I kind of regret not buying one of these instead of a Pixel 7 but, unfortunately, I'm pretty tethered to the Android ecosystem at the moment.
The FP6 doesn't seem there yet [1], but the FP5 is close! [2]
The FP5 is a comfortable device. With call support completely figured out, Mobile Linux would probably be enjoyable on it.
[1] https://wiki.postmarketos.org/wiki/Fairphone_(Gen._6)_(fairp...
[2] https://wiki.postmarketos.org/wiki/Fairphone_5_(fairphone-fp...
So if you come out with a typical android phone, you have to do X amount of work yourself and some Y amount you can just buy.
If you are doing something like a PinePhone, there's a multiplier on the X of work you have to do yourself ... a significant multiplier and that's the problem.
That's why if you have a something like a Pine phone that has the sales of say something like this: https://www.bluproducts.com/android-phones/ you're going to bleed money - you won't survive - it's too much of a lift.
That's also why almost all phones (that are financially viable) look and feel almost the same.
But because the banks that require this are cargo culting some nonsense, they require iOS or Google Android but don't really care how old the phone is. Which means you can transfer your cellular plan to the phone you actually want to use and then just keep your existing phone indefinitely to run the bank app over WiFi or tethering.
The first is that your phone is not compromised. In this case there is no other app trying to steal your bank's authentication token. This is true regardless of which OS you use or whether you have magisk installed or what other code you put on your phone that isn't trying to steal your bank's authentication token.
The second is that your phone is compromised. Then what prevents the device from capturing your bank credentials is the same as if you use a compromised phone running Google Android: Nothing. If you enter your bank credentials into a compromised phone, the attacker gets them. Attestation can't prevent this because the phone is compromised, so the login screen isn't from a bank app that requires attestation, it's from a scam app which is exfiltrating your credentials.
This is far from the truth assuming by compromised you mean that the user has installed a malicous app. Android has proper sandboxing which means that other apps can't read the token owned by the bank app. This is part of the Android security model and attestation is evidence that the Android security model is being enforced. Phishing apps are different from an app that steals existing authentication tokens on the device.
Of course attestation does nothing to improve the "single compromised app" case since (assuming Android) that goes nowhere either way. The only thing attestation does is meddle in end user affairs.
The scenario is the phone isn't compromised. Having root means you, or an app you run can bypass the security protecting the authentication token.
By "not compromised" GP clearly meant a scenario where no malicious apps were present.
I agree that's a serious omission. I responded to your scenario (a nonzero number of malicious apps) in my earlier comment. Any Android device will defend against that regardless of the presence of attestation.
Any non-android device can still use online banking and thus attestation doesn't appear to accomplish anything legitimate. Building out proper support for hardware tokens would provide superior security in approximately all cases.
The specific "root on android" scenario isn't generally a concern. Typical implementations require explicitly granting the capability to a given app. A malicious app can't gain it without fooling the user, at which point it could more easily phish the credentials and possibly even proxy an entire session.
Let's consider this alternative as well:
Scenario 1: Device has no malicious code at all; same as scenario 1 before.
Scenario 2: Device has a malicious app but the malicious app doesn't have root and the OS (regardless of whether it's Android or something else) enforces proper sandboxing. The malicious app can't extract the bank authentication token regardless of attestation.
Scenario 3: Device is fully compromised; malicious code has root. Same as before, if you enter your credentials into this device the attacker gets them.
The problem is that the only useful thing for attestation to do is to distinguish between 1 or 2 vs. 3, but that's the thing it can't do because if the malicious code is privileged it can replace the bank app with one that exfiltrates the credentials without requiring attestation, so the only cases where attestation is happening are the ones where it isn't needed.
IDK about your country, but it's also common for banks to require supplying a token from the phone's banking app in order to login via the browser.
Here the majority continue to use SMS based 2FA rather than supporting TOTP or hardware tokens.
Note that TOTP can be handled by any app of the user's choosing, doesn't facilitate attestation or any other user hostile practices, and in practice means that an attack requires physical theft of the device. While the theory might differ, in practice the effective security level is equivalent to other (objectionable) schemes.
I would like to see some other company take a real swing at this product space but with a less strict approach around the hardcore open-everything ideals. They’re good in theory, but in practice people want a phone that works and you have to get to that stage first.
I played with one for a bit but then mobian trixie updates bricked it twice and I gave up. Only wanted it to be on par with my old iPhone 6s, but it never achieved that.
Star labs makes a great Linux tablet, the starlite, so it is near possible to make a decent floss phone these days.
For quite a while I used an iPad+NUC, which was perfect and I loved it, except it could only really run terminal programs (via ssh) or iOS programs nicely. VNC kinda works but not well.
