law - that which is not explicitly forbidden is allowed. Your rights are not given, they exist prior to law, it is only for law to help define them for the purpose of upholding them.

Hence, freedom is the default position, the default human right. What needs to be justified is the restriction, not the freedom. Without good justification the restriction should be removed. An example of unjustifiable restriction is "criminals may use it", as:

a) your freedom should not be impinged on by the actions of others, especially malicious ones, and

b) you are presumed innocent (the second, perhaps only in order of mention here, great principle of English law, if not culture. One that is sadly being undermined).

> I'd very much like to hear such an argument connecting cellphone websites to human rights.

The argument is that individuals must have the right to modify their devices as they see fit, barring some reasonable FTC radio restrictions which are necessary to enable fair use.

You can argue that nothing should compel a company, in a free market, to provide such a device. But the nature of human rights is that they must be defended vigilantly, or the entire industry and government will slowly move to exploit people.

If you do not guarantee freedom of speech, companies will restrict it. If you do not guarantee freedom to repair or modify a device, companies will restrict it. At some point, these practices become inescapable for the end user and they effectively lose these freedoms while entirely skipping due process and the court of law.

And yet, can't you do that (modify your device) at least on Android? Sure, maybe it means jailbreaking the phone. But as far so know, that isn't illegal.
It's not guaranteed, and increasingly it is difficult to find devices which support this. In general the computing industry seems to be converging on locked-down ecosystems.

Rights must be enforced, not left up to corporate goodwill.

Everything that might be useful to a marginalized population should not automatically be used to rhetorically beat someone over the head in this sort of discussion.

Humans rights pov to this were not remotely part of the discussion. If you have one you think is relevant to the discussion then introduce it. The way you have tried to do so here is in the tone of “I know you think you’re trying to help but clearly your attitude is part of the problem.”

This might be acceptable if phone-hosted websites were already a well-known humanitarian & human rights issue and therefore marginalization a potential problem. As it stand though it just seems like you’re twisting the meaning of “edge case” into something that it is not.

The issue is that we must enforce these rights within the market, or we circumvent law. "Freedom of speech" doesn't matter if the user can only choose from market participants which restrict speech. There is absolutely no guarantee that "the free market will sort things out" as so many believe. The only guarantee must come from corporate restrictions which enable individual freedoms.

You could argue John Deere shouldn't be required to sell you a tractor which you can repair at home. But if you don't require that, they won't, and you've chosen to prioritize corporate needs over individual needs.

Almost comically hyperbolic. Today, you do have a right to host anything (within reason) you want on anything you own. You can’t be arrested for jailbreaking your phone, and you have every right to buy alternative devices if those don’t suit you.

Calling this a human rights issue is like calling your ability to order a sandwich for lunch a human rights issue

> Today

Exactly. If we established all law based only on what we currently observe, without considering future implications, then we would fundamentally only be a reactive legislative system and not proactive.

> Calling this a human rights issue is like calling your ability to order a sandwich for lunch a human rights issue

No, that is a gross misrepresentation. The simple fact is that if you don't require the right for a user to modify their general computing hardware, that right will never be awarded systematically, and will in fact be repressed. It's the definition of a slippery slope, because anything can be justified from that point.

If it is a human right to be able to run a web server off of a phone, does this mean that every human has a right to own a phone?
Why would one necessitate the other?
What is not forbidden is allowed, you are born with your rights, law just limits them for society to function. Afaik law doesn't forbid to run a webserver on your phone so technically you can say it's a human right
This is is closely related to the Right To Repair movement, which is one of the most important human rights campaigns of our lifetimes.
I think there’s a balance here where you have different harms.

Your concern is about an intellectual ideal of full freedom to utilize a device as you see fit.

That is an ideal that I am philosophically attracted to. But… you have to balance harms when dealing with the public. Security risk management for mobile is difficult and even professional practitioners fail badly at it. A billion little servers with a trillion little bugs are a physical safety risk for thousands of people that they cannot effectively manage.

We live in an era where publishing is easier than it has been since society consisted of a bunch of cavemen in a few small bands. This idea is technically interesting but a bad one.

Well I agree with, for example, band restrictions set by the FTC which allow fair use. Individual freedoms are only enabled by restrictions against parties who would otherwise conspire to ignore them.
> When discussing human rights (which apply to technological freedoms) reducing a need to "an edge case" is the basis of marginalization, defined as "treatment of a person, group, or concept as insignificant or peripheral".

This is a category error. The use is marginal, not the people. You can't just uprate the severity of something because it suits your wants.

I chose to purchase a phone that can’t do this. I’m fine with that. I’d rather my phone be how it is. I don’t need some nerd fighting for me in some imagined battle. I am incredibly sick of this line of reasoning. Anyone who spends any time arguing this point quite clearly has too much time on their hands and no real problems. It’s utterly cringey. Leave me be.
I fail to see how this has anything to do with what your personal preferences are?
I come baring bad news; your smartphone can host webpages whether you like it or not. Worse yet, it can use it's browser to render arbitrary pages of data (detestable feature) and even execute code when given permission by the kernel. Very scary stuff.

Thankfully, nobody will be forcing you to use this feature; it shouldn't bother someone who ignores it. It is a feature of your phone though, unless you're daily-driving a pager or 2G Nokia. Hopefully this helps you make peace with the "utterly cringey" reality of modern computing.

