Linked by Thom Holwerda on Sat 27th May 2017 09:33 UTC
Linux

It is 2017. Pick an average PC from 2007 and install a minimal GNU/Linux based operating system. You will be able to do basic computing tasks (eg. surfing the web, reading E-Mails, listening to music, chatting) just like on an expensive modern PC. You will even get security updates, so your old computer is protected, just like as a new one.

postmarketOS (I love the name) aims to do the same for smartphones. A small Linux distribution with a phone interface, designed to be easy to update and maintain to solve the problems Android poses in this area. The project is in its infancy, so it needs a lot of help to further realise its vision.

This is a great idea, and it could breathe life into devices not even LineageOS can keep alive.

Order by: Score:
Comment by The123king
by The123king on Sat 27th May 2017 10:48 UTC
The123king
Member since:
2009-05-28

I can see how this could be useful for the developing world, but why not just use an older version of Android. Say, the one it shipped with.

You could even grab the sources to Android 2.x and branch it. Get all the advantages of Android, with its' plethora of apps, but also get the advantages of modern security fixes.

Old software isn't bead because it's old, it's bad because it's insecure. Fix all the security holes, and you'll have a usable OS for these old phones

EDIT: maybe i shoiuld RTFA

Edited 2017-05-27 10:50 UTC

Reply Score: 3

RE: Comment by The123king
by yoshi314@gmail.com on Sun 28th May 2017 08:14 UTC in reply to "Comment by The123king"
yoshi314@gmail.com Member since:
2009-12-14

you would have to somehow dig out older app versions for that android release - and those might be insecure by today's standards.

i have an android 2.x phone and i like it very much,but there are apps i have installed on it that i would have difficulty finding again for this os release. and plenty of them were closed source, so how would you expect to patch them ?

if that os would come with a dedicated sofrware repository, that would be wonderful. otherwise, i doubt it would work as well as people would expect. maybe something like f-droid for older android release?

Edited 2017-05-28 08:15 UTC

Reply Score: 1

RE: Comment by The123king
by ilovebeer on Sun 28th May 2017 14:43 UTC in reply to "Comment by The123king"
ilovebeer Member since:
2011-08-08

Old software isn't bead because it's old, it's bad because it's insecure.

Old software isn't insecure simply because it's old, and new software isn't secure simply because it's new. There's no guarantee the software you use today is any more secure than the software you were using 5 years ago.

I don't buy/lease/upgrade my phone every 1-2 years like a lot of people. I tend to `drive my phones til the wheels fall off` so I tend to use my phones well past their `expiration date`. Number of times any of my phones have been hacked - ZERO.

Reply Score: 2

RE[2]: Comment by The123king
by Alfman on Sun 28th May 2017 15:47 UTC in reply to "RE: Comment by The123king"
Alfman Member since:
2011-01-28

ilovebeer,

Old software isn't insecure simply because it's old, and new software isn't secure simply because it's new. There's no guarantee the software you use today is any more secure than the software you were using 5 years ago.

I don't buy/lease/upgrade my phone every 1-2 years like a lot of people. I tend to `drive my phones til the wheels fall off` so I tend to use my phones well past their `expiration date`. Number of times any of my phones have been hacked - ZERO.


There isn't an easy way to know when one's phone has been hacked though. Malware could be spying on the owners without them knowing. They could even be in a botnet sending spam or whatever.

At least on a PC, there are a lot of tools for both owners and professionals to detect and fix compromised machines, but on a phone that locks owners out by design, malware exploiting a 400-day vulnerability (because of the lack of updates) will actually have greater access to the than we do. This is quite a big problem, IMHO.

Reply Score: 3

RE[3]: Comment by The123king
by ilovebeer on Sun 28th May 2017 17:02 UTC in reply to "RE[2]: Comment by The123king"
ilovebeer Member since:
2011-08-08

All of that is true but people aren't left completely empty-handed. People themselves are their first line of defense. A persons level of risk is directly impacted by their own behavior. Most exploits require the user do something to facilitate the effort. Additionally, phone traffic can be monitored while on wifi.

