Pinephone Community Edition

28 réponses [Dernière contribution]
Beko
Hors ligne
A rejoint: 08/31/2019

Has anyone yet purchased the community edition of the pinephone? I remember seeing Chaosmonk's braveheart review, I haven't really been following progress on the phone since March because I figured production lines would be halted.

"The preinstalled postmarketOS software build which ships with this edition of the PinePhone is an Alpha software build. This effectively mean that while core functionality of the PinePhone – such as telephone calls, SMS messages, LTE, GPS, GPU acceleration, etc. – is operational, it is also an ongoing effort, and thus the device cannot be considered as a consumer-ready product."

Would this phone be ok to buy if I have been using Trisquel as my first and main GNU/Linux distro a.k.a does sudo apt install work with 'apk tools' also are veeery basic things like a Rhythmbox type music player available?

When I see them say "it cannot be considered as a consumer-ready product" first thing that comes to mind is battery life, I suppose if you only develop programs the phone would be pretty close to a power source whereas a consumer would need it to last throughout the day. It seems that most things that make a phone--a phone are present I don't really understand what's not consumer ready.

If you have ordered and/or received the community edition, please let me know, I'm reeeeeeeally on the fence about whether I should hold out further or just buy this one.

Thanks!

nadebula.1984
Hors ligne
A rejoint: 05/01/2018

There aren't many options for GNU/Linux on arm/64 devices (smart phones, tablets), and PostmarketOS is good enough. If the PinePhone community edition is still available, don't miss it.

There are no shortage of Android-based distributions, but very few GNU-based distributions for arm/64 architecture. By mistakenly calling the operating system "Linux" (sic), people confuse Android-based with GNU-based operating systems. When you have your smart phone running GNU/Linux, you can have root privilege and truly own your smart phone. Attach an OTG hub and every peripheral you need, you can even run gcc and build you own application on the phone.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> There aren't many options for GNU/Linux on arm/64 devices (smart phones, tablets), and PostmarketOS is good enough

PostmarketOS is a musl/Linux distribution, not GNU/Linux.

nadebula.1984
Hors ligne
A rejoint: 05/01/2018

Whether postmarketOS uses glibc of musl is less important. What is important is that postmarketOS is POSIX compliant.

PublicLewdness
Hors ligne
A rejoint: 03/15/2020

I own the Braveheart Pinephone and placed an order for a Convergence edition with PostMarket OS a couple days ago. On my Braveheart I have mainly used Ubuntu Touch but have dabbled with Manjaro Arm and KDE Neon. I'll do some checking with the Braveheart about Rhythmbox on the different distros as well as let you know how the PostMarket version is. As all of the fistros I have tried Ubuntu Touch is the most polished so far but KDE Neon and Manjaro Arm have the most potential if you want a more power user friendly distro.

I just did a quick check on my Braveheart and Rythmbox is available on KDE Neon but not Ubuntu Touch. The default music player for Ubuntu Touch is just called "Music". It plays my flac files so it does all I ask of it.

As for why it is not "consumer ready". For one the camera still doesn't work last I checked which can be a big thing for many users. Also outside of Ubuntu Touch many of the distros are pretty choppy for performance still. Texts; calls; wifi all work fine across different distros I have tried.

Beko
Hors ligne
A rejoint: 08/31/2019

>For one the camera still doesn't work

LOL I'm the type of person that tapes mine up, totally not a deal breaker.

>Also outside of Ubuntu Touch many of the distros are pretty choppy for performance still.

Is it like early versions of Android/Palmphones/Blackberry touchscreens that would have vague (for lack of a better word) hit boxes and there is a noticeable touchscreen lag or is it more the app takes forever to load? Optimized apps will come later I know this...

Honestly if you bought the Braveheart, and are buying yet the Convergence edition too that kinda says what I need to know.

Thanks!

