Oddbean

I want to come back around to GrapheneOS and Google Pixel phones. I'm sure some people think I was saying that "GrapheneOS was suss"... If you go back to my note, (linked below) I didn't say that. Read this note to understand what I was actually thinking, expressed more clearly. I understand why GrapheneOS uses those phones. They are head and shoulders more open and more secure than any other phone out there. No reason to get into the details, I concede this point. What I don't understand is why Google makes a phone that is so secure and so open, but that doesn't complete well in the marketplace. Or rather, it's not that I don't understand it, I might very well understand it. I question it. Google was founded to build the best technology and get the most users, just like any other company, but with assistance from and to the US government they become a spyware company. They leveraged that capability to dominate the advertising business. Their modus operandi has been to create the best stuff, lure people to use it (google search, gmail, android, etc) and then surveil these customers and leverage that data for profit (at a minimum) or on behalf of "the blob" in Washington (at worst). My hypothesis is that google creates this best-phone-for-security best-phone-for-alternative-operating-systems as a means of luring security-minded people (high value targets) to their hardware. Of course this is not something the GrapheneOS people would be aware of. But they would inadvertently be a honey trap, useful stooges in a sense. I don't think GrapheneOS is suss... but I find the situation in totality to be a bit suspicious. This is just a hypothesis. If India or China (or another country that is clearly not too Western-aligned) produces a phone that is just as open and just as secure, I would strongly welcome that. I'm sure the GrapheneOS team would (if they have the manpower to do it) build for that phone too. And that is what I wish to call for. Until then, I just updated to the Google Pixel 8 with GrapheneOS and maybe I have privacy, maybe I don't (doesn't really matter too much to me, but I prefer it and I like to push back wherever I can because we ought to have it). As for non-Android phones, I just spent far too much time considering those options. They are still far far behind in usability, and I can't recommend any. Prior thread: nostr:nevent1qqsqg4vc860mnve4mkqzn5a9887q9cmj0tes6h4xevjhus32ane67ycpypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7wgmz87

Awesome to hear you want to come back around to GrapheneOS. At this point I can't imagine using any other mobile OS. QubesOS on desktop, GrapheneOS on mobile. The privacy and security benefits are too numerous. Nothing really comes close. Creating a private and secure mobile OS as usable as GrapheneOS was a near impossible task, and they did it, and they keep doing it.

@Mike Dilger In 2022 Graphene OS went as far as to announce their collaboration with a hardware vendor to have their own devices produced but in the end it fell through. As far as I understand the idea of a GrapheneOS phone is still on the table if they find the right manufacturer and agreement. @final [GrapheneOS] 📱👁️‍🗨️ am I correct in this understanding? Is the idea of a GrapheneOS phone still something GOS is considering? https://i.nostr.build/O49KA.jpg

Always has been. It's just it never goes well so far because the OEMs always want gimmicks, implement security features improperly or don't want to at all to cut the cost. Having less security than the baseline in our documentation is unacceptable to us. If we supported devices that are less or improperly secured then it ends up with us being the blamed party for these devices rather than the OEM who slacked off. People would then say it's the fault of GrapheneOS as a whole when the secure devices don't get affected by such problems. Supporting existing devices is also on the cards but OEMs don't play fair, like Samsung crippling security features and even cameras permanently. I am personally not the type to have the law step in on things like this, but I totally think there should be some litigation about this.

💯 that's more than BS on Samsung's part. There should absolutely be litigation. It's definitely not acceptable to sacrifice security just for the sake of not using Pixels until the right OEM comes along. Good on GOS for refusing to do so. Thanks for the reply :)

IMHO far too early. RISC-V processors aren't competitive yet. I suspect it is like this: 1. RISC-V instructions are simple and have short decode paths, meaning clock cycles could be faster, but 2. Higher frequency clocks create hard to deal with electromagnetical effects, so they can't do that 3. Instead they get low power, which is good for the phone, but not if the CPU is too slow. 4. They also can scale up to lots of cores 5. SiFive has done a lot of multi-issue out-of-order work to optimize their chips, but still not competitive for phones I think, and that kind of thing might lead to Spectre-like bugs. There probably will need to be some kind of hybrid.

+10 years or so for software optimizations to catch up to the new arch. The amount of work done on both the software side and the hardware side to make these things performant and power efficient is insane.