I didn't mean to downplay the importance of security or diminish the threat of exploits, I just wanted to point out that security is by no means a guarantee just because you buy a new phone every 12 months, and an `old` phone may not be up-to-date security-wise but not exactly naked to being hacked either. Security is important no question, as is a companies bottom line. If magnifying peoples fears helps sell more phones, that's exactly what you can expect to see.

Reply Score: 2

RE[4]: Comment by The123king
by Alfman on Sun 28th May 2017 22:37 UTC in reply to "RE[3]: Comment by The123king"
Alfman Member since:
2011-01-28

ilovebeer,

All of that is true but people aren't left completely empty-handed. People themselves are their first line of defense. A persons level of risk is directly impacted by their own behavior. Most exploits require the user do something to facilitate the effort. Additionally, phone traffic can be monitored while on wifi.


Sure, I can see why you mention the trojans, it doesn't matter much if the device is old or new, a user may be to blame if they installed the malware themselves.

However most of us are referring to the OS based attack vectors that do become increasingly problematic when manufacturers don't provide updates. It's not the user's fault these attack vectors exist and it's not the user's fault that the phones can't be updated. For technical users like most of us, this is the greater risk.

Reply Score: 2

RE[2]: Comment by The123king
by javispedro on Sun 28th May 2017 20:18 UTC in reply to "RE: Comment by The123king"
javispedro Member since:
2014-06-04


Old software isn't insecure simply because it's old, and new software isn't secure simply because it's new. There's no guarantee the software you use today is any more secure than the software you were using 5 years ago.

That's correct. However, that's no guarantee that the software you used 5 years ago is any more secure than the software you use today... and the software from 5 years ago has a 5 years long list of known exploits ready for everyone to use.


I don't buy/lease/upgrade my phone every 1-2 years like a lot of people. I tend to `drive my phones til the wheels fall off` so I tend to use my phones well past their `expiration date`. Number of times any of my phones have been hacked - ZERO.


"I have running Windows 95 and Internet Explorer 2 -- number of times I have been hacked -- ZERO!"

Reply Score: 1

RE[3]: Comment by The123king
by ilovebeer on Sun 28th May 2017 20:37 UTC in reply to "RE[2]: Comment by The123king"
ilovebeer Member since:
2011-08-08

"I have running Windows 95 and Internet Explorer 2 -- number of times I have been hacked -- ZERO!"


That's actually a big part of the point.. People themselves are a primary security risk. How many exploits work without the user doing something stupid or unknowing first? Simply improving user behavior greatly reduces risk. There are plenty of people who had zero problems with Windows 95 so you have to ask yourself what makes them so `special`? You can't exploit holes that don't exist, but you also can't exploit holes that require reckless user behavior where the user isn't reckless.

Reply Score: 2

RE[3]: Comment by The123king
by Delgarde on Sun 28th May 2017 22:00 UTC in reply to "RE[2]: Comment by The123king"
Delgarde Member since:
2008-08-19

That's correct. However, that's no guarantee that the software you used 5 years ago is any more secure than the software you use today... and the software from 5 years ago has a 5 years long list of known exploits ready for everyone to use.


Yep, that's what it's all about. Yes, new software likely has as many exploits as old. But the exploits in the old software are much better known to attackers...

Reply Score: 2

pointless
by unclefester on Sat 27th May 2017 11:02 UTC
unclefester
Member since:
2007-01-13

I can buy a prepaid smartphone for AUD29 (USD20) from my local supermarket that would have been a flagship in 2012.

My point is that even the poorest people will soon be able to afford a capable modern phone (or at least a recent model).

Reply Score: 4

RE: pointless
by aka_mgr on Sat 27th May 2017 21:31 UTC in reply to "pointless"
aka_mgr Member since:
2011-01-05

No. As long as the old phone works, there is no need to buy a new one, even if it is cheap or free. Think about the planet. All the resources needed to build a phone, for shipping...

