[HN Gopher] Termux no longer updated on Google Play
___________________________________________________________________
Termux no longer updated on Google Play
Author : martinlaz
Score : 296 points
Date : 2021-01-05 12:50 UTC (10 hours ago)
(HTM) web link (wiki.termux.com)
(TXT) w3m dump (wiki.termux.com)
| londons_explore wrote:
| TL;DR: Android is trying to enforce all data being either
| writable, or executable, never both. iOS already does this. There
| are big security benefits (it becomes much harder to exploit an
| app).
|
| A disadvantage is it becomes much harder to make things like
| terminal emulators and things that _want_ to download random code
| and run it.
|
| But those are by far the minority of apps, and it seems crazy to
| make a pretty massive security tradeoff for something that 99% of
| apps don't need to do.
|
| One solution might be a special permission to be allowed to do
| that, but it seems unlikely a user could really make an informed
| decision.
|
| Another solution could be to interpret rather than execute the
| code - you lose a lot of performance, but for people running bash
| scripts, that might not matter. Using WebAssembly might be a good
| middle ground.
| ddevault wrote:
| This reminds me of the Harvard architecture:
|
| https://en.wikipedia.org/wiki/Harvard_architecture
|
| Perhaps most familiar to the typical HN reader via Arduinos,
| and contrasted with von Neumann:
|
| https://en.wikipedia.org/wiki/Von_Neumann_architecture
|
| And anyone who has tried to make any kind of interesting
| general-purpose system on a Harvard design will tell you that
| it's not really practical.
| jimktrains2 wrote:
| Arduinos and the like can jump to ram and execute code from
| it. They simply also have a read-only portion of memory where
| the code is stored. You can also treat the ROM as memory and
| use it to store tables, saving you from having to use RAM for
| them.
| angry_octet wrote:
| Except for the many CPUs with separate instruction and data
| caches, i.e. Harvard architecture L1, von Neumann main
| memory.
|
| https://community.arm.com/developer/ip-
| products/processors/b...
| jimktrains2 wrote:
| That's not really the same thing though. Those are just
| different caches of RAM. There's nothing really special
| about them.
| angry_octet wrote:
| It's exactly Harvard. Instructions can only be loaded
| from the I cache, and data operands from the D cache. If
| you JIT something you have to flush the relevant D cache
| entries and invalidate the relevant I cache and then it
| will get reloaded.
| forgotmypw17 wrote:
| >But those are by far the minority of apps, and it seems crazy
| to make a pretty massive security tradeoff for something that
| 99% of apps don't need to do.
|
| It also completely eliminates general purpose computing.
|
| >One solution might be a special permission to be allowed to do
| that, but it seems unlikely a user could really make an
| informed decision.
|
| I think the way "Developer Mode" on Android is implemented is
| pretty good.
| user-the-name wrote:
| General purpose computing is not secure, and can most likely
| never be made secure.
| danShumway wrote:
| Why did we move away from flip phones?
|
| Like seriously, what are people even arguing here? General
| purpose computing was a mistake? Is that seriously an
| argument that anyone is making in good faith as they type
| into their web browser on an Internet forum?
|
| Just wait until you find out that _app stores_ are always
| going to have fundamentally imperfect moderation. Forget
| running unsigned /unapproved code, we should get rid of
| 3rd-party code entirely.
|
| General purpose _everything_ is insecure. Self-published
| books spread lies, open markets have bad products,
| computers get infected, and people burn and poison
| themselves cooking their own food in stoves. If your goal
| is 100% security, then you will very likely never build any
| platform or product that 's worth using.
|
| We have other ways to improve security beyond turning
| smartphones back into flip phones.
| pksebben wrote:
| so much this. I don't want to be forced into sacrificing
| what's possible to keep myself safe, thank you very much.
| I'm more than capable of performing my own risk
| assessments, and the further we go down the "secure the
| hell out of everything" road the closer we get to
| industrial capture of essential tech.
|
| I think it was a piece by stallman I read recently, about
| the concept of hardware signature-key application
| whitelisting. kept me up for a week.
| themacguffinman wrote:
| Lay off implications about bad faith, please.
|
| The argument is not that general purpose computing was a
| mistake, but that general purpose computing is not
| necessary and is to some extent counterproductive for the
| majority of consumers. Consumers moved away from flip
| phones because they wanted more capable phones, that
| doesn't mean they largely want capability to the extent
| of general purpose computing.
|
| Consumers will be the judge of whether a platform or
| product is worth using. Given the unparalleled success of
| iOS and Apple's locked down ecosystem, it's pretty clear
| that many find this level of security is very much worth
| using regardless of imperfect moderation.
| danShumway wrote:
| > Lay off implications about bad faith
|
| You're right, I crossed a line there.
|
| From a market perspective, the problem is that in the
| short term it might be feasible to build a closed,
| tightly controlled market that rivals open alternatives,
| but in the long term general purpose computing acts as a
| safeguard against market capture and anti-consumer
| behavior -- and to a certain extent, consumers and
| markets in general are very bad at optimizing for long-
| term consequences.
|
| The movement of both iOS and Android in this direction
| would not be as concerning if they didn't hold a duopoly
| over the entire smartphone market. Apple in particular
| has faced significant antitrust criticism in this area.
|
| Open markets that empower consumers (and I mean that
| generally -- not just general computing but also home
| cooking, self-publishing, self-repair and hardware DIY)
| are the reason why closed-down markets don't degrade and
| become awful over time. Almost every capability on the
| modern locked-down iPhone started out as a 3rd-party
| proof of concept that Apple was later forced to offer in-
| house alternatives to in order to remain competitive.
|
| It benefits even normal users who don't care about
| general-purpose computing that there be at least one
| mainstream option on the market where users can fix their
| own problems without asking a company for permission. And
| I don't think it's an accident that as Android and iOS
| have both moved away from that role, that we are now
| seeing increased calls for antitrust, increased
| criticisms from developers, and general outright
| rejection from these companies of new innovations like
| game streaming.
|
| > Given the unparalleled success of iOS and Apple's
| locked down ecosystem, it's pretty clear that many find
| this level of security is very much worth using
| regardless of imperfect moderation
|
| I do think it's slightly problematic to assume that users
| are conscious enough of security to make an educated
| decision to opt into a locked-down platform, but are not
| educated enough to avoid flipping a switch in the
| settings that turns that environment off and on. I don't
| think that users temporarily become security conscious
| only when they're in the act of purchasing a phone.
|
| The more likely reality is that most users don't think
| about security or 'openness' at all beyond
| reputation/advertising, and the vast majority of iPhone
| users have probably never thought about the tradeoff
| between open access and security at any point during any
| of their purchase decisions for any computing device.
| bitwize wrote:
| "General purpose computing" is not something most users need
| or want. Whitelisting is an easy, effective way to improve
| your security posture w.r.t. a given device. Therefore,
| expect whitelisting platforms to dominate in thr coming
| decades.
| UncleMeat wrote:
| > It also completely eliminates general purpose computing.
|
| The number of people who want general purpose computing on
| phones is vanishingly small. And since malware is often
| indistinguishable from general purpose computing, it can be a
| reasonable product choice.
| Arnt wrote:
| Letting people eliminate general purpose computing is the
| point.
|
| That program permits you to say "as of this moment, all the
| apps that comprise this device's purpose have been installed,
| and computing should cease being general, and should instead
| be limited to only those apps (including upgrades)". This
| isn't something I'd do for my development device, but I can
| see how it's a desirable policy for some people.
| shawnz wrote:
| While I agree the current situation does hinder some general
| purpose computing use cases on Android, it is still possible
| to run any code you want. If they can develop easier methods
| for developers to design around the restrictions then that
| might be a fine solution.
|
| > I think the way "Developer Mode" on Android is implemented
| is pretty good.
|
| Assuming you meant Chrome OS here, I disagree. Developer mode
| sucks because it forces you to forego almost all system
| security and it makes it trivial to compromise your data.
| There needs to be a middle ground, not just dev mode.
|
| In my opinion there's a similar situation happening with SIP
| on Mac OS -- it's too drastic to disable, but there's in many
| cases not enough control to leave it enabled.
|
| Nobody should _need_ to enable dev mode or disable SIP just
| to run their favorite apps.
| forgotmypw17 wrote:
| No, I was talking about Android, not Chrome OS.
|
| And I was talking about the obscurity level of accessing
| the developer mode, because you said was hard to achieve a
| good balance between "too difficult" and "too easy to be
| tricked into".
| saagarjha wrote:
| W^X is not a security protection on iOS, it serves to enforce
| the integrity of App Review. Apple claiming that it is the only
| entity that can write a JIT securely both provably incorrect
| and belies a lack of confidence in the platform sandbox.
| vorpalhex wrote:
| > But those are by far the minority of apps, and it seems crazy
| to make a pretty massive security tradeoff for something that
| 99% of apps don't need to do.
|
| Yet oddly, I as the user who paid $550 for my device would like
| to do that. I understand wanting to put a warning on it, but
| otherwise my device can kindly screw off and do what I've told
| it to do, or it will be taking a one way ride out the nearest
| window.
|
| The device serves me, not the other way around.
| Daho0n wrote:
| >The device serves me, not the other way around.
|
| While I agree with you this is not the world we live in. We
| live in a world with Apple and iOS.
| londons_explore wrote:
| My personal security metric is "how many bitcoins would I
| leave in a wallet app on this phone".
|
| Currently that number is about 1 ($30k) on an up to date
| android. I believe that if I had more bitcoins on a phone,
| and told people about it, there's a good chance a targeted
| exploit would steal those keys. Even if I had them encrypted,
| at some point I have to type a password in to decrypt, and
| that would be the point they'd be stolen.
|
| However, on an iOS device (which is more robustly locked
| down), I'd probably happily store 10 bitcoins. (if I had
| them, hah!)
|
| On dedicated hardware (like a trezor wallet), i'd also be
| confident up to about 10 bitcoins (far less attack surface,
| but also a less competent security team than Apple can
| afford).
|
| On an outdated android, it would be more like 0.1 bitcoins -
| there are trivial ways to root them from the web browser and
| any old website can do it!
|
| Considering that for many people, access to all the private
| data on their phone could ruin their job, relationships, and
| even put them in prison, I'm sure a lot of people value the
| security of their phone at multiple years salary. If I have
| to choose between that and the ability to run an emulated
| game slightly faster, I'm totally choosing security!
