Hacker News new | past | comments | ask | show | jobs | submit login
Lindroid (twitter.com/khode_erfan)
262 points by LorenDB 4 months ago | hide | past | favorite | 92 comments




Neat project, but hate the branding. Android is Linux. I think it's really important to recognize that. Linux is not just not the one traditional POSIX style system, it's a platform to build all sorts of systems, including Android.


I’d just like to interject for a moment. What you’re refering to as Linux, is in fact, GNU/LInux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.


Ironically, in this specific instance (Android), it actually _isn't_ GNU/Linux. Distros like Alpine also aren't GNU/Linux.


True, but it was still worth the meme (:



> It is OK to call it “GNU” when you want to be really short, but it is better to call it “GNU/Linux” so as to give Torvalds some credit.

I love this line


Americans, Chinese, and Nigerians are all humans, but it's sometimes useful to subdivide the large group for the sake of reference. This is why we say Android and not just Linux, as it helps us avoid "which Linux is it?"


"needs root and patches to AOSP". So there go the banking apps mentioned elsewhere and you can just use postmarketOS.

Still cool though!


>you can just use postmarketOS

Only if your device is fully supported

I have about 5 "post market" devices and only two of them have any support in postmarketOS: Redmi 4x, in which hardware acceleration does not work and I have not been able to run any DE on it and Pixel 4a, in which judging by the pmOS wiki page works just about everything except the most important part of a modern phone - touchscreen


postmarketOS provides tooling, documentation and a helpful community ... at some point, you'll need to put in the work, or sell your used devices and buy other, better supported used devices to work around this.

Is it really unfortunate that there's no (known) mainline/close to mainline touchscreen driver for the Pixel 4a? Absolutely. But it won't magically appear without somebody putting in the necessary effort.


I have a rooted phone and when you hide root (using Magisk app) all banking apps work just fine?


Some, not all. Last time I checked magisk wasn't able to fake safetynet hardwareattestation


Yup. I gave up on trying to get Google wallet / Android pay to work on my lineage device. I got it working sometimes but it broke after update and just wasn't reliable enough to keep trying when paying for stuff. I'm not really sure whom they're protecting with this stuff -- the credit card processing companies, maybe?


I have found Play Integrity Fix [1] with playcurl [2] is reliable enough for passing Play Integrity in Wallet and other apps. My current issue is that Google Messages has its own integrity checks that are stricter than Play Integrity, and will silently stop handling RCS messages if it fails those checks. I currently have RCS disabled because it is too unreliable.

[1] https://github.com/chiteroman/PlayIntegrityFix [2] https://github.com/daboynb/PlayIntegrityNEXT


Huh, I don't have issues with RCS on my rooted OP7Pro. Is my version just sufficiently out of date not to have those extra checks?


I also have OP7Pro (what an amazing phone btw), and yes, we're pretty much sufficiently out of date that they still work - a wild but true reality we find ourselves in.


I mean my Messages app. I installed it years ago and never updated, because why would I ever updated an SMS app, the only thing that can ever happen is for things to break that used to be working, lol. I don't even know if I run A12.

I do know, though, that the OP7Pro is one of the last Android devices that are whitelisted by Google to pass SafetyNet without hardware-backed attestation. Shame that TWRP wiped my working setup. I've been trying to get them to add any basic protection against that for over three years: https://github.com/TeamWin/Team-Win-Recovery-Project/issues/...

It is an amazing phone. Notchless, relockable bootloader (not just unlockable, but custom AVB key support!!), in-screen fingerprint sensor, 90Hz AMOLED, and great build quality.


> because why would I ever updated an SMS app, the only thing that can ever happen is for things to break that used to be working, lol.

Text parsing/rendering is a security Achilles' heel, and SMS app vulnerabilities are commonly exploited entry points for persistent malware from the likes of NSO. All things being equal, should update SMS apps for the security updates.


Text parsing and rendering is supposed to be done by the OS. And if there's an OS-level vulnerability like that, then the OS is what you update, not necessarily just the app.


wallet doesn't work reliably on a non-rooted pixel phone with approximately zero software installed on it either, you may not be doing anything wrong


As far as I also understand Google Messages now uses this as well to gatekeep access to carrier RCS.

https://www.theverge.com/2024/3/1/24087418/google-messages-b...


