It is 2017. Pick an average PC from 2007 and install a minimal GNU/Linux based operating system. You will be able to do basic computing tasks (eg. surfing the web, reading E-Mails, listening to music, chatting) just like on an expensive modern PC. You will even get security updates, so your old computer is protected, just like as a new one.
postmarketOS (I love the name) aims to do the same for smartphones. A small Linux distribution with a phone interface, designed to be easy to update and maintain to solve the problems Android poses in this area. The project is in its infancy, so it needs a lot of help to further realise its vision.
This is a great idea, and it could breathe life into devices not even LineageOS can keep alive.
I can see how this could be useful for the developing world, but why not just use an older version of Android. Say, the one it shipped with.
You could even grab the sources to Android 2.x and branch it. Get all the advantages of Android, with its’ plethora of apps, but also get the advantages of modern security fixes.
Old software isn’t bead because it’s old, it’s bad because it’s insecure. Fix all the security holes, and you’ll have a usable OS for these old phones
EDIT: maybe i shoiuld RTFA
Edited 2017-05-27 10:50 UTC
you would have to somehow dig out older app versions for that android release – and those might be insecure by today’s standards.
i have an android 2.x phone and i like it very much,but there are apps i have installed on it that i would have difficulty finding again for this os release. and plenty of them were closed source, so how would you expect to patch them ?
if that os would come with a dedicated sofrware repository, that would be wonderful. otherwise, i doubt it would work as well as people would expect. maybe something like f-droid for older android release?
Edited 2017-05-28 08:15 UTC
Old software isn’t insecure simply because it’s old, and new software isn’t secure simply because it’s new. There’s no guarantee the software you use today is any more secure than the software you were using 5 years ago.
I don’t buy/lease/upgrade my phone every 1-2 years like a lot of people. I tend to `drive my phones til the wheels fall off` so I tend to use my phones well past their `expiration date`. Number of times any of my phones have been hacked – ZERO.
ilovebeer,
There isn’t an easy way to know when one’s phone has been hacked though. Malware could be spying on the owners without them knowing. They could even be in a botnet sending spam or whatever.
At least on a PC, there are a lot of tools for both owners and professionals to detect and fix compromised machines, but on a phone that locks owners out by design, malware exploiting a 400-day vulnerability (because of the lack of updates) will actually have greater access to the than we do. This is quite a big problem, IMHO.
All of that is true but people aren’t left completely empty-handed. People themselves are their first line of defense. A persons level of risk is directly impacted by their own behavior. Most exploits require the user do something to facilitate the effort. Additionally, phone traffic can be monitored while on wifi.
I didn’t mean to downplay the importance of security or diminish the threat of exploits, I just wanted to point out that security is by no means a guarantee just because you buy a new phone every 12 months, and an `old` phone may not be up-to-date security-wise but not exactly naked to being hacked either. Security is important no question, as is a companies bottom line. If magnifying peoples fears helps sell more phones, that’s exactly what you can expect to see.
ilovebeer,
Sure, I can see why you mention the trojans, it doesn’t matter much if the device is old or new, a user may be to blame if they installed the malware themselves.
However most of us are referring to the OS based attack vectors that do become increasingly problematic when manufacturers don’t provide updates. It’s not the user’s fault these attack vectors exist and it’s not the user’s fault that the phones can’t be updated. For technical users like most of us, this is the greater risk.
“I have running Windows 95 and Internet Explorer 2 — number of times I have been hacked — ZERO!”
That’s actually a big part of the point.. People themselves are a primary security risk. How many exploits work without the user doing something stupid or unknowing first? Simply improving user behavior greatly reduces risk. There are plenty of people who had zero problems with Windows 95 so you have to ask yourself what makes them so `special`? You can’t exploit holes that don’t exist, but you also can’t exploit holes that require reckless user behavior where the user isn’t reckless.
Yep, that’s what it’s all about. Yes, new software likely has as many exploits as old. But the exploits in the old software are much better known to attackers…
I can buy a prepaid smartphone for AUD29 (USD20) from my local supermarket that would have been a flagship in 2012.
My point is that even the poorest people will soon be able to afford a capable modern phone (or at least a recent model).
No. As long as the old phone works, there is no need to buy a new one, even if it is cheap or free. Think about the planet. All the resources needed to build a phone, for shipping…
The average Westerner would probably use several smartphones worth of resources every single day.
Hardly anybody does, because it doesn’t pay. And is the planet more important than having a shiny new smartphone? No, because you cannot send messages with the planet or impress your peers with it – but with the smartphone, you can.
😉
Let us discuss stock options now. 😉
http://abstrusegoose.com/363
A company intentionally bricking a phone is not legal, and unless all your programmers are volunteers, software costs money to create/modify/etc.
Most current a apps won’t work on old versions of Android (pre 4.0).
You can have any Android version you want on any Android smartphone, courtesy of XDA. Theoretically. It is if you want working drivers that things get tough.
Is it too early to appreciate the much more standardized nature of PCs, or the FOSS world is still making fairy tales about ARM beating evil Intel?
Edited 2017-05-27 12:42 UTC
I don’t see this ending well for them, because they want mainline kernel, with drivers for old devices, when the chipset manufacturers have abandoned driver support and only ever released binary blobs.