| ufmace wrote:
| Yup this. I bought my device to do useful things on and
| store a bunch of personal private information. I'm a lot
| more concerned about keeping it working at 100% reliability
| and keeping all of that data as secure as I can than
| whether I can run some weird random hack on it for kicks.
| Daho0n wrote:
| There are more exploits on sale for iOS than Android. So if
| you had 10 bitcoins you invested them poorly and put them
| in the wrong phone.
| shawnz wrote:
| What is so wrong with Android that you trust it 10x less
| than iOS? What attacks are possible on Android that aren't
| possible on iOS?
|
| There are also trivial ways to root ancient iOS versions
| with a web browser, too. In fact, I think that technique
| was more common among iOS devices than it ever was among
| Android...
| londons_explore wrote:
| A bunch of things that add up...:
|
| * Lack of things like w^x enforced across the OS. (the
| root of this post).
|
| * The quality of SoC and OEM provided drivers being very
| very poor - there are lots of kernel exploits to be
| found.
|
| * Very slow/no updates. Time from an exploit being
| reported to Google to it being patched by a typical user
| is usually 6 months or more. That means for any random
| device you find on the street, there is probably a viable
| exploit buyable on the black market.
|
| * Less strict review process on apps - means there is
| more dodgy code with access to /dev/exploitabledevice...
| joshuamorton wrote:
| It seems like most (all?) of these don't apply to a
| recent Pixel device. I'd be curious what your bitcoin
| count would be for a pixel 4 or 5.
| shawnz wrote:
| Some good points, although...
|
| > Lack of things like w^x enforced across the OS. (the
| root of this post).
|
| Are you sure iOS does this for the filesystem at all? I
| can't find any documentation besides some comments that
| they don't allow apps which exec other binaries in the
| app store.
|
| > The quality of SoC and OEM provided drivers being very
| very poor - there are lots of kernel exploits to be
| found.
|
| And how do we know about the quality of the proprietary
| code in iOS? There have been plenty of exploits found
| there too.
|
| > Very slow/no updates. Time from an exploit being
| reported to Google to it being patched by a typical user
| is usually 6 months or more.
|
| Where did you get this 6 month figure? Was that before or
| after the introduction of Project Treble, Project
| Mainline, the new security update system, etc?
|
| > Less strict review process on apps - means there is
| more dodgy code with access to /dev/exploitabledevice...
|
| Can't argue with you there. However I will say that even
| the weak points here aren't any worse than the state of
| the art for desktop PCs
| saagarjha wrote:
| iOS apps on the App Store effectively cannot create W^X
| mappings.
| shawnz wrote:
| Sure, but the other poster seemed to be talking about
| software policy-based security measures with that point
| (like what Android is adding) and not just app store
| review restrictions.
| user-the-name wrote:
| iOS enforces this in the memory manager.
| shawnz wrote:
| This change is regarding the filesystem though, not
| memory
| saagarjha wrote:
| The question doesn't particularly make sense because iOS
| apps can't exec.
| zinekeller wrote:
| > Where did you get this 6 month figure? Was that before
| or after the introduction of Project Treble, Project
| Mainline, the new security update system, etc?
|
| Note: definitely not about Pixel outside of US (or even
| in the US if the phone was direct from Google).
|
| You underestimate the time that it takes to approve
| updates, even taking into account what Google have done
| to speed up the update process.
|
| _The SoC and the Kernel_
|
| From the start, you need to have good driver/HAL for the
| specific SoC of the device. Qualcomm is very spotty on
| these: historically, the 8-series revives updates for up
| to two years (which is an improvement already considering
| that some older chipsets only has around 1.5 years of
| updates). This would be a minimal problem if it is
| Windows-style (where drivers are separate to the system)
| but Android is currently based on Linux, which integrates
| the drivers to the build. This means that major kernel
| upgrades are PITA or even impossible. Worse, Mediatek and
| other SoCs (aside Samsung, but they control it anyway)
| tends to only have a binary build of the kernel and as a
| device manufacturer you have to deal with it (that's why
| HMD cannot disable the DuraSpeed optimisation that
| Mediatek has put on it because Mediatek controls to a
| degree the whole device).
|
| _OEM-specific Customisations_
|
| It is no secret that OEMs modify Android hard, to the
| point that the modifications they have done is beyond the
| UI of the device. This means that patching of the devices
| takes time even when the OEM and the SoC manufacturer are
| responsive (as alluded to earlier, not already good).
| Worse of all, some fixes are in the mercy of SoC
| manufacturers as they affect the kernel.
|
| _OEM Priorities_
|
| If you have a flagship phone, congratulations! You
| receive patches monthly. However what if you are using a
| regular device (or even a budget device) from an OEM?
| Unless it is a device from an Android One OEM or a Pixel,
| you usually only receive updates quarterly, if at all
| (see _SoC and the Kernel_ above). Plus, good luck
| contacting your manufacturer about this problem. This
| rather obviously slows down patching.
|
| _Carrier 's Shenanigans_
|
| If you are not using a carrier-specific device,
| congratulations! The update should come to you as
| smoothly as the OEM wants to. But wheat if you bought
| your device under a carrier? Depending on your country,
| no significant difference to the non-carrier version or
| your devices' updates is being hold to by your carrier
| because they wnat to check it (apparently). Sometimes,
| your carrier is benevolent and really has a team that
| checks if the update will break something and authorise
| the OEM to release the update within a day or two.
| However, it is more likely that the carrier will slow
| down the process to the point that the non-carrier
| version is three versions ahead.
|
| _User Efforts_
|
| Well, that's the users' fault then. Not really relevant
| considering that Windows users tends to turn off updates.
|
| _What Google has done to mitigate this_
|
| Project Treble and Play Services Updates (aka Mainline)
| have reduced the time of patching of devices
| significantly and prevent a whole class of attacks
| (including the Stagefright component, which decodes media
| files and often has bugs in it due to it being mainly a
| third-party component). However, you have noticed that
| the SoC, and hence the kernel, still has teetering
| problems when it comes to updating. The good news is that
| Google has requested SoC manufacturers to "mainline"
| their drivers (aka including the SoC driver source code
| in the kernel, not to be confused with Project Mainline).
| However, that is just last month and it is still somewhat
| rejected by SoC manufacturers. Qualcomm have even
| promised to improve the updates, but we haven't heard
| anything from Mediatek et al. And that even excludes the
| pesky carriers who holds updates for no apparent reason
| at all.
| MrDresden wrote:
| Well yes, I would consider any Android device family other
| than the Pixel / Nokia line a security hazard, with or
| without any bitcoins on it.
|
| Comparing a rushed Q4 market Samsung phone to an iPhone is
| simply comparing a brick and an orange.
|
| There are many problems with Android, but that the price
| for a zero day exploit on Android has become more valuable
| than one for iOS as far as 2019 [0] should tell you
| something about how a proper Android phone would fare in
| the comparison. Please leave the brick where it belongs.
|
| [0] https://www.wired.com/story/android-zero-day-more-than-
| ios-z...
|
| p.s I would also just never leave bitcoin on my phone.
| zinekeller wrote:
| > Android device family other than the Pixel / Nokia line
| a security hazard
|
| As someone who uses a HMD (Nokia) phone, please do not
| buy the models with Mediatek SoC in it when you are
| absolutely concerned with security. Apparently Mediatek
| is the one building the kernel of the device and not even
| HMD has knowledge on what modifications have been made
| (for example is DuraSpeed, which was an aggressive
| battery saver that ruined some apps, was enabled without
| permission and even HMD cannot disable it permanently).
| Qualcomm SoC devices are okay, but expect a slight delay
| (around a week or two especially if it was a device from
| a carrier) for updates.
| mPReDiToR wrote:
| To play devil's advocate only:
|
| If Bob paid $COST for a phone and it got exploited because of
| this, Bob may throw his phone out of the nearest window.
|
| Do you think there are more Bobs than you in the world?
|
| Personally, I find this reliance on the GOOG OS awful, but
| most of it was overcome with Xposed last time I ran
| LineageOS. I tried Cydia last time I ran IOS and that was
| worse.
|
| I've thrown several phones out of the window (metaphorically)
| and am waiting on my PinePhone being delivered because I
| believe in their goals.
|
| It sucks that everything in life seems to come down to Coke
| or Pepsi choices, or Vi/Emacs.
|
| Big corps aren't the answer. They monopolise and stifle,
| giving twoshit sandwiches for consumers to take a bite of.
| vorpalhex wrote:
| > If Bob paid $COST for a phone and it got exploited
| because of this, Bob may throw his phone out of the nearest
| window.
|
| You and I both know, despite many attempts, there is no
| hardware or software out there that is unexploitable. From
| the most locked down chromebook to Apple's walled garden,
| these devices can and are exploited.
|
| The idea that if somehow we take away enough of your
| freedom we'll make the device safe is basically a bald
| faced lie. Not once in the history of computing has it
| worked out. Even my internet connected lightbulbs which
| literally have only an on and an off exposed are
| exploitable.
|
| No amount of removing user freedom will make users safer.
| This isn't a rocket surgery level conclusion, which means
| companies that continue pressing down this road probably
| have some other reason for doing so.
| jjuel wrote:
| Just because nothing is completely secure doesn't mean we
| shouldn't strive to make things as secure as possible.
| vorpalhex wrote:
| The question is the cost of making things "secure as
| possible".
|
| Should you harden memory? Setup SELinux? Yeah, do those
| things, those are good meaningful things to do.
|
| Should you prevent users from running apps? Prevent
| downloads? Restrict third party apps? What about tracking
| everything the user types in? Tracking every app the user
| opens and when they open it (eg, Apple)?
|
| What about bypassing user firewalls (Apple again)? That's
| for "security", right? Forcing your own DNS resolver
| (Google)?
|
| User hostility is never an acceptable tradeoff for
| security.
| fxj wrote:
| How is ish on iOS circumventing it?
| londons_explore wrote:
| it interprets x86, and therefore loses a lot of performance.
|
| For just running a few bash scripts, it really doesn't matter
| tho.
| yoz-y wrote:
| This, plus the App Store version does not come with apk
| package manager so in theory all executable code is there.