How do you know it's carrier RCS? To the best of my knowledge they are only gatekeeping access to Google Messages private network, not carrier RCS? (Considering the very little number of carrier RCS that's not very relevant though)


All US carriers are now using Google's hosted Jive RCS infrastructure which means "Google Messages".


> I'm not really sure whom they're protecting with this stuff -- the credit card processing companies, maybe?

(small nit: does "whom" even go there?)

They're protecting the TEE because they do not want third parties to be able to automate Google Pay through modified software. This isn't necessarily just about normal end users but more like smartphone farms.


>They're protecting the TEE

Why do Transesophageal Echocardiograms[0] need protecting, and from whom do such diagnostics require protection?

I expect I'm missing something, but a web search for 'TEE' only returns that diagnostic test.[1]

[0] https://www.webmd.com/heart-disease/atrial-fibrillation/tran...

[1] Moral: Don't assume everyone knows what a particular acronym means. Just because it's in your head doesn't mean everyone else knows what you mean.[2] E.g., if I say 'JRE' I mean 'Java Runtime Environment' and not 'Joe Rogan Experience'.

[2] According to Piaget[3], people are able to identify that others don't know what's in their heads sometime between ages two and seven.

[3] https://psychcentral.com/health/piaget-stages-of-development...


I think, probably unintentionally, you've misjudged or ignored the tone your message is likely to be read as having.

To me, your comment comes across as having a rude and insulting tone.

I think the person you were replying to read it in a similar tone to me based on their response. ("No need to be patronizing.")

Is that the tone you intended?

A better way of handling it may have been with a simple, "What does TEE mean in this context please? Googling it didn't help me."

I'm asking the question rather than assuming it was intentional, as you put more effort into your comment than is necessary to just be rude.

It feels like you may have been trying to be helpful and just misjudged the tone. Maybe as a fellow neurodivergent person.


I feel like this part of their comment:

> According to Piaget[3], people are able to identify that others don't know what's in their heads sometime between ages two and seven.

is a little far to be a simple misjudged tone, even if it was intended as a joke. I did find it a bit funny but it still felt a bit insulting too.


>is a little far to be a simple misjudged tone, even if it was intended as a joke. I did find it a bit funny but it still felt a bit insulting too.

No. Not a joke. Just pointing out something you already knew: That I (or anyone else) don't know what's going on inside your mind unless you tell me.

That you ignored such a simple truth and didn't think to define your terms was a waste of my time. As such, I felt insulted at your (apparent) complete lack of respect for the time and attention of others.

Take that as insulting if you wish, and if you find it insulting enough, please ignore me completely going forward. I promise you I won't mind.

Have a good day!


> That you ignored such a simple truth and didn't think to define your terms was a waste of my time. As such, I felt insulted at your (apparent) complete lack of respect for the time and attention of others.

My neglecting to define it was not because I was ignoring that not everyone knows everything I do.

There are quite a few acronyms that are widespread enough on HN (or in programming in general) to be used without defining them anew every single time (such as, say, "API"). I hadn't considered that of those, "TEE" is not one. That doesn't mean I don't understand the concept of individual knowledge, only that I don't always put a complete effort into my drive-by comments, and evidently had not into that one.

Even at that point, it would have taken less time for you to ask for a definition without additional remarks that imply I should have known better. Who are you to imply I didn't know better? I'd say that was the real waste of your time, considering it makes up over 50% of the comment.

Additionally, I don't have a "complete lack of respect" for others' time and attention. I would've edited the comment to fix it if it had still been within the edit window. I apologized for having left the definition out because that was an honest mistake, and it was never meant to waste anyone's time or attention. Even before the apology, I don't think it was very reasonable for you to have assumed that the waste of time was intentional, and replied in the way you did.

> Take that as insulting if you wish, and if you find it insulting enough, please ignore me completely going forward. I promise you I won't mind.

I generally don't ignore people until I have nothing left to say to them. But yes, people (myself included) typically find it insulting when you assume bad faith of them. If this was truly your intention, then it is not just my fault for "wishing" to take it as insulting. Your tone has an impact on how others perceive you.

To be blunt, if you are rude on purpose and proceed not to care about how it makes others feel, that behavior isn't welcome here. I can understand if you felt frustrated that I didn't define my acronyms, but that's no reason to lash out about it, even when it's in the form of mere patronizing remarks.