Reply Score: 3

RE[2]: pointless
by unclefester on Sun 28th May 2017 01:47 UTC in reply to "RE: pointless"
unclefester Member since:
2007-01-13

Think about the planet. All the resources needed to build a phone, for shipping...


The average Westerner would probably use several smartphones worth of resources every single day.

Reply Score: 2

RE[2]: pointless
by Doc Pain on Sun 28th May 2017 08:30 UTC in reply to "RE: pointless"
Doc Pain Member since:
2006-10-08

No. As long as the old phone works, there is no need to buy a new one, even if it is cheap or free.


This problem can easily be solved in software. Just discontinue support, change the ABI and API, and essentially brick the otherwise perfectly working device. And keep in mind software doesn't cost anything because it doesn't physically exist.

Think about the planet.


Hardly anybody does, because it doesn't pay. And is the planet more important than having a shiny new smartphone? No, because you cannot send messages with the planet or impress your peers with it - but with the smartphone, you can.

;-)

Reply Score: 2

RE[3]: pointless
by Andre on Sun 28th May 2017 13:50 UTC in reply to "RE[2]: pointless"
Andre Member since:
2005-07-06

Yes, the planet got destroyed. But for a beautiful moment in time we created a lot of value for shareholders!

Reply Score: 2

RE[4]: pointless
by Doc Pain on Sun 28th May 2017 19:12 UTC in reply to "RE[3]: pointless"
Doc Pain Member since:
2006-10-08

"Yes, the planet got destroyed. But for a beautiful moment in time we created a lot of value for shareholders!
"

Let us discuss stock options now. ;-)

http://abstrusegoose.com/363

Reply Score: 2

RE[3]: pointless
by ilovebeer on Sun 28th May 2017 14:37 UTC in reply to "RE[2]: pointless"
ilovebeer Member since:
2011-08-08

"No. As long as the old phone works, there is no need to buy a new one, even if it is cheap or free.


This problem can easily be solved in software. Just discontinue support, change the ABI and API, and essentially brick the otherwise perfectly working device. And keep in mind software doesn't cost anything because it doesn't physically exist.
"

A company intentionally bricking a phone is not legal, and unless all your programmers are volunteers, software costs money to create/modify/etc.

Reply Score: 2

Comment by unclefester
by unclefester on Sat 27th May 2017 11:06 UTC
unclefester
Member since:
2007-01-13

Most current a apps won't work on old versions of Android (pre 4.0).

Reply Score: 3

Comment by kurkosdr
by kurkosdr on Sat 27th May 2017 12:40 UTC
kurkosdr
Member since:
2011-04-11

You can have any Android version you want on any Android smartphone, courtesy of XDA. Theoretically. It is if you want working drivers that things get tough.

Is it too early to appreciate the much more standardized nature of PCs, or the FOSS world is still making fairy tales about ARM beating evil Intel?

Edited 2017-05-27 12:42 UTC

Reply Score: 2

bhtooefr
Member since:
2009-02-19

I don't see this ending well for them, because they want mainline kernel, with drivers for old devices, when the chipset manufacturers have abandoned driver support and only ever released binary blobs.

I think they'll need to release new hardware specifically for the 10 year planned lifespan, if they want that to work.

Also, I don't feel like non-Apple smartphone hardware has hit the point where it's on a 10 year plateau like x86 desktop hardware has. The sheer amounts of JavaScript on the modern web utterly wreck even a three year old Snapdragon's performance. Maybe you can convince websites to serve their developing-nation sites to Westerners on 10 year old phones, or use the Lite versions of apps, though. (But, if you're making a new OS for this, you're not getting any apps, which also means you're going to struggle to get notifications, so...)

The other possibility is to use the Opera Mini approach, which runs the JavaScript server-side (although with more round-trips to get the results), and does two more things for you - it allows notifications to be delivered through the HTML5+JavaScript notification APIs without requiring background JavaScript, and it allows mining the user's data, to get a business model to fund development.

