However, I have little trust in mobile devices nowadays and I don't feel safe copying private ssh/gpg/vpn/credentials data on them anymore. Planned obsolescence, theft risk, vendor/hardware/firmware issues, general feel of lack of control, ...
As a consequence, I tend to use my smartphone as anonymously as possible, mostly as a camera, an actual phone and 4G modem, tethering via usb/wifi to my laptop. It's simple, it feels safe and obviously it's not as practical.
I'd love postmarketos --or something similar-- to succeed, so I could leverage the privacy/backup strategies I have already set in place on laptops and servers that actually make me feel safe.
It's worth pointing out that this will preclude use of rsync and similar tools that require running a server on the remote machine. I'm not aware of robust alternatives so if anyone else knows one please tell me! (and I consider rsync-restricted shells and similar approaches a hack)
On the other hand, there's virtually no sandboxing on your laptop. As software developers, we pull random code from the internet all the time and it's generally trivial to steal every secret that your user has access to (https://xkcd.com/1200/)
Personally I'm not worried about baseband processor (or Intel ME) owning my device. I'm more worried about some random malware installing a keylogger and/or stealing my whole LastPass database. This would be virtually impossible on mobile, but is relatively trivial on laptop.
I "feel safe" running linux or openbsd on a "computer" given that I know only too well how flawed they can be. A mobile device could offer exactly the same feeling, and maybe better objective security characteristics, but unfortunately a "mobile device" doesn't seem to be defined as a "computer" you can single handedly operate but as a mix of short lived dependencies from hardware manufacturers to walled proprietary app stores through network carriers.
I don't dismiss the technical progress that is eventually happening in the mobile area but I think I'll pass as long as something as postmarketos offers what I feel is sustainable.
That's why sandboxing is very necessary on Android and not so much on your linux box.
Now I agree you should sanbox everytime you can especially when linux is well capable of it, that's why I use firejail on my desktops so I get all the awesomeness of my favorite distributions AND strong sandboxing with real ease of use.
One cool trick is to hook "sudo firecfg" in your package manager post operations so whenever you install new software it get sanboxed if a firejail profile is available (which is generally true). There may be a smarter way to do just that though?
That xkcd post makes a very good point indeed (that's why everybody should lock whenever afk, encrypt and use strong passwords of course)
But I also think you should also worry about those backdoor issues:
There's little of any electronics I trust much these days.
Check out their "ports tree" to see what packages are available:
I'm still waiting for Amazon to restock after I saw this post go up: https://blog.lessonslearned.org/building-a-more-secure-devel...
I wouldn't run most (any?) of them on a connection exposed to the real world, but at least in theory if you want to run an AAMP stack I believe you could, though on a quick glance you might actually have to be content with Nginx. You can also provide your own little bit of Gopherspace if you so desire.
- Need to jot a note: vim is far better than most native apps
- Need to access a remote system: use ssh or mosh
- Need a calculator: Python is there, with a lot of useful libraries
It even emulates a mouse, so elinks is quite usable on text heavy websites. For some mobile hostile websites it is more usable since the text is large enough to be legible.
A similar user friendly tool are the widgets, which makes it easy to launch a command from the launcher with a tap.
Given the number of development tools available, it is quite easy to write a program on the computer and run it on a mobile device.
Switching it to anything but english to make use of dictionaries makes potential special characters vanish from the long-press popups...
I also find that vim is easier to use for editing than Android editors. It is easier to use insertion, movement, and deletion commands instead of trying to tap on the right position or dragging to select.
TL;DR: Your Android device really is a fully-capable computer, if the goddamned vendors will just get out of your goddamned way.
For my phone - I looked at some folding Bluetooth keyboards on aliexpress which /look/ nice but at ~$30 it's a little steep for something that might be crap and end up never used/trashed. Maybe on Nov 11th i'll bite the bullet if there is a good sale.
Just search "folding keyboard" on ali.