You fail to see the irony that the only reason you have it so good with your phone software is because of the pushback of open source and open standards the nerds have had to always fight for.
The only reason? Tech people here have some very self-flattery view. The main reason, and I wouldn't call it the only reason, the phone being an essential item is because it meets the needs of average consumers, not just for the tiny tech population. If a website is what everyone wants, then trust me it will be front and center in any phone ads, not the camera.
> Anyone who spends any time arguing this point quite clearly has too much time on their hands and no real problems.

Actually, trying to argue against something that you will not use, but others would use, that has no other effect on you, harms yourself (you might change your mind later) and harms others.

[flagged]
What are you gaining by entering this fight? Step aside.
Totally agree. Let’s keep this the one-sided echo chamber it was designed to be.
It was probably more reference to tmpX7dMeXU's pointless rambling response than a desire to not hear actual arguments.
“Give it a rest already. Maybe we just want to live our lives and use software that works, not get wrapped up in your stupid nerd turf wars.”

— <https://xkcd.com/743/>

The lesson is open source needs to produce more accessible, usable software instead playing Cassandra
But if you have usable software how you're gonna ask for consulting and maintenance contracts? /s
Did you post this comment before the third panel loaded, or are you in abject denial of the power you lack as a user of services such as Hacker News?
I have no idea what you mean by this. Can you explain please?
Not that a comic proves anything either way, but if you're going to quote that part, let's include the entire text (copied from https://www.explainxkcd.com/wiki/index.php/743#Transcript):

    2003:
    [Cueball approaches a bearded fellow.]
    Cueball: Did you get my essay?
    Bearded Fellow: Yeah, it was good! But it was a .doc; You should really use a more open-
    Cueball: Give it a rest already. Maybe we just want to live our lives and use software that works, not get wrapped up in your stupid nerd turf wars.

    Bearded Fellow: I just want people to care about the infrastructures we're building and who-
    Cueball: No, you just want to feel smugly superior. You have no sense of perspective and are probably autistic.

    2010:
    Cueball: Oh my God! We handed control of our social world to Facebook and they're DOING EVIL STUFF!

    Bearded Fellow: Do you see this?

    [Inset, the bearded fellow rubs his index and middle fingers against his thumb.]
    Bearded Fellow: It's the world's tiniest open-source violin.
...you don't have use for a feature so you don't think anyone should want it?
Actually I thought this was silly, but if your service provider provided and upstream cdn/cache, I think it could work pretty well. So when you are out of service area, they simply hit the cache.
Then there's no reason to have it on your phone in the first place.

There's no real difference between a site on a server and a cache on a server from any kind of philosophical decentralization point of view.

Just put the thing on the server in the first place and forget about the phone entirely.

The argument is that control can't be taken away from you, I suppose. I argue in another comment[0] that peer-caching could mitigate unreliability, but that still leaves the question of how you maintain ownership if other entities are allowed to serve it on your behalf. Is it possible to make yourself reliably globally routable without trusting a third party, or needing their permission?

[0] https://news.ycombinator.com/item?id=37103721

Hot take: Android is not an operating system.

Go install AOSP and see how useless your device becomes. An OS is more than a kernel and filesystem, it's also a basic set of userspace utilities and functionality. Last time I installed AOSP on a device- wifi wasn't even supported. And Google is removing messaging from AOSP. Phone OS my ass, it's useless without 3rd party cruft that isn't available to end users.

AOSP contains a music player, a gallery, a camera app, a web browser, a calendar and some dev tools. Sure, they haven't been updated for a few years, but that doesn't mean they're not there. WiFi and LTE work just fine as long as your manufacturer uses hardware supported by normal drivers.

That said, office supplies don't make something an operating system. If all it had was a launcher, it would still be an operating system, because you can install the apps you want onto it.

I don't know why your device didn't have WiFi, ut it's not the norm. Standard AOSP images should use the vendor partition to load additional drivers if the ones built into the Android kernel don't suffice.

For the longest time (maybe still but I'm out of that loop), installing Windows from a DVD left you without wifi, too; was it not an operating system?
The drivers could be acquired and installed either via CD with the hardware or found on the web. Where are my provided wifi or cellular drivers for my phone?
It's like Linux on some strange hardware, if something is missing, you code it by yourself, aosp is open source, so making lte compatible is possible for your device, just not what other ppl a interested in. Or you can use a fork that has the fix
I remember running a web server on an old tablet several years ago. What changed? Is it not possible on newer devices?
The assumption that an operating system should allow the user to do everything is quite restricting.

Under this view, every device should be a standard-issue military-grade turing-machine. There would be no individuality, every device would be the same GPL licensed Free Operating System.

Is it real individuality or fake individuality? All those devices are already general purpose Turing machines that the manufacturers go to great effort and lengths to restrict, writing millions of lines of code, developing cryptographic systems etc to lock them down. A turing machine can run anything, the 'individuality' is just a fake restriction. There is nothing stopping you from running a general piece of software or os on any hardware that meets some minimum requirements. No reason android couldn't run on an 'iphone hardware' or ios on an 'android hardware'. Not the quotes I used, the hardware is just some general purposes CPUs, RAMs etc there is nothing magically 'iPhone' or 'Android' about it.