Eventually I switched to a folding convertible laptop, but it is a significant downgrade in terms of form-factor. Nice to know that exists, hopefully they’ll stick around until I’m ready to turn this thing into e-waste…
On the go a Framework 13 is fantastic, tall screen, light and powerful. Only waiting on coreboot and ECC RAM.
But I think most folks interested enough in the concept are also rich enough to afford a phone and a laptop, and if you want a keyboard for your phone you might as well just use a laptop.
I still think conceptually it's the right direction for tech that our devices should be so flexible, but it's hard enough in practice that it's not generally done.
Earlier this year, I was actually tried to replace my bulky 16" MBP with a Pixel 9 for work. Android's desktop mode just wasn't there.. Maybe I will try it again next year...
All I really need was a browser and a drop down terminal anyway.
It wasn't "discontinued," no one was working on it for years, and it was pointless to purchase.
The PinePhone is an outdated ripoff.
What that work was not is 'paid for by PINE64'. It's also not been enough to raise the bar enough to make the phone work well enough; but if you consider what's involved there, it makes sense.
You don't just need to write/fix a driver, you need upstream (or at least a distribution) to accept it and include it for that work to make a meaningful difference for anyone else.
If it was being made and sold and now it's not, then it was discontinued. You may point out reasons why it was discontinued, but that is in fact what happened.
I know it's a niche product, but I'd love a pocket sized Debian device with cellular, decent standby time, and a physical keyboard. Anything out there I should look in to? I've tried to make various GPD devices work, but they are too big, and the standby time isn't great.
yes they're called netbooks and x86 tablets but you may need a time machine back to 2015 to get one.
GPD has a bunch, they are not exactly cheap though https://gpd.hk/product
But the idea was netbooks were the bottom end of the market and this other class were the same form factor but at the top end of the market.
[1] https://blog.danieljanus.pl/2022/08/18/i-love-my-gpd-micro-p...
The NetBook market was such a good one. It really is a pity the Microsoft killed off the spirit of it, and then Apple convinced everyone that pretty and expensive things without keyboards are nicer than cheap and practical things.
I do miss EeePCs. The death of the netbook was probably the biggest blow for desktop Linux becoming mainstream.
The economies of scale (and compactness!) in mainstream smartphones are very hard to match, and they tend to have superior power management.
Do heavy lifting by logging into a remote server for best battery life and compute power.
I still miss it. Wonderful little phone, physical keyboard, Linux, perfect (almost).
they designed an elaborate process which theoretically guarantees that your phone was not tampered with at the factory or in transport. it was sort of a reaction to Bloomberg's "The Big Hack" article, which claimed Apple devices were compromised en masse at the factory in China by state actors (and the story was later retracted due to lack of evidence).
i do think it's a cool effort, even if the threat is only hypothetical. but it's a lot to pay unless you're operating under an extreme threat model.
I waited a long time and occasionally checked to see if anything had changed, but it was clear that Pine64 had again taken the approach of "build it and they will come" hoping for other people to clean up the mess and make the phone usable. And to be fair, they were up front about this, to some degree, but they built it and nobody really came. The truth is it's just too damn hard for random people to fix all of the software issues on a device like this, especially when it's basically not usable as a daily driver yet. Working on a device like this is a full-time job, and you can't really replace that full-time job with 20 hobbyist weekends stacked in a trenchcoat. I did realize this when I bought one, with full intent to be one of those hobbyists spending weekends on it, but at least to me, it was simply too broken.
So I think the PinePhone experiment is a failure. Then there's the Librem 5, which I presume is at least more stable and usable, but it's at a price that is less easy to stomach.
I think until the software is ready and a market is proven, the best route for Linux phones is going to be by taking Android phone parts and trying to make it run regular Linux, a la libhybris. It may not really work out either, but it does seem like it is a path of significantly less resistance, where the software can be worked on with solid hardware and hopefully solid enough drivers to build on.
There are some folks working on this angle, too. The latest I've seen is the Liberux NEXX, no idea how it's going, not affiliated in any way.
> and hopefully solid enough drivers to build on.
This is the crux of the problem with this approach. That the drivers would remain closed-source. AFAIK, the Pinephones and Librem are the only ones with open-source drivers.
I think they're the ones that contributed the most. They've provided the most open-source phone out there at the lowest price out there. The only other equivalent option is the Librem 5 at $800, double the price.
They didn't contribute much/any software, but they contributed the most accessible, viable hardware to make an open source linux phone.
My own opinion, I bought a Toshiba Libretto CT50 and the keyboard is really cool but also so small/hard to use.
The only use-case I can think for the Pinephone keyboard is if for some reason you want a physical keyboard to use while walking.