|
| Also they are on a kind of thin ice and already almost have
| been kicked out: https://ish.app/blog/app-store-removal
| saagarjha wrote:
| The version of iSH on the App Store has shipped with APK
| for a little while now:
| https://twitter.com/iSH_app/status/1336770264885948416
| lxgr wrote:
| By the way, UserLAnd [1] does something very similar on
| Android (and is accordingly not affected by these changes).
|
| [1] https://github.com/CypherpunkArmory/UserLAnd
| bitwize wrote:
| Funny, all the binaries in my UserLAnd are aarch64, not
| x86.
|
| I'm not sure how they do it -- faking syscalls? -- but
| recently, changes in Android filesystem access policies
| made it impossible to move files between UserLAnd and the
| outside Android environment.
| aasasd wrote:
| BTW: I just now have read an announcement that Retroarch is
| affected by the same policy, and they solve that by offering a
| limited number of Libretro 'cores' that are downloaded from
| Google's servers on request from the app:
| https://www.libretro.com/index.php/retroarch-android-new-ver...
|
| I now invoked the 'convert cores to the Play Store versions'
| functionality, and not seeing any new separate apps installed,
| nor was I asked to install anything (and Retroarch doesn't have
| permissions for that). It seems like Termux could use the same
| approach.
| iagovar wrote:
| We have to replicate somehow the PC ecosystem into mobile phones.
| I'd like PostmarketOS / Manjaro to take off, hope it becomes
| ready as everyday driver one day.
| user-the-name wrote:
| The PC ecosystem is laughably insecure.
| gnulinux wrote:
| It is also amazingly useful and easy to program.
| themacguffinman wrote:
| Which is also irrelevant for most consumers.
| iagovar wrote:
| Oh, let's have our entire experience mandated by two
| companies then.
| higerordermap wrote:
| The majority of people don't see any value in it, sadly.
|
| At least we can hope terminal + tools as separate app bundles
| approach takes off.
| forgotmypw17 wrote:
| The majority doesn't decide what is done by the minority.
| rvense wrote:
| It is increasingly impossible to live in my country without
| a number of apps that require an iOS device or an Android
| device with all the Google services enabled. There's one de
| facto monopoly payment app[0], a lot of places where you
| can't park without an app etc., but the big thing is we
| have a government mandated single sign-on solution. You can
| still get one-time-pads in the mail, but there's also an
| app, and some features of the service are now app only.
|
| The web allowed us to avoid a world where everyone had to
| own a Windows machine, but mobile phones are now making
| that a reality.
|
| [0] A privately owned replacement for cash, doesn't that
| just sound great...
| forgotmypw17 wrote:
| Thank you for sharing your experience. My country is
| doing a soft migration, with some places now refusing
| cash, but I don't care about them or can use help, and
| larger places like supermarkets having "no cash" and
| "cash only" checkout lanes, the latter being faster.
|
| Have you experimented with not using your phone for a day
| or a week and seeing how far you get looking for
| alternatives? They're usually around, just not
| immediately apparent, like the "x" button on ads.
| rvense wrote:
| My (Android) phone is de-Googled, so no apps except from
| F-Droid, and I only use the one-time pad for the national
| SSO solution. Following a recent change, not having the
| SSO apps means I have to have use an extra password + SMS
| 2FA on many sites when I want to pay by credit card (the
| alternative being the SSO app).
|
| I don't drive, so I don't know for a fact about the
| parking situation, but people tell me some places are
| app-only.
|
| On a few occasions I've had to get my wife to pay for
| something using the app I mentioned, but it is becoming
| increasingly "weird" not to have it, and I see many
| classifieds specify that they only accept payment that
| way. I was almost cash-only for day-to-day stuff until
| Covid, but that's been the nail in the coffin.
| Technically businesses can't refuse cash, but many places
| will have signs asking you to pay by card, and I'm not
| going to be an arse about it to some 17-year-old behind
| the counter like an anti-masker. Thankfully almost
| everyone accepts credit/debit cards, but the alternatives
| are cheaper for businesses so maybe in a few years that
| will also become problematic, and the app-based solutions
| will have fully overtaken government cash.
|
| I feel like there should be an addition to basic human
| rights: Participation in the economy. It should not be a
| requirement for day-to-day life that one carries some
| tracking device and accepts thousands of pages of ToS
| from a private company. I can accept giving up many
| conveniences, but I feel like I should be able to have a
| place to live and buy food without a Google account.
| Jonnax wrote:
| You can get a PinePhone And install Linux onto it:
|
| https://www.pine64.org/pinephone/
|
| I remember KDE made Plasma Mobile no idea if that works well.
|
| It's a lot of effort to become an everyday driver.
|
| But if you set your standards to about 2012. Then I'm sure you
| can enjoy it
| m4rtink wrote:
| This is thankfully work in progress at least on the PinePhone:
|
| https://wiki.pine64.org/wiki/PinePhone_Software_Releases
|
| The list contains many existing Linux desktop distros. The
| PostmarketOS edition of PinePhone even shipped with a USB-C
| docking station that you can use to easily connect a monitor,
| keyboard, mouse and even ethernet.
| fsflover wrote:
| Also on Librem 5: https://source.puri.sm/Librem5/community-
| wiki/-/wikis/operat....
| z92 wrote:
| The Google play version was crippled beyond being practical
| anyway. Can't SMS, can't GPS, no access to address book.
|
| The usable version is from F-Droid. And I had to install that one
| just to install Termux. No need to root your phone. Simply
| install F-Droid app store, and install from there.
| brlewis wrote:
| I'm very new to Termux and recently installed the Google Play
| version. If I install the F-Droid version will it have access
| to all storage, such that I could edit Dropbox files in emacs
| and have them automatically sync?
| Redploy wrote:
| Contact me if you're looking for a skilled, quick, reliable and
| confident ethical hacker or programmer. Redploy4000@gmail.com
| aasasd wrote:
| I'm vaguely titillated by the prospect of Google Play receiving
| hundreds or thousands of separate apps with Termux packages. Alas
| this feeling is chilled by the knowledge that publishing them is
| not in Google's priorities.
| aviraldg wrote:
| slightly offtopic: I am surprised by how much patience thestinger
| has on the thread replying to people who clearly have no context
| about the issue - enough to repeatedly explain the tradeoffs and
| reasons behind the decisions taken.
| angry_octet wrote:
| Absolutely heroic.
| pjmlp wrote:
| For those not following. the TL;DR; is basically termux doesn't
| want to accept that Linux on Android is only an implementation
| detail and re-implement the necessary shell like functionality
| using the Java Frameworks.
| kuschku wrote:
| The actual issue is that Android does not allow executing any
| code that wasn't downloaded through the play store. And even
| then only if they're signed by the same user.
|
| 1. You can only execute binaries together if they're signed by
| the same key. 2. Each person has to have a unique signing key.
| 3. If a user wants to execute a pre-existing software, and
| something compiled by themselves, both need to be signed by the
| same key. 4. This means you need to re-package and sign every
| single program you'd ever want to use together with your own
| code again, in new packages, and submit it all to Google Play.
|
| This means every Termux user that would want to ever run gcc
| would have to
|
| (a) submit every single hello world they write to the play
| store to try it. And every single run requires a full app
| update, and (b) additionally repackage and submit _all_ linux
| packages, signed with their own key, to the Play Store.
|
| This means to even compile and run Hello World, you need to
| submit several hundredthousand packages to the Play Store, wait
| for approval, and download them all.
|
| Yet at the same time, Google Chrome can use WebAPK and auto-
| generate APKs on the fly with custom code and install them on
| the device without going through the Play Store.
|
| The alternative of course is not being able to use a phone as
| general purpose computing device, but considering Google
| advertised Android as exactly that, that's getting close to
| fraud on Google's part, removing functionality after a sale.
| pjmlp wrote:
| Instead of trying to use POSIX on Android, use the Java based
| APIs, several shells written in Java available on the store.
|
| As well as programming environments.
|
| I use a couple of them to code on the go.
| wvenable wrote:
| I've attempted to use many different Android programming
| environments on my tablet and they're all terrible compared
| to basic Linux tools and VSCode.
|
| I even managed to get .NET core running on my tablet.
| There's a real possibility to do real work, everything
| you're suggesting is a toy at best.
| pjmlp wrote:
| Programming on the go is for toy programs anyway.
|
| For real work there are laptops and desktops.
| wvenable wrote:
| No, I've done real work on the go. The manufacturer of my
| tablet sells it as a productivity device. My tablet is
| more powerful than my laptop and I have a portable
| keyboard and mouse for it.
|
| Why have all this power if all I can do is play Candy
| Crush?
| pjmlp wrote:
| To use it as a Java based platform, not as yet another
| example of UNIX monoculture stuck in V6 CLI mindset.
|
| Also, plenty of musicians, painters, designers, writers
| do real work on Android, my previous remark about real
| work was playing devil's advocate.
| fxj wrote:
| Just curious: which shells do you mean?
| pjmlp wrote:
| On my specific case I just use language REPLs like:
|
| - ProtoShade
|
| - Pydroid
|
| If you mean a classical shell, I guess something like
| Another Term might do.
| fxj wrote:
| Correct me, but pydroid looks like it is a native python
| interpreter very much like what termux has to offer.
|
| They write in the description:
|
| - Full-featured Terminal Emulator, with a readline
| support (available in pip).
|
| - Built-in C, C++ and even Fortran compiler designed
| specially for Pydroid 3. It lets Pydroid 3 build any
| library from pip, even if it is using native code. You
| can also build & install dependencies from a command
| line.
|
| So when SElinux comes to Android this app will be broken,
| too.
| pjmlp wrote:
| SElinux is already on Android.
| kuschku wrote:
| That's also not possible anymore. The new rules explicitly
| forbid loading any Java code that wasn't previously
| verified, signed, and published through the Play Store.
|
| Those apps are affected by the same rules as Termux.
| pjmlp wrote:
| Who said anything about loading remote Java code?
|
| And yes you need to install application extensions via
| the store, so what?
| kuschku wrote:
| > And yes you need to install application extensions via
| the store, so what?
|
| Writing your own code and executing that is explicitly
| forbidden. Be it REPLs or compiler suites. That too would
| have to go through the store. Only interpreters are
| allowed.