I don't have the technical knowledge about it as you apparently have. But it seems promising seeing that there are a few SBC in the market already working. There's also the pinetab 2 which is a quad-core @1,5Ghz. Not superfast, but yes lacking a lot of software support yet. Also the Linux phones running on arm lack a lot of battery optimization, but it's very interesting how fast some problems were solved like standardization of OS images by using tow-boot. A problem android wasn't able to solve in more than a decade.

I hadn't seen tow-boot. Was familiar with u-boot though. This is interesting: https://wiki.pine64.org/wiki/PineTab-V I have a SiFive HiFive Unmatched running ubuntu. I tried to write low-level code to do what u-boot should do on that hardware (wind up the PLLs, flip some switches, etc, the stuff the HW manual says must be done at power on) and then print something to the screen. But it just printed garbage to the screen and I never figured out why my code wasn't working... and then I discovered nostr and my life changed.

I have one. I waited FOREVER as it was delayed for a long time. Eventually I got it and was disappointed. It's wi-fi connection is seriously weak and flakey. It runs hot when totally idle, and the battery burns dead in a few hours (again even when totally idle). On top of that, as I mentioned in my post, non-Android phone operating systems are way way behind in usability. Even if I just wanted to use the librem5 for an occasional second linux terminal, it wasn't working. I put it away somewhere and won't bother. In fact... maybe I'll ship it to you?

In every other hardware and low-level software security project I know of, the community is trying to de-blob. u-boot, libreboot, etc. Open source firmware. Open source drivers, etc. In phones, we still have blobs. Lots of them. And on google pixel phones, not only do we have lots of blobs we cannot see inside of in software, we also have hardware from a manufacturer that I don't trust, increasing the 'blob' risk. The reason that there are still so many closed source blobs in the moble space is probably because the mobile space is highly competitive and a lot of innovation is occuring, and companies are protecting their IP. But consider that some company might have a product ranked #3 or #4. That IP is NGMI and they could rescue it by opening it up. We security-minded privacy-minded people don't need the absolute top performance, but we do need openness and visibility. Right now we are stuck with old terrible performance poorly documented hardware (iMX, etc, or whatever they chose for Purism Librem 5, which sucks balls). I think this will eventually happen, and I look forward to it.

The simplest way to look at is by considering the incentives. No phone right now is competing with the iPhone because that brand is just too powerful. So offering the market something else makes sense. You want to be unique and stand out. It seems like the pixel does that very well. Also, remember that Google isn’t perfect. They’ve had a lot of horrible business decisions and projects that failed. Remember the Google glasses.

Maybe it is just that. Still, I don't like trusting things. I like to verify. And I can't. Being a skeptic I'm going to have the other hypothesis. I went to The Plaza today (the mall in Palmerston North) and tried to get a case for my Google Pixel 8. There are no less than 3 (I think actually 5) shops in the mall that pretty much only sell cases ... or maybe do phone repairs too, or also have stickers and glitter, or whatever but mostly they sell mobile phone cases. None of them had any cases for this phone. None of the major phone providers (Spark, 2degrees, One) sell the Google Pixel phones.. Only Spark says they can support it on the air, the other ones do not list it as a supported phone on their network. I had to buy it online. Is it just NZ where this phone is rare? I get the impression that it's not a common phone anywhere. Checking online, they have 4.6% of the US market, far more than the NZ market, but I guess that is up from 3.6% two years ago.

That’s pretty surprising I thought there would be more users. They have ads for their phone in the nba playoffs this year. So they’re trying to push it out and maybe we will see more people with it in the future. I think the most useful statistic is to compare the pixel market to other Android devices. How many more people are using Samsung instead of pixel

Compared to Samsung, Google spends little promoting Pixel phones. Plus, at least in the US, people still buy most of their phones through carriers. Google needs to push and incentivize them to sell their phones. If Google doesn’t push hard to sell the phones, why would case makers and sellers stock them?

They are only officially sold in a handful of countries and in NZ you're paying a premium for it compared to people in Australia or the US. Plus I think the only reputable vendor for it here is Mighty Ape and they got sold to a Chinese company although I'm not sure if it's affected their level of service... The German company #Volla has decent spec phones with community support for #UbuntuTouch.