Almost all differences among the various modern phones, laptops are mere software, the software is where the individuality is. Hardware differences exist in degree rarely in kind (megapixels of cameras, gb of ram etc) and even if some new type of hardware or sensor comes out its just a matter of developing a proper interface for the cpu, os etc.

My point could also be summarized as there is a difference between mere neglect and active effort to block the user from making use of the hardware.
Literally when the title indicates. Why would phones need to run a web server if that’s not the point?
The point is not that everyone should, it's that some people who want to, should be able to. Phones are quite powerful and can be excellent web servers on a budget.
But now you’re talking about a niche enough audience, that existing ways of running a web server on your phone are fine, and they’ll jump over the proverbial hurdle.

This still doesn’t remove the issue with running a server via mobile connectivity. Especially when there’s free options, or inexpensive options that won’t run up your mobile data bills.

It's clear you're against the very idea and you are just coming up with ways why it shouldn't be done.

Do phones not have WiFi? Yeah, it's not ethernet but you intentionally made it sound like mobile data is the only option.

> some people who want to, should be able to

And this is a terrible argument IMO. The idea of “It’s my device, it’s my right to do exactly what I want with it” is beyond dead and buried. There are lots of things people want to do with their devices that Apple doesn’t let them do. That’s literally been Apple’s philosophy for decades and at this point it shouldn’t be surprising.

Buy the Pinephone if you absolutely have some arcane use-case you can’t live without.

Who said anything about Apple? Apple actually allows hosting content on port 80/443/22/whatever.

Also, "I don't need this so nobody should have it" is a terrible take.

> Who said anything about Apple?

Literally the title of the post (every phone)…

It’s not a terrible take. I want the features Apple decides are best for the iPhone because I prefer their philosophy to the idea of some device with unlimited options and settings.

> I want the features Apple decides are best for the iPhone because I prefer their philosophy to the idea of some device with unlimited options and settings.

Okay, then you've got me confused. Apple decided years ago to allow applications to bind to port 80 and run a personal website on their phones.

Does that mean you want Apple to change something or not? Because Apple decided their devices should be able to serve anything on "privileged" ports.

> "I don't need this so nobody should have it" is a terrible take

The opposite opinion that you seem to advocate is equally terrible -- "I want it so everyone should accept it" (which is the title of the post). How about you go advocate for a phone that supports it, says a Linux phone, and if it takes off and Apple/Google adopt it, then we can have it without this tiresome debate?

It's been philosophy, but looks like Apple will allow sideload bc of EU. And since this will be allowed(imo running unverified apps is much more dangerous) why not treat the server thing the same way?
Probably terrible data point, but running "nc -l -p 80" within the iSH shell app on iOS opens port 80 and is reachable from a desktop machine in the local network. iSH has requested the "Local network" permission at some point.
That's interesting, thanks for the information! Refreshing to see Apple provide to be the less restrictive app platform!
Even if you run the server, it will die if the app goes to background or the screen turns off. Hardly practical. Just because a port is open does not mean it’s “less restrictive”.
I apologize in advance: 'cat /dev/location > /dev/null & python -m SimpleHTTPServer 80'. Totally crude but works, even when turning off the display.
This just slightly extends the background runtime, not allow indefinite background execution. I don't think ish has the navigation background mode (or audio for that matter) enabled, as it won't be allowed by Apple.
There are workarounds for that: https://developer.apple.com/documentation/xcode/configuring-...

Eg if that terminal app is capable of playing audio, it can play silence to keep the app alive forever in the background.

I don't mean to imply that this is practical. Any solution would still destroy battery life.

What I would like to see is devices being able to run at least to some extent purely off of the wall.

My use case: I plug in an old phone into the wall, a 65W Thinkpad charger to be precise. The input for the Thinkpad is USB type C which is the same as my ZTE phone. I connect the USB C cable, attach my spicy pillow of a battery (it is removable), wait until the device powers up, and remove the spicy pillow from the phone. The phone stays on.

What I would like to see instead is some way for phones and laptops to work directly off of the wall, not charging or using the battery at all once it is done charging, without me having to physically remove the battery. I thought this is how laptops used to work but I am not an expert. Phones I am positive do not work like this for some reason. I believe one reason is the camera flash. The camera flash requires more oomph (very technical term) than the wall can deliver. I'm guessing that based on a single anecdote that I once tried to use the flash without a battery and the phone rebooted.

I guess the main gist of this comment is to say I'd like to see better thought go into making battery more durable so you can use a phone, connected to the wall for ten years if you wanted to. I am positive that if we could use the phone off the wall without constantly charging and discharging the battery, we would be able to eliminate most cases of spicy pillow.

> not charging or using the battery at all once it is done charging, without me having to physically remove the battery

Most flagship devices already do this. They automatically enter kiosk mode after being plugged in for a few days which eliminates the spicy pillow problem by keeping battery voltage significantly lower than normal. Eg https://support.apple.com/en-gu/HT208710

> I thought this is how laptops used to work

Transients are a problem for laptops and desktops too. Eg:

- Macbooks go into limp mode by asserting PROCHOT when the battery is <10% (or disconnected or high internal resistance) regardless of whether the laptop is plugged in. If they didn't, a sudden increase in power usage would cause enough voltage sag to reset the machine or cause data corruption. See https://apple.stackexchange.com/questions/380493/cpu-throttl...

