[rektide]

Until the world sees an Android device get a kernel upgrade, imo, Android is a cruel cruel cruel joke, ecocide-al insanity.

The world can not afford to let high tech devices rot away like they do.

I too am excited to see something done. Abstracting over the entire kernel is a helluva Extend-Embrace-Extinguish policy, but at least some updates will come. I remain doubtful that we'll see kernel upgrades though. Even though the whole device driver architecture is now abstracted from the kernel, now offered by Treble, I still expect there'll be a lot of compliance cold-feet & general-low-ambitions to support less-than-current devices.

The whole idea of kicking out a pervasively connected communications device that has a hard wall for how supported it will be, that no one else can help maintain, is just corrupt & vile. It's sad to see such mal-use of Linux.

Post script: I don't blame Google per-se for this all. Trying to applicationize a computing device, turn it from a general purpose system where thing can go wrong into a product that works reliably & can be let onto cellular networks is a difficult challenge, and against the grain of the highly hierarchical systems of power that have flowed in the world. None the less, it is sad to see an un-upgradeable Linux where owners can't get root, their apps will lock them out if they do (Android SafetyNet), where bootloaders are usually locked, and where driver support is only for OEMs. It rather makes me think of the other dominating factor in computing, the de-generalization/specialization of computing as it effervesces into the cloud, an unfortunate juggernaut of a trend I wrote about earlier today[1].

[1] https://news.ycombinator.com/item?id=26238376

[177tcca]

How do we compromise the e-waste with the fact that a Pixel and Pixel 2 already have, comparatively speaking, insecure hardware to the latest secure phones?

[rektide]

There is improved physical security, but I'm not aware of any hardware errata out there that would make the a Pixel or other internet-communicator insecure to use as an internet device. If you can upgrade the kernel, you can get modern defenses against timing attacks (which mainly but not exclusively have appeared in x86 archs), &c.

[177tcca]

There's no upstream firmware being patched by Google. The phone is effectively unpatched once the hardware manufacturer gives up on maintaining its security.

This is a fundamental misunderstanding for, I'd guess, well over half of the custom ROM/custom phone OS community. ie: Lineage is customizable, and helps certain activity be more private - but it shatters security.

[rektide]

Again I'd love to see some details, some CVE's, for what issues the hardware has. The computer itself is general purpose enough that I'm not afraid. The cellular stack is a shitshow though! Totally unsupportable garbage, as you say, beholden entirely to a bunch of dodgy punks with no incentive to keep the world running.

Which is very much why it's exciting to see Pine64 working on getting Linux running on the PinePhone modem[1]. Because this shit is bogus, 100% bogus full of shit crap. The firmware is all for the most part software, rebadged as firmware because none of us get the privilege of working with it or seeing it.

I still would like some evidence that any firmware on the Pixel or Pixel 2 is actually problematic. That the computer itself is at risk. Perhaps there are some DMA engines onboard that can not be locked down, that peripherals unfortunately just had too much unmediated access. I'd like to see some shred of evidence that insecure peripherals are a real threat to the general main computer though, before I agree that we can just start throwing these devices out.

[1] https://twitter.com/thepine64/status/1346582145557524488