PublicLewdness
Hors ligne
A rejoint: 03/15/2020

Yeah what sold me on the convergence was the 3GB of RAM and 32GB storage. Both should help with the choppines hopefully.

calher

I am a member!

Hors ligne
A rejoint: 06/19/2015

On 8.8.2020 6:30, name at domain wrote:
> LOL I'm the type of person that tapes mine up, totally not a deal breaker.

I'm the type of person that carries a point-and-shoot in my pocket each
and every day.

--
Caleb Herbert
KE0VVT
(816) 892-9669
https://bluehome.net/csh

strypey
Hors ligne
A rejoint: 05/14/2015

I have ordered the PostmarketOS Convergence community edition too. I'm pretty confident that after getting feedback on both the Braveheart and the Ubuntu Touch community edition, the Pine64 folks have the hardware ready to roll. I don't mind watching the software grow and improve over time, in fact I enjoy it.

I'm hoping that with a set of peripherals (screen, mouse, keyboard) it will be able to replace my ancient netbook as my work computer, as well as replacing my various old Androids for most purposes. That said, I'm also considering turning off the cell modem in the PinePhone and using it as a small tablet, and keeping one of the Androids for cell calls and texts. Since the cell modem is a proprietary black box by law, those comms are inherently compromised, and it seems a shame to have the nonfree cell modem software in the PinePhone running when I don't need to.

EDIT: clarified ambiguous language

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> I'm hoping that with a set of peripherals (screen, mouse, keyboard) it will be able to replace my ancient netbook as my work computer

Dont get your hopes up. Pine64 kept the cost of the device down in part by not going with a faster computer than they needed. It's good enough for simple things like SMS, but don't expect to get any serious work done on it. It probably will not perform better than your netbook, and certainly not better than your X60.

> That said, I'm also considering turning off the cell modem in the PinePhone and using it as a small tablet, and keeping one of the Androids for cell calls and texts. Since the cell modem is a proprietary black box by law, those comms are inherently compromised, and it seems a shame to have the nonfree cell modem software in the PinePhone running when I don't need to.

What is your threat model? For an average threat model, the attack vector allowed by using the modem is that your cell carrier can track your location and metadata for your phone calls and texts, and that your government can probably get that information from the carrier pretty easily if they want to (I'm not familiar with the laws in NZ, but in the US the govt doesn't even need a warrant to do this). This will be the same whether your use the Pinephone's modem or the Android device's modem. However, adding an Android device into adds an additional attack vector: now Google gets has all that information too, plus a little bit more, which an additional govt (USA) will have pretty easy access too.

Are any of your Android devices supported by any ungoogled Android ROMS? GrapheneOS is the best, but supports very few devices. That would make those devices a better option, more secure overall than the Pinephone, although in terms of location tracking, Pinephone has the advantage that you can use the hardware switch to disable the modem sometimes, so you can have a little more granularity in how you handle the privacy/convenience tradeoff of giving away your location in order to access cell towers.

Beko
Hors ligne
A rejoint: 08/31/2019

I've been thinking perhaps splurging on a really big SD card, then doing some of the things mentioned in Calher's thread like offline Wiki,Books,Music,TED talks etc.. whatever reasonably fits. Keeping the phone offline mode --generally-- and switching it on when I need to make calls, but this strategy might fail because people will not be able to reach me. I'm not too keen on this.

Geolocation + Call records + Internet history are the only attack vectors from the government I can see for an active SIM pinephone. I suppose VPN or tor use could mitigate the internet logging and DNS records kept. Since 3-point triangulation is how other phones communicate with yours I don't see any way of avoiding geolocation vector without burners. Call records could be mitigated by using an encrypted online-call system, all free of course.

About what you said on threat models, I realize that the Gov is inevitable because they not only have the resources but also they have the willpower and very many attack vectors including cell + internet companies but also google and apple and perhaps so many more, so preventing government tracking completely would be to go offline permanently. I don't wish to do this but I have been thinking of continuing to carry my iPhone without a sim, connecting to a wifi hotspot from the pinephone. Only for circumstances in which I would require non-free stuff. That way anything that the iPhone wants to communicate out-- can get caught in a firewall on the pinephone.

I'm also a pragmatist in that, if in a moment I need a working phone in haste, I would not hesitate to swap out the sim from the pinephone to donate to the iPhone or any iphone nearby really. I'm thinking in the event that it crashes.

Any suggestions? I already ordered one :)

strypey
Hors ligne
A rejoint: 05/14/2015

Chaosmonk:
> It's good enough for simple things like SMS, but don't expect to get any serious work done on it. It probably will not perform better than your netbook

I expect that it will perform much better than this netbook:
https://git.feneas.org/disintermedia/public-wiki/-/wikis/Bishop

Especially given all the physical aches and pains the poor thing has. The battery is down to 20% capacity (according to Trisquel), the mains power is loose and often falls out, the headphone socket no longer works reliably, and the WiFi becomes unreliable when the devices is used for longer than a few minutes at at time (I suspect due to heat). I maxed out the RAM to 2GB, but the Convergence edition of the PP has 3GB. I'd be very surprised if even the weakest modern processor isn't more powerful than a 32-bit 1.6 Ghz Atom, even a dual core.

> and certainly not better than your X60.

Maybe, but the X60 is in China behind a closed border, and I am in Aotearoa. So it was either the PinePhone or buying a used laptop for NZ$100-200, which I'll then have no use for when we return to China. For NZ$300 I get a mobile device I can use with peripherals, which is what I do with laptops when I have a stable studio space anyway.

> This will be the same whether your use the Pinephone's modem or the Android device's modem.

Yes, but the difference is that to use my SIM in the PP, I have to have its cell modem turned on. If I don't, I can leave it turned off, and that's one less piece of proprietary code in use on the device. The one bit that is protected by law from being reverse engineered and run with free code.

> However, adding an Android device into adds an additional attack vector: now Google gets has all that information too, plus a little bit more, which an additional govt (USA) will have pretty easy access too.

How does Goggle get any info from an Android device that has never had a Goggle account associated with it?

> Are any of your Android devices supported by any ungoogled Android ROMS?

It doesn't appear so, and since I have no experience with replacing the OS on an Android device, I've been unwilling to risk a hack that *might* work (and might brick the device). Once I have the PP, I expect I'll have two Android devices I no longer depend on (I can put my NZ SIM in my Chinese Oppo with my Chinese SIM if I have to), so I might try some experiments.

> That would make those devices a better option, more secure overall than the Pinephone

I've heard this claim a few times. I've never seen any reason to believe it. ELI5

> Pinephone has the advantage that you can use the hardware switch to disable the modem sometimes

I was initially excited by this, but it seems that with the initial models you have to take the back off the device to get at these switches, which makes them almost useless. I'm hanging out for future versions in which cameras will have a lense cover that users can manually slide clear when they want to use the cameras, and the mic, cell modem, WiFi, GPS, and Bluetooth, will also have hardware switches under an easily opened panel, on the outside of the device.

tonlee
Hors ligne
A rejoint: 09/08/2014

> GrapheneOS is the best, but supports very few devices

Does grapheneos not require non free
software to work? Only google
pixel phones can run grapheneos? I have looked
at the prices of used pixel phones and
they are astoundingly high.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> Does grapheneos not require non free
> software to work?

Like all cell phones that exist, it requires non-free firmware for hardware support.

> Only google
> pixel phones can run grapheneos?

GrapheneOS has security features that rely on hardware support. The Pixel phones may be the only ones that provide that support at this time.

> I have looked
> at the prices of used pixel phones and
> they are astoundingly high.

Yes, if your threat model does not require GrapheneOS's level of security, it is probably not worth the price. For most people, that level of security would probably be overkill.

tonlee
Hors ligne
A rejoint: 09/08/2014

> not worth the price. For most people, that level of security would probably be overkill

The google pixel 4a is 350usd in america. Slightly
more in europe. That is not an
expensive phone. The battery is not freely
accessible in the phone. Some say it is because
google wants to ensure you cannot turn
the phone
more off, than what google wants. If graphene had
a system ready same month, the pixel 4a
got on the market, then the pixel 4a would
be a viable option.
It may still be, because of calyx.
https://calyxos.org/get

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> Maybe, but the X60 is in China behind a closed border, and I am in Aotearoa.

Damn, that sucks.

> How does Goggle get any info from an Android device that has never had a Goggle account associated with it?

The OS.

> Yes, but the difference is that to use my SIM in the PP, I have to have its cell modem turned on. If I don't, I can leave it turned off, and that's one less piece of proprietary code in use on the device. The one bit that is protected by law from being reverse engineered and run with free code.

Why did you buy the Pinephone then? The point of it is to be a phone. It sounds like you should have bought a laptop. For $300 you could have a *way* better computer than you'll get by plugging your PP into peripherals. And if you're just using an Android device's modem instead of the Pinephone's modem you are no more private or free, probably less so.

> It doesn't appear so, and since I have no experience with replacing the OS on an Android device, I've been unwilling to risk a hack that *might* work (and might brick the device). Once I have the PP, I expect I'll have two Android devices I no longer depend on (I can put my NZ SIM in my Chinese Oppo with my Chinese SIM if I have to), so I might try some experiments.

Don't let Technoethical's prices fool you. Installing a custom ROM on an Android phone is very easy. You do need a compatible device though. Don't try installing an incompatible ROM.

> I've heard this claim a few times. I've never seen any reason to believe it. ELI5

Linux and much of GNU are C. C is not a memory-safe programming language, which means that things[1] can happen with memory that are not supposed to. For example, a program might use a chunk of memory and then stop using it, but those bytes are still there, and then a malicious program might access that same chunk of memory and use those bytes to do things.

Ideally programs would not be able to access each other's resources so that this would not happen, but Linux gives every process it runs the same permissions as the user that asks it to start the process, with no sandboxing in between them. This is why running things as root is very dangerous, but even running things as normal user is somewhat dangerous.

For servers, this can be addressed by creating per-application users, where each user only has permission to run its application. Security-critical server applications are often packaged this way. Even on a desktop system, if you look at "/etc/passwd" to see a list of users on your system, you will probably see a bunch of usernames that are not yours and that you didn't create. These are being used to run different processes in isolation.

However, users typically run desktop applications as themselves, so each application has permission to do anything that the user has permission to do. This is not secure, although since there are not very many people using GNU/Linux as a desktop system it is not a very popular target to attack (unlike GNU/Linux servers, which are very common and very popular to attack, hence isolation between processes being taken more seriously for server applications).

Android uses the same kernel as GNU/Linux, but is also used by many people and is popular to attack, and it has something called an "app store", which is kind of like a distro's repository, if your distro were a terrible cesspool of proprietary malware, so it implements isolation of applications be design. You know how you can go into Android's settings and give different applications permission to do certain things, like access certain files and or your camera or microphone? Have you ever wondered why Trisquel doesn't have something like that in its settings? It's because all applications run with the same permissions as the user that runs them, so they only way to prevent them from accessing something is to remove your own access (keep those files on another medium, put tape over your camera, etc).

There are some works in progress to implement sandboxing for desktop GNU/Linux. Flatpak and Snap have some basic sandboxing. Whonix appears to be working on something[2] that will make it easy to run desktop applications as separate users the way server applications often are. Guix has a very cool containers feature. But there isn't yet a user-friendly, secure, and adopted sandboxing mechanism for GNU/Linux like there is for Android.

Does that mean the Pinephone is bad? No, it is what it purports to be: an inexpensive, hackable phone capable of running GNU/Linux with the minimal amount of proprietary crap needed to have a decent smartphone (the modem, since modems have to be non-free, and WiFi, since the WiFi cards with free firmware would quickly drain a phone's battery). Unlike Purism, Pine64 has not claimed to be security-focused. Hopefully by the time mobile or desktop GNU/Linux acheives enough adoption to become a popular target to attack, sandboxing support will have improved. But if you yourself are a trying to protect against a sophisticated attacker, you probably want to go with GrapheneOS for mobile and something like Tails or Whonix for desktop. It all comes down to your threat model.

> I was initially excited by this, but it seems that with the initial models you have to take the back off the device to get at these switches, which makes them almost useless.

Yeah, that was my biggest disappointment with the PinePhone. I wouldn't say it's *useless*. The back comes off pretty easily, so say you needed to go do something important didn't want to be tracked you could take 20 seconds to disable the modem, but it would probably be too inconvenient to switch it on and off frequently.

> I'm hanging out for future versions in which cameras will have a lense cover that users can manually slide clear

That would be nice. I wonder how hard it would be to modify the back cover that way.

[1] https://en.wikipedia.org/wiki/Memory_safety#Types_of_memory_errors

[2] https://github.com/madaidan/sandbox-app-launcher

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

>> I'm hanging out for future versions in which cameras will have a lense cover that users can manually slide clear

> That would be nice. I wonder how hard it would be to modify the back cover that way.

Oh sorry, I misread what you wrote. I thought you were suggesting a sliding cover on the back panel in order to more easily access the kill switches.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

Recommended reading regarding the security issue: https://guix.gnu.org/en/blog/2017/running-system-services-in-containers/

I think with a graphical frontend, Guix could be our best shot at solving this issue in a way that doesn't empower a freedom-hostile ecosystem like Snap or Flatpak.

andyprough
Hors ligne
A rejoint: 02/12/2015

What about using firejail? How much sandboxing security does that gain me?

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> What about using firejail? How much sandboxing security does that gain me?

Sorry, I don't know enough about it. It's should be better than nothing, as long as the sense of security it gives you doesn't lead you to take risks you otherwise wouldn't.

Beko
Hors ligne
A rejoint: 08/31/2019

Thats like the answer that people give about holistic medicine... lol

GNUbahn
Hors ligne
A rejoint: 02/18/2016

Just want to confirm that chaosmonk's claim, that "installing a custom ROM on an Android phone is very easy." is true.

I have very little technical skills/knowledge and have done it several times. The first few times I did have to go a little back and forth in the process and instructions and occasionally an install fails. That said, it really is very easy. Go on with it!

strypey
Hors ligne
A rejoint: 05/14/2015

Chaosmonk:

> Why did you buy the Pinephone then? The point of it is to be a phone. It sounds like you should have bought a laptop.

1) A laptop cannot be used as a tablet or a phone. The PinePhone can.

2) I want to experiment with mobile GNU. I doubt I could do that on a $300 laptop.

3) I want to show the people around me that it's possible to have a modern mobile device without subjecting oneself to surveillance capitalists. It's likely I'm one of only a handful of people in Aotearoa who evens know about the PinePhone, let alone buys one at this early stage.

As for the GNU/Linux security issues you raise, these are entirely theoretical. I notice neither you, nor anyone who talks about them, ever references proven vulnerabilities, let alone real world use of them. Android on the other hand, as you say yourself in the same comment, is inherently pwned by Goggle, even without a Goggle account associated with it. This is a known and much more significant security risk, regardless of your threat model.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> (1)(2)(3)

Fair enough, those are are valid reasons.

> As for the GNU/Linux security issues you raise, these are entirely theoretical. I notice neither you, nor anyone who talks about them, ever references proven vulnerabilities, let alone real world use of them.