- An RTX 3090 draws only 350W, but transients are often double that. A lotta people with weak PSUs and aggressive OCP had random reboots and bluescreens until they upgraded their PSU. The newer RTX 4090 has a better VRM which causes smaller transients so it can work with a smaller PSU despite having a 450W TDP.

That's not allowed on the app store (Apple will reject apps that abuse this without a legitimate reason, and a terminal app has no business playing background audio or abusing location services). Also, the audio background mode is particularly bad for user experience, as it does not allow you to play real audio, because in toyOS land, only one process can play audio. Yes, this is the state of iOS in 2023. Garbage.
Not true if I recall correctly, since around iOS 4 multiple processes can play audio simultaneously- it is only if a process requests exclusivity that playback from other backgrounded apps is stopped.
A foreground app can play additional audio if it does not require system support (such as controlling the playback from a Bluetooth headset and appearing in the now playing widget/dynamic island). But only one process can play continuous audio in the background. You cannot have Safari play a video and also listen to an audiobook.

“wHy WoULd YoU wAnT tO Do tHaT aNyWaY¿” -typical Apple fanboy response

You can also use it with Tailscale (or other VPN) to make it reachable to other hosts in the tailnet.
Why run a website on your phone when you could get a Raspberry Pi instead? This idea that computing devices should be general-purpose is left over from when computers were expensive.

Repurposing old hardware is cool too, but when you’re not using it as a phone anymore, you could run a different OS.

>Android and iOS put restrictions on what applications on a phone are able to do, often for arbitrary reasons.

When people complain about how Windows (and for that matter also Linux and BSD, et al.) don't lock their environments down, they should remember it's because both devs and users alike appreciate and respect the freedom to do whatever the hell we want on our computers.

Great power begets great responsibility. Android and iOS place next to no responsibility on the devs and users, but likewise also none of the power.

The author is saying you should be able to,

---

But why?

For most people it doesn't really matter if their personal webpage of gundam facts and cat pictures only has one 9 of uptime.
> If you want to keep a spare phone plugged in all the time in your closet, connected to Wifi/Ethernet, and hack it to be a webserver, then go ahead

even this low bar is (imo sadly) currently impossible for someone who just has a spare phone in their closet and a bit of html knowledge

looking forward to the unicorn that makes wordpress for ios/android

It's not exactly hard, you can download web servers from the Play Store. The problem is that you'll need to set up port forwards and such to get traffic to port 8080 or whatever your web server of choice offers.

Termux can install nginx, PHP, and various SQL clients, so I'm sure someone can make a copy/paste script that'll set up a WordPress server on your phone.

Is it? I installed https://play.google.com/store/apps/details?id=com.phlox.simp..., and https://play.google.com/store/apps/details?id=com.foxdebug.a... (the first two apps I found) and had a http server with custom html in all of about 5 minutes.
None of them can run server on port 80/443
Your mobile internet is behind NAT and your WiFI router would need port redir to point external traffic to the phone inside the LAN anyway.

So even if you can run it at port 80 you can't really do that without NAT or tunnel somewhere and if you need that you can just NAT to get it visible on 80 from the outside

It's mostly imaginary problem

I don't need website to run on IPv4. Almost every mobile provider has IPv6 deployed here in India. With IPv6, there's no issue of NAT.
Unless that device has an Apple logo on it it is 100% possible.
I thought this sounded weird so I tried it.

It took me about two mins, and most of that was because I typed a minimal html page on my phone using vi.

My phone has an apple logo, and the whole point of the article is that android is the one which blocks you from doing this without jailbreak. But on an iPhone it takes like one minute and zero configuration. (I literally just ran `python3 -m http.server 80` with no issues in ish).

And were you able to connect to that server from some other device?
Personal websites are info only. Don't change that much. Google can and should cache results. Once synced, the website could be behind Cloudflare to avoid DDoS.
Ignoring the "Cloudflare is centralizing the internet" problem, I wonder if Cloudflare Tunnel / cloudflared could run as an unprivileged Android app?: https://developers.cloudflare.com/cloudflare-one/connections...

This might allow a smartphone to host a publicly-accessible website with caching and DDoS protection for free. You'd still have to buy a domain, but https://gen.xyz/number is $1/year.

Though the keepalive traffic would eat your battery, unless cloudflared were integrated with Firebase Cloud Messaging somehow... seems easier to just put content on Neocities.

If you are going to use cloudflare, you might as well just host the page with them.

Maybe the value of running on your phone would be so people could see that your phone is up or something like that?

It would be textual version of public WhatsApp status ( or stories) connected to your mobile number. For those people who don't mind sharing information with the public.
Author here. I understand what you are saying but this is not supposed to be full fledged social media kind of websites we want to run on phone. The site could just be a simple way for your loved ones to check up on you without calling or messaging you. I remember the Nokia web server used to share battery and other vital info on website. There are lot many things that can be done with a tiny web server.
"Why aren't you answering my calls? I can see you have battery left!"

Sorry ma, I was in a meeting.

Really, our proclivity for instant gratification over patience is unhealthy.