Reply Score: 4

r00kie Member since:
2009-12-10

I agree on the drivers problem, I can see the people behind this project throwing the towel because of that.

I suspect the current state of affairs with drivers is not going to change anytime soon, it's not profitable. Having the means to "refresh" a 2 year old device with modern versions of the OS does not sell.

Regarding running javascript in a server somewhere which you don't control, no, just no. Call me paranoid but letting something that can be responsible for sensitive information run outside the local device does not sound like a good idea security wise.

Reply Score: 2

6 years is probably enough...
by codifies on Sat 27th May 2017 14:12 UTC
codifies
Member since:
2014-02-14

my s2 is running the latest Android (thanks it LineageOS) thats not the problem...

thing is after 6 years, its nearly falling to bits!

Reply Score: 2

Good idea, will probably fail
by Alfman on Sat 27th May 2017 15:46 UTC
Alfman
Member since:
2011-01-28

I like the goals of the project, phones should last longer, our consumer practices are absolutely wasteful. Software should never be a reason to throw out a phone, except this doesn't align with manufacturers interests to keep the lifecycle short and sell phones more frequently. I'm doubtful that a small project can make a dent in this duopoly market. To be truly viable, I think a shift needs to come from the top (ie Google/Apple/Samsung/etc).

So long as manufacturers are not going to cooperate in making it easier to unbundle the OS from the hardware (as with PCs), then postmarketOS are going to run into the same technical problems as everyone else - proprietary drivers, lack of ABI, locked devices, the lack of device standards, etc. All of these things get in the way of reusing devices.

Reply Score: 3

Thank You For Finding This
by Pro-Competition on Sat 27th May 2017 22:54 UTC
Pro-Competition
Member since:
2007-08-20

Thanks for finding and posting this, Thom. I never would have found this on my own.

This is a very worthy goal, for environmental and other reasons, and the approach looks good. I am about to replace my Galaxy S2 "daily driver", and I will definitely give this a try. (Also mentioned in the blog post, the "Replicant" project (https://www.replicant.us/) looks interesting too.)

One possibility that I would love to see is a Genode-on-Linux experiment on a phone. (This is not an area I understand well, but some of these recent initiatives seem like they would make this easier.)

Reply Score: 2

A phone is a phone is a phone.
by yerverluvinunclebert on Sat 27th May 2017 23:18 UTC
yerverluvinunclebert
Member since:
2014-05-03

I know everyone else thinks otherwise but for me... a phone is a phone is a phone.

Edited 2017-05-27 23:19 UTC

Reply Score: 1

C64
by Earl C Pottinger on Sun 28th May 2017 18:13 UTC
Earl C Pottinger
Member since:
2008-07-12

I would like to point out that all the function talked about except the web browsing could be done by a C64 if needed. And what's more the main software was in ROM where no hacker could touch it. For that matter the Commodore Plus/4 showed that even the applications could also be ROM-able.

With such a small code base today software would 99%+ of the hack-able potions of the code to change.

What my point is, do we really need another full blown OS to do the job a small OS/Environment could do today.

It always seems to me that new phone OSes are always failing because they reach too far and try to include every feature possible instead of really trying to make a bare-bones design.

Reply Score: 1

Comment by Chupakabra
by Chupakabra on Mon 29th May 2017 07:28 UTC
Chupakabra
Member since:
2017-05-29

It is 2017. Pick an average PC from 2007 and install a minimal GNU/Linux based operating system. You will be able to do basic computing tasks (eg. surfing the web, reading E-Mails, listening to music, chatting) just like on an expensive modern PC.

Well, just barely... Knowing today's web pages, on an average PC from 2007 you will be terribly restricted while browsing the web, and the experience will be far from comparable to modern expensive PC. Experience will be completely different.

Reply Score: 1

RE: Comment by Chupakabra
by unclefester on Mon 29th May 2017 08:36 UTC in reply to "Comment by Chupakabra"
unclefester Member since:
2007-01-13


Well, just barely... Knowing today's web pages, on an average PC from 2007 you will be terribly restricted while browsing the web, and the experience will be far from comparable to modern expensive PC. Experience will be completely different.