You have a good day too.


Yeah, I'm sorry that they spoke to you like that. It was unwarranted, as was the subsequent benefit of the doubt I gave them. It's apparently just the attitude they communicate with others with. Unfortunate.


Your assumptions were mostly incorrect.

That said, thank you for your thoughts on this. I'm glad you shared them. Good on you.

That said, I don't need you (or anyone else, for that matter) to tell me how I should or shouldn't interact with others -- as that's incredibly condescending (and incredibly rude as well) and makes a number of unwarranted (as I mentioned) assumptions.

Again, thanks for your thoughts. I'll give them the attention they deserve.

Edit: Fixed prose.


I'm pretty sure you told the GP how they should or should not interact with others by telling them not to use acronyms. I'm don't understand how that's any different.


>'m pretty sure you told the GP how they should or should not interact with others by telling them not to use acronyms. I'm don't understand how that's any different.

Except I did nothing of the sort. I took the information given and attempted to interpolate (unsuccessfully, I might add) what OP was talking about.

While I did make the point that OP should have realized that others don't know what they're talking about if they don't tell us, I most certainly didn't say they shouldn't use acronyms.

Rather, I chastised them for not defining ambiguous terms, which wasted my time and energy trying to figure out what they were going on about.


>I took the information given and attempted to interpolate (unsuccessfully, I might add) what OP was talking about.

You could have used your brain and just Googled "TEE Android". But by all means, despite not having either the domain-specific knowledge nor the common sense to manage to Google it competently, feel entitled to be an arse about it. I trust you can read my tone here?


I see the benefit of the doubt was unwarranted. Righto.


Sorry, TEE stands for Trusted Execution Environment. It's where stuff like DRM executes with access to secrets that the HLOS (Android) can't tamper with. On ARM SoCs the TEE is usually provided as part of TrustZone. No need to patronize.


>Sorry, TEE stands for Trusted Execution Environment.

No apology necessary. I was just a little confused. Thanks for straightening me out!


As it’s Linux could we run android in a vm and simulate a safe device? That’s my hope for the future of mobile devices, safe VMs that we can run on top of the spyware (government enforced stuff too) infested phones.


Unfortunately, most of those misguided "device integrity" checkers detect VMs and the best of them (luckily still not used very often) are essentially unbeatable (unless there's a critical bug) due to hardware-backed attestation.


> essentially unbeatable (unless there's a critical bug) due to hardware-backed attestation.

FWIW Google started enforcing those attestations like one month or two ago, and there are many critical bugs. I haven't kept scores, but some other people did : https://x.com/wanghan1995315/status/1803063996204912873

And please note that they only list big brands leaks. Since you can use any OEM's attestation key, /any/ OEM leak can break those so-called "security protections". Even after all security flaws, there is still social engineering. I guesstimate that you could ask an ODM's engineer for an attestation key for like 1k$ and share it to like 20 persons. (200 would probably still remain under the radar, but you need to be capable of keeping a secret with 200 persons)

Though the conclusion shouldn't be that attestation keys are insecure and we need a secure variant (because a secure variant is indeed coming). The conclusion must be that users own the device they bought. Not Google, not Apple.


> And please note that they only list big brands leaks. Since you can use any OEM's attestation key, /any/ OEM leak can break those so-called "security protections".

Inevitably though, the price of these will rise, the most capable eyes on the planet will have a few very thorough looks at all the TPM chip firmware they can get their hands on, and eventually platforms will be so secure and the price will be so high the only ones left to have them are three-letter agencies (if even these).

Anti tamper measures have their place - I'd really love to have a device that cannot have a persistent backdoor implanted - but the very second the state of the anti-tamper measure becomes visible to user-level applications, they become an arms race between Big Money (=DRM rightsholders and big game studios) and my freedom.


> I'd really love to have a device that cannot have a persistent backdoor implanted - but the very second the state of the anti-tamper measure becomes visible to user-level applications, they become an arms race between Big Money (=DRM rightsholders and big game studios) and my freedom.

The two can be reconciled by not having any privileged keys baked in by the manufacturer. It's only the manufacturers keeping records of the baked in attestation/signing key(s) that allows for remote attestation to be scaled up into treacherous computing. Otherwise if device owners could generate/load new attestation/signing keys and have them be indistinguishable from any original ones, then that same process can be emulated. This would likely require legislation to reign in manufacturers' desires to retain backdoors, but the point is that it is possible from a technical perspective.