I'm sure there's all sorts of neat ideas for what could go onto a phone's website, but I can't say that I see the appeal, personally.

I assume the intention was more like, "Oh, their battery is at 18%. Maybe I won't download 500 photos from their gallery at just this moment."
how about some p2p web server when you go offline, another node picks it up?
Not refuting your valid points but just another angle to consider, do all websites need to work all the time? If my family knows they can go to apitman.com to see my latest trip photos, if it's down occasionally that's not going to significantly impact their experience. They can just try again later.

That said, when I imagine self hosting from a phone I definitely think the phone + USB drive in a closet approach makes more sense.

It will hurt adoption if people can’t trust the website.

In your photo example, my mom, the first time the website wouldn’t work, would demand I just email her the photos from the trip from then on.

We've had networks composed of unreliable nodes before - indeed, this assumption is baked into some of our oldest protocols, like email and usenet. All that is required is for at least 2 equally unreliable peers to act as temporary caching servers to bring the effective uptime up from 95% to 99.99% (provided everyone's downtime is uncorrelated).
HTTP is different than SMTP or NNTP. A phone could work as a nice personal mailhost, if power management issues could be solved.
It's true, I was imagining some something more sophisticated than HTTP. But I guess the article wasn't.
True. The SMTP has provisions that account for the host server being powered off, a personal computer was a reasonable host for this protocol.

The sending client is supposed to retry if the receiving server is down.

> The SMTP has provisions that account for the host server being powered off

But it's still built with the expectation that the recipient host will usually be available, and that unavailability is a transient condition -- a failure to contact the recipient SMTP server is a noisy failure, and, after the first few retries, most servers back off to one attempt every 8 hours. Mail servers which are only sporadically available would require some fairly substantial rearchitecture.

Nope. It was written to account for personal computers to send mail to personal computers, which could be reasonably powered off nightly.

The noisy failure is probably not a part of the standard, more likely a recent trend.

Which is why it works perfectly fine to send e-mail when you're on a plane without WiFi -- it's designed to send once you've got a connection.

But the article is about a personal website. Websites run over HTTP, which is not designed for anything unreliable.

It's interesting to think about a web that was designed to have lots of intermediary caching peers along the way as part of the protocol, but that's not what we have.

Caching is a thing, as are distributed networks.

The notion of mobile-device-as-origin-server which can provide either content in a local context (on a LAN, localhost-only), or globally via cache-and-redundancy / cache-and-forward networks has definite and positive use-cases.

Has anyone managed to find a reasonable way to make an old android phone into a server in a reasonably practical/maintainable way? Even if it is plugged in all the time?
Proposal rejected. Websites run on web server. Phones are not servers.
Technically, they become a server once they start serving a webpage.
Websites can run on anything capable of speaking HTTP, like your teapot.

Commercial websites typically run on dedicated server hardware.

Its almost like the real reason mobile web servers don’t exist is because its a terrible idea and not because companies secretly don’t want them to
Unless you live in a tunnel, who cares? If you’re hosting a basic portfolio and personal site you don’t even need 2 9’s of reliability
Everyone being able to check whether you’re in an area without cell reception does not seem like the best of ideas.
That's already reasonably testable by attempting to call the device via PSTN.
>Phones go into tunnels, run out of battery, and go indoors where there's a poor signal or none at all.

i.e. when you can't take a call or a text or read a social media notification. Why does this need to be always-available if those don't?

Because you can't predict when someone will try and hit your site?
While less ideal than hosting it on an "always available" service, is that really enough to prevent the ability to do so? Phones are many people's only computers. Why not let them be actual computers since they're powerful enough to be? A typical smartphone is miles ahead of a Raspberry Pi and people do all sorts of things with Raspberry Pis. What about hosting a portfolio or blog on your phone where you can share it with someone in real-time, like a job interview or some presentation or just to show it?

Also, I wonder what the actual "downtime" of a smartphone is. I doubt it's that much worse than a lot of websites. The downtime of a smartphone is also usually completely independent of the phone itself, as it's usually service and/or location related.

(comment deleted)
I'm on the same boat with this.

We already have crappy written apps waking up devices on OEM software, last we need is random agents on the internet waking up our phones.

That's what IPFS is for. The site might be out of date if the device with the IPNS private key goes into a tunnel for a while, but as long as someone somewhere (ideally several someones) has pinned it and their device is available then it's not "down".

We just need a good algorithm for reciprocity-pinning.

To account for the changing times, I believe a Personal LLM should be running on your phone (with a cloud data backup) with background AGENTS looking for shopping deals, working with your calendar and making appointments for all life chores such as your car oil change appointment bookings, recommending preventive maintenance repairs, answering on your demand questions on your your kids math/english report cards grade progress for last few semesters, and so on.
I agree that they should be capable, but I don't think it should be done by almost anyone.
Any phone can run an onion service if all you need is a website. It's rather annoying that you need to root/jailbreak your phone to use port 80 I agree with that, but it's also not a necessity for running a website.

Aside from the phone use case, the concept of "privileged ports" is pretty silly on any device operated by a single user or used for a single purpose. In an age where any device on a modern network can reserve hundreds of IP addresses without any risk of address space exhaustion, concepts such as reserved ports are next to useless.