A 2007 Core 2/Athlon64 desktop is nearly as fast as a current i3 laptop according to benchmarks.

My sister has a 2007 vintage Core 2 Duo desktop. It runs Xubuntu (and Windows 7) effortlessly.

Reply Score: 2

RE[2]: Comment by Chupakabra
by Chupakabra on Mon 29th May 2017 09:14 UTC in reply to "RE: Comment by Chupakabra"
Chupakabra Member since:
2017-05-29

A 2007 Core 2/Athlon64 desktop is nearly as fast as a current i3 laptop according to benchmarks.

According to web-browsing benchmarks?..
My sister has a 2007 vintage Core 2 Duo desktop. It runs Xubuntu (and Windows 7) effortlessly.

I am not talking about CPU-only here. Average PC at that time had around 2GB of RAM and a shitty, slow mechanical HDD. Also, how about 1080p/UHD videos on YouTube? Can she watch them with no problem without stuttering?
If you shove top of the line Core2Duo CPU, max out RAM and put in SSD, it's no longer "average PC from 2007". Just open several "modern" websites concurrently and watch your HDD growl and scream as 2GB of RAM is maxed out and intense swapping starts.
Yes, "average PC from 2007" is enough if you only browse one website at a time, but if you "let yourself go", experience is not comparable.

Reply Score: 1

RE[3]: Comment by Chupakabra
by unclefester on Mon 29th May 2017 11:36 UTC in reply to "RE[2]: Comment by Chupakabra"
unclefester Member since:
2007-01-13

"A 2007 Core 2/Athlon64 desktop is nearly as fast as a current i3 laptop according to benchmarks.

According to web-browsing benchmarks?..
My sister has a 2007 vintage Core 2 Duo desktop. It runs Xubuntu (and Windows 7) effortlessly.

I am not talking about CPU-only here. Average PC at that time had around 2GB of RAM and a shitty, slow mechanical HDD. Also, how about 1080p/UHD videos on YouTube? Can she watch them with no problem without stuttering?
If you shove top of the line Core2Duo CPU, max out RAM and put in SSD, it's no longer "average PC from 2007". Just open several "modern" websites concurrently and watch your HDD growl and scream as 2GB of RAM is maxed out and intense swapping starts.
Yes, "average PC from 2007" is enough if you only browse one website at a time, but if you "let yourself go", experience is not comparable.
"


WTF?

Xubuntu uses about 5-10% CPU and less than 1GB RAM on the 2007 PC. The HDD never thrashes and 1080p plays fine.

You sound like one of those people who run a dozen applications simultaneoualy and have 50 webpages loaded in the background.

Reply Score: 2

RE[4]: Comment by Chupakabra
by Chupakabra on Mon 29th May 2017 11:46 UTC in reply to "RE[3]: Comment by Chupakabra"
Chupakabra Member since:
2017-05-29

You sound like one of those people who run a dozen applications simultaneoualy and have 50 webpages loaded in the background.

Dozen applications and 20+ webpages in the background is a very normal workload for a light productive work. This does not even count as heavy multitasking. Heavy multitasking during intense work day could be double of these numbers.

Anyways, all we are talking about is light web browsing, and it's obvious your sister is visiting very different sites than I have the misfortune to encounter these days.
Glad to hear about 1080p playing with no problems, though. Maybe YT falls back to less CPU-intensive codec in your case.

Reply Score: 1

RE[5]: Comment by Chupakabra
by Chupakabra on Mon 29th May 2017 12:08 UTC in reply to "RE[4]: Comment by Chupakabra"
Chupakabra Member since:
2017-05-29

For example, AdBlock browser extension alone consumes ~0.5GB of RAM after short browsing session. GMail and Facebook consumes ~150MB each. That's already nearing 1GB of RAM with only 2 heavy websites open! You do the math now with your 2GB of RAM, given only ~1,5GB would be available to user in the very best case (given OS uses 0,5GB).

Reply Score: 1