*worst


There’s a place for DRM and similar protections, I don’t think they’re going anywhere.

But I’m still hopeful that phone, email, web, voip, videochat, photo and video editing, location, maps, document sync, etc, will one day work seamlessly on FOSS devices.

I do think that the apps will have to be recreated as FOSS, existing apps will always be antagonistic because they get a lot of revenue from being able to control how/when/where the software is run.


I'm currently in the process of trying to see if Samsung DeX is able to replace my laptop. It is running directly on Termux, as opposed to using something like proot. So far it seems promising, and the biggest thing issue I have is that the Termux-X11 session essentially acts like a VM in that shortcuts are not seemless.

I'd love to know how this compares to that. Or maybe there's a way to make that more seemless. E.g. if apps would be shown as Android apps as far as the launcher is concerned.


I work a lot in Dex and VNC via vr glasses and the shortcuts are the biggest issue. That’s why I want full Linux; I would like a phone size device without a screen running Linux with unlocked bootloader and usb vo (otherwise it’s still worthless), but, while trivial hardware wise (there are plenty of boards), this formfactor is not there it seems. And the slightly bigger ones that are there, are made for a reason (usually gaming) so they don’t care about battery life. My android phone gets well over a day while powering my glasses and me working.


Can you share which glasses and what kinds of environment you use with Dex? Termux?


Emacs-termux is awkward to get working initially, but it gives you more-or-less full emacs as an Android app, but sharing storage/namespace with termux so that they both have access to the same binaries and documents.

There isn't a good project page, it's based at this sourceforgw page and has a surprisingly comprehensive readme.

https://sourceforge.net/projects/android-ports-for-gnu-emacs...



Essential part of termux- .emacs, enabling touchscreen:

    (xterm-mouse-mode 1)
    (global-set-key (kbd "<mouse-5>") 'scroll-up-command)
    (global-set-key (kbd "<mouse-4>") 'scroll-down-command)


I think this is for running emacs as a TUI within the termux terminal. The package I linked runs graphical emacs and just shares a filesystem with termux (to allow you to install git etc.). YMMV, but touchscreen should work out-of-the-box


I'm annoyed that Firefox for android doesn't have hot keys at all and chrome for android is also missing enough hotkeys/mouse behaviors that I'll usually notice very quickly.


> full hw accelerated Linux on your Android as an app

Might be worth adding that excerpt to the title, as well as changing the link to hggh's thread reader version without which I can't see anything.


Unfortunately I can't edit the title at this point. As for the link, HN wants posts to link to primary sources instead of alternative front ends (archive.today, Nitter, Thread Reader).


I think linking source is a general preference, not a hard rule. In this case (convenient full view vs clicking on chunks) it is easy to justify ignoring this preference.


How does it compare to Termux / UserLAnd? See https://termux.dev and https://userland.tech

For my purposes Lindroid seems less powerful as it requires root and AOSP patches.


Userland is dog slow since it's based on proot.

Termux needs to patch most of it's packages and is limited in what it can run since everything links to bionic libc.


Interesting. For me Userland is usable and not really slow.


usable to do what? Docker is a basic requirement to do any dev work these days and Userland cannot run it


I would love to try it out on my Android tablet. Being able to run Linux with a real desktop browser and development environment would be really amazing.


See also @kdrag0n 's work; putting Virtualized linux (and windows) on Android phones.

Our phones might be our next Desktops/Laptops/main personal computing device: 1. local first (you do go to the bathroom/gas station with your phone) 2. portable 3. reduce ewaste, money spent

The lack of convenience in the form of larger screen might be mitigated using smart glasses, projector(unihertz tank 3 has built in), or just connect to an external monitor

Snapdragon 8 gen 3 performs like cpu from 2020 and midtier gpu from 2016 AVF might ship with android 15 as Mainline module (One need kernel 5.10+)

https://news.ycombinator.com/item?id=30322035 https://news.ycombinator.com/item?id=30328692


> Our phones might be our next Desktops/Laptops/main personal computing device

https://news.ycombinator.com/item?id=19328085


Forgot to mention windows on arm is progressing (qcom snapdragon elite chipset on microsoft surface devices), qcom gunyah hypervisor, MediaTek's GenieZone hypervisor, winlator


I just want a GPD Micro PC with a cell modem...