One day I'll get myself to waste a few weeks writing an Android mod that gives every app on the system a separate (ephemeral) IPv6 address. The challenge will be to generate enough virtual interfaces for network namespacing to do its thing while assuring it only does so on IPv6 enabled WiFi networks, but I think it can be done.

On my Nokia N90i, I used to run Apache and PHP and a gallery web app to serve up the phone's camera roll on the wifi interface. Was quite useful at times.

Symbian was a terribly quirky platform to develop for, but there were some quite cool things.

You still can on modern phones: https://wiki.termux.com/wiki/Termux-services

You'll have to use port 8080 or some other high port number because of privileged ports, but for just temporarily sharing your camera roll that shouldn't be too much of a problem.

Yup, I love Termux. It's what makes my Android phone useful as a tool.
really? my phone is useful as a tool to: communicate with friends and family, do work via writing, reading, checking metrics, watching videos, and 10000 other things.

and i live in vim on a computer. this tech-centric “i need a terminal and full access to the shell for it to have any worth” is pretty juvenile. phones are real tools for millions of people— the greatest technological innovation of the century.

From a dictionary, on the noun "tool": "something (such as an instrument or apparatus) used in performing an operation or necessary in the practice of a vocation or profession"

I was likening it to something like a screwdriver. I often describe what we do as making tools for others to live their lives and spread culture and civilization, so I understand your sentiment (although I think you are grandstanding a little). My comment, however, was personal and about what makes something a tool for me.

I'm also a fan of what phones do for people, and software in general; one of my fondest times working in software was developing communication/chat software and knowing a number of people who met on it and became partners for life.

The article doesn't make sense. It can technically work with a bunch of dynamic DNS systems. An IPv6 address isn't fixed to your device like a MAC address is.

Even assuming it would be doable, it would be a security nightmare, and we'd end up relying on some centralised systems anyway lest we burden the internet with absolutely insane amounts of continual p2p discoveries.

If you want a personal website, why not use a service like neocities? It's free, and just lets you go ham with static content. Don't feel like writing HTML pages manually? Make a TiddlyWiki and upload that.

To be clear, I am all for self hosting stuff, but it needs to be in a proper, affordable, standardized package that can be kept secure and useful. A phone is NOT that.
Why not? I download updates to apps on my phone every day. I fact, my old phone that has long stopped receiving updates still runs the latest browsers just fine. The problem isn't keeping the applications up to date.

There's a risk of kernel exploits, but I can't remember the last time the Android kernel had a bug that could be triggered by simply sending packets to it. Privilege escalation works, maybe, but getting root on Android is a lot harder than most Linux servers because of the very strict and isolated SELinux contexts.

I've installed termux on my phone and I can install nginx with a single command. Downloading a Debian chroot and launching a full, maintained Linux distro is two commands away.

Until remotely triggered Android kernel exploits become a thing, I don't think the updates are the problem here.

> I can't remember the last time the Android kernel had a bug that could be triggered by simply sending packets to it.

RCE from Bluetooth packets has happened uncomfortably often - CVE-2017-0781+2 (BlueBorne), CVE-2020-0022, CVE-2022-20411, ...

True, but Bluetooth doesn't work over internet. Plus, you can just turn it off if you worry about it.
That seems exceptionally reasonable, nomad. That would be pretty easy to anonymize as well. It's a pleasure to meet you.

I'll add that Resilio Sync + singlefile Tiddlywiki (I think most people would be surprised what TW can accomplish) from a phone is quite workable (a filewatcher with ratox or may toxic, or IPFS, would do as well, but they aren't as performant or turnkey). You can automatically push with custom conditions (or manually do so) to those listening (the burden has to be shifted away from the phone to some degree). If you have persistent seeders in the mutable torrent swarm, it's even better. That would serve a very large number of people on the planet pretty well, imho. This is harder to anonymize on a phone, but also doable.

It's reasonable to do both, too.

Add a proper USB to boot with, and it would sometimes be easy enough to walk up to a random machine when you need more than a phone to work on your Tiddlywiki or other infrastructure. I admire trying to find ways to make sure almost anyone can participate in The Great Conversation with minimal material; it's an important problem.

Yeah I can't make sense of this article either. How is IPv6 supposed to solve this? IP is for routing which is tied to geography, not identity. And wouldn't dynamic DNS make your website unresolvable for at least a minute or two every time your IP changes?
> Yeah I can't make sense of this article easier. How is IPv6 supposed to solve this?

I took it to mean he was discussing phones that are on IPv6 only networks.

Yeah but I'm asking how does that help? As the phone hops around, the IP address will change, whether it's v6 or v4. Are they expecting IPv6 will be stable no matter where in the world you travel?
A DDNS service seems like a trivial add-on to make this work.

I think the bigger issue is the number of mobile devices behind CGNAT.

> A DDNS service seems like a trivial add-on to make this work.

I responded to this earlier: wouldn't dynamic DNS make your website unresolvable for at least a minute or two (or much longer if your TTL is longer) every time your IP changes?

> I think the bigger issue is the number of mobile devices behind CGNAT.

Yeah I agree on that, they already mentioned that part.

> The reason I think this is needed is because a large percent of Internet users cannot afford hosting personal websites.

I sympathize with this, but disagree. There are a lot a great free options for hosting a website. I personally use GitHub Pages, but Netlify, Vercel, and even Glitch offer excellent free tiers. Heck, if you just want to put some words on the web, WordPress.com offers free blog hosting.

All of these options are using someone else's service, and that may go away without notice. I understand some people wouldn't prefer that. But on the other hand, I value my phone's battery and site's availability over owning the full stack.

Why is phone battery going to die?

Do a traffic dump and check how many thousands of requests its handling for all your personal data from every app installed.

It’s only doing that intermittently when you’re not interacting with the device.
Depends on the app and what permissions you set
If you’re getting more than a thousand requests a day you’re gonna move to a real web host anyway
My blog has been on the front page of Hacker News a couple of times with GitHub Pages. It didn't break a sweat.
That's because you're using Microsoft's infrastructure for your site.
Sorry, I was saying that because I thought the poster was saying "you'll need a real host (instead of a free one) if you get more than 1k visits a day". But looking back, I think "real host" meant "not a phone" and not "not a free host". So my comment here didn't really make much sense.
It’s less about requests per day and more about my website going down if my phone is in my pocket.
(comment deleted)
Because phones have all-day battery life because they turn off the radios as often as possible, sending and receiving data in short bursts. Lingering sockets are shut down for non-system services and push messages are exchanged through dedicated messaging providers with power management planning built in.

It's one of the reasons running standard Linux, or even de-Googled Android, on a normal Android device can absolutely tank your battery life. Waking up the radio is expensive, and packets coming in at random moments means the work put into power saving scheduling goes down the drain.

"...or even de-Googled Android, on a normal Android device can absolutely tank your battery life."

Not necessarily. About eight hours ago I was having trouble with the GPS on my main phone (I cleared GNSS on GPStest app and it wasn't refreshing fast enough), so I found another in my assortment of phones that was still running and had some charge left in it and used it (it also had GPStest installed)—and I'm using it now to post this comment.

It's a Huawei GR5 Honor from 2017 with original battery that I've de-Googled, and when I picked it up earlier the battery indicated 22℅ remaining which surprised me because I've not used it for some weeks.

When I read your comment I thought I'd ckeck the battery and phone usage logs and I'm now even more surprised. The phone was last used on July 19 (24 days ago) and the battery drain graph shows a very gentle and almost perfectly linear decline from then (until I put it on change and started using it).

Moreover, it estimates remaining battery life in standard/default power mode at 8 days 23 hours (but it's since been on change). Note: the phone was set to standard power mode during those past 24 days. If I switched to 'Power Saving' mode the estimate is 11 days 16 hours, and in 'Ultra Save' its estimate is nearly 33 days (778 hours 44 mins).

Incidentally, the phone has 346 apps installed.

It's amazing what battery life one can achieve when one stops both Gapps and user-installed apps yapping back to Google-Central.

A de-Googled device doing very little will have great battery life. Once you load up a chat app or two, that battery life quickly starts degrading, because every app starts polling a server for updates.

Most people use some kind of app that receives push updates from the internet onto their smartphones, whether that's Facebook or WhatsApp. If you can live without those apps then you'll have a much better time, because the WiFi can actually turn itself off completely and the phone modem can fall back to a state as passive as possible.

You don't need to de-Google your phone for this effect. Just disable all internet access (WiFi off/disconnected, cellular data off) and your phone can last a day longer. Works great for devices repurposed as navigation systems!

(comment deleted)
"You don't need to de-Google your phone for this effect. Just disable all internet access (WiFi off/disconnected, cellular data off) and your phone can last a day longer."

True, that's my experience too. As mentioned, I've well over a dozen unmodified and rooted Android phones and some of these have been repurposed including for navigation, remote control of equipment etc.

I'm not a typical user, no social media, no Google accounts, no cloud storage and such, so for phones that aren't rooted Gapps are either disabled or where possible removed, similarly, any running services that I'm not using are stopped (if possible). On rooted phones apps only run when I'm using them, WiFi/SIMs are disabled and or airplane mode is on when the phone is not in use, also no background data is allowed etc. so I expect my phones to last for days without recharging.

What surprised me about this Huawei is that it is six years old and the battery has been abused—left charging at 100% for days on end—yet it still managed 24 days on standby in normal power mode. No doubt it would have lasted a full month if I hadn't used it today.

This is looking like a solution in search of a problem
Just because you can, doesn't mean that you should.

Nobody should be running their personal website on their cellphone. When I read this type of diatribe, I hesitate to agree with it. Abstract considerations of freedom lose out to "you're going to tell people they should do this, and that is a bad thing".

But you are telling people NOT to do this, from the get go, without giving a reason?
This entire thread should be saved in the Smithsonian. It’s the most epic bikeshedding about the stupidest idea, with people emotionally tying it to their pet peeves. Capitalism! Walled gardens! Free software!

No, it’s just a bad idea because few people want it, and even if you did want it, you can, and even then it open a up issues of battery life, reliability, etc. we can barely get actual software makers to care about personal websites, let alone normal people. And then we want to argue people should be able to host on their phones? Good gravy.

Who are you to say what people want? Why limit your imagination? Why not think about the possibilities first? Why presume that things must be difficult?
I'm so excited to use a spatial computer (a mobile VR headset computer) that can connect to my phone with my friends. We can host and create AR apps like that.
> The reason I think this is needed is because a large percent of Internet users cannot afford hosting personal websites.

~$5-7 a month for a web server via various platforms. A better one than your phone would be, most likely—certainly more stable. I don't think that's what's stopping people, I think most people just don't have a use case for hosting a web site.

In my 90s dream of the technohippie utopia they would all have extensive and idiosyncratic personal websites about various things they've soldered together, but that didn't work out. Turns out most people want to watch videos of other people doing things, and that is most efficiently hosted in a centralized place.

I think it’s axiomatic that an order of magnitude more time will be spent on consuming content than producing it. Why would you spend hours every day crafting a deeply insightful blog if literally no one ever read it? As an author or other content producer, you want people to consume your work. Therefore, the equilibrium between content and consumption must settle on dramatically more consumption than production.

I think this handily explains why the “personal website for every human” utopia never came to pass.

(Yes, I know some people will produce great content purely for the joy of doing it, and don’t care if anyone consumes it. I think that’s an edge case, not the operandus of every living person)

P.S. You’re completely right about the $5-7/mo hosting. I used to run a server in my home, but discovered I was spending more on electricity than the cost of leasing a small VPS. Centralizing has fantastic economies of scale.

$60 a year is a lot of money for a lot of the world. I met people who spent that much a month for a bed to live on.

The cheapest PHP/MySQL hosting in my country is $18/year

On the same basis, most home routers are powerful enough to run a basic webserver, and they are much more likely to have a consistent internet connection. They probably aren't behind CG-NAT, and most of them have Dynamic DNS support even if they don't have a static IP.
Exactly - I have a drawer full of consumer electronics which could be hacked to better run a web server than my iPhone.
I disagree with this, but it is possible with one of those Linux shell emulators for Android, I forget if I tried it on iOS, but I've managed to do it both via Python and Golang.
Without root access you're not going to be able to use port 80 or port 443 on Android.

I don't think iOS has the same restriction, but I can't find any documentation about it so I'm not sure.

Not sure what port I used and I wasnt trying to use my mobile IP either, probably just used 8080.
Why would you need root access for the most common posts on the internet?
Not to access them on other systems, but to listen on them.
That doesn't change my question.
What's stopping anyone today with Android from installing Termux, proot, a distro of their choice, and then hosting a webserver?
Port 80 / 443 privileges at the device's networking level, mostly. If you don't need those there are indeed plenty of options (e.g. hosting onion sites works fine).
hosting a website properly just isn't that difficult or expensive.

if somebody wants to have a website, they can. there's plenty of free options that don't involve a device that has intermittent connectivity, runs off a battery, and that you probably don't want to enable remote access to for security reasons.

the reason people don't set up personal websites is that they don't want to. not becauase they can't host it. facebook does a better job of serving the "personal website" niche than personal websites do. the dream of every person having their own website is a thing that tech nerds want from others, not a thing that most people want for themselves

> there's plenty of free options that don't involve a device that has intermittent connectivity, runs off a battery,

I have a great reason to host a website on my phone. I want to. It's my phone. I'm paying for the service. You can do what you want with your phone, but please, don't tell me what I can and can't do with my property.

(comment deleted)
I actually agree with the logic. Not necessarily on a phone you take out but an average Android phone running Linux should be able to do this.

You can have a very usable web server and have custody over your own data/website.

Couple it with a Wireguard VPN to an IPv6 tunnel broker and you're golden.

I really like this in a cyberpunk-kind-of-way, but think it's impractical from a data usage perspective + the fact that your ip should change frequently on any mobile device.

In the abstract, I feel like editing a file on your phone vs. editing a file somewhere "in the cloud" isn't so different if the interface makes it indistinguishable, so I don't know if you get any real benefit to toting around your webserver...

but I like the notion of a homegrown, self-managed webserver that you keep in your pocket.

And everybody should be able to eat a diet of mostly candy, smoke two packs of cigarettes a day, and stand outside in the sun as long as they want. But it's not a good idea, for reasons.
You really don't want your phone's radio activating to serve random http requests, most of which are probably going to be bots, and people loading websites really don't want to wait for the latency that would be involved with your phone serving web requests.
Don't use the feature then, no? Just like ppl that want pristine google play experience will not use sideloading
This makes no sense.

> The reason I think this is needed is because a large percent of Internet users cannot afford hosting personal websites. The privilege of self hosting that early Internet users enjoyed was never given to the new Internet users.

If you actually have the technical chops to self-host a personal website in your house, why on earth would you want to do it on a phone? A Pi, Nano, Jetson, NUC, any kind of small form-factor mini PC is a far cheaper and better option if the limiter is seriously that you can't afford a hosting service. A web server does not need a camera, a touchscreen, a gyroscope, a GPS chip, a radio transceiver, an accelerometer, a fingerprint reader, or any of the many other hardware features that cause a phone to cost so much.

You may as well ask why your thermostat, printer, microwave, smart lightbulb, or television can't run a web server. There is nothing technologically stopping them. If they can run a stored program and connect to a network, they can bind to a port and listen for incoming requests. But running a website on them just isn't the purpose for their existence. General purpose computing devices exist and are cheap. If you want one, get one. There is no reason every single device that can do any form of computing needs to be a fully general-purpose computing device.