|
| The other issue is obviously that you can't have an
| extension developed by person A for an app developed by
| person B. It's very common to see mods, plugins, addons
| whatever you may call them on many other platforms, but
| Android explicitly forbids this.
| pjmlp wrote:
| You can perfectly do plugins on Android, that is how
| printer drivers work for example.
|
| Just use Android IPC mechanisms instead of trying to copy
| UNIX patterns.
| kuschku wrote:
| I've tried, compared to distributing the plugin as
| Android NDK library and dynamically linking it into your
| process performance is just so much worse.
| pjmlp wrote:
| Depends on how it is used. Hardware buffers can be shared
| across processes.
| Liquid_Fire wrote:
| The real problem is not the shell itself, but all the other
| software that you can install using Termux.
| higerordermap wrote:
| Not exactly, it doesn't use "java frameworks". I don't exactly
| remember Implementation details (has been few years since I
| fiddled with it). It executes binaries same way as any app can
| do, there may be some JNI involved in the way you get to shell,
| but that's it.
|
| And what's wrong with it? It may be implementation detail but
| termux increases utility of the phone. It seems you always have
| an axe against UNIX / FOSS ecosystem to grind. But every system
| has its strengths and weaknesses, Unix is just too ubiquitous
| for what it is worth. Look at fuchsia, while having laudable
| goals, has already become quite complicated (in typical Google
| project manner).
| pjmlp wrote:
| I surely have, because it killed desktop inovation, as
| everyone keeps trying to replicate PDP-11 CLI experience, as
| termux is a living proof of it.
|
| UNIX compatibility is also what keeps C alive, actually.
|
| Want a CLI? The Java APIs on Android provide all the required
| features.
| Anon1096 wrote:
| Currently my most commonly used tool in Termux is youtube-
| dl from pip. Please point to how you can install it via
| these other Java based shells or language REPLs. Termux
| provides a lot more functionality than an interpreter.
| pjmlp wrote:
| Re-implement it as a Java application, duh.
|
| Do you also want me to teach you Android Java or Kotlin?
| nanna wrote:
| > Everyone should move to F-Droid version, if possible
|
| Instructions from the Termux wiki here:
| https://wiki.termux.com/wiki/Installing_from_F-Droid
| jedimastert wrote:
| That will only delay the issue until Q, right?
| ahartmetz wrote:
| I discovered UserlAnd which seems like a better Termux. UserlAnd
| can run a surprisingly useful Ubuntu even though it has not init
| system.
| perryizgr8 wrote:
| The upcoming SELinux restrictions mentioned in TFA would seem
| to obstruct any app that has the capability to execute any
| arbitrary binary. I would be highly surprised if any other
| similar app would continue to work without problems.
| fsflover wrote:
| Time to switch to GNU/Linux phones if you want to own your
| device.
| pjmlp wrote:
| I think you mean back to ssh (telnet) to a cloud
| (mainframe/UNIX) server, or using a browser (X Windows) for a
| no-exec home folder using IT sanctioned software.
| digdigdag wrote:
| GNU Phones suck. You have to drastically lower your
| expectations and pay more for the experience. For instance,
| Librem 5 USA costs a cool $2,000. That's $2,000 for a phone
| with specs comparable to phones in the mid 2010s. To make it
| worse, you would have to expect near-zero support, and healthy
| dose of RTFM and DIY mindset along with it.
|
| Thus, for the vast (and I mean VAST) majority of consumers,
| Librem and the rest of the open source phones were dead on the
| spot even if it cost 1/3 of their current price.
|
| It's a pipe dream up there with the "year of the Linux
| desktop".
| mhh__ wrote:
| Sure, Linux phones are probably never going to be mainstream,
| but there are worse things to waste money on. Being an early
| adopter is always hard, and in this case you are literally
| putting your money where your mouth is.
| [deleted]
| fsflover wrote:
| > For instance, Librem 5 USA costs a cool $2,000.
|
| This is an extremely misleading example. You pay $2k if you
| want your phone to be produced in the USA. How much do
| alternative phones produced in the USA cost?
|
| Standard Librem 5 model costs $800, Pinephone costs $150 or
| $200.
| folkrav wrote:
| Indeed, the $2k example was misleading, but the fact it's
| still $800 for a phone with 2014 specs alone would have
| been more than enough to get his point across. You do have
| to pay 3-4x the price you would otherwise to get the
| privilege of running another OS on older hardware with
| arguably less functionality (OOTB, at least).
| danShumway wrote:
| Is that unreasonable? Running another OS on a device with
| physical hardware switches is a privilege right now, so
| it costs more. There are essentially two companies doing
| this, and neither of them are even at the point where
| they can completely honestly say their products are out
| of beta. The Librem is expensive in no small part because
| its feature list is fringe, and even ignoring the
| inherent hardware challenges that's just how the law of
| supply and demand works.
|
| What other market have you seen that acts differently?
| Look at how much other niche devices like Braille screens
| cost, or even more "mainstream" specialized hardware like
| the Remarkable Tablet -- arguably a much less capable
| E-Reader than a Kindle/Kobo device by almost all
| consumer-relevant metrics. But you'll pay more for stylus
| support on an E-ink screen if you need that, and you'll
| tolerate a suboptimal reading experience as well.
|
| It's also important not to ignore the fact that the
| Librem is a flagship device. It is currently the most
| powerful Linux phone hardware on the market. So you can
| buy a cheap, low-powered Pinephone (the far better choice
| for most tinkerers), or you can shell out for something
| with more raw power -- which is also pretty consistent
| with how most markets work.
|
| If you want to buy the single top-of-the-line Wacom
| tablet, you'll shell out at least $4,000, probably more
| when you factor in accessories. You want rotational
| support in the pen? That's another $100. Is the
| fractional improvement in a Cintiq Pro 'worth' the
| frankly massive price increase over consumer tablets?
| Probably not, you can buy an entire Surface Studio for
| the same price, and that comes with a "free" computer.
| But you'll pay the Cintiq price if you belong to a niche
| that needs the best the market currently has to offer for
| your particular use-case. And you'll pay the Librem price
| if you belong to a niche that needs the (currently) most
| powerful phone hardware that's realistically usable with
| a Linux OS.
| unix_fan wrote:
| These days, a braille display can be had for around
| $400-$600. We also have multiple manufacturers, with
| multiple models and prices you can choose from. I don't
| see that happening with open source hardware.
| danShumway wrote:
| From where?
|
| Genuine question, I was interested in trying to play
| around with one a while ago, and I spent a fair amount of
| time searching and could not find a single monitor for
| under $1000, and most of them were in the $3000 to even
| $7000(!!!) range for a device that can literally only
| display a single line of text at a time.
|
| If there are manufacturers making cheaper devices, or
| even just doing anything interesting with the hardware
| like building multiple-row 2D displays instead of 1D
| single-line outputs, I would love to know about them.
| It's a market I'm somewhat interested in.
|
| The cheapest option I ever found was
| https://www.boundlessat.com/Blindness/Braille-
| Displays/Brail..., which is $1000 for a device that can
| display a whopping 14 characters at a time.
| fsflover wrote:
| Don't forget that Purism also pays for the software
| development, while Pine64 uses that software for free (10
| euro donations per sold Pinephone do not cut it).
| folkrav wrote:
| > Is that unreasonable? Running another OS on a device
| with physical hardware switches is a privilege right now,
| so it costs more. There are essentially two companies
| doing this, and neither of them are even at the point
| where they can completely honestly say their products are
| out of beta. The Librem is expensive in no small part
| because its feature list is fringe, and even ignoring the
| inherent hardware challenges that's just how the law of
| supply and demand works.
|
| Sure. 800$ is still quite steep and, exactly as you said,
| relegates the device to a fringe market.
|
| > What other market have you seen that acts differently?
| Look at how much other niche devices like Braille screens
| cost, or even more "mainstream" specialized hardware like
| the Remarkable Tablet -- arguably a much less capable
| E-Reader than a Kindle/Kobo device by almost all
| consumer-relevant metrics. But you'll pay more for stylus
| support on an E-ink screen if you need that, and you'll
| tolerate a suboptimal reading experience as well.
|
| > It's also important not to ignore the fact that the
| Librem is a flagship device. It is currently the most
| powerful Linux phone hardware on the market. So you can
| buy a cheap, low-powered Pinephone (the far better choice
| for most tinkerers), or you can shell out for something
| with more raw power -- which is also pretty consistent
| with how most markets work.
|
| "Flagship" doesn't mean much other than "best X company
| has to offer". Indeed, it's the best you can buy for now,
| doesn't mean it's particularly great. The experience
| seems quite hit-or-miss, I've seen both horribly sluggish
| and quite usable footage just recently.
|
| > If you want to buy the single top-of-the-line Wacom
| tablet, you'll shell out at least $4,000, probably more
| when you factor in accessories. You want rotational
| support in the pen? That's another $100. Is the
| fractional improvement in a Cintiq Pro 'worth' the
| frankly massive price increase over consumer tablets?
| Probably not, you can buy an entire Surface Studio for
| the same price, and that comes with a "free" computer.
| But you'll pay the Cintiq price if you belong to a niche
| that needs the best the market currently has to offer for
| your particular use-case. And you'll pay the Librem price
| if you belong to a niche that needs the (currently) most
| powerful phone hardware that's realistically usable with
| a Linux OS.
|
| Fair point. Am I misunderstanding the goal of Purism, and
| merely existing enough for these projects, or are they
| aiming to grab some market share? I'm just utterly
| unconvinced that this is anything other than a fun
| curiosity.
| danShumway wrote:
| The ultimate goal of Purism is to expand the market, but
| (opinion me) when I look at Purism's products in general
| I don't see them ever themselves moving out of niche
| categories.
|
| If you buy a Purism laptop today, you'll already pay a
| premium over companies like Dell. I suspect that Purism
| is happy to see companies like Pine existing, and I know
| that they want Linux smartphones in general to be a
| broader market, I don't know that they're seriously
| thinking about trying to launch $100-200 competitors. To
| me, it just doesn't match their other products, I don't
| see anything else they're offering that would fall into
| that same category.
|
| And while people would like to see Linux completely take
| over the desktop/mobile space, I think there's a much
| broader category of people who just want the market to be
| big enough for us and to be big enough that it is able to
| meet our needs. Past that it's not the end of the world
| if it doesn't get larger.