Video about the project from Volla Community Days: https://www.youtube.com/live/7vF5647gNbo?si=NC_QytRezsgDCQV5


Do you have a timestamp?

EDIT: https://youtu.be/7vF5647gNbo?t=14340 maybe


Is there somewhere where I can sign up to be emailed or otherwise notified when this is ready? I want to try it but from the lack of APKs or other introductory materials, it seems to not be ready.


> full hw accelerated Linux on your Android as an app

At this point, you can just run full GNU/Linux on a phone. Sent from my Librem 5.


"Is it any good?" is its own question.

I went down this rabbit hole trying to see how to make the non-gaming side of a Steam handheld feel like a tablet, and was surprised/disappointed at how spartan the touch-based Linux ecosystem is. There are half a dozen projects trying to make it happen, but they're all really small and mostly independent. There's one guy working on GNOME for mobile, one working on the Maui system for Nitrux…. Canonical gave up on Ubuntu for mobile, so some guy revived that. I haven't been able to try Plasma Mobile 6 because it's not packaged for NixOS, but v5 wasn't usable. Phosh was poorly packaged as well, so I didn't invest much effort there.

Making a good touch UI is a ton of work, but the space so far seems to be mostly filled with people doing hobby projects (or closed ones like Sailfish).


> Phosh was poorly packaged as well, so I didn't invest much effort there.

Phosh comes with some OSes by default: https://phosh.mobi/faq/

> "Is it any good?" is its own question.

Depends on your needs. Daily driver for me.


Sure, but most people might need their phone to do banking apps or apps like WhatsApp, Spotify or Maps which are not available on your phone. This allows people to run GNU apps on their android phone so they can have both


Banking apps won't work with Lindroid either: https://news.ycombinator.com/item?id=40714796


You can do it with Waydroid (if your bank doesn't force you into the duopoly, at which point you should complain or switch).

See also: https://news.ycombinator.com/item?id=40714592


> at which point you should complain or switch

if only switching banks for such things was easy and realistically doable...

hate that banking apps are such a hassle to live with, but i do kinda get why they're very protective.


> i do kinda get why they're very protective.

I am not sure if a typical Android with a bunch of (preinstalled!) crappy apps is more secure than a GNU/Linux phone relying solely on FLOSS repos.

Changing banks can be easier or harder, depending on your country. People do it: https://news.ycombinator.com/item?id=40678203


isn't it just about banks not wanting to open-source their apps or connection details for supposed security or other reasons?

> changing banks can be easier or harder

well the process of changing banks is not the problem, i did leave UBS and Credit Suisse a couple of years ago. but now i'm with a bank i specifically chose because they're actually not financing wars or other unethical things, instead of just saying so for greenwashing purposes. this aspect is more important to me than them open-sourcing their infrastructure.


> isn't it just about banks not wanting to open-source their apps or connection details for supposed security or other reasons?

Not exactly: https://news.ycombinator.com/item?id=40715542

https://news.ycombinator.com/item?id=40714796

Indeed, finding a bank reasonable from every side is much harder.


There is a unique use case for running linux as an app vs as the base OS. Seems to me it's a lot like the difference between booting linux and using WSL to run linux inside windows.


"Unique" as in "reuse my old Android", which may not be secure after the support has ended. I see no other use cases.


For a lot of handsets that don't have an unlocked bootloader this is literally not true, even if it does have working Linux drivers.


on "some" phones


Yeah great, although I am keen to see if this eventually will run on something like an Amazon Fire Stick or one of those old Androids in my drawer.


It won't, due the closed specs and proprietary drivers.


(I suppose I must be blind)

Where are the APKs?


From the Twitter thread, their github appears to be https://github.com/linux-on-droid. I don't see APKs in any of the repos, though.


I don't think they've released APKs yet from how the Twitter thread is worded.


I think you're right. Also, I think I have a different definition of "ready" than OP


When is this a useful thing to have?


Can it run Wine + FEX Emu?


You can run Wine and Windows applications on Android quite effectively with https://github.com/brunodev85/winlator

So I imagine this will be at least as good.


Well it is Linux




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: