[causi]

I hate when a law or legal decision is aimed 45 degrees off like this. Letting manufacturers bundle their fucked-up version of Android is a bad thing. What we need is mandatory unlockable bootloaders so the users can load whatever they want on their devices.

[karteum]

What we need is control on the bootloader, with the ability to unlock, load our own keys, and relock.

We also need to clean-up the mess with all those "partitions" (some of them with critical informations e.g. calibration, IMEI, etc) so that only one partition would have all those static information (reasonably protected against overwrite, e.g. colocated with bootloader and device-tree). We should be able to re-partition the storage (like we do on PC) without bricking the device...

[grishka]

Google phones allow re-locking the bootloader with your own key, except it still results in a warning during boot, and there's no way you're passing SafetyNet with this, at least not without hacks like Magisk. Also even when you unlock the bootloader, the TrustZone OS, which runs with hypervisor permissions and manages all the exciting things like DRM and SafetyNet itself, is still off limits for you.

[sangnoir]

> Google phones allow re-locking the bootloader with your own key, except it still results in a warning during boot

The warning is a great thing for security: I'd appreciate it if my phone showed me that warning after I've surrendered it to the border control agent (alternatively, a sketchy repair shop), or bought it pre-owned, or if I "lost" it and gets returned to me.

[grishka]

Let's start with the fact that unlocking the bootloader wipes the entire /data partition to prevent this exact scenario from happening.

[sangnoir]

That'a a great point, and you're correct on the impracticality of the evil-maid attack. However, my point remains when it comes to less-than-honest repair shops or second-hand sales where wiped devices are not suspicious. I want to know if my bootloader/kernel may have been tampered with before I am able to trust the apps.

[feikname]

I wish I could have thought of that argument on a previous discussion about iPhone/ iPad jailbreak discussion thread

[mschuster91]

There is a fix for SafetyNet - it forces the client-side library to assume that there is no hardware co-processor.

[grishka]

It's bound to break in the future. Google will stop, if didn't already, certifying devices that lack the TEE.

The issue I'm pointing out is that this device integrity thing exists at all, and that Google ends up having more control over the device and its capabilities than its legitimate owner.

[HelixEndeavor]

While this all sounds great, I don't imagine legal regulation on how a device is partitioned would go as well as you think...

[fsflover]

Librem 5 has its modem on a detachable M.2 card, sounds like what you describe.

[snarf21]

I know that a lot of us more tech inclined want this freedom. But grandma is never running toolchain on a computer to install custom software. What 99% of people want is cheap/free and they will give up privacy to get it. I see this as SK giving its citizens what they say they want. I wish that wasn't the case but it seems like that is the world we live in.

[pessimizer]

> I know that a lot of us more tech inclined want this freedom. But grandma is never running toolchain on a computer to install custom software

This is thought-terminating nonsense, constantly repeated. What my grandma wants is for me to pick what's best for her and install it. What she doesn't want is Google (or Samsung for that matter) keeping her grandson from doing what he thinks she'll like best.

edit: and to be clear, that's what all of my computer-illiterate family members want, although not all of them from me (there are other grandchildren, uncles, etc.). The radical idea that people would rather have decisions made by the people that they love and trust rather than companies that actively and constantly prey upon them should be accepted without question.

[kijin]

Ordinary citizens don't really care. This is SK giving Samsung what they want: an Android-fork OS for their smartwatches and other gadgets where the app store can be controlled by Samsung, not Google.

[turtlebits]

I think the issue is Google blocking customizations if they want the Google Play store on the device.

I don't think there is anything stopping Samsung from using AOSP.

[ocdtrekkie]

You are incorrect. Google's AFA is viral in nature. Daring to ship a non-Google Android will cancel your ability to ship any devices with Google Play.

[fsflover]

> unlockable bootloaders so the users can load whatever they want

Here you go: https://puri.sm/products/librem-5.

[HelixEndeavor]

We shouldn't have to sacrifice performance, quality, and reasonable price points in order to have the basic things we've had in the desktop world for decades.

[hdjjhhvvhga]

We've only had them for historical reasons. If any of the big manufacturers had the option to invent a "personal computer" now, I'm 100% sure running arbitrary code wouldn't make it to the feature list.

[horsawlarway]

Honestly - I don't think it's just the big manufacturers.

If HTML was invented in the current climate, I'm damn well convinced a simple <a href={external domain}> would be shot down for "security" reasons.

We're seeing a real breakdown into walled ecosystems. My opinion is that most of the steps that direction are well-intentioned (Safety, Security, Consistency, etc). The end result is fucking hell, though, where the ecosystem owner profits massively and unfairly compared to all other entities.

[dleslie]

That's how IBM built the PC, loosely. They didn't imagine a market where there would be third party expansion cards, and they believed that users should come to them, and their partners, for software.

Compaq blew that wide open, much to IBM corporate's dismay and IBM legal's glee.

[pjmlp]

That was an IBM mistake, they never intended to happen like that.

[causi]

Give me a Librem 5 with an SoC that isn't hot garbage and I'd buy it immediately.

[p_j_w]

People already complain about the price of that thing. Include a better SoC and it's going to get more expensive.

[causi]

The BoM cost of the i.MX 8M Quad in the Librem 5 is $35.49. The BoM cost of the Snapdragon 865+, when it was brand new, was $57. That $22 price difference brings a 700% performance increase.

[fsflover]

Will mainline Linux work on Snapdragon 865+?

[fsflover]

Do you mean that it heats up too much? I don't think this is accurate after latest updates. Also, suspend is not implemented yet. It will greatly increase the battery life and make it colder.

[brendoelfrendo]

"Hot garbage," in this case, is just a colloquialism that means "it stinks." Garbage smells; hot garbage smells worse. They're not literally referring to heat or temperature.

[fsflover]

It's the most modern SoC that supports mainline Linux with FLOSS drivers.

[gjsman-1000]

There will still need to be the option for a locked boot loader though.

If I’m Snowden, knowing my boot loader could be unlocked and a key logger side loaded isn’t reassuring.

[Youden]

Ironically, Google's own Pixel devices are basically the only ones on the market that allow locking the bootloader with your own key [0]. They even follow the recommended bootflow [1], displaying a warning screen with the hash of the installed ROM when you boot the phone.

[0]: https://android.googlesource.com/platform/external/avb/+/mas...

[1]: https://android.googlesource.com/platform/external/avb/+/mas...

[jefftk]

Why is this ironic?

[rav3ndust]

Probably because it effectively means that Google’s own devices are the simplest to “deGoogle.”

[causi]

I'm not aware of any manufacturer who allows bootloader unlocking without also displaying a warning screen every time the phone boots up.

Example: https://www.thecustomdroid.com/wp-content/uploads/2019/06/Ho...

[piaste]

My current phone (Xiaomi POCO F2 Pro) only displays a faint lock/unlock icon above the logo while booting. Easy to miss.

But that's not really important, because unlocking the bootloader factory resets the device on every Android phone that I know of. AFAIK it's not possible to unlock a bootloader without the owner's knowledge.

[causi]

Even if it's easy to miss, a person like Snowden would be looking out for it.

[craftinator]

No, locked bootloader's are the stuff of nightmares. Much rather be able to scratch all memory on the device and reinstall.

Perhaps what I mean is "locked bootloaders at POS". Selling them locked should be illegal, but locking them yourself with your own key should be trivial.

[iszomer]

How about splitting the difference like locking the bootloader at point of sale with guaranteed period for updates? After the period has lapsed, allow users to unlock the bootloader to extend with custom software upgrades or, a subscription base to continue with original POS policy.

This weirdly intersects for the Right to Repair movement, or for consumers whom would rather be conservative on new device purchases and software licenses.

[HelixEndeavor]

Reminds me of the idea I've been thinking about - kind of unrelated - but once a device is officially no longer supported by a company - particularly consoles and online games - they should make the source code available so people can continue from there on their own.

[ziml77]

I've thought about that before too. As soon as something is no longer actively supported, it should become open for people to maintain themselves. Unfortunately, there's a lot of companies that would fight that with as much money as it takes, so it would never happen (at least not in the US)

[HelixEndeavor]

It actively goes against their profit interests. If they deprecate the older devices and leave them as black boxes, that's another way to push consumers to buying the new stuff.

Something like this would have to be done with regulation.

Shares some similarities with the gradual corruption of copyright over the years, extending it out into infinity (thanks Disney!), companies would rather hold close the things they refuse to use than give them to the people once they have no more profit to be made off of them.

[6510]

I would like to see a graph of average second hand prices of different abandoned products over time. Mark the interesting points like apple not supporting the next version of the OS or blocking app downloads. Perhaps an income estimate of the average user at the interesting points could also be included and/or sales figures of still supported versions.

[mschuster91]

Ideally, companies should be forced to deposit everything needed for manufacturing a product - 3D designs, software toolchains, PCBs, BOMs, service tooling - at the national archives to be held in trust.

Once the manufacturer ceases supporting a product, everything becomes open source.

[HelixEndeavor]

This is kind of solved by Right to Repair legislation. It would prevent companies from making exclusivity deals and force them to allow this stuff to be sold to the public - not that they have to sell it themselves, but their partners would be free to.

I don't know if putting the government in charge of maintaining all of that would be the best idea.

[hef19898]

Fun fact, CalyxOs managed to lock the bootloader on my Pixel 2... Found out after trying to get stock android back on it. Now I am all set with CalyxOs, so I don't care. I do get an error message that my device is loading a different OS. Not sure how I can get rid of that...

[kop316]

In all fairness, a locked bootloader won't help against exploits in the OS: https://news.ycombinator.com/item?id=28516095

If I'm Snowden, I would be far more concerned about that.

[2Gkashmiri]

If such snowden like person wants to use such a device, wouldn't he be able to change to lineage os or whatever knowing full well he is now the master of the device or is there malware that persists still ?

[yoavm]

Someone could flash a hacked version of lineage when you're not looking.

[2Gkashmiri]

that is on you