|
| This is also part of what's frustrating about stuff like
| the "year of the Linux desktop" joke -- in many ways, the
| year of the Linux desktop already happened a while ago.
| Linux got good enough that you can pretty easily mainline
| it instead of Windows without serious issues or
| downsides. I have not _booted into_ a Windows computer in
| multiple years, I don 't even have a backup install
| anywhere. It just doesn't come up anymore. In terms of
| software, Linux support is something that a sizable
| portion of the indie games market now talks about, and
| between Steam/Proton and the recent architectural/policy
| changes happening on Mac you're now about as likely to be
| able to run a game on Linux (if not more likely) than you
| are to be able to run it on a modern Mac device.
| Meanwhile, 'mainstream' Linux OSes finally got polished
| enough that it's completely reasonable to put a tech-
| unfriendly kid or parent on a Linux machine without
| worrying that you'll get tech support requests every
| week. There's still a little ways to go with some
| legacy/holdout software in more niche professional fields
| like graphic design, but if you're a relatively normal
| user, then at some point Linux stopped being a struggle
| to run.
|
| So in the same way, when I talk about the success of the
| Linux phone market in general, I'm not necessarily aiming
| for "we monopolize the entire space and nothing else
| exists." I think it's completely plausible that the Linux
| phone market might grow, not put Apple out of business,
| but still grow enough that there is a reasonably priced,
| usable alternative for people who value privacy and
| freedom.
|
| In them meantime, it's niche. As far as I know, the front
| camera on the recent Pinephones still doesn't have
| software support. So yeah, it's currently a niche market
| for people who have very specific wants and needs. It
| seems kind of premature to me for people to be
| complaining about price and hardware when we're still
| celebrating things like camera support; commoditization
| is something that happens to mature markets, not new ones
| -- and that all takes time.
| fsflover wrote:
| > As far as I know, the front camera on the recent
| Pinephones still doesn't have software support.
|
| It works well since October:
| https://www.pine64.org/2020/10/15/update-new-hacktober-
| gear/.
| danShumway wrote:
| Nice! I hadn't seen that update.
|
| Regardless, the point still stands that if we've had
| camera support for ~3 months, we're probably not at the
| point where we need to seriously worry about whether
| we're currently offering the highest value-to-money
| hardware choices to consumer demographics that have never
| opened up a command line before.
| fsflover wrote:
| Librem 5 provides features which no other phone provides.
| Simple specs comparison does not show the whole picture.
| See FAQ: https://source.puri.sm/Librem5/community-
| wiki/-/wikis/Freque....
|
| Edit: Also, why do you need a better performance?
| Browsing and 3D games work fine.
| folkrav wrote:
| Again, those "selling points" are extremely fringe. Let's
| not pretend like grandma (and the average phone user)
| cares about hardware killswitches, DP over USB-C, etc...
|
| Like they say themselves in that very article you posted
| :
|
| > For people who want these specialized features that no
| other phone offers, the Librem 5's price is not
| unreasonable.
|
| Also, specs are obviously not the only thing that
| matters, but having seen Librem 5 phones run, it's pretty
| damn obvious they do kind of matter - the thing seems to
| run quite choppy.
| fsflover wrote:
| That is why I asked why grandma would need a performance
| of iPhone 12. Native apps work quite smoothly on Librem 5
| (and many of them even on Pinephone).
|
| Choppiness of the UI is not caused by the hardware specs,
| but by not yet fully optimized software. See here:
| https://social.librem.one/@dos/104984930233748319
| folkrav wrote:
| I mean, just take a look at their own damn videos. [1]
| The thing runs choppy and had horrible input lag just
| typing the lockscreen passcode or opening the dialer.
|
| I don't expect my mom to need iPhone 12 performance, but
| even my mom told me her older LG G-something was slow
| getting slow, and having played with it before her
| switching phones, it wasn't nearly as choppy looking as
| this video.
|
| You and I obviously have very different definitions of
| "quite smoothly". And specs related or not, UI is a major
| part of the experience. The initial point still stands:
| Linux phones are pretty damn far from being anywhere
| viable for anyone but the most hardcore enthusiasts.
|
| [1] https://www.youtube.com/watch?v=qimtzxMyfq0
| fsflover wrote:
| See my edit above: it's not the issue with the hardware
| but with software. Check out more recent videos from
| them:
|
| https://www.youtube.com/watch?v=dIFWZZ2YVqI
|
| https://www.youtube.com/watch?v=cAUNrY_qPCg
| folkrav wrote:
| It does look quite a bit snappier indeed, but as I said
| in my previous comment as well:
|
| > specs related or not, UI is a major part of the
| experience
|
| When someone buys a phone (or hell, a computer), they're
| buying a package of hardware, which dictates available
| software. Hell, you could make some hypothetical $200
| phone with the best hardware on the market, if it doesn't
| have what some people consider "basic" functionality
| software side, they won't buy... coming back to the
| initial point that Linux phones are not ready for prime
| time.
| fsflover wrote:
| Fair enough. Some people prefer to buy early and get all
| software updates on the way though (with lifetime updates
| btw). It's also FLOSS, so everyone can contribute.
| unixhero wrote:
| Okay? How!?
| xorcist wrote:
| https://en.wikipedia.org/wiki/List_of_open-
| source_mobile_pho...
|
| Also worth to take a look at is Fairphone, which is a little
| more finished product than most. It has an active community
| around it with many ports ongoing.
| mrybczyn wrote:
| https://mudita.com/
|
| from some of the people at CDPR
| vlunkr wrote:
| pre-ordering from CDPR people has always worked out /s
| faeyanpiraat wrote:
| EUR297 pre order pricing for a very simple phone.
| unixhero wrote:
| To be fair, I would pay for a libre phone. And regarding
| that it is very simple and or basic, OK. Life has become
| too complicated.
| fsflover wrote:
| https://www.crowdsupply.com/sutajio-kosagi/precursor
| unixhero wrote:
| What is or who is CDPR?
| fsflover wrote:
| https://puri.sm/products/librem-5
|
| https://www.pine64.org/pinephone/
| unixhero wrote:
| Cool! Thank you.
| iagovar wrote:
| PinePone or Librem. There may be others.
| jar3624 wrote:
| I can't wait until the first stable consumer version of pine
| phone comes out https://www.pine64.org/pinephone/
| megous wrote:
| I don't think the hardware will change much in the future
| anymore.
| fsflover wrote:
| What about the backlight bug?
|
| https://wiki.pine64.org/wiki/PinePhone_v1.2#Backlight
| fsflover wrote:
| Why downvotes? I genuenly would like to know about it.
| The bug is present in all Pinephone versions, including
| the one on sale now.
| megous wrote:
| I wrote that text, hehe. I'm not aware of any effort to
| fix that. It's already reasonably non-flickery thanks to
| other fixes, since that paragraph was written.
| Mediterraneo10 wrote:
| Not for this first Pinephone. But there is now a more
| advanced chip available that Pine64 may start offering
| within a couple of years.
| megous wrote:
| And it will have a reasonable sw support in another
| couple of years since then. :)
| fsflover wrote:
| If you need more power, why not choose Librem 5?
| Mediterraneo10 wrote:
| Price, for one. And also the company's reputation for
| transparency.
| fsflover wrote:
| So you expect a performant niche phone for a low price?
|
| Concerning the transparency, I agree, they have some
| issues. But it does not concern me as long as they
| actually deliver (and they do).
| Mediterraneo10 wrote:
| The chip that Pine64 is expected to move to in the next
| generation of the Pinephone, will cost the same low price
| as the current chip but be considerably more powerful.
| So, indeed, members of the Linux phone community can
| expect a more performant niche phone for a low price.
| kelchqvjpnfasjl wrote:
| Because you could buy 4 PinePhones for the cost of a
| Librem 5?
| [deleted]
| badRNG wrote:
| Are there actually any phones for "normal" Linux users?
|
| I've used GNU/Linux as my desktop OS for nearly a decade:
| Fedora for years, then openSUSE, then Pop!_OS for the past
| couple of years. These distros seem to have provided a good,
| current, stable out-of-the box experience (Out-of-the-Box + RPM
| Fusion and Packman for the former two.)
|
| I just don't enjoy constantly fixing issues on my personal
| systems, in fact, after work I just want my computer to work. I
| get some people enjoy tinkering, I simply want my device to
| work AND provide me the freedom to do what I want if I feel
| adventurous. I don't distro-hop, and I don't like rebuilding my
| OS if I can help it. I'll spend a week getting everything the
| way I like it and expect it to last me at least a couple of
| years. I use Linux for everything: gaming, writing software,
| web browsing, you name it.
|
| For as long as I have looked into it, GNU/Linux phones are an
| absolute nightmare for someone like me. I remember reading an
| article full of workarounds to get a dialer app to work on some
| project phone. I just want a phone that works, and could allow
| me to access root, setup my dot files, and tinker to the degree
| I'd like. As of now, my only solution has been LineageOS
| (Android fork) which has a proper terminal emulator with root
| access by default. As nice as this is, I'd love to support a
| GNU/Linux Android-alternative, as it's anyone's guess how long
| LineageOS or other forks will be compatible to the degree they
| have been in the past.
| fsflover wrote:
| If you prefer stability over feature set on desktop, choose
| Debian stable. It's rock-solid.
|
| > I remember reading an article full of workarounds to get a
| dialer app to work on some project phone.
|
| Currently, phone calls and sms work fine on both Librem 5 and
| Pinephone. The development rate is amazing. Only the good
| battery life is lacking yet, but it's improving every month.
| badRNG wrote:
| I might give the GNU/Linux phone another shot.
|
| I do prioritize currency over stability in many instances,
| but I do want a _reasonable_ level of stability which is
| admittedly quite subjective. Pop!_OS or other Ubuntu-based
| distros seem to strike the right balance for me (Pop won me
| over with it 's built in, togglable tiling manager, a
| feature I'd have to spend a week's worth of free time
| researching and trying to get working properly in, say
| Arch.) I just don't have much free time and motivation to
| spend getting some tiny quality of life improvement to
| work.
| saagarjha wrote:
| This is annoying, but I am not quite convinced that this requires
| pulling Termux from the Play Store. I mean, to be honest, Android
| is literally "easy mode" compared to iOS even after this change,
| and just having access to execmem would be enough for any iOS app
| to write a very capable Termux-and that's even without proot
| involved. I'm seeing claims of execmem possibly going away as a
| reason to not write their own loader (which is basically the only
| component they need) but that would require banning all
| alternative web browser engines from the store, which would be a
| much larger change in policy than banning exec from certain
| directories.
| cute_boi wrote:
| looks like I don't own my device but google own device.
|
| Looks like google wants to make virtual wall and gates like that
| of apple.
| michaelmior wrote:
| You can still install whatever apps you want on your device.
| Much easier than you can on an iPhone.
| samanator wrote:
| But you can't control everything on your device (e.g. let one
| program kill other programs).
| michaelmior wrote:
| I have an app on my non-rooted Android phone which does
| this. You just need to give the app admin permissions.
| samanator wrote:
| Oh cool, I didn't know that what possible. What app is
| that?
| michaelmior wrote:
| Tasker is one example. There's a bit more info here:
|
| https://notenoughtech.com/tasker/important-
| tasker-5-9-2-upda...
|
| You can certainly do a lot more with a rooted device. I
| think it's a reasonable tradeoff to limit uncommon use
| cases for devices which haven't been rooted. I think the
| majority of users would prefer the additional security
| restrictions in place on non-rooted devices. For those
| who want more control, you can root at your own risk.
| searchableguy wrote:
| Google's safety net API is used to check if the device is
| rooted/unlocked/tampered. Many apps are using that now
| and will in future. There's no way around it.
|
| You can either have a phone for tinkering or general
| usage. There is no in-between now.
| michaelmior wrote:
| That personally doesn't bother me. I think it's
| reasonable for developers to want to safeguard the
| integrity of their apps. I can choose to use an
| alternative app without this check on my rooted phone. If
| there's no alternative, then of course you're left
| deciding which is more important. I am a developer (but
| not for Android) and I've never really felt the need to
| root my phone for many years. I think if you're a
| professional Android developer, it's reasonable to have a
| second rooted device for development if you really feel
| you need root.
| searchableguy wrote:
| Yeah I don't think the API is unreasonable but many will
| use this without a purpose other than for compliance or
| something they saw somewhere that said it makes their
| apps more secure.
|
| > I think if you're a professional Android developer,
| it's reasonable to have a second rooted device for
| development if you really feel you need root.
|
| Safety net API will also fire on unblocked bootloaders,
| not just root. Android smartphone market is filled with
| crappy skin from chinese manufacturers and others. I
| don't want to be spied on by them so I use a custom rom
| on my phone. That wouldn't work in future.
| BuildTheRobots wrote:
| According to this comment, sideloading is being disabled too:
| https://news.ycombinator.com/item?id=25645478
| hundchenkatze wrote:
| You can disable Google's Advanced Protection
|
| https://news.ycombinator.com/item?id=25645981
| BuildTheRobots wrote:
| Thanks :)
| lbrito wrote:
| Termux is such a great piece of software. I've been using it as
| my primary server[1] for half a year now with no issues and very
| minimal maintenance.
|
| That said, it always kinda felt like a kludge when compared to
| (ideally) using a full-blown Linux distro like PostmarketOS.
|
| [1]
| https://lbrito1.github.io/blog/2020/07/replacing_google_anal...
| gcblkjaidfj wrote:
| This point is moot and off-topic.
|
| termux is not perfect because it is already a compromise!
|
| When google scammed us and sold android devices to all the
| hackers here and then surreptitiously removed our access to the
| terminal, we said "that's fine, we can still package this as an
| app like so and so" and termux was born.
|
| now they are removing access from running any code not signed
| by their store, even if you install termux from the appstore
| and compile some code yourself, you can't run it. where are we
| drawing the line?
|
| 99% of people cannot use postmarketOS, either because their
| market do not have access to devices with unlocked bootloader
| or because their live depend on some bank/school/work app that
| checks the OS.
| dmos62 wrote:
| Ironically, the software we create, Android in this case,
| isn't oriented at us. Castration in Android is considered a
| feature, because it makes the average user's phone more
| reliable.
| [deleted]
| gcblkjaidfj wrote:
| > it makes the average user's phone more reliable.
|
| I would believe that if it was a prime (well described, not
| difficult to understand, easy to find) option where the
| user had control.
|
| As it is, it is the same as blocking the second level of a
| house because 'not allowing the residents to climb a stair
| makes the house safer for them'.
|
| At some point, we have to see that feature prioritization
| on android serves only advertising revenue increase, and
| reduced support costs for google.
|
| This one is for the later. With this feature they can
| remove tons of cost form app review teams they have. They
| can just allow every app that downloads crap to the data
| location and call it a day. It doesn't help the user in any
| way, only google profits.
| dmos62 wrote:
| > same as blocking the second level of a house because
| 'not allowing the residents to climb a stair makes the
| house safer for them'
|
| Exactly what I meant. I liked the comparison.
| amingilani wrote:
| Quick note: Google's Advanced Protection program disallows
| sideloading apps, so you can't install F-droid.
|
| Edit: Note that the Advanced Protection program is opt-in for
| users that require the highest degree of security Google can
| offer. Regular users won't be impacted by this.
|
| Edit: proof https://imgur.com/a/yktPNIc
|
| Edit 2: see @haunter's comment for a link to the change
| announcement
| admax88q wrote:
| I wonder what the actual numbers are on malware installed via
| side-loading and malware installed from the play store.
|
| There is no shortage of sketchy apps on the play store.
|
| Through my personal bias I would imagine that most people side-
| loading apps tend to be people using F-Droid who know more or
| less what they're doing. Although I'm sure there are some
| people who blindly follow sketch website telling them to
| install sketchy APK directly. But do these people really
| outnumber people installing flashlight app from play store that
| steals your data?
|
| All this locking down your device "for your own protection"
| assumes that the play store software is actually vetted and
| secure, but that second piece never seems to fall in to place.
|
| This random article [1] suggests that 67% of malicious app
| installs comes from the play store itself. So this whole
| "Advanced Protection" scheme only protects against 23% of
| threats. Pretty weak IMO.
|
| [1] - https://www.zdnet.com/article/play-store-identified-as-
| main-...
| tgsovlerkhgsel wrote:
| There is "people intentionally side-loading", and "people
| getting social engineered into installing something they
| shouldn't".
| adewinter wrote:
| I think even when you sum those two quantities it'll still
| be less than the number of people getting hit by apps from
| the regular play store.
| zamadatix wrote:
| Likely but not because no filtering at is is better than
| mediocre filtering rather precisely because it's not easy
| for a user to "accidentally" side load.
| rodgerd wrote:
| > There is no shortage of sketchy apps on the play store.
|
| Certainly the Play store being a walled garden which appears
| to be full of weeds, nightshade, and hemlock is one of the
| key factors in pushing me over to iOS.
| zhengyi13 wrote:
| If side-loading is generally discouraged to the point where
| it's a hassle, then it's a less attractive entry point for
| malware authors... so I'd expect the result is that there are
| ultimately fewer malware instances installed.
|
| If side-loading becomes easy and normalized though...
| stjohnswarts wrote:
| Thanks for the clarification. I was going to say I might as
| well just switch to Apple if I can't sideload and enjoy some
| freedom with my phone even if it's not as free as I would like.
| gst wrote:
| > Quick note: Google's Advanced Protection program disallows
| sideloading apps, so you can't install F-droid.
|
| It's still possible to sideload apps if they are installed with
| ADB.
| [deleted]
| fullstop wrote:
| Yes, I can confirm this. Advanced Protection is kind of cool
| but there are definitely some downsides.
| Jubok wrote:
| And even if you disable it, it can still block you. I didn't
| try to reset my phone completely, but I have to Force Stop the
| Google Play Store and empty cache/user's data to install any
| apk
| AsyncAwait wrote:
| > Note that the Advanced Protection program is opt-in for users
| that require the highest degree of security Google can offer.
| Regular users won't be impacted by this.
|
| Yet. Google seems to be restricting Android more and more with
| each release.
|
| I fully switched to the PinePhone last year because of this.
| sneak wrote:
| I learned recently that having Advanced Protection enabled also
| rewrites all URLs in your email messages to use the Google URL
| redirector, even when accessed via IMAP.
|
| It breaks PGP signatures, among other things.
|
| No way to turn it off without disabling all of Advanced
| Protection. Sweet, huh?
| est31 wrote:
| Which advantages does Advanced Protection give you in
| particular so that you have enabled it? It seems that things
| like hardware 2fA should work without it as well? Genuinely
| curious.
| ufmace wrote:
| I am on it and like it. It seems to explicitly forbid a
| bunch of edge cases in the login auth that would otherwise
| be tricky to configure properly and keep up to date. Yes,
| you can set up and use hardware key auth without it, but
| it's nice to guarantee that you can never login without a
| hardware key no matter what. IIRC it closes off a few other
| types of misconfiguration or over-authorization that might
| allow someone to exfiltrate data from your account.
| sneak wrote:
| It forbids 2FA with anything other than U2F hardware, which
| is practically unphishable. I don't really trust the Google
| auth system without the hard "disallow all non-hardware-
| based auth" restriction, due to the innumerable stories
| about sim swapping, et c.
| liotier wrote:
| Office 365 does that too - and Twitter by the way... Copying
| & pasting URL is becoming mostly a tedious rigmarole of
| opening the link, seeing what it finally resolves to - and
| only then copying & pasting...
| mongol wrote:
| What?
| berdario wrote:
| Wasn't aware of it, interesting
|
| https://landing.google.com/advancedprotection/
|
| There are instructions here for how to unenroll:
|
| https://support.google.com/accounts/answer/7539956
| johnsoft wrote:
| Yikes.
|
| I use f-droid, and I'm lucky enough to be one Android version
| behind. Can someone who's upgraded let me know what to expect
| when I upgrade? The blog post mentions that adb still works.
| Does this mean I'll have to use adb once to install f-droid and
| have it work normally after that, or will _every_ app need to
| be installed using adb?
| suprfsat wrote:
| You'll have to use ADB once to install F-droid and each new
| app not from the Play Store, but F-droid will be allowed to
| install updates.
| ce4 wrote:
| I disagree - any proof for your statement?
| haunter wrote:
| Not OP but that was announced back in March
| https://www.blog.google/products/android/new-malware-
| protect...
| ce4 wrote:
| Ok thanks. Somehow must have missed that one - I guess it's
| voluntary unless you install some work related app where
| company security policies pretty much default to switching
| off any possible loophole. I don't like where this path is
| going to lead :(
| shawabawa3 wrote:
| The Advanced Protection program is opt-in for people with
| a high security posture
|
| It also means you _have_ to have 2 security keys set up
| to login to your Google account with no other 2 factors
| allowed as backup
| amingilani wrote:
| I've added a screenshot.
| chrisrhoden wrote:
| This is specifically if your employer requires it for you to be
| logged into your work google account.
| fullstop wrote:
| I am enrolled in Advanced Protection with my personal
| account. It's optional.
| hyperpallium2 wrote:
| This Advanced Protection program is optional, isn't it?
| vlunkr wrote:
| Yes. You can disable it.
| https://support.google.com/accounts/answer/7539956 . It would
| have been nice for the parent comment to include that, since
| it changes the situation significantly.
| drKarl wrote:
| Wow! That is a very big deal!!! Almost all of the Apps I have
| on my Android phone are installed from F-Droid, and I try to
| avoid installing any Apps from other sources, exceptions force
| upon me by my social circle, like WhatsApp.
|
| I have a PinePhone but it is not yet ready as a daily driver,
| and also the difference in hardware performance between my
| Android phone (which I bought this year) and PinePhone (or even
| Librem) is abismal. I wish there was at least one (or many)
| linux phone ready to be a daily driver and with hardware
| comparable to modern Android phones (or iPhones), but
| unfortunately that is not yet the case, although the community
| has made a massive effort this year to advance the state of
| linux on phones, at least for PinePhone...
|
| I use a MacBook for work and same thing, almost all the apps I
| have I installed using homebrew (and the UI apps, with brew
| cask)
|
| EDIT: I see that, at least for now, it's optional and you can
| un-enroll, which is good.
| jolmg wrote:
| > I have a PinePhone but it is not yet ready as a daily
| driver, and also the difference in hardware performance
| between my Android phone (which I bought this year) and
| PinePhone (or even Librem) is abismal.
|
| I don't know about it being so much a hardware performance
| issue, rather than a software optimization issue. Personally,
| I don't think I need much performance, but I have had issues
| unlocking my Pinephone because the lockscreen seems to have a
| hard time keeping track of my finger as I slide it or press
| the keypad buttons. I've also had a number of kernel panics
| in the few times that I've used it (I got it just recently).
|
| For the Pinephone to be my daily driver I just need to be
| able to run Whatsapp on it (so run an Android emulator with
| access to the SIM card, I imagine; haven't tried) and take
| real 5MP images. That's all I really need to switch the SIM
| card and leave my Android phone at home. It can even drop
| calls and I won't really care (not that it does; I haven't
| tried).
|
| EDIT: I see I misread a bit and thought you meant its low
| performance prevented its use as a daily driver. I don't
| think it makes sense for linux phones to be offered with more
| expensive hardware until the software catches up to enable
| their use as daily drivers for more people. I think we're at
| a stage where the buyers are primarily people that are
| looking to possibly contribute to the software to get it to
| that point. Being a cheap phone is important for that.
| yoavm wrote:
| Your Whatsapp running on an Android emulator doesn't need
| to have any access to the SIM card. You only need to have
| the SIM card on some phone so you can enter the code you're
| receiving by textwhen signing in for the first time.
|
| You can then use a bridge to connect it to Matrix and chat
| using Whatsapp from any Matrix client.
| jolmg wrote:
| Oh wow! Thank you so much for the tip! I've never used
| Matrix, but I'll look into that! Not having to depend on
| the Whatsapp client sounds like a dream.
| h_anna_h wrote:
| Afaik, if you disable it you basically let everyone spam you
| with password reset notifications.
| input_sh wrote:
| > EDIT: I see that, at least for now, it's optional and you
| can un-enroll, which is good.
|
| It's always going to be optional. It's their solution for
| high-risk users (think: journalists, whistleblowers, and
| similar), it's not meant to be for everyone.
|
| Disclaimer: No Google affiliation, but I've tested the
| program a long time ago before it was available to everyone.
| riedel wrote:
| The problem will start with such offerings only if third
| parties (like employers or banks) demand turning this on. The
| patronizing of users that started with saftynet is
| horrifying. I think it will become crucial that some
| commercialy relevant group uses non play store content.
| Otherwise the affordance to use non main stream stuff will
| become higher and higher.
| paulie_a wrote:
| If the employer demands that then they can provide me the
| phone
| judge2020 wrote:
| I mean it makes sense. The employer requires you to only
| trust Google-approved apps since something like an evil
| maid (or mugging, or blackmail, etc) attack on an unlocked
| phone is part of their threat model.
| velosol wrote:
| And it seems reasonable for an employer. What about
| banks? The argument I'm coming up with just isn't as
| compelling for no other reason than I'm 'only' risking my
| money, not corporate access.
| bitwize wrote:
| I have a strict "if you want me to use a phone for work,
| then issue me a work phone" policy. No, I will not install
| your MDM app on my personal phone, because that is
| tantamount to surrendering my phone to the company.
| iagovar wrote:
| ? I have F-Droid in my phone, is this something new?
| opencl wrote:
| It only applies if the Google account on your phone is
| enrolled in the Advanced Protection Program.
| zyx321 wrote:
| Advanced Protection is an opt-in for people at risk of
| targeted attacks. Unless you have a company phone, it's
| unlikely to be enabled without your knowledge.
| amingilani wrote:
| I believe so, I had it until I changed my phone. I've added a
| screenshot.
|
| Edit: See this comment for link to announcement
| https://news.ycombinator.com/item?id=25645554
| perryizgr8 wrote:
| I wish Google took the high road when it comes to Android and let
| users create legit root accounts on their phones. Instead they
| seem to be emulating the worst parts of Iphone OS.
|
| And no, root account does not violate any security principles. If
| your app is leaking secrets due to root accounts, your app is
| broken.
| dingaling wrote:
| > If your app is leaking secrets due to root accounts, your app
| is broken.
|
| Yes it amuses me how banking apps refuse to run on a rooted
| phone, but the same bank's website works on the same phone.
| Suggests that they've placed a little too much trust in the
| app. Never trust the client...
| higerordermap wrote:
| HN has this fetish for root access. But it's more important to
| protect dumb users, and script kiddos watching youtube videos
| for everything, than letting someone do some text operation his
| smug greybeard (tm) 1970s way.
|
| And Google technically allows it, buy a phone with unlockable
| bootloader.
| perryizgr8 wrote:
| Why would "dumb" users create a root account on their phone?
| hyperpallium2 wrote:
| https://f-droid.org/packages/com.termux/
|
| Note that you can download the apk and sideload, without
| installing fdroid.
|
| You can, for example, install termux on a device that is never
| online... a standalone phone.
| izacus wrote:
| The GitHub discussion is significantly more informative and
| carries a lot of thinking behind the changes:
| https://github.com/termux/termux-app/issues/1072
|
| IMO a better link than a short paragraph on Wiki.
| app4soft wrote:
| Sadly, since January 1st, 2020 Termux team dropped[0] support
| for _Android 5.x /6.x_, so actually in _F-Droid_ repo it now
| requires minimum _Android 7.x_ :
|
| > _Support for Android 5.x.x - 6.x.x is dropped forever. Time
| to upgrade your devices or learn how to backport git changes._
| [1]
|
| And this part from Termux devs reply is especially cynical:
|
| > _... Time to upgrade your devices..._ [1]
|
| It looks like they has a contract with devices manufacturers...
|
| ... No, I no need such type of _" app improvements in new
| version"_ which require me to buy a new device.
|
| FTR, In _F-Droid Archive_ [2] repo there is still _Termux
| v0.75_ for Android 5.x /6.x (which I'm using on Ido device),
| but it is horrible because _Termux packages repo for Android
| 5.x /6.x_ are now disabled[3] too.
|
| [0] https://github.com/termux/termux-app/issues/1516
|
| [1] https://github.com/termux/termux-
| app/issues/1407#issuecommen...
|
| [2]
| https://apt.izzysoft.de/fdroid/index/apk/com.termux?repo=arc...
|
| [3] https://github.com/termux/termux-packages/issues/4467
| thetinguy wrote:
| I think 5 years of support is reasonable.
| djsumdog wrote:
| For an open source project, yes. There aren't enough people
| to really work and maintain this thing.
|
| But in general, hell fucking no. 5 years is terribly short
| sighted. Look at how much e-waste is piling up. We can't
| really recycle phones. They get shipped to Asian and
| African countries where people melt down the plastic
| without adequate ventilation and extract out all the metals
| they can in OSHA free environments.
|
| We should be designing things to be as useful as possible
| for as long as possible.
| app4soft wrote:
| No.
|
| Beside Android 5.x/6.x devices, I has Symbian 9.x (Nokia
| N82) smartphone which works perfectly. And there are a lot
| of new apps for it:
|
| - https://old.reddit.com/r/symbian/new
|
| P.S. My 10+ year-old laptop perfectly works with latest _MX
| Linux_ distribution (based on _Debian 10 buster_ ) and all
| modern FLOSS desktop apps (GIMP, FreeCAD, Inkscape, etc.)
| works like a charm on it.
|
| So, software devs should NOT _declare users to buy /upgrade
| hardware_.
| MrDresden wrote:
| Now that just comes off as being written by someone who
| feels very entitled to the hard work of others.
|
| If you feel so strongly about it, why don't you fork the
| project and continue integrating upstream features and
| fixes for those on pre 7.x devices? Or would that take
| too much of your own time to do?
| Anon1096 wrote:
| If you're committed to sticking with a really old phone
| and want to use Termux, you should switch to a custom ROM
| based on more modern Android. Android 5 and 6 are ancient
| at this point.
| _flux wrote:
| So regardless the amount of work it involves and how few
| people use them, e.g. 6-year old devices should always be
| supported?
|
| With PC the compatibility is quite a success story, but
| hardly the standard.
| rodgerd wrote:
| It's an open source project. Feel free to pitch in,
| sponsor, or shut the fuck up .
| michaelt wrote:
| Phone manufacturers certainly ought to offer 5+ years of
| OS updates. Apple does, after all. So I agree with you to
| that extent.
|
| But if users want third parties volunteers to support
| devices whose vendors have already dropped support? If
| there are no volunteers wanting to do the work, the work
| doesn't get done.
|
| The bad guys here are the phone vendors, not the Termux
| developers IMHO.
| Dylan16807 wrote:
| 5 years is okay for a phone, but once you subtract the time
| it takes for Android releases to get into new phones it can
| be a problem. Hopefully the manufacturer releases OS
| updates! Hopefully.
| driverdan wrote:
| Why would you expect them to continue supporting a 5 year old
| OS version?
| bill_mon wrote:
| Because most devices can't be updated? Supporting version
| 4+ gives you a much larger audience than limiting to
| version 7+.
| MrDresden wrote:
| I think this was a very logical thing for them to do.
|
| Supporting platforms that old comes with a massive amount
| of headaches. It is hard enough for big teams of
| applications with high MRR to do, and is near impossible
| for a FOSS application to do in perpetuity.
| app4soft wrote:
| Because its community driven FLOSS project.
|
| And it would "OK" if there would no releases with new
| features... but bug fix releases which is worse.
|
| Instead, team (owner & core members) just dropped &
| disabled everything, leaving Android 5.x/6.x device owners
| in frozen state.
|
| Even more, team not proposed itself & ignored any
| proposition from others to at least support Termux for
| Android 5.x/6.x in LTS-way.
| saagarjha wrote:
| I know some people do this for iOS, so I would have
| expected it to almost be the norm on Android where many
| devices frequently fall behind on updates.
| matkoniecz wrote:
| It is not Termux devs fault that many phone manufacturers
| fail to handle OS upgrades.
|
| They are not obligated to support them, feel free to support
| all Android versions at once in your project.
| rodgerd wrote:
| Precisely. If you want long-term support, don't use Android
| in the first place.
| westurner wrote:
| Note that there are 297 hidden items in that issue so you have
| to click "Load more..." ceil(297/60) times to read all of the
| comments about how APK packaging is soon necessary for latest
| Android devices so the termux package manager can't just dump
| executable binaries wherever.
|
| FWIU:
|
| - Android Q+ disallows exec() on anything in $HOME, which is
| where termux installed binaries that may have been writeable by
| the executing user.
|
| - Binaries installed from APKs can be exec()'d, so termux must
| keep APK repacks rebuilt and uploaded to _a_ play store.
|
| - Termux shouldn't be installed from Google Play anymore: you
| should install termux from the F-Droid APK package repos, and
| it will install APKs instead of what it was doing.
|
| - Compiling to WASM with e.g. emscripten or WASI was one
| considered alternative. "Emscripten & WASI & POSIX"
| https://github.com/emscripten-core/emscripten/issues/9479
| hyperpallium2 wrote:
| What about development on-the-device?
|
| - It seems C compiled with clang on the device wouldn't be
| executable? (If it was, that would be a way around the
| restriction: distribute packages as source, like the good old
| days)
|
| > offer users the option of generating an apk wrapping their
| native code in a usable way.
| https://github.com/termux/termux-
| app/issues/1072#issuecommen...
|
| This seems a promising solution: compile from source, create
| an apk, install - your custom distribution! For popular
| collections of packages, a pre-built apk.
|
| - Java might be explicitly blocked, being a system language
| for android, even though its byecode is interpeted and not
| exec()ed.
|
| - Other interpreted languages should be OK e.g. python
| westurner wrote:
| > _> offer users the option of generating an apk wrapping
| their native code in a usable way._
|
| > _This seems a promising solution: compile from source,
| create an apk, install - your custom distribution! For
| popular collections of packages, a pre-built apk._
|
| FPM could probably generate APKs in addition to the source
| archive and package types that it already supports.
|
| The conda-forge package CI flow is excellent. There's a bot
| that sends a Pull Request to update the version number in
| the conda package _feedstock_ meta.yml when it detects that
| e.g. there 's a new version of the source package on e.g.
| PyPI. When a PR is merged, conda-forge builds on
| Win/Mac/Lin and publishes the package to the conda-forge
| package channel (`conda install -y -c conda-forge
| jupyterlab pandas`)
|
| The Fedora GitOps package workflow is great too, but
| bugzilla isn't Markdown by default.
|
| Keeping those APKs updated and rebuilt is work.
| angry_octet wrote:
| You can run binaries you compiled either. On device dev is
| essentially pointless.
|
| You can run interpreters, but possibly in a restricted
| context in the future.
| pjmlp wrote:
| DEX bytecode is compiled to native code since Android 5,
| Android 7 introduced a multi-layer where it is intepreted
| only to get the first execution profile for the JIT, then
| the JIT gathers PGO data while executing, which will be
| used by AOT compiler when the device is idle, afterwards
| only the pure machine code binary executes until the next
| update, or loading code that wasn't touched by the JIT.
|
| As of Android 10, PGO data files are uploaded into the
| store and shared across similar devices so that the AOT
| compilation with PGO can be done right away on
| installation.
|
| Having bytecodes doesn't mean being interpreted.
| pantalaimon wrote:
| How would binaries compiled on the device differ from those
| downloaded from the internet?
| hyperpallium2 wrote:
| Yeah, I think you're right: you could download instead of
| compile, it's just the assembling into an apk on the
| device that has the advantage of customizing exactly what
| you want.
| [deleted]
| mehrdadn wrote:
| Are there any SELinux + Android experts there? Do you know if
| there is a way to alter the policy to undo this change with
| root privileges without disabling SELinux enforcement
| entirely? It fundamentally seems like it should be possible;
| I just don't know how. It would get around the issue very
| nicely if someone can figure out how, since I imagine many
| people with Termux also have root.
| swiley wrote:
| Between this and ish Android without third party app stores/apps
| is now worse than iOS.
| m45t3r wrote:
| This is far from true. Unless Google removed the possibility of
| installing packages from third party sources, the situation in
| Android for *nix username is still far better than iOS.
|
| AFAIK, iSH only runs in TestFlight right?
| jsjohnst wrote:
| > AFAIK, iSH only runs in TestFlight right?
|
| Nope, it's still in the AppStore[0]. So far, Apple hasn't
| followed through on it's threat.
|
| [0] https://apps.apple.com/us/app/ish-shell/id1436902243
| pipework wrote:
| https://ish.app/blog/app-store-removal
| swiley wrote:
| No it's on the app store now, likely because Apple knows
| they're violating anti trust laws.
| m45t3r wrote:
| Huh... This is interesting. Can I install packages using
| it?
|
| Because AFAIK Apple doesn't allow installation of packages.
| 1f60c wrote:
| Yes, you can!
| RL_Quine wrote:
| You can install packages fine.
| ziotom78 wrote:
| The very fact that you can still use F-Droid invalidates this
| statement.
| swiley wrote:
| >Android _without third party app stores /apps_
| badRNG wrote:
| While I really, really want a GNU/Linux Android-alternative to
| succeed, at the moment a good solution for those of us who can't
| go without Termux is LineageOS [1], an Android fork, comes with a
| terminal emulator WITH root access (of course you can install
| Termux if you prefer how it handles packages.) You can also
| install Play Store apps on it, should you feel so inclined.
|
| [1] https://lineageos.org/
| m4rtink wrote:
| For the record Sailfish OS[1] (and it's predecessors MeeGo and
| Maemo) had this from day one. You enable developer mode, set
| root password and it even installs a terminal emulator
| automatically for you! :)
|
| [1] https://sailfishos.org/
| fsflover wrote:
| How does LineageOS compare to /e/OS?
| badRNG wrote:
| As of now, I've only used two Android forks, Cyanogenmod and
| LineageOS, primarily because they work on so many devices.
| LineageOS has a whole list of cool custom APIs that I've
| considered taking advantage of in some future project, but
| other than that I'm not sure.
| phh wrote:
| FWIW, nowadays, thanks to Project Treble, most ROMs have
| GSI (Generic System Image) that will work on any device
| released with Android 8 or more recent, assuming OEM allows
| bootloader unlock.
| commoner wrote:
| The biggest difference is that /e/ is one of the few OSes
| that has MicroG pre-installed, which allows apps to make use
| of some features of Google Play Services (e.g. push
| notifications, map widgets, and COVID-19 exposure
| notifications) through a FOSS client. MicroG lets users turn
| on/off some of these features, and does not support Google's
| APIs for ads or analytics.
|
| https://microg.org
|
| https://github.com/microg/GmsCore/wiki/Implementation-Status
|
| LineageOS does not support the mechanism (signature spoofing)
| that enables MicroG to replace Google Play Services. The
| developers of LineageOS consider signature spoofing to be a
| security risk:
|
| https://review.lineageos.org/c/LineageOS/android_frameworks_.
| ..
|
| It is up to users to select the OS that best meets their own
| privacy, security, and usability needs.
| pantalaimon wrote:
| I never heard of /e/OS what does it do?
| dingaling wrote:
| It's just a fork of LineageOS with some app changes
| fsflover wrote:
| https://e.foundation/
|
| You can even buy it preinstalled on Fairphone:
| https://esolutions.shop/shop/e-os-fairphone-3/.
| phh wrote:
| /e/ is a fork of LineageOS with the goal to be usable by non-
| geeks. So it pre-includes a selection of FLOSS apps to make
| the device usable, like a Map app, cloud backups (well
| LineageOS now have it), calendar sync, etc.
| reportgunner wrote:
| Check out Termius. I've never used Termux so I'm not sure if
| Termius has the same feature set but it was enough to
| occasionally ssh in to my machine to attach/detach a gnu screen
| session to do what i needed.
|
| Also see Admin Hands.
| monsieurbanana wrote:
| From Termius description, it's a completely different app than
| Termux. Termius is a ssh client, it's purpose is to allow you
| to connect to a remote computer, whereas Termux _is_ the
| computer. You can program, compile, run programs, etc... from
| Termux.
| npsimons wrote:
| My use case is emacs, git and ssh so that I can have my org
| files on my phone and synchronize them with my other
| computers. And no, the org apps aren't good enough, plus
| there are other features of emacs that are nice to have at
| all times.
| ffpip wrote:
| I just installed this app 2 days ago for running croc [0]
|
| Works great. Will use Termux till/if it breaks.
|
| [0] - https://github.com/schollz/croc
___________________________________________________________________
(page generated 2021-01-05 23:01 UTC)