That's not true. They are commonplace, and people do talk about them specifically and in detail, in order to fix them. Take any class of memory-related vulnerability, like "use after free", and search for that phrase on the issue tracker of a large codebase written in a C family language. You'll find many examples. See:

https://bugzilla.kernel.org/buglist.cgi?no_redirect=0&quicksearch=use+after+free

and

https://bugzilla.mozilla.org/buglist.cgi?quicksearch=use+after+free

Interestingly, I recently learned that Alpine Linux (on which PmOS is based) actually does address this issue. From https://www.alpinelinux.org/about/:

"Alpine Linux was designed with security in mind. All userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and other vulnerabilities."

Alpine and PmOS are actually not examples of GNU/Linux or "mobile GNU" though. They are musl+busybox/Linux distributions.

Masaru Suzuqi -under review-
Hors ligne
A rejoint: 06/06/2018

> The one bit that is protected by law from being reverse engineered and run with free code.

Thinkpenguin sells this modem.

https://www.thinkpenguin.com/gnu-linux/usb-4g-lte-advanced-modem-gnulinux-tpe-usb4glte

Is not this modem proprietary?
If it is not a proprietary thing, can I replace the Pinephone's modem with this Sicnkpenguin's modem? But if it is not proprietary, why Pinephone uses the proprietary modem?

> I'm hanging out for future versions in which cameras will have a lense cover that users can manually slide clear

You can put a piece of tape or a sticker or something on the camera lenses. It seems to be pretty common in Serbia, but not in Japan though.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> Thinkpenguin sells this modem.

> https://www.thinkpenguin.com/gnu-linux/usb-4g-lte-advanced-modem-gnulinux-tpe-usb4glte

> Is not this modem proprietary?

There are two kinds of software used to support hardware devices: firmware and drivers. A driver runs on your operating system and controls the device. Firmware runs the device itself. Sometimes firmware needs to be provided by the operating system and loaded onto the device. For example, if you try to use most WiFi cards with Trisquel, they won't work because Trisquel doesn't have copies of the firmware for those cards. However, sometimes the firmware is already installed on the computer inside the device, so the operating system does not need to provide it. ThinkPenguin's modem works with Trisquel because the driver is free software, and the proprietary firmware is already on the device so Trisquel does not need to provide a copy of it. There is still proprietary firmware on the device, just not provided by Trisquel.

Masaru Suzuqi -under review-
Hors ligne
A rejoint: 06/06/2018

I might understand.

Thinkpenguin's claim.

> Never worry about support after an upgrade: There are no dependencies on proprietary drivers, NDISWrapper, or other OS-loaded binary blobs.

So there are no dependencies on those proprietary things, but the modem depends on proprietary firmware (or binary blobs?) inside of it?
If so, what are the merits of the modem?
Can I call with this X200 and Trisquel if I install the modem?

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> So there are no dependencies on those proprietary things, but the modem depends on proprietary firmware (or binary blobs?) inside of it?

Yes, notice that they say there there are no "OS-loaded binary blobs" not that there are no binary blobs at all. This is often the case with hardware peripherals like monitors too. Any device that has software running on it either comes with that software, or has that software provided by the OS.

> If so, what are the merits of the modem?

I don't know enough about what kinds of modems are available, so I don't know if this one is anything special or not. It should work with Trisquel.

> Can I call with this X200 and Trisquel if I install the modem?

I think the way it would normally be used is to use cell towers for Internet access on a laptop, not necessarily to make calls. It should be possible to make calls though, with the right software. I'm not sure what that would be though. There is a package called "modem-manager-gui" that might be useful.

Note that if you use one of these modems, it will allow your cell carrier to track you just like a cell phone modem.

Masaru Suzuqi -under review-
Hors ligne
A rejoint: 06/06/2018

I see. Thank you.
So I am going to use the iPhone for a while until I save money. I want a satellite phone. However, we will remodel the phone case so that the battery pack can be easily detached, ideally within 10 seconds. This is one of the iPhone's biggest drawbacks. Compared to this, the problem of the kill switches of Pinephone would be something like giving a kite an eggplant.