This is a major frustration point for me, as I'm working with a keyboard that's missing one physical key and has two others which only intermittently generate the requested character(s). I have ... workarounds, but they're frustrating.
I've written about this at more length than is good for either my sanity or its reputation here:
Upshot: industry standardisation on device sizes, case attachments, and keyboard layouts would be an exceedingly good thing. The pictured keyboard/case (a Logitech device) seems to be among the better general options, though I question its attachment hardware.
Again, given the near-ideal nature of the form-factor, the industry fuckwittedness here is pretty staggering. I've spent more time than I care to think combing through Amazon, Newegg, and other shopping sites (product descriptions themselves make this tedious), and through various online forums and discussions.
The ability to pretty-much instantly, and without concern, switch between keyboarded/landscape and touchscreen/portrait modes is exceptionally useful. "Kickstand" type cases, and loose keyboards, don't offer this, or the ability to use the device in my lap (as I am now) as well as on a table or desk, or (in tablet mode) freestanding.
Much as I don't care for iOS devices, the standardisation and sales volume Apple have attained make for a far superior accessories market than Android. The killer there is the lack of a true compute environment (shell, dev tools) on iOS.
Other options include laptops (including hybrids), though for my use case (many, many, many formatted documents), landscape-mode-only is a tremendous negative, and I am exceedingly averse to all-in-one, hinge-based designs. (For all its faults, Bluetooth doesn't physically wear.)
Mostly I play Old Man Yells At Clouds.
Android, Termux and Dev Environment
Search, download, and play video (or soundtrack) interactively from console. Manage playlists (and save them permanently, locally), etc. Very impressive app.
E.g. I can control the volume of the radio via a simple ssh command that turns the media center volume down. Termux has an additional extension that lets you map arbitrary scripts to a button / widget on the android home screen.
But the replacement for my recently-dead Chromebook is an Android tablet/notebook hybrid (detachable keyboard), and while it's not comfortable, it does provide a tolerable alternative for when I don't want to drag my 17" laptop around.
Give me an Android tablet, Bluetooth keyboard, this and Emacs...
And you’ll be surprised at what I can accomplish.
(You'll find patches to pretty big projects around the world which I've delivered this way :) )
I also run mc sometimes.
Btw i use it with "Hacker's Keyboard", although the only reason i use that is because it has an esc key :-P.
Bought all the paid add-ons to support the developer. It's one of the most valuable assets I miss on iOS (doesn't matter that much now as I've got Linux x86_64 and ARM with me on the go).
The others are Boot, Widget, Fload, Task. Buy if you need or have $ to spare ;-)
You have storage, camera, at least dual network access (wifi + otg usb ethernet + cellular), a battery (ups), autostart capability via a purchase, basic package support.
Smaller than a laptop, way more self contained than a Pi, enough for some basic tinkering for sure.
The original project website appears to have been axed, but there's still traces of people who used to talk about it: http://www.allaboutsymbian.com/features/item/Previewing_Noki...
>MWS, in its default install, comes with a default pre-configured web site which has a number of functions, including a guestbook, a blog, the ability to send SMS messages to the phone, share Calendar information, view contact information and access the phone's camera.
I think it's more to do with the Android OS itself rather than the hardware, but I could be wrong. It's possible the SoC was overheating on those phones from the extended duty cycles; they simply aren't designed for much more than sporadic use.
Sometimes I forget that these devices are just little computers!
I tried to get pyserial working (so my phone could talk to an arduino mini over USB) but hit the issue of not being able to access /dev for lack of root. Still, it's very cool.
When vendors try so hard to lock everything down, yes, users tend to forget about what you can do once you have freedom to do what you want with your device.
I know Samsung wants to do something like that now (but I won't ever again buy a Samsung phone). I'd root (and pay) for a generic solution that makes my phone usable on a big(ger) screen.
And while there were options to do that in the past, all were one-offs and needed an extra port. So I guess we both agree about the capabilities that exist(ed), but that is exactly the reason why I posted my "In an ideal world" wish. There is no solution today as far as I'm aware. Which is a shame, given the power that these smartphones have.
Unfortunately that is unreleased/only available for pre-order. And in a very limited subset of the world: "Available for pre-order in the US, Canada, and Mexico"
Now time to buy a Chromebook and try it out.
In the end you're way better off with a beater $50 eBay thinkpad like my favorite x201. Which supports LibreBoot, is a repairable real computer.
Thick is the new thin.
If not cheaper, they're sometimes lacking AC adapter and/or drive caddy but that's maybe another $20.
X201 (not the tablet x201s) is i5/i7 12", enough pep for my needs, also you can get DisplayPort and modular UltraBay for optical with the optional dock thing.
The "dock" actually latches on and can even charge a standby battery with the most awkward external connector ever, if you desire extra thickness in your laptop, and frankly who doesn't.
Owning my computer, as opposed to paying for it to be controlled by Our Benevolent Overlords.
Hence "run Debian on it". The whole reason to run a Linux distribution is that the maintainers do most the sysadmin work for you, and Debian maintainers are among the most skilled sysadmins you can find.
You have to keep your filesystems from being full, but apart from that things will Just Work as long as you stay within the Debian tooling.
Easier said than done, Chromebooks aren't "computers" in the sense that you could easily or natively install Windows/Linux.
ChromeBooks run ChromeOS and often don't even have a BIOS, thus to shoehorn a different OS requires installing SeaBIOS when it isn't present.
They're more like an appliance, though GalliumOS works on (most?) x86 Chromebooks.
In landscape mode, it provides all the keys found on a regular keyboard which make life in a terminal easier (tab, ctrl, arrows, etc.).
EDIT: In Google Play Store: https://play.google.com/store/apps/details?id=org.pocketwork...
In fact, there's an issue about this:
here is a list of build-in keys that you can reach with volume up and down keys
Instead of Android + Termux, one can also look at Sailfish OS. You get all that functionality by default. There's also PostMarket OS , which should support at least some Android phones
I use the termux widget to give me one-click access to a bunch of rsync over ssh commands. It is the best backup solution for android I've ever come across (this can also be automated with apps such as tasker or automate). Using rsync I also have two-way syncing for some folders so that I can easily put a file I want on my phone on my nas and then just sync it.
I always felt the rsync apps on the play store to be extremely clunky and when not wanting to go through a cloud the alternatives are limited. But this works perfectly.
Also, being able to SSH into my phone and manipulate using a real keyboard and bigger screen is quite pleasant.
I can also say that it's not entirely there, and has a number of significant limitations as compared to a full-featured Linux desktop or laptop.
My equipment: A Samsung Galaxy Tab A 9" tablet, with a Logitech "Type-S" self-supporting folio case/keyboard combination. I have major reservations against both pieces of hardware and can recommend neither on the basis of capabilities, vendor support, and artificially-imposed limitations.
That said, the form factor, display, and battery performance are exemplary. The tablet runs virtually all day on a charge, the keyboard for months, under heavy use. I've long sought a highly-flexible, lightweight, portalbe, long-battery-life system, and in terms of the fundamental physical package, this is almost completely there.
The keyboard has had physically-damaged keys since the beginning, Logitech first refused, then temporised, and finally claimed it did not have a suitable replacement product. (Why a keyboard/case should be dependent at the model-number level with specific hardware kit is entirely beyond me, and shows a desperate need for industry standardisation.)
Samsung's Tab A has proved resistant to rooting or re-ROMing, including the ability to make a back-up of the system prior to such activities so as not to lose critical data in ways that can only be described as deliberately user-hostile. I was not aware of this at the time I purchased the device, under exigent circumstances, and would not do so again.
Termux allows breaking out of many of the limitations of the Android "ecosystem" (I prefer to think of it as a toxic waste dump, but that's another story.) Be aware that Termux itself has a number of components, including base Termux, the Termux API Android App, the Termux package repository (based on app), and multiple third-party repos (e.g., pip for python). Collectively these provide a basic terminal environment, nearly 800 packages (a small count by Linux standards, but a surprisingly useful selection), and many more utilities through third-party utilities.
Not provided are a system root, full access to external storage media (I have a 128 GB microSD card, but can only make very limited use of it thanks to Android stupidity), or full access to the Android side of the house, though some interactions, including application intentions and clipboard interaction, are supported and are tremendously useful.
Another major limitation of Termux appears to be its terminal implementation itself. This is good so long as you're going forward, but is painfully slow in any back-navigation actions -- e.g., scrolling backwards in less and other pagers. Delays can be of many seconds. I've learned to quit out of files and re-open them from the start rather than going backwards. Experimenting from other Android console apps suggests this is a fault within Termux itself.
I've also had many lag and freeze issues using Termux for remote SSH access -- it's OK for quick or noninteractive (e.g., remote command-execution) interactions, but not for prolonged SSH sessions. This is tremendously disappointing as Termux, unlike other SSH tools I've used, doesn't map the <back-navigation>/<esc> key to "navigate out of the application". Critical when editing files in vim, and making apps such as SSHBot entirely useless.
I've found the community and developers helpful (excepting the two major issues above, I've seen multiple small issues fixed rapidly), and again, compared to the sheer uselessness of stock Android as a Real Computing Platform, this is a transcendental leap.
But it's Still Not Full Linux, and if that's what you're hoping for, you'll be disappointed.
On that point: Samsung shocked the motherlovin' stuffin' out of me last week in announcing (and reported here on HN) that they would be supporting full Linux distro installation on future Android devices. That would be a welcome development.
Stuff that absolutely rocks under Termux
Bash for file management. Every goddamned Android file manager in existance sucks balls.
mps-youtube. Install via pip. Provides console-mode, backgroundable, youtube video access. mps and mvs are related applications which can play other remote or local audio and video files (generally just the soundtrack). Media can be backgrounded, lists can be compiled and saved, content can be downloaded, and much, much, much more.
The Termux-API App. This provides access to the clipboard, application intents, and various Android capabilities. You need to install the "termux-api" package as well under apt. The ability to find specific files (say, from my 6k+ PDF library) and launch them to a PDF reader is just ever-so-slightly useful. (The degree of fail of Android Apps in this space is ... staggering.)
APT. God I've missed this.
vim, emacs, python, perl, ruby, ... An amazingly complete package set.
SSH. Limitations noted, it's vastly superior to App-based SSH clients.
Using the Termux ssh daemon and connecting to localhost from another Android terminal app or SSHBot doesn't exhibit the problem. I've got a github issue open.
python3 -m http.server
http://localhost:8000/ # on phone
Should work over wifi though.
Many mobile ISPs run NAT, you don't even get a public IP of your own during the session, just an internal one.
Alternatively, you can DIY by connecting to some other machine using SSH and establishing a reverse tunnel.
python -m http.server 0.0.0.0:8000
Works if you just run:
python3 -m http.server
Works great with python's built in web server but wont work with flask's built in development web server.
Unfortunately, it's on CM11 (KitKat), and thus not compatible. Between the collapse of CyanogenMod, LineageOS not picking up the Relay, and the limited specs by today's standards (1G RAM, 8G storage, dual-core CPU), I don't think there's any real future for this handset except as a curio.
I get by with Panic's Coda terminal, which is great, but even though I have multiple remote servers, sometimes I'd like to run something on my local network, like ping, wireshark, etc
Running mutt as a local mail client would be nice as well
I could see this getting onto the app store eventually.
I mean we have seen that mobile operating systems can bring a decent toolset by default as Meamo did (don't know about tizen?!?).
Not for heavy use, but for quick notes and calendar checking.
I ssh into my home server and drive my spacemacs instance from there.