It's obvious: These keyboards are, or should be, primarily made for mobile people, so high quality and tray or coffee table compatibility are a must. The Psion 5-series keyboards are ideal for this as long as you don't fuck with the formula.
a benefit of the keyboard case is the battery it has that extends the phone's battery, which is nice, but it's an odd setup too. the charge controller on it was originally designed for a power bank and seems like a bit of a crude solution that's lead to multiple issues, like how you could damage the phone having it plugged into USB while the keyboard case is connected. it's slow to charge too, often it can't even keep up with the phone during use.
They say they continue production on the PP for 2 more years, so hopefully I'll have a bit more than 'Hello, world' by then.
But buy a serial debug cable and SD card extension if you decide to have a play with one, huge time savers! I only just got mine and it has speeded up things no end.
It’s a bit puzzling because there’s Chinese companies like Retroid and AYN pumping out Snapdragon 8 Gen 2/3 handheld gaming devices that the community has ported Linux to, with working graphics acceleration and everything. I doubt these companies are using fully bespoke mainboards, because most of their components are borrowed from existing smartphones. Seems like some company could stick one of these Snapdragon boards into a phone chassis and have a reasonably compelling Linux phone.
There is no path from "I made a cellular phone" to "I can place calls" that doesn't involve tens of millions of dollars paid to the gatekeeping cellular carriers.
Without the equivalent of Carterfone for cellular, this will never change.
It was on my list of devices that would have been fun to hack on, but not at that price.
You can still get the pinephone at the original price from the original store
Interesting! Well, there's a hint at your market.
That pile of garbage had crazy critical hardware faults they never fixed.
1. If the battery is discharged, then in order to recharge it, you have to take out the microsd and sim cards, press an SMT button, and plug in with battery.
2. If you bought the keyboard/battery, and you plug in USB on the phone, you fry the keyboard/battery. Shit burns up, haha screw you.
And if you say anything, you the user are at fault. You didn't read, or follow their discord, or whatever, because it is 'Your Fault' ™.
Pine's primary game here has been to paracitize off of FLOSS folks, pump out incompetent and/or broken hardware, and summarily blame FLOSS for their not-working. At minimum, they should be funding the projects they want to build on/paracitize. But they do none of the sort.
We would be better if Pine died as a company. Then they wouldn't be sucking the oxygen out of the FLOSS arena, and might get more respectable orgs here.
Anbernic has the same issue with the RG35XX series. If the battery reaches 0, you may need to pull it out just to get the charging to work. And if you accidentally connect the wrong kind of usb-c charger, it won't charge, so you may have it plugged into the wall for days and come back to it being dead and needing battery surgery.
Great devices for hacking because they are cheap though — cannot understand why an expensive phone would have that problem too.
Because the more I read about Pinephone, the more it seems like a grift.
You can buy eMMC cards that fit on the board. Their documents say you can boot from them. Like 10x performance of a mSD card and less wear-out.
I use a USB device to make the drive mountable from a Linux box, and copy the firmware as prescribed. I then unmount and load in the A64, and.... NOTHING.
Supposedly there's a uboot command that maybe enables it. Or maybe its autodetect. Or maybe (5 other ideas, that all fail).
I returned that shit too because they make claims that it works these official ways, and it never does.
Pine is a parasite. Always has been, but they make-pretend that they're some great FLOSS company.
Yes, we should be happy to have less options.../s
Worse yet, they screamed at users to lean on the community (read: unpaid FLOSS as support). They refused to provide even baseband images to do the things they were selling, like Pinephone Pro as as, you know, a phone.
At one point, I thought they were just an upstart trying to get off the ground. But in reality, its a complete grift that ends up taking community resources and nothing to show for it.
I preordered the Pinebook, it was never really awesome but it was neat, I accidentally broke the screen and was never able to get a replacement (at least from the store - they were always sold out.) Turned into ewaste.
PinePhone Pro wasn't too good either, I really tried but had lots of flaky issues with basic phone functionality, eventually gave it away to a friend. It's collecting dust for sure and will eventually be more ewaste.
There isn’t a lot of motivation for the community to sort out the software for them when the products aren’t attractive enough to build a community around.
I wish they would narrow their focus, shift some resources into software development, and produce at least one very good product. As it stands, the Pine brand has become associated with buyer beware.
Just a terribly run company. I'm sure it's better if you're buying bulk boards from them but after my experience I wouldn't work with them again.
As I understand, customs (in your country) will typically check what's being imported, to verify the invoice is true for correct taxation, and also to check that it's something allowed. It might be that your customs authority didn't put it back in its package after inspecting it.
And proprietary phones are really bad, today I read the news that Samsung promised to comply with law and auto-install Russian software (like Vk, Kaspersky, Rustore) when the phone is connected to the Internet. And that's a Korean company. Consumers are treated like garbage today.
It's understandable that you earn more on expensive phones, and freedom is not free, but I don't want to buy a phone that costs like 2 cheaper phones + a guitar.
I would prefer simply having something like GrapheneOS with root access.
ge96•5h ago
When they were "new" the tech was old already and then the lack of drivers for the camera for example which I can't talk, I'm not a driver developer. I thought it would make me get into developing drivers but I never did.
Or writing Qt/C++ apps vs. cross platform/web that I was used to.
For some reason I was obsessed with the thought of Dex/your phone being a computer if connected to a big monitor, it was cool using VS Code on the PPP but there would be problems. The external monitor I think was capped to 1920x1080 (if connected to a 1440P display a huge chunk was just static)
I had my fun with it
I was interested in the Pine 64 eInk tablet but that seemed to not be in stock at the time. I had the Remarkable 2 at one point, I want to get it again.
edit: looks like the PineNote is in stock right now
my consumer brain is getting tickled, might get a PineNote, what I liked about the RM2 is I didn't have to charge it for like a month was crazy, unfortunately PineNote doesn't seem to have that, and no tilt support on pen but ehhh. I don't know if RM forces you to have a subscription now, I didn't have it on mine when I got it in like 2022.
cosmic_cheese•5h ago
It’s critical to be good enough to clear that initial hurdle, though. Without that, the device is relegated to the most curious of tinkerers which just isn’t sustainable.
As far as dev experience goes, from my limited dabbling I think GTK+Adwaita might actually be overall nicer for mobile development than Qt, due to furnishment of a full set of widgets without having to pull in anything else, as well as bindings to way more languages. It’s considerably more comparable to UIKit and Android Framework at the very least.
bruce511•3h ago
Alas, no, sorry. It's really not the number of apps that matters. Any phone OS could have less than 500 apps and be wildly successful. On the other hand you can have a million devs cranking out apps and the device would still be useless.
Turns out the only apps that matters are the ones everyone actually use. Your banking app. Facebook. Whatsapp. Uber. Airbnb. Etc. All the product of big corporates.
And my bank (to pick just 1) is simply not interested in developing their app for yet another platform. The effort in building it, supporting it etc simply makes no sense.
Facebook, Netflix, Twitter, ESPN, and the next 40 "must haves" simply don't care. And independent devs simply cannot fill these holes. Without these the phone is simply useless as a daily driver for anything other than complete techno fanatics.
Crumbs Microsoft couldn't convince this cohort to get on board. Some random Linux phone certainly won't.
I don't say this with glee. They're nice toys. But Joe public doesn't reject them because of the hardware specs. He rejects them because they're functionally useless in the actual world.
ge96•3h ago
cosmic_cheese•2h ago
I don’t think this is particularly unusual, either. Plenty of people have absoutely no need for video streaming on their phone outside of maybe YouTube for example, which works well enough on the web.
Microsoft’s not the best example here, because they had momentum with both devs and users but shot themselves in the foot repeatedly on both sides of the fence: warring internal factions reset Windows Mobile development multiple times consecutively and burned through dev goodwill and poor strategy on the consumer side killed things there. Mozilla’s foray into phones failed because they insisted on sticking to entry level devices which were both not interesting to most of the market and not powerful enough to handle a new unoptimized OS.
dotancohen•2h ago
I am aware that I am an outlier, though. I need either Anki or AnkiDroid. I need a somewhat decent text reader, preferably one that properly highlights and folds Org mode files. I need a voice recorder that timestamps the file name. I don't think I know anybody else who needs any of those three, other than those I've introduced to Anki.
jolmg•3h ago
That happened to me with the PP, but I can reliably use a 1440P monitor with the PPP. Not sure if it's the phone, or the fact that I added a power cord to the phone while it was connected. I can't remember if I did that with the PP.
EDIT: Scratch that. It's because I used the official dock with the PP, and for the PPP I used one I got on Amazon.
The official dock is docked (:P) to 1080P.[1]
I wonder how it happened that the de-facto standard here is for the protocol going over USB-C to be DisplayPort, but for the hardware connection to be HDMI, and so leading to docks needed to be spec'ed to the resolution you want instead of being passive.
[1] https://pine64.com/product/pinephone-pro-usb-c-docking-bar/
zorgmonkey•3h ago
ge96•3h ago
I was using random USB-C to HDMI/usb that I bought on Amazon, I primarily used Mobian
jolmg•2h ago
https://en.wikipedia.org/wiki/1440p
Random adapters on Amazon specify 4K though, so I would've thought they'd work for you too.
gunalx•22m ago