I think they’ll need to release new hardware specifically for the 10 year planned lifespan, if they want that to work.
Also, I don’t feel like non-Apple smartphone hardware has hit the point where it’s on a 10 year plateau like x86 desktop hardware has. The sheer amounts of JavaScript on the modern web utterly wreck even a three year old Snapdragon’s performance. Maybe you can convince websites to serve their developing-nation sites to Westerners on 10 year old phones, or use the Lite versions of apps, though. (But, if you’re making a new OS for this, you’re not getting any apps, which also means you’re going to struggle to get notifications, so…)
The other possibility is to use the Opera Mini approach, which runs the JavaScript server-side (although with more round-trips to get the results), and does two more things for you – it allows notifications to be delivered through the HTML5+JavaScript notification APIs without requiring background JavaScript, and it allows mining the user’s data, to get a business model to fund development.
I agree on the drivers problem, I can see the people behind this project throwing the towel because of that.
I suspect the current state of affairs with drivers is not going to change anytime soon, it’s not profitable. Having the means to “refresh” a 2 year old device with modern versions of the OS does not sell.
Regarding running javascript in a server somewhere which you don’t control, no, just no. Call me paranoid but letting something that can be responsible for sensitive information run outside the local device does not sound like a good idea security wise.
my s2 is running the latest Android (thanks it LineageOS) thats not the problem…
thing is after 6 years, its nearly falling to bits!
I like the goals of the project, phones should last longer, our consumer practices are absolutely wasteful. Software should never be a reason to throw out a phone, except this doesn’t align with manufacturers interests to keep the lifecycle short and sell phones more frequently. I’m doubtful that a small project can make a dent in this duopoly market. To be truly viable, I think a shift needs to come from the top (ie Google/Apple/Samsung/etc).
So long as manufacturers are not going to cooperate in making it easier to unbundle the OS from the hardware (as with PCs), then postmarketOS are going to run into the same technical problems as everyone else – proprietary drivers, lack of ABI, locked devices, the lack of device standards, etc. All of these things get in the way of reusing devices.
Thanks for finding and posting this, Thom. I never would have found this on my own.
This is a very worthy goal, for environmental and other reasons, and the approach looks good. I am about to replace my Galaxy S2 “daily driver”, and I will definitely give this a try. (Also mentioned in the blog post, the “Replicant” project (https://www.replicant.us/) looks interesting too.)
One possibility that I would love to see is a Genode-on-Linux experiment on a phone. (This is not an area I understand well, but some of these recent initiatives seem like they would make this easier.)
I know everyone else thinks otherwise but for me… a phone is a phone is a phone.
Edited 2017-05-27 23:19 UTC
I would like to point out that all the function talked about except the web browsing could be done by a C64 if needed. And what’s more the main software was in ROM where no hacker could touch it. For that matter the Commodore Plus/4 showed that even the applications could also be ROM-able.
With such a small code base today software would 99%+ of the hack-able potions of the code to change.
What my point is, do we really need another full blown OS to do the job a small OS/Environment could do today.
It always seems to me that new phone OSes are always failing because they reach too far and try to include every feature possible instead of really trying to make a bare-bones design.
Well, just barely… Knowing today’s web pages, on an average PC from 2007 you will be terribly restricted while browsing the web, and the experience will be far from comparable to modern expensive PC. Experience will be completely different.
A 2007 Core 2/Athlon64 desktop is nearly as fast as a current i3 laptop according to benchmarks.
My sister has a 2007 vintage Core 2 Duo desktop. It runs Xubuntu (and Windows 7) effortlessly.
I am not talking about CPU-only here. Average PC at that time had around 2GB of RAM and a shitty, slow mechanical HDD. Also, how about 1080p/UHD videos on YouTube? Can she watch them with no problem without stuttering?
If you shove top of the line Core2Duo CPU, max out RAM and put in SSD, it’s no longer “average PC from 2007”. Just open several “modern” websites concurrently and watch your HDD growl and scream as 2GB of RAM is maxed out and intense swapping starts.
Yes, “average PC from 2007” is enough if you only browse one website at a time, but if you “let yourself go”, experience is not comparable.
WTF?
Xubuntu uses about 5-10% CPU and less than 1GB RAM on the 2007 PC. The HDD never thrashes and 1080p plays fine.
You sound like one of those people who run a dozen applications simultaneoualy and have 50 webpages loaded in the background.
Dozen applications and 20+ webpages in the background is a very normal workload for a light productive work. This does not even count as heavy multitasking. Heavy multitasking during intense work day could be double of these numbers.
Anyways, all we are talking about is light web browsing, and it’s obvious your sister is visiting very different sites than I have the misfortune to encounter these days.
Glad to hear about 1080p playing with no problems, though. Maybe YT falls back to less CPU-intensive codec in your case.
For example, AdBlock browser extension alone consumes ~0.5GB of RAM after short browsing session. GMail and Facebook consumes ~150MB each. That’s already nearing 1GB of RAM with only 2 heavy websites open! You do the math now with your 2GB of RAM, given only ~1,5GB would be available to user in the very best case (given OS